Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a23562-34df-49d5-9bf4-58fc94d0d414/1/YUilrjQvNkgqnL07_SEfzrdn610.roa
File:                     YUilrjQvNkgqnL07_SEfzrdn610.roa (raw, json)
Hash identifier:          zmdJoQ/fEjgPNsPcHkuwusGXtRmmjXS7B5EH9CBKFVE=
Subject key identifier:   61:48:A5:AE:34:2F:36:48:2A:9C:BD:3B:FD:21:1F:CE:B7:67:EB:5D
Certificate issuer:       /CN=d6eea5fb35b512f910094dc62459c1679b583e3f
Certificate serial:       018CC348E1824205DE9F0D12BD32C87494F7
Authority key identifier: D6:EE:A5:FB:35:B5:12:F9:10:09:4D:C6:24:59:C1:67:9B:58:3E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1u6l-zW1EvkQCU3GJFnBZ5tYPj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a23562-34df-49d5-9bf4-58fc94d0d414/1/YUilrjQvNkgqnL07_SEfzrdn610.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39086
IP address blocks:        195.66.80.0/24 maxlen: 24
                          2001:678:7c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a23562-34df-49d5-9bf4-58fc94d0d414/1/1u6l-zW1EvkQCU3GJFnBZ5tYPj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a23562-34df-49d5-9bf4-58fc94d0d414/1/1u6l-zW1EvkQCU3GJFnBZ5tYPj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1u6l-zW1EvkQCU3GJFnBZ5tYPj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e1:82:42:05:de:9f:0d:12:bd:32:c8:74:94:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6eea5fb35b512f910094dc62459c1679b583e3f
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6148a5ae342f36482a9cbd3bfd211fceb767eb5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5d:62:f5:b7:67:43:b5:56:af:a1:de:0c:28:
                    ff:75:6e:b5:26:01:ed:64:e5:bb:3c:2f:19:af:fc:
                    4c:8f:e4:1c:a1:ac:90:40:65:98:c6:c2:19:53:d5:
                    11:01:54:46:3b:62:0f:d4:54:38:a9:1f:86:1c:34:
                    7e:e3:28:a3:46:9c:33:41:c2:25:d3:02:08:c3:e1:
                    6f:72:25:ad:6f:a6:5c:d7:40:06:6d:3d:0a:a1:81:
                    c3:9f:15:ff:74:a6:64:d2:a9:58:91:8b:96:c5:28:
                    15:5d:74:80:6a:63:71:13:de:ed:71:fe:63:30:2e:
                    d1:6c:f1:65:21:ce:9a:72:fa:ba:bf:21:2b:f7:16:
                    d9:e0:ee:97:40:9b:9b:09:0c:29:b8:54:07:c1:f9:
                    f9:11:d2:c1:95:09:16:e4:93:12:f3:8e:18:b5:74:
                    99:c3:c1:da:66:08:18:11:82:92:fc:f0:c6:de:b3:
                    4a:22:e9:00:30:87:09:31:c4:a3:f5:a2:f4:0d:a6:
                    f9:f4:0a:d5:12:f4:26:92:cd:1a:22:5b:c2:0c:f8:
                    b9:52:57:be:4e:3f:ae:0b:49:80:b5:ef:6c:0a:eb:
                    3a:7a:88:d0:68:8f:51:92:c1:49:36:79:19:43:c4:
                    50:ad:9c:93:49:79:c6:b8:c1:4f:44:17:87:63:58:
                    0c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:48:A5:AE:34:2F:36:48:2A:9C:BD:3B:FD:21:1F:CE:B7:67:EB:5D
            X509v3 Authority Key Identifier:
                keyid:D6:EE:A5:FB:35:B5:12:F9:10:09:4D:C6:24:59:C1:67:9B:58:3E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1u6l-zW1EvkQCU3GJFnBZ5tYPj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a23562-34df-49d5-9bf4-58fc94d0d414/1/YUilrjQvNkgqnL07_SEfzrdn610.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a23562-34df-49d5-9bf4-58fc94d0d414/1/1u6l-zW1EvkQCU3GJFnBZ5tYPj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.80.0/24
                IPv6:
                  2001:678:7c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:f7:02:ce:0c:e3:b3:69:62:31:51:78:6c:79:f9:3f:d6:1a:
         ba:1b:f6:32:3f:3b:a8:80:b6:4f:75:97:98:6e:44:be:1b:59:
         fc:c2:aa:bb:5f:d8:a4:11:a4:6d:49:fe:3c:d9:7b:4b:09:e0:
         8c:7e:b4:53:d9:a1:13:1a:53:4d:9e:7d:84:6c:8b:46:53:1c:
         87:a6:1a:8d:05:e8:d3:25:1d:4b:39:ab:0d:07:4e:ca:df:e6:
         99:2f:46:45:28:34:74:f5:3a:bf:f9:c3:ff:41:d8:50:b8:2d:
         e6:31:b8:ec:ac:b3:8d:dd:7d:38:99:86:90:39:cf:01:df:3b:
         17:fb:3b:5a:62:ac:ad:a4:17:db:8a:a4:49:9f:cc:41:06:96:
         6a:9f:72:47:b2:e8:bd:39:85:dd:b7:7e:e6:c3:33:94:6e:31:
         eb:3c:4a:7e:1f:84:c9:c9:26:9f:7a:c7:22:1e:40:5a:7b:79:
         d3:7d:3d:bf:40:8d:e0:69:5e:b6:3d:e9:43:a2:03:19:95:43:
         1f:0d:a5:30:03:f6:96:4f:f3:cd:33:79:4d:e8:88:84:58:74:
         b2:88:29:75:eb:bc:58:62:60:70:ac:90:fe:af:b6:80:4f:e5:
         0c:9e:2f:eb:ae:8c:75:5d:da:79:80:cf:3e:d4:8d:24:98:88:
         64:11:66:12
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSOGCQgXenw0SvTLIdJT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZWVhNWZiMzViNTEyZjkxMDA5NGRjNjI0NTljMTY3OWI1
ODNlM2YwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQ4YTVhZTM0MmYzNjQ4MmE5Y2JkM2JmZDIxMWZjZWI3NjdlYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoF1i9bdnQ7VWr6HeDCj/dW61JgHt
ZOW7PC8Zr/xMj+QcoayQQGWYxsIZU9URAVRGO2IP1FQ4qR+GHDR+4yijRpwzQcIl
0wIIw+FvciWtb6Zc10AGbT0KoYHDnxX/dKZk0qlYkYuWxSgVXXSAamNxE97tcf5j
MC7RbPFlIc6acvq6vyEr9xbZ4O6XQJubCQwpuFQHwfn5EdLBlQkW5JMS844YtXSZ
w8HaZggYEYKS/PDG3rNKIukAMIcJMcSj9aL0Dab59ArVEvQmks0aIlvCDPi5Ule+
Tj+uC0mAte9sCus6eojQaI9RksFJNnkZQ8RQrZyTSXnGuMFPRBeHY1gMhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGFIpa40LzZIKpy9O/0hH863Z+tdMB8GA1UdIwQY
MBaAFNbupfs1tRL5EAlNxiRZwWebWD4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXU2bC16VzFFdmtRQ1UzR0pGbkJaNXRZUGo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hMjM1NjItMzRkZi00OWQ1LTliZjQt
NThmYzk0ZDBkNDE0LzEvWVVpbHJqUXZOa2dxbkwwN19TRWZ6cmRuNjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hMjM1NjItMzRkZi00OWQ1LTliZjQtNThmYzk0ZDBkNDE0
LzEvMXU2bC16VzFFdmtRQ1UzR0pGbkJaNXRZUGo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw0JQMA8E
AgACMAkDBwAgAQZ4B8gwDQYJKoZIhvcNAQELBQADggEBAGT3As4M47NpYjFReGx5
+T/WGrob9jI/O6iAtk91l5huRL4bWfzCqrtf2KQRpG1J/jzZe0sJ4Ix+tFPZoRMa
U02efYRsi0ZTHIemGo0F6NMlHUs5qw0HTsrf5pkvRkUoNHT1Or/5w/9B2FC4LeYx
uOyss43dfTiZhpA5zwHfOxf7O1pirK2kF9uKpEmfzEEGlmqfckey6L05hd23fubD
M5RuMes8Sn4fhMnJJp96xyIeQFp7edN9Pb9AjeBpXrY96UOiAxmVQx8NpTAD9pZP
880zeU3oiIRYdLKIKXXrvFhiYHCskP6vtoBP5QyeL+uujHVd2nmAzz7UjSSYiGQR
ZhI=
-----END CERTIFICATE-----