Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/YuB_k2KpDhOcRZ9cUkIOefJeGhI.roa
File:                     YuB_k2KpDhOcRZ9cUkIOefJeGhI.roa (raw, json)
Hash identifier:          hrxfv44hMBpPdP3Dksa8BiJLTrMvsBO3z5zOqbH8epM=
Subject key identifier:   62:E0:7F:93:62:A9:0E:13:9C:45:9F:5C:52:42:0E:79:F2:5E:1A:12
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018DAF6497DFAE65C2E13E5CDCD4CFED9172
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/YuB_k2KpDhOcRZ9cUkIOefJeGhI.roa
Signing time:             Fri 16 Feb 2024 00:50:21 +0000
ROA not before:           Fri 16 Feb 2024 00:50:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        94.131.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:af:64:97:df:ae:65:c2:e1:3e:5c:dc:d4:cf:ed:91:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Feb 16 00:50:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62e07f9362a90e139c459f5c52420e79f25e1a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ed:fb:d1:75:9a:20:0c:12:c3:71:28:06:4d:
                    c4:f4:b0:59:25:90:e0:38:a7:e8:4d:31:54:0a:5b:
                    46:71:99:a6:b9:f6:b7:ec:74:84:dd:f9:74:89:f7:
                    41:90:11:9f:70:fc:cc:a0:eb:19:c3:b2:04:3c:63:
                    6f:bf:5d:c7:8b:f3:2b:3b:51:03:80:16:c0:af:f4:
                    4e:af:41:c5:42:34:23:91:bd:b7:04:c0:7e:d9:34:
                    76:bc:4c:ae:5c:cd:56:30:42:21:81:09:e3:ee:bb:
                    1c:9a:91:a3:9c:65:70:92:e9:a9:05:93:e5:f6:61:
                    4f:dc:98:03:28:11:8e:12:2a:93:20:09:da:1d:6f:
                    0d:05:6b:c0:7b:0a:da:a0:4d:fb:0b:6a:26:64:48:
                    ea:7e:f2:89:64:f4:94:eb:54:45:1f:e8:94:6e:91:
                    b5:a6:be:c2:05:14:a6:f9:e6:b9:e9:00:30:a3:c2:
                    18:99:4c:59:86:61:84:fd:83:b2:3d:1b:26:1c:6f:
                    af:67:cb:48:c3:f7:e7:97:08:67:4d:1d:60:06:c9:
                    c0:51:c6:7a:f6:1f:df:0a:be:fc:25:64:a3:c8:78:
                    96:09:79:44:86:4d:10:82:d5:ca:8c:40:e7:ca:4b:
                    fc:da:cb:fb:01:a9:b2:49:42:48:54:42:ac:a2:d3:
                    9b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E0:7F:93:62:A9:0E:13:9C:45:9F:5C:52:42:0E:79:F2:5E:1A:12
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/YuB_k2KpDhOcRZ9cUkIOefJeGhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:92:0e:36:12:fc:7e:33:c8:c5:32:9b:ed:2e:e9:52:fa:8a:
         3b:2c:ba:84:98:14:44:8d:8c:03:8f:0a:43:ab:f1:6d:14:af:
         78:bc:06:4a:73:c8:aa:1e:85:04:ab:55:51:30:b4:bc:ec:93:
         16:aa:b4:d6:af:1e:64:a6:9b:e4:3d:c1:01:f9:dc:2b:be:c8:
         50:44:09:9f:4e:db:e4:a2:43:b3:5b:81:8a:f9:b3:98:c4:13:
         9b:bc:64:06:ab:f2:06:93:9b:02:6a:b9:41:df:3e:f5:5e:9d:
         6b:7e:cc:b6:5c:88:38:7d:49:50:0b:b3:4b:4b:35:8e:5f:a8:
         9b:af:dc:f5:79:24:da:c1:1d:4f:bd:5f:16:77:c6:e0:cd:a0:
         08:05:e5:72:ed:2f:14:09:6c:ae:62:c1:bf:6e:dc:5b:ff:52:
         f7:43:88:4a:87:42:3d:b4:2c:4e:8f:26:df:5c:dd:33:c9:78:
         b4:8c:69:e5:74:17:d1:88:74:cf:21:41:93:20:44:89:3c:ff:
         0f:a8:a0:da:6f:e6:81:96:ea:5e:d2:6c:dc:1d:97:1d:e8:44:
         9d:08:40:00:e5:e0:83:81:a0:c1:56:e1:47:f9:4b:11:2a:30:
         5d:2d:d8:a5:87:3d:8a:c3:18:18:43:5f:5e:72:5c:7e:8f:6a:
         fd:6a:7a:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2vZJffrmXC4T5c3NTP7ZFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwMjE2MDA1MDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmUwN2Y5MzYyYTkwZTEzOWM0NTlmNWM1MjQyMGU3OWYyNWUxYTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO370XWaIAwSw3EoBk3E9LBZJZDg
OKfoTTFUCltGcZmmufa37HSE3fl0ifdBkBGfcPzMoOsZw7IEPGNvv13Hi/MrO1ED
gBbAr/ROr0HFQjQjkb23BMB+2TR2vEyuXM1WMEIhgQnj7rscmpGjnGVwkumpBZPl
9mFP3JgDKBGOEiqTIAnaHW8NBWvAewraoE37C2omZEjqfvKJZPSU61RFH+iUbpG1
pr7CBRSm+ea56QAwo8IYmUxZhmGE/YOyPRsmHG+vZ8tIw/fnlwhnTR1gBsnAUcZ6
9h/fCr78JWSjyHiWCXlEhk0QgtXKjEDnykv82sv7AamySUJIVEKsotOb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLgf5NiqQ4TnEWfXFJCDnnyXhoSMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvWXVCX2syS3BEaE9jUlo5Y1VrSU9lZkplR2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPaMA0G
CSqGSIb3DQEBCwUAA4IBAQB5kg42Evx+M8jFMpvtLulS+oo7LLqEmBREjYwDjwpD
q/FtFK94vAZKc8iqHoUEq1VRMLS87JMWqrTWrx5kppvkPcEB+dwrvshQRAmfTtvk
okOzW4GK+bOYxBObvGQGq/IGk5sCarlB3z71Xp1rfsy2XIg4fUlQC7NLSzWOX6ib
r9z1eSTawR1PvV8Wd8bgzaAIBeVy7S8UCWyuYsG/btxb/1L3Q4hKh0I9tCxOjybf
XN0zyXi0jGnldBfRiHTPIUGTIESJPP8PqKDab+aBlupe0mzcHZcd6ESdCEAA5eCD
gaDBVuFH+UsRKjBdLdilhz2KwxgYQ19eclx+j2r9anqr
-----END CERTIFICATE-----