Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/YwhhUN7DKMWLRoJGjKdHKAwL1D8.roa
File:                     YwhhUN7DKMWLRoJGjKdHKAwL1D8.roa (raw, json)
Hash identifier:          XPEdwJpmd3YESMI74X7dcXRH2KijVS6NENlSTc+dnXw=
Subject key identifier:   63:08:61:50:DE:C3:28:C5:8B:46:82:46:8C:A7:47:28:0C:0B:D4:3F
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       018F52B04CDCB0922B094968CE962177D68A
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/YwhhUN7DKMWLRoJGjKdHKAwL1D8.roa
Signing time:             Tue 07 May 2024 10:53:56 +0000
ROA not before:           Tue 07 May 2024 10:53:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60798
IP address blocks:        31.210.21.0/24 maxlen: 24
                          162.12.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:52:b0:4c:dc:b0:92:2b:09:49:68:ce:96:21:77:d6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: May  7 10:53:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63086150dec328c58b4682468ca747280c0bd43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ab:7d:76:89:e0:43:2d:10:c8:b3:c7:fe:47:
                    ce:bf:4e:e6:b2:d5:cd:3b:94:bd:44:81:0a:5a:e4:
                    61:3b:f5:0b:bc:1f:cc:f9:60:33:97:96:cd:06:50:
                    8c:01:61:fd:a2:5b:86:bd:ce:98:06:cd:27:90:40:
                    38:6c:7a:ed:57:c3:93:41:70:b8:83:f7:b1:71:01:
                    7e:42:85:c1:40:e2:95:a2:89:31:92:0c:82:41:36:
                    45:2d:23:5b:19:33:97:30:ab:07:87:fe:3a:dc:5c:
                    59:a8:e9:a6:07:80:6c:42:9c:51:df:9a:cb:1f:55:
                    ae:3e:fd:52:a8:0d:23:cf:d0:68:4c:d8:79:9f:bc:
                    07:4b:f0:98:5e:d0:cb:12:09:56:e7:80:2c:de:1c:
                    9e:50:92:79:16:4a:78:0e:67:2d:00:b2:b3:d2:22:
                    1e:64:03:ca:a6:c2:e8:e0:52:33:67:21:95:85:38:
                    81:cf:d7:85:a3:40:4c:0e:5f:33:ff:b9:21:37:dd:
                    c1:7f:07:83:ee:c1:8d:2e:41:f0:7d:1d:f0:58:44:
                    2d:cb:8b:35:04:b7:9c:61:08:88:01:5f:a4:57:0c:
                    47:f0:ad:16:92:b5:c8:74:32:ee:19:d2:ab:de:fb:
                    f8:ba:b8:86:3f:db:dd:55:55:ed:0f:85:a7:0d:c6:
                    73:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:08:61:50:DE:C3:28:C5:8B:46:82:46:8C:A7:47:28:0C:0B:D4:3F
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/YwhhUN7DKMWLRoJGjKdHKAwL1D8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.21.0/24
                  162.12.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:e5:33:3a:f7:16:8a:1e:f2:73:b7:da:0c:e0:47:92:c9:26:
         bf:2e:53:f9:f9:8d:48:38:79:e7:02:95:bf:48:5b:e1:81:09:
         09:4e:a2:8d:47:37:fc:77:5c:6d:22:b6:c4:d1:7f:1a:8e:8f:
         fc:53:3c:a0:89:ea:69:58:87:22:d0:56:99:bf:7d:93:8f:15:
         cb:28:c8:de:e3:d7:ec:4d:1e:40:bd:eb:2d:79:af:50:ea:51:
         a9:1d:33:65:d5:ac:0f:e2:b7:45:b8:81:38:d0:8e:55:f5:c1:
         c6:00:86:ea:88:e1:0d:14:93:e4:81:e0:70:5d:4f:16:bc:95:
         11:d1:94:bb:7c:70:b2:7f:ac:cd:8b:21:33:6f:1f:c9:a8:41:
         9a:1a:6e:ff:aa:df:4c:68:1a:d1:f1:f1:bd:d0:b5:51:da:57:
         ba:de:9d:3e:de:f2:b8:0e:0a:e2:dc:f6:c6:b4:d6:75:43:88:
         25:96:e6:b8:3c:1d:80:48:cc:da:94:a0:e5:b6:2d:12:ed:2a:
         21:7f:89:bb:a2:af:52:b6:ed:24:a6:50:27:79:70:3b:68:1d:
         c6:28:d5:ee:44:c3:15:e8:1c:f9:f6:70:dd:7e:29:9c:43:b2:
         a0:df:7a:34:0a:12:25:d8:57:75:0f:b2:52:6a:52:30:ed:7a:
         26:8b:78:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9SsEzcsJIrCUlozpYhd9aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjQwNTA3MTA1MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzA4NjE1MGRlYzMyOGM1OGI0NjgyNDY4Y2E3NDcyODBjMGJkNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qt9dongQy0QyLPH/kfOv07mstXN
O5S9RIEKWuRhO/ULvB/M+WAzl5bNBlCMAWH9oluGvc6YBs0nkEA4bHrtV8OTQXC4
g/excQF+QoXBQOKVookxkgyCQTZFLSNbGTOXMKsHh/463FxZqOmmB4BsQpxR35rL
H1WuPv1SqA0jz9BoTNh5n7wHS/CYXtDLEglW54As3hyeUJJ5Fkp4DmctALKz0iIe
ZAPKpsLo4FIzZyGVhTiBz9eFo0BMDl8z/7khN93BfweD7sGNLkHwfR3wWEQty4s1
BLecYQiIAV+kVwxH8K0WkrXIdDLuGdKr3vv4uriGP9vdVVXtD4WnDcZz/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGMIYVDewyjFi0aCRoynRygMC9Q/MB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvWXdoaFVON0RLTVdMUm9KR2pLZEhLQXdMMUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH9IVAwQA
ogzNMA0GCSqGSIb3DQEBCwUAA4IBAQCU5TM69xaKHvJzt9oM4EeSySa/LlP5+Y1I
OHnnApW/SFvhgQkJTqKNRzf8d1xtIrbE0X8ajo/8UzygieppWIci0FaZv32TjxXL
KMje49fsTR5Avestea9Q6lGpHTNl1awP4rdFuIE40I5V9cHGAIbqiOENFJPkgeBw
XU8WvJUR0ZS7fHCyf6zNiyEzbx/JqEGaGm7/qt9MaBrR8fG90LVR2le63p0+3vK4
Dgri3PbGtNZ1Q4gllua4PB2ASMzalKDlti0S7Sohf4m7oq9Stu0kplAneXA7aB3G
KNXuRMMV6Bz59nDdfimcQ7Kg33o0ChIl2Fd1D7JSalIw7Xomi3hm
-----END CERTIFICATE-----