Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/yV-5d2bEsy2B4rMXoK3Ys4VN4Tc.roa
File:                     yV-5d2bEsy2B4rMXoK3Ys4VN4Tc.roa (raw, json)
Hash identifier:          gpS9evnYLKVSFDh5v3DMR7makkyyxrSxS25Bu0CqIAQ=
Subject key identifier:   C9:5F:B9:77:66:C4:B3:2D:81:E2:B3:17:A0:AD:D8:B3:85:4D:E1:37
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018CC726621DD544167D763EF44B59F1F20E
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/yV-5d2bEsy2B4rMXoK3Ys4VN4Tc.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205771
IP address blocks:        89.21.65.0/24 maxlen: 24
                          128.127.149.0/24 maxlen: 24
                          128.127.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:62:1d:d5:44:16:7d:76:3e:f4:4b:59:f1:f2:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c95fb97766c4b32d81e2b317a0add8b3854de137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f8:ac:f4:ab:3c:67:60:b4:92:c8:a4:cd:63:
                    8a:0c:4f:9e:47:26:db:d6:b8:34:54:22:09:3e:de:
                    69:2d:73:2f:d4:3b:24:11:f9:7f:90:c9:fb:fc:e7:
                    ec:4b:52:35:c7:9e:e8:a0:9c:44:79:d7:d8:c9:73:
                    96:ba:32:9c:8f:9f:7a:84:77:91:69:af:59:6d:2c:
                    46:48:4d:ff:5e:61:71:ca:dd:6e:84:3c:81:78:9b:
                    96:42:d6:0a:eb:b9:c1:4a:eb:66:63:5b:4d:94:79:
                    0f:d1:f0:04:1a:47:c5:e4:f5:35:6d:a0:69:38:ed:
                    0f:dc:62:97:33:f1:c2:7f:69:57:ef:4d:1d:84:81:
                    20:01:b8:f0:dc:23:a1:b1:9c:c5:30:43:ae:9c:78:
                    d3:12:f9:a4:87:65:48:b3:88:e8:0c:f3:7a:a8:ab:
                    5b:55:7b:40:25:62:9a:8a:bf:b9:25:44:15:7d:6f:
                    9a:9c:e1:5d:67:20:bd:fc:2d:7d:41:5a:98:f7:07:
                    70:02:f8:f6:77:5e:f8:75:34:c8:2e:7a:e2:11:fc:
                    7c:70:18:cd:d2:d9:25:ab:e6:09:89:aa:e9:84:21:
                    a9:2c:6e:45:eb:da:c8:d0:b9:5f:ce:91:40:51:79:
                    97:d7:80:2e:45:08:5d:c2:45:0a:5d:6e:bb:da:f9:
                    08:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5F:B9:77:66:C4:B3:2D:81:E2:B3:17:A0:AD:D8:B3:85:4D:E1:37
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/yV-5d2bEsy2B4rMXoK3Ys4VN4Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.65.0/24
                  128.127.149.0-128.127.150.255

    Signature Algorithm: sha256WithRSAEncryption
         48:55:4f:47:8d:53:b8:9e:1c:85:58:33:7f:90:88:44:7b:d1:
         6f:b7:3f:75:56:2e:51:90:3e:c6:73:46:b5:c7:0e:4c:f0:da:
         81:de:34:58:90:b3:69:fd:42:37:5a:d1:c6:77:ad:39:19:cb:
         95:22:15:64:ad:87:68:1d:80:dd:3b:d4:46:2a:72:04:73:06:
         d5:1e:bf:8c:e4:d3:70:f1:f3:3a:f9:7b:aa:fb:aa:d4:48:6c:
         c7:60:63:7f:e3:ea:7d:1f:bd:ce:a2:87:a4:3f:1f:c1:55:1a:
         76:e5:f4:a8:50:38:d4:8f:33:9c:bb:61:f8:bc:65:b5:6b:c0:
         e8:cf:1f:06:c0:39:2b:34:98:cf:77:21:eb:10:e0:db:d3:ad:
         c7:91:f2:1e:19:56:31:e1:33:19:b6:55:d1:62:d1:a3:26:00:
         44:28:c5:c2:db:71:88:66:dc:5b:5e:22:fa:97:74:12:4c:27:
         e9:40:f2:16:ab:47:b8:0f:95:12:18:b7:9b:21:5a:2b:98:9c:
         49:ba:b2:bb:c8:90:f5:5c:c2:e1:dc:05:ab:b6:3f:39:05:b9:
         91:66:b7:79:93:41:e3:d0:11:f5:4e:8d:47:f1:d9:c3:cd:45:
         c4:ad:85:be:96:33:f5:03:4d:41:b3:e6:77:14:3b:9a:a5:6e:
         8e:54:2a:04
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHJmId1UQWfXY+9EtZ8fIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVmYjk3NzY2YzRiMzJkODFlMmIzMTdhMGFkZDhiMzg1NGRlMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfis9Ks8Z2C0ksikzWOKDE+eRybb
1rg0VCIJPt5pLXMv1DskEfl/kMn7/OfsS1I1x57ooJxEedfYyXOWujKcj596hHeR
aa9ZbSxGSE3/XmFxyt1uhDyBeJuWQtYK67nBSutmY1tNlHkP0fAEGkfF5PU1baBp
OO0P3GKXM/HCf2lX700dhIEgAbjw3COhsZzFMEOunHjTEvmkh2VIs4joDPN6qKtb
VXtAJWKair+5JUQVfW+anOFdZyC9/C19QVqY9wdwAvj2d174dTTILnriEfx8cBjN
0tklq+YJiarphCGpLG5F69rI0LlfzpFAUXmX14AuRQhdwkUKXW672vkI5QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMlfuXdmxLMtgeKzF6Ct2LOFTeE3MB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEveVYtNWQyYkVzeTJCNHJNWG9LM1lzNFZONFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWRVBMAwD
BACAf5UDBACAf5YwDQYJKoZIhvcNAQELBQADggEBAEhVT0eNU7ieHIVYM3+QiER7
0W+3P3VWLlGQPsZzRrXHDkzw2oHeNFiQs2n9Qjda0cZ3rTkZy5UiFWSth2gdgN07
1EYqcgRzBtUev4zk03Dx8zr5e6r7qtRIbMdgY3/j6n0fvc6ih6Q/H8FVGnbl9KhQ
ONSPM5y7Yfi8ZbVrwOjPHwbAOSs0mM93IesQ4NvTrceR8h4ZVjHhMxm2VdFi0aMm
AEQoxcLbcYhm3FteIvqXdBJMJ+lA8harR7gPlRIYt5shWiuYnEm6srvIkPVcwuHc
Bau2PzkFuZFmt3mTQePQEfVOjUfx2cPNRcSthb6WM/UDTUGz5ncUO5qlbo5UKgQ=
-----END CERTIFICATE-----