Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/y7XhUuVZddkumNX2KUMPlkRa9ig.roa
File:                     y7XhUuVZddkumNX2KUMPlkRa9ig.roa (raw, json)
Hash identifier:          7GcgZilcYA6Ld63p6ZbCniIZJRvjpfaiuPreO6n7AmE=
Subject key identifier:   CB:B5:E1:52:E5:59:75:D9:2E:98:D5:F6:29:43:0F:96:44:5A:F6:28
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018F0A8B8D486D66919BA96440DD55E5D0FF
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/y7XhUuVZddkumNX2KUMPlkRa9ig.roa
Signing time:             Tue 23 Apr 2024 10:41:08 +0000
ROA not before:           Tue 23 Apr 2024 10:41:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48190
IP address blocks:        90.150.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:8b:8d:48:6d:66:91:9b:a9:64:40:dd:55:e5:d0:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 23 10:41:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbb5e152e55975d92e98d5f629430f96445af628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e0:7a:d5:fc:0d:c6:11:59:6c:df:f3:cc:a4:
                    72:23:e2:51:6e:1e:45:1d:18:59:07:62:e7:a4:28:
                    d4:ea:13:ce:a9:96:15:bd:c8:12:9d:ce:43:83:fb:
                    88:59:35:99:cd:23:62:dc:80:8e:2e:89:18:8e:25:
                    b6:71:ee:09:d0:3b:13:f8:a7:48:3c:a4:a8:21:bf:
                    8c:a6:9f:fe:f6:81:9a:05:df:ef:6a:a4:1e:d5:3f:
                    ca:85:50:83:c1:78:a4:6d:1a:ba:7d:62:ef:06:10:
                    f6:22:9b:7f:ce:78:80:80:85:44:89:28:af:0e:fd:
                    58:d1:81:75:27:68:2c:3e:65:8e:9f:f3:27:e3:57:
                    a9:7d:0d:ba:e8:fd:2e:f3:53:4e:c1:f2:4f:fe:b0:
                    f8:12:f4:a5:88:f8:49:c2:5a:c4:35:60:2d:d3:b0:
                    c4:eb:c7:37:0f:71:73:69:30:4d:e0:be:26:c1:d4:
                    72:0b:11:b9:16:93:52:ae:c3:4c:31:e0:57:73:5b:
                    d4:26:94:0d:b0:ab:8d:7f:85:e6:11:70:6c:b1:2c:
                    66:19:d3:cc:dc:49:e6:ee:1e:ed:e3:93:33:6f:ed:
                    e9:eb:5a:5a:08:26:4e:30:6b:c6:a3:64:4f:20:ce:
                    39:09:32:60:a4:46:aa:b7:d1:27:78:e0:84:66:fe:
                    57:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B5:E1:52:E5:59:75:D9:2E:98:D5:F6:29:43:0F:96:44:5A:F6:28
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/y7XhUuVZddkumNX2KUMPlkRa9ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.150.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2d:a1:01:8c:25:01:98:22:0f:29:bc:ab:bc:13:81:e4:df:52:
         43:3d:a7:20:6f:d4:88:03:45:af:78:0d:61:5d:ed:2c:2b:9f:
         df:c1:bb:9e:c8:4b:bd:90:2e:55:6e:ec:5d:c9:85:be:45:6f:
         2d:22:fa:ef:35:f6:b9:5a:40:f0:2f:c6:67:54:b2:e9:b8:f4:
         77:97:73:13:b5:08:eb:28:da:ed:56:e0:f5:be:11:59:25:f5:
         5c:d5:c8:63:fe:05:ed:b4:9a:52:7d:02:df:ae:d7:63:f5:53:
         e2:f8:e8:16:2a:3a:1d:33:7e:54:d4:a6:98:7e:0f:55:cb:80:
         b4:50:b3:9f:c7:f4:ac:4a:bb:08:0e:22:4b:b3:aa:43:b6:fd:
         d1:db:f4:ec:76:b1:96:5c:b6:1b:30:7d:28:40:75:4f:49:56:
         48:ff:c8:72:82:6e:8e:c0:c2:76:7a:00:aa:3f:6a:72:e8:a1:
         85:27:1e:00:9e:82:33:c4:29:64:f7:c0:88:ff:20:37:03:75:
         f8:0e:27:64:ce:e7:25:f5:bb:68:5b:64:2c:df:ab:80:c8:a5:
         92:aa:41:9d:fe:35:de:16:48:2f:80:cb:6c:ed:e6:d6:31:d8:
         21:6d:7e:42:04:34:6f:1c:3c:59:3e:19:9a:f2:d9:3a:d6:dd:
         d2:b9:97:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Ki41IbWaRm6lkQN1V5dD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDIzMTA0MTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmI1ZTE1MmU1NTk3NWQ5MmU5OGQ1ZjYyOTQzMGY5NjQ0NWFmNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOB61fwNxhFZbN/zzKRyI+JRbh5F
HRhZB2LnpCjU6hPOqZYVvcgSnc5Dg/uIWTWZzSNi3ICOLokYjiW2ce4J0DsT+KdI
PKSoIb+Mpp/+9oGaBd/vaqQe1T/KhVCDwXikbRq6fWLvBhD2Ipt/zniAgIVEiSiv
Dv1Y0YF1J2gsPmWOn/Mn41epfQ266P0u81NOwfJP/rD4EvSliPhJwlrENWAt07DE
68c3D3FzaTBN4L4mwdRyCxG5FpNSrsNMMeBXc1vUJpQNsKuNf4XmEXBssSxmGdPM
3Enm7h7t45Mzb+3p61paCCZOMGvGo2RPIM45CTJgpEaqt9EneOCEZv5XDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMu14VLlWXXZLpjV9ilDD5ZEWvYoMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEveTdYaFV1VlpkZGt1bU5YMktVTVBsa1JhOWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWpZAMA0G
CSqGSIb3DQEBCwUAA4IBAQAtoQGMJQGYIg8pvKu8E4Hk31JDPacgb9SIA0WveA1h
Xe0sK5/fwbueyEu9kC5VbuxdyYW+RW8tIvrvNfa5WkDwL8ZnVLLpuPR3l3MTtQjr
KNrtVuD1vhFZJfVc1chj/gXttJpSfQLfrtdj9VPi+OgWKjodM35U1KaYfg9Vy4C0
ULOfx/SsSrsIDiJLs6pDtv3R2/TsdrGWXLYbMH0oQHVPSVZI/8hygm6OwMJ2egCq
P2py6KGFJx4AnoIzxClk98CI/yA3A3X4Didkzucl9btoW2Qs36uAyKWSqkGd/jXe
FkgvgMts7ebWMdghbX5CBDRvHDxZPhma8tk61t3SuZeq
-----END CERTIFICATE-----