Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/59a72f-09a4-41c5-80b7-cadfcef0b5c4/1/YSQIaxaVAhrYqOg9i9JEmrsnyZk.roa
File:                     YSQIaxaVAhrYqOg9i9JEmrsnyZk.roa (raw, json)
Hash identifier:          M1UvABKACi5hUal3rfcHx7FETb+nW0U9tYU98fhGc/U=
Subject key identifier:   61:24:08:6B:16:95:02:1A:D8:A8:E8:3D:8B:D2:44:9A:BB:27:C9:99
Certificate issuer:       /CN=eb960982e82bf9e9875445009308de7ecbd05c54
Certificate serial:       018CC26D05446F8D951B785835010E922295
Authority key identifier: EB:96:09:82:E8:2B:F9:E9:87:54:45:00:93:08:DE:7E:CB:D0:5C:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/65YJgugr-emHVEUAkwjefsvQXFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/59a72f-09a4-41c5-80b7-cadfcef0b5c4/1/YSQIaxaVAhrYqOg9i9JEmrsnyZk.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211820
IP address blocks:        94.154.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/59a72f-09a4-41c5-80b7-cadfcef0b5c4/1/65YJgugr-emHVEUAkwjefsvQXFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/59a72f-09a4-41c5-80b7-cadfcef0b5c4/1/65YJgugr-emHVEUAkwjefsvQXFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/65YJgugr-emHVEUAkwjefsvQXFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:05:44:6f:8d:95:1b:78:58:35:01:0e:92:22:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb960982e82bf9e9875445009308de7ecbd05c54
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6124086b1695021ad8a8e83d8bd2449abb27c999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:45:94:cf:60:fa:52:ae:22:28:a6:7e:80:eb:
                    36:47:11:25:b5:b8:fe:f3:2c:7c:67:f0:4b:5d:bb:
                    14:94:30:07:f0:99:94:c4:11:d5:90:ec:0a:e7:e4:
                    86:78:0f:1a:36:96:6a:e3:76:e8:9e:bb:3c:08:5f:
                    0b:b3:6a:0a:20:46:6b:40:89:f5:2b:f7:d0:73:a7:
                    58:78:79:c2:e2:8c:76:c9:26:0e:7b:ba:dc:46:3b:
                    71:be:cf:f7:e2:1e:77:ec:54:82:e3:82:a5:ba:ef:
                    03:89:c3:96:18:e5:ae:79:f9:89:dc:5a:04:ee:7c:
                    47:f3:fd:56:1b:28:81:82:5f:1a:9d:32:e3:d5:ba:
                    cf:3e:0b:62:b2:66:fb:32:0a:ff:4f:f6:09:57:37:
                    59:75:cd:08:7a:cb:4d:85:36:b7:66:12:c7:10:4b:
                    27:c0:0f:68:18:ae:0c:fc:de:bc:ea:4a:d3:aa:69:
                    bb:b7:a8:ae:05:dd:2d:ad:85:f8:51:0d:5d:bd:ac:
                    54:95:2b:28:d8:63:85:6f:31:70:d9:21:a9:65:38:
                    38:46:0f:25:46:0a:53:c5:e6:cb:37:36:7a:23:cf:
                    d2:b8:2d:1f:43:d9:d6:8c:90:33:ac:c6:d3:33:62:
                    0a:4d:90:8e:8a:5b:3e:01:2e:7e:24:17:06:97:71:
                    9e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:24:08:6B:16:95:02:1A:D8:A8:E8:3D:8B:D2:44:9A:BB:27:C9:99
            X509v3 Authority Key Identifier:
                keyid:EB:96:09:82:E8:2B:F9:E9:87:54:45:00:93:08:DE:7E:CB:D0:5C:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/65YJgugr-emHVEUAkwjefsvQXFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/59a72f-09a4-41c5-80b7-cadfcef0b5c4/1/YSQIaxaVAhrYqOg9i9JEmrsnyZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/59a72f-09a4-41c5-80b7-cadfcef0b5c4/1/65YJgugr-emHVEUAkwjefsvQXFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:e2:d0:c9:3d:c4:e9:2f:fd:b9:41:56:6e:ed:8e:6a:d6:cc:
         59:25:70:f5:39:a6:17:94:96:1c:4a:19:8f:50:b7:ef:b0:67:
         60:82:f3:f1:5c:d5:c1:e0:4d:70:05:96:fe:26:4d:76:05:d5:
         83:89:eb:60:5d:04:2a:81:0e:b6:e2:35:49:cf:fb:03:0f:09:
         26:70:da:22:cb:1e:9d:fe:72:0e:81:a3:a3:40:b9:7c:23:c4:
         db:31:fc:67:88:94:6c:9f:32:62:d3:1e:24:4a:05:a8:fb:ad:
         6c:c5:a2:51:9c:77:1d:28:48:ff:3c:ed:a3:88:41:db:b6:d3:
         79:b9:24:61:12:82:d3:55:43:b7:c4:b1:37:70:7f:99:18:4d:
         9b:5c:d7:3c:13:df:7d:18:ef:a0:b8:dd:2f:34:cd:38:82:99:
         8b:36:f0:4a:76:00:49:f8:77:46:55:b0:07:de:79:ec:98:c7:
         52:3a:a6:0a:00:9e:2c:71:0c:29:ea:06:0d:34:b4:f3:2e:1a:
         79:2a:c1:a8:31:fd:66:f2:87:ec:6f:77:e6:1f:42:f5:62:bf:
         6d:55:e5:30:a0:d6:6f:81:4b:19:be:99:6e:aa:a8:1e:aa:ea:
         9f:a2:ef:6b:45:ed:a9:45:58:dc:e3:c2:40:bc:c2:10:62:24:
         97:2f:8c:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQVEb42VG3hYNQEOkiKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViOTYwOTgyZTgyYmY5ZTk4NzU0NDUwMDkzMDhkZTdlY2Jk
MDVjNTQwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTI0MDg2YjE2OTUwMjFhZDhhOGU4M2Q4YmQyNDQ5YWJiMjdjOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UWUz2D6Uq4iKKZ+gOs2RxEltbj+
8yx8Z/BLXbsUlDAH8JmUxBHVkOwK5+SGeA8aNpZq43bonrs8CF8Ls2oKIEZrQIn1
K/fQc6dYeHnC4ox2ySYOe7rcRjtxvs/34h537FSC44Kluu8DicOWGOWuefmJ3FoE
7nxH8/1WGyiBgl8anTLj1brPPgtismb7Mgr/T/YJVzdZdc0IestNhTa3ZhLHEEsn
wA9oGK4M/N686krTqmm7t6iuBd0trYX4UQ1dvaxUlSso2GOFbzFw2SGpZTg4Rg8l
RgpTxebLNzZ6I8/SuC0fQ9nWjJAzrMbTM2IKTZCOils+AS5+JBcGl3GeKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEkCGsWlQIa2KjoPYvSRJq7J8mZMB8GA1UdIwQY
MBaAFOuWCYLoK/nph1RFAJMI3n7L0FxUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjVZSmd1Z3ItZW1IVkVVQWt3amVmc3ZRWEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi81OWE3MmYtMDlhNC00MWM1LTgwYjct
Y2FkZmNlZjBiNWM0LzEvWVNRSWF4YVZBaHJZcU9nOWk5SkVtcnNueVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi81OWE3MmYtMDlhNC00MWM1LTgwYjctY2FkZmNlZjBiNWM0
LzEvNjVZSmd1Z3ItZW1IVkVVQWt3amVmc3ZRWEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpoFMA0G
CSqGSIb3DQEBCwUAA4IBAQBP4tDJPcTpL/25QVZu7Y5q1sxZJXD1OaYXlJYcShmP
ULfvsGdggvPxXNXB4E1wBZb+Jk12BdWDietgXQQqgQ624jVJz/sDDwkmcNoiyx6d
/nIOgaOjQLl8I8TbMfxniJRsnzJi0x4kSgWo+61sxaJRnHcdKEj/PO2jiEHbttN5
uSRhEoLTVUO3xLE3cH+ZGE2bXNc8E999GO+guN0vNM04gpmLNvBKdgBJ+HdGVbAH
3nnsmMdSOqYKAJ4scQwp6gYNNLTzLhp5KsGoMf1m8ofsb3fmH0L1Yr9tVeUwoNZv
gUsZvpluqqgequqfou9rRe2pRVjc48JAvMIQYiSXL4wX
-----END CERTIFICATE-----