Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/YoGErUBetzZ_iNC3UDl01BiJ_XY.roa
File:                     YoGErUBetzZ_iNC3UDl01BiJ_XY.roa (raw, json)
Hash identifier:          rMKczsqJs/uVTfLWgfQlWCudaEIM3OXJ7R4PSiEff8U=
Subject key identifier:   62:81:84:AD:40:5E:B7:36:7F:88:D0:B7:50:39:74:D4:18:89:FD:76
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       019422FC2C11E6C5FBF75A23443D8389961E
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/YoGErUBetzZ_iNC3UDl01BiJ_XY.roa
Signing time:             Wed 01 Jan 2025 17:48:59 +0000
ROA not before:           Wed 01 Jan 2025 17:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207301
IP address blocks:        91.197.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:2c:11:e6:c5:fb:f7:5a:23:44:3d:83:89:96:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jan  1 17:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=628184ad405eb7367f88d0b7503974d41889fd76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:70:56:b8:8b:25:da:1d:a4:ab:e0:e7:d4:72:
                    a9:f8:53:23:2f:45:b6:d7:01:6f:2d:81:ad:f7:43:
                    1e:58:3d:3f:fc:49:72:8f:dc:fb:1b:df:59:14:ca:
                    6c:83:a0:1c:a3:56:82:8c:5f:34:11:02:51:37:c6:
                    54:70:a1:f1:3d:9a:67:70:c1:d0:56:cc:e9:ed:a8:
                    dc:7c:da:a5:44:48:7c:3e:3d:4a:5e:54:49:46:8a:
                    8e:bd:a1:d6:2b:56:2c:76:d0:54:7b:5f:e1:20:3f:
                    aa:b6:0d:89:f8:e8:69:d0:ea:b2:20:3f:a9:cd:13:
                    ca:10:d4:6f:74:b0:fb:5d:ba:f9:3e:88:64:3c:e2:
                    9d:72:93:23:62:54:6f:01:0d:e4:b7:b0:b9:47:ac:
                    f8:95:e6:6c:05:02:07:fb:34:b4:f1:9a:af:88:f3:
                    b4:81:9c:78:98:09:eb:28:45:ff:98:0f:b1:af:dc:
                    a3:23:1f:28:9c:90:59:c1:0b:01:df:48:64:cd:f2:
                    96:e1:a7:ab:63:b9:32:88:37:2f:00:9e:67:9e:e4:
                    2a:cc:e8:2e:66:48:c5:4a:c8:6e:6d:32:32:71:f4:
                    42:21:1b:cb:5e:2e:9b:17:8b:9d:60:c1:2e:e7:62:
                    54:b5:1b:2e:12:55:1c:83:b4:e3:ce:dc:2e:a2:17:
                    2b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:81:84:AD:40:5E:B7:36:7F:88:D0:B7:50:39:74:D4:18:89:FD:76
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/YoGErUBetzZ_iNC3UDl01BiJ_XY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:fd:48:42:8e:d7:e2:2a:9d:2a:46:e9:07:eb:de:b4:c5:4d:
         f6:5f:3c:1c:b2:f4:ec:93:67:e0:7b:22:b6:e4:2f:c2:b1:0f:
         52:fe:d3:b7:76:8b:b3:e2:ff:34:c6:e1:20:21:d9:ef:2f:0e:
         fb:62:53:4c:4f:4e:88:5e:6b:a4:80:4a:9b:2f:b4:04:74:e8:
         30:f9:be:40:d7:ed:b9:2a:7e:a2:f9:81:6b:e9:52:f0:a2:15:
         aa:93:ad:9a:13:6a:3c:33:73:c5:22:1a:7c:79:7e:b2:33:f4:
         97:04:d4:15:91:6b:3e:46:c6:8a:2a:0e:88:36:cb:3a:3e:3e:
         d5:eb:e8:29:00:07:a1:17:cb:ed:86:0f:5a:32:b9:82:cf:0b:
         28:6a:f3:e6:1c:c8:d5:20:fd:85:77:a5:09:00:12:3d:4e:09:
         82:ab:fe:62:57:2c:15:33:ce:00:0a:9e:eb:b7:6a:cc:70:a7:
         d0:9c:2a:4d:35:3a:4d:6f:60:02:16:11:57:ec:6a:c7:ef:2f:
         c2:0e:2e:98:6f:15:e2:01:ea:67:18:f1:bb:2a:60:48:cf:0c:
         79:5f:e2:ee:91:d1:8d:3e:dd:0e:f8:3b:39:8d:8c:03:c8:9a:
         7c:02:dd:9d:4a:83:04:ef:b1:74:c7:06:18:62:b6:36:9b:77:
         2e:db:1f:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CwR5sX791ojRD2DiZYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjUwMTAxMTc0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjgxODRhZDQwNWViNzM2N2Y4OGQwYjc1MDM5NzRkNDE4ODlmZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3BWuIsl2h2kq+Dn1HKp+FMjL0W2
1wFvLYGt90MeWD0//Elyj9z7G99ZFMpsg6Aco1aCjF80EQJRN8ZUcKHxPZpncMHQ
Vszp7ajcfNqlREh8Pj1KXlRJRoqOvaHWK1YsdtBUe1/hID+qtg2J+Ohp0OqyID+p
zRPKENRvdLD7Xbr5PohkPOKdcpMjYlRvAQ3kt7C5R6z4leZsBQIH+zS08ZqviPO0
gZx4mAnrKEX/mA+xr9yjIx8onJBZwQsB30hkzfKW4aerY7kyiDcvAJ5nnuQqzOgu
ZkjFSshubTIycfRCIRvLXi6bF4udYMEu52JUtRsuElUcg7TjztwuohcrEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKBhK1AXrc2f4jQt1A5dNQYif12MB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvWW9HRXJVQmV0elpfaU5DM1VEbDAxQmlKX1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8VGMA0G
CSqGSIb3DQEBCwUAA4IBAQAb/UhCjtfiKp0qRukH6960xU32XzwcsvTsk2fgeyK2
5C/CsQ9S/tO3douz4v80xuEgIdnvLw77YlNMT06IXmukgEqbL7QEdOgw+b5A1+25
Kn6i+YFr6VLwohWqk62aE2o8M3PFIhp8eX6yM/SXBNQVkWs+RsaKKg6INss6Pj7V
6+gpAAehF8vthg9aMrmCzwsoavPmHMjVIP2Fd6UJABI9TgmCq/5iVywVM84ACp7r
t2rMcKfQnCpNNTpNb2ACFhFX7GrH7y/CDi6YbxXiAepnGPG7KmBIzwx5X+LukdGN
Pt0O+Ds5jYwDyJp8At2dSoME77F0xwYYYrY2m3cu2x+X
-----END CERTIFICATE-----