Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/Yxl_qY5aR0oA4s22YaL2mBjemsI.roa
File:                     Yxl_qY5aR0oA4s22YaL2mBjemsI.roa (raw, json)
Hash identifier:          RMemwJ4P3feFx1UU8AuxaMSRfyLp+DL5ooIPnqeKfZ4=
Subject key identifier:   63:19:7F:A9:8E:5A:47:4A:00:E2:CD:B6:61:A2:F6:98:18:DE:9A:C2
Certificate issuer:       /CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
Certificate serial:       018CC2DAF942E18C5700C47754716C3C4D6C
Authority key identifier: 50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/Yxl_qY5aR0oA4s22YaL2mBjemsI.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        178.255.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:42:e1:8c:57:00:c4:77:54:71:6c:3c:4d:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63197fa98e5a474a00e2cdb661a2f69818de9ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:14:26:bb:7f:4c:a1:84:65:81:b2:1e:ca:3d:
                    d1:c0:01:a1:f9:6e:5e:da:d2:66:b4:dc:e0:09:8f:
                    00:47:6c:00:2f:af:b6:51:48:c3:b4:06:98:d0:4b:
                    d9:4e:c8:fe:00:e1:88:19:b6:75:f1:5f:fa:15:6a:
                    f6:2d:22:be:a3:fd:ef:7a:b4:74:48:5a:4b:0a:fe:
                    ea:27:c4:72:6f:fa:4d:9e:a4:6a:f0:91:b1:90:bb:
                    34:4b:f1:de:f9:fb:d4:89:c0:35:47:c1:07:01:7a:
                    a6:4a:da:8f:15:a4:be:c5:35:fc:01:fa:2c:51:35:
                    1f:7b:bf:98:f8:de:fa:79:53:31:a1:08:65:7c:45:
                    96:ec:ef:fd:9a:cc:1b:e1:c9:02:59:68:53:ae:e5:
                    37:db:dd:3d:01:41:23:0f:e4:28:f5:29:9b:ad:06:
                    e9:3a:73:be:68:78:2c:c8:a3:b0:a3:85:01:c3:a4:
                    b8:b5:84:5d:64:4b:22:38:a0:ec:7f:fc:02:db:e5:
                    aa:70:1a:4c:0f:70:8b:f9:df:50:a8:94:af:92:ac:
                    85:ae:de:77:e2:d5:f0:ac:ab:0b:93:db:a4:20:e2:
                    eb:bd:73:4f:74:65:70:4c:12:0d:b0:08:8b:b8:af:
                    ca:4e:32:77:6b:8a:3c:48:9f:bc:f3:b8:93:70:62:
                    71:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:19:7F:A9:8E:5A:47:4A:00:E2:CD:B6:61:A2:F6:98:18:DE:9A:C2
            X509v3 Authority Key Identifier:
                keyid:50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/Yxl_qY5aR0oA4s22YaL2mBjemsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:82:56:3c:84:a8:e6:e0:e7:98:e5:8a:af:c2:12:15:2d:fa:
         15:ce:e3:51:59:a4:b3:76:a2:68:cb:1b:8f:8e:55:a5:b9:02:
         57:94:1b:0a:0e:d1:5e:01:fa:56:cc:00:d8:34:c3:fb:26:7c:
         26:0f:44:20:17:a0:d5:57:a2:89:29:f4:fc:cc:3e:d6:1b:d1:
         dd:aa:5d:fe:67:58:22:1a:b8:bf:2f:fd:f1:10:22:fb:b4:67:
         85:29:ed:67:2b:d3:1e:94:8d:95:e0:c5:78:d7:72:53:b1:9f:
         a2:27:0e:dd:9d:13:01:e7:e9:6a:52:f1:19:d2:c7:4a:80:89:
         c6:38:5c:a9:7a:c4:15:4b:d2:a6:e3:a4:60:d2:2f:94:26:83:
         53:c9:2e:d1:5b:29:ed:2e:8d:cf:63:d1:9d:7b:7b:d5:47:3e:
         56:60:42:ee:e0:8f:aa:c7:c7:a8:75:41:df:db:46:2e:61:32:
         24:e6:18:56:8b:81:b6:8a:1b:76:78:20:61:bf:2b:6b:d5:26:
         4a:8f:2c:f5:a0:9e:7e:98:91:af:fd:a7:df:4b:73:6e:8c:f2:
         fe:19:94:c5:b7:bd:33:2f:88:f0:dd:81:9d:bc:2e:a9:ee:57:
         ff:08:c7:2f:f5:5f:24:77:81:54:26:11:5c:6d:5d:44:61:04:
         d4:92:53:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vlC4YxXAMR3VHFsPE1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNWUyZjJkNWU3MDkzZmY4ZDQwMDNhMDJiN2QzZTEzMWNl
NzBhMTIwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzE5N2ZhOThlNWE0NzRhMDBlMmNkYjY2MWEyZjY5ODE4ZGU5YWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhQmu39MoYRlgbIeyj3RwAGh+W5e
2tJmtNzgCY8AR2wAL6+2UUjDtAaY0EvZTsj+AOGIGbZ18V/6FWr2LSK+o/3verR0
SFpLCv7qJ8Ryb/pNnqRq8JGxkLs0S/He+fvUicA1R8EHAXqmStqPFaS+xTX8Afos
UTUfe7+Y+N76eVMxoQhlfEWW7O/9mswb4ckCWWhTruU32909AUEjD+Qo9SmbrQbp
OnO+aHgsyKOwo4UBw6S4tYRdZEsiOKDsf/wC2+WqcBpMD3CL+d9QqJSvkqyFrt53
4tXwrKsLk9ukIOLrvXNPdGVwTBINsAiLuK/KTjJ3a4o8SJ+887iTcGJxBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMZf6mOWkdKAOLNtmGi9pgY3prCMB8GA1UdIwQY
MBaAFFBeLy1ecJP/jUADoCt9PhMc5woSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQt
OThlOWUyNTEwYmI2LzEvWXhsX3FZNWFSMG9BNHMyMllhTDJtQmplbXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQtOThlOWUyNTEwYmI2
LzEvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv/yMA0G
CSqGSIb3DQEBCwUAA4IBAQCwglY8hKjm4OeY5YqvwhIVLfoVzuNRWaSzdqJoyxuP
jlWluQJXlBsKDtFeAfpWzADYNMP7JnwmD0QgF6DVV6KJKfT8zD7WG9Hdql3+Z1gi
Gri/L/3xECL7tGeFKe1nK9MelI2V4MV413JTsZ+iJw7dnRMB5+lqUvEZ0sdKgInG
OFypesQVS9Km46Rg0i+UJoNTyS7RWyntLo3PY9Gde3vVRz5WYELu4I+qx8eodUHf
20YuYTIk5hhWi4G2iht2eCBhvytr1SZKjyz1oJ5+mJGv/affS3NujPL+GZTFt70z
L4jw3YGdvC6p7lf/CMcv9V8kd4FUJhFcbV1EYQTUklOl
-----END CERTIFICATE-----