Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/yaq4SVeTfdx7naMPJnRiuYdzAxo.roa
File:                     yaq4SVeTfdx7naMPJnRiuYdzAxo.roa (raw, json)
Hash identifier:          dbGBqKTrClb1KQjF0mlcEKj/ITtCeDvGBGFY641DED4=
Subject key identifier:   C9:AA:B8:49:57:93:7D:DC:7B:9D:A3:0F:26:74:62:B9:87:73:03:1A
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       018CC500543662417BB718BDD33FDC16229A
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/yaq4SVeTfdx7naMPJnRiuYdzAxo.roa
Signing time:             Mon 01 Jan 2024 12:29:42 +0000
ROA not before:           Mon 01 Jan 2024 12:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60676
IP address blocks:        89.34.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:54:36:62:41:7b:b7:18:bd:d3:3f:dc:16:22:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Jan  1 12:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9aab84957937ddc7b9da30f267462b98773031a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:49:9c:16:d1:d9:ef:b7:ae:be:f3:35:59:b3:
                    58:f0:15:55:9c:d4:c6:e1:24:2e:ef:fb:81:9c:7c:
                    e8:05:a7:c8:02:7e:b1:ae:cd:d6:29:c6:3e:14:0f:
                    b1:49:91:ac:d0:c8:87:64:95:ce:83:eb:78:61:92:
                    4d:6a:5a:e5:ce:ae:64:a1:7f:5e:0c:0c:23:86:d5:
                    93:61:72:e3:0e:81:e4:4d:65:be:9d:28:26:b6:bc:
                    bf:1b:cb:cd:74:db:fb:3b:50:c8:91:4a:06:51:53:
                    5c:0b:a9:94:4c:06:88:39:47:32:38:b3:94:0d:b2:
                    d4:c2:ee:b3:bf:7c:31:e4:62:80:ec:13:bb:dd:b5:
                    30:f3:58:26:82:16:dc:83:4c:89:f3:89:46:25:d2:
                    d5:97:0c:38:90:43:4e:6c:40:35:c9:0c:b7:9b:79:
                    31:dd:09:8e:b2:5b:ea:fb:4a:41:a7:99:2f:d4:32:
                    29:2a:3d:37:f7:78:69:30:fa:4b:c2:f1:2b:2a:9f:
                    5a:7e:38:36:3f:fc:38:9c:0e:65:3a:1a:12:7b:8e:
                    e3:23:64:67:e0:59:ae:b6:c9:c6:89:36:4b:47:35:
                    50:b6:9f:06:97:25:21:8d:dc:6b:bf:9e:2b:70:12:
                    87:72:0e:b6:9c:c2:59:ea:5d:37:47:4d:fa:07:72:
                    66:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AA:B8:49:57:93:7D:DC:7B:9D:A3:0F:26:74:62:B9:87:73:03:1A
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/yaq4SVeTfdx7naMPJnRiuYdzAxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:7c:f2:6b:b2:88:19:93:87:b8:fa:fd:69:00:d9:5d:5b:c5:
         5a:06:ab:c5:f7:0f:e6:94:78:08:84:57:be:2a:5d:37:4d:6d:
         8a:7d:6b:55:00:7b:0a:93:90:20:f0:32:d4:04:8b:b1:99:62:
         d1:71:ff:44:3b:ff:71:a0:15:aa:93:da:a7:e1:3a:a1:b0:05:
         12:af:75:b8:b4:68:87:63:e1:f2:6c:1d:1e:d0:5c:6b:81:2b:
         cf:db:bb:09:9e:78:9e:f4:a2:d9:c3:f9:81:14:b7:9c:d2:79:
         58:9b:e2:8e:09:28:18:48:86:62:0a:00:06:67:d1:42:ed:be:
         f8:0d:a0:be:25:79:19:0b:29:e4:d9:06:81:77:75:68:d7:e2:
         b4:68:ca:60:2a:54:e4:27:8d:73:df:a8:79:95:84:6f:c1:3f:
         f3:3e:81:b0:3f:9e:fe:b3:cc:82:1e:91:25:ac:60:ac:5f:86:
         48:be:93:6a:fc:84:04:7d:cc:33:bb:44:39:db:4b:c6:08:3d:
         82:47:d2:56:ac:30:64:ce:61:3d:70:60:0e:ca:1b:9d:d7:2f:
         13:4f:84:62:b7:e3:15:35:a0:f1:36:ad:bf:1d:63:f4:4f:74:
         7b:79:bc:f3:09:0c:04:3b:10:86:4f:9b:9d:04:4b:77:67:bf:
         47:64:1a:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFQ2YkF7txi90z/cFiKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjQwMTAxMTIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFhYjg0OTU3OTM3ZGRjN2I5ZGEzMGYyNjc0NjJiOTg3NzMwMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00mcFtHZ77euvvM1WbNY8BVVnNTG
4SQu7/uBnHzoBafIAn6xrs3WKcY+FA+xSZGs0MiHZJXOg+t4YZJNalrlzq5koX9e
DAwjhtWTYXLjDoHkTWW+nSgmtry/G8vNdNv7O1DIkUoGUVNcC6mUTAaIOUcyOLOU
DbLUwu6zv3wx5GKA7BO73bUw81gmghbcg0yJ84lGJdLVlww4kENObEA1yQy3m3kx
3QmOslvq+0pBp5kv1DIpKj0393hpMPpLwvErKp9afjg2P/w4nA5lOhoSe47jI2Rn
4FmutsnGiTZLRzVQtp8GlyUhjdxrv54rcBKHcg62nMJZ6l03R036B3JmVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmquElXk33ce52jDyZ0YrmHcwMaMB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEveWFxNFNWZVRmZHg3bmFNUEpuUml1WWR6QXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSJbMA0G
CSqGSIb3DQEBCwUAA4IBAQBjfPJrsogZk4e4+v1pANldW8VaBqvF9w/mlHgIhFe+
Kl03TW2KfWtVAHsKk5Ag8DLUBIuxmWLRcf9EO/9xoBWqk9qn4TqhsAUSr3W4tGiH
Y+HybB0e0FxrgSvP27sJnnie9KLZw/mBFLec0nlYm+KOCSgYSIZiCgAGZ9FC7b74
DaC+JXkZCynk2QaBd3Vo1+K0aMpgKlTkJ41z36h5lYRvwT/zPoGwP57+s8yCHpEl
rGCsX4ZIvpNq/IQEfcwzu0Q520vGCD2CR9JWrDBkzmE9cGAOyhud1y8TT4Rit+MV
NaDxNq2/HWP0T3R7ebzzCQwEOxCGT5udBEt3Z79HZBpQ
-----END CERTIFICATE-----