Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/716a90-d295-4903-90f9-d8c7ef15511d/1/y_nZqXHPn2HlnciJ_84_7BcvojA.roa
File:                     y_nZqXHPn2HlnciJ_84_7BcvojA.roa (raw, json)
Hash identifier:          MnbIVabtIPXG1VuPcWUg/DHJeWnOhsqxzOwwHYwwsow=
Subject key identifier:   CB:F9:D9:A9:71:CF:9F:61:E5:9D:C8:89:FF:CE:3F:EC:17:2F:A2:30
Certificate issuer:       /CN=f344a9f3665084f5009921ac52d119750beed4b4
Certificate serial:       018CC94E30EB523A4D79192834E7D776DB1D
Authority key identifier: F3:44:A9:F3:66:50:84:F5:00:99:21:AC:52:D1:19:75:0B:EE:D4:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80Sp82ZQhPUAmSGsUtEZdQvu1LQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/716a90-d295-4903-90f9-d8c7ef15511d/1/y_nZqXHPn2HlnciJ_84_7BcvojA.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        194.13.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/716a90-d295-4903-90f9-d8c7ef15511d/1/80Sp82ZQhPUAmSGsUtEZdQvu1LQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/716a90-d295-4903-90f9-d8c7ef15511d/1/80Sp82ZQhPUAmSGsUtEZdQvu1LQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80Sp82ZQhPUAmSGsUtEZdQvu1LQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:30:eb:52:3a:4d:79:19:28:34:e7:d7:76:db:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f344a9f3665084f5009921ac52d119750beed4b4
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbf9d9a971cf9f61e59dc889ffce3fec172fa230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:89:87:8b:d8:15:82:29:c7:93:db:be:1c:
                    8c:b8:43:b4:d3:5e:d4:56:66:85:d9:c5:63:94:4e:
                    2a:2f:df:99:bc:3c:60:25:ea:7d:62:97:d9:e0:c3:
                    f6:89:c7:3b:4d:48:7e:33:b0:e1:ff:eb:cd:44:e2:
                    74:fc:55:b3:8b:7c:69:fe:ce:76:a9:fa:fd:87:09:
                    11:1f:5c:59:36:ff:8a:95:26:86:03:13:f9:b2:11:
                    db:ad:2c:ac:1a:9d:7e:47:6d:c7:87:fa:16:4f:3e:
                    c5:83:db:33:58:1b:07:a6:81:f2:9f:dc:41:b2:12:
                    2d:4a:30:11:95:95:89:82:38:2f:25:d3:ff:75:c7:
                    ac:01:ec:bd:70:ad:19:1d:33:8f:84:97:88:af:b6:
                    76:ef:1e:47:c8:ba:7a:6c:0a:6c:50:8f:63:dc:3e:
                    d1:34:63:62:24:44:f9:f8:3d:d9:bf:b9:50:d4:20:
                    65:2d:c7:2b:36:ee:7a:15:fd:49:97:eb:3a:bd:00:
                    0b:29:9a:ae:63:a9:85:95:57:a3:5c:f5:30:f2:a3:
                    e4:eb:b7:1f:39:29:f0:0d:6f:0c:f2:a3:a4:2b:59:
                    19:07:b5:00:05:d9:7a:3b:a1:9a:0b:bd:14:2d:56:
                    99:d8:38:54:98:c6:f7:a4:46:87:e3:bc:ed:e7:fa:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F9:D9:A9:71:CF:9F:61:E5:9D:C8:89:FF:CE:3F:EC:17:2F:A2:30
            X509v3 Authority Key Identifier:
                keyid:F3:44:A9:F3:66:50:84:F5:00:99:21:AC:52:D1:19:75:0B:EE:D4:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80Sp82ZQhPUAmSGsUtEZdQvu1LQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/716a90-d295-4903-90f9-d8c7ef15511d/1/y_nZqXHPn2HlnciJ_84_7BcvojA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/716a90-d295-4903-90f9-d8c7ef15511d/1/80Sp82ZQhPUAmSGsUtEZdQvu1LQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:75:3e:d2:24:8b:d1:8f:9f:05:85:67:6b:0e:16:62:41:bf:
         39:93:e4:15:2b:ca:d5:f8:fd:62:5b:45:14:fe:57:5c:8a:b8:
         13:3f:99:2a:c3:6c:48:f5:c8:b4:0d:4d:e7:2f:81:6e:b2:47:
         cf:d1:ee:1f:3f:13:ba:c1:6f:98:26:f9:aa:a7:cd:c3:49:65:
         e6:3c:fe:5c:8f:66:30:fe:49:e4:e1:f4:25:9f:6e:2d:a4:8f:
         2b:9b:d8:bc:59:68:33:01:47:17:d5:aa:e0:09:7b:da:9b:72:
         b7:c4:f3:cb:46:46:53:74:62:cd:3a:8b:83:fe:0f:ca:9b:45:
         71:e5:86:69:a6:8e:46:8e:be:d9:e1:fe:05:88:c4:e7:08:c7:
         8e:ff:90:d8:e1:27:db:60:7a:76:90:ad:3a:23:36:1a:f0:80:
         be:1f:e6:0a:1f:9c:3f:85:76:ac:df:ff:c6:c2:2c:3f:62:8d:
         06:1d:6a:a9:9a:53:96:5e:a1:02:a3:57:40:cb:bb:72:9b:f8:
         d4:cb:6a:41:20:01:88:ef:c6:7e:79:3b:de:d6:8b:78:c2:b3:
         9b:72:58:46:be:fc:40:79:8d:52:44:a8:5c:b7:c1:05:8c:76:
         d1:e6:ef:4a:bf:b1:d5:cd:a6:7e:26:43:72:c8:07:c4:ea:d8:
         12:4f:23:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjDrUjpNeRkoNOfXdtsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDRhOWYzNjY1MDg0ZjUwMDk5MjFhYzUyZDExOTc1MGJl
ZWQ0YjQwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmY5ZDlhOTcxY2Y5ZjYxZTU5ZGM4ODlmZmNlM2ZlYzE3MmZhMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoayJh4vYFYIpx5PbvhyMuEO0017U
VmaF2cVjlE4qL9+ZvDxgJep9YpfZ4MP2icc7TUh+M7Dh/+vNROJ0/FWzi3xp/s52
qfr9hwkRH1xZNv+KlSaGAxP5shHbrSysGp1+R23Hh/oWTz7Fg9szWBsHpoHyn9xB
shItSjARlZWJgjgvJdP/dcesAey9cK0ZHTOPhJeIr7Z27x5HyLp6bApsUI9j3D7R
NGNiJET5+D3Zv7lQ1CBlLccrNu56Ff1Jl+s6vQALKZquY6mFlVejXPUw8qPk67cf
OSnwDW8M8qOkK1kZB7UABdl6O6GaC70ULVaZ2DhUmMb3pEaH47zt5/oSNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMv52alxz59h5Z3Iif/OP+wXL6IwMB8GA1UdIwQY
MBaAFPNEqfNmUIT1AJkhrFLRGXUL7tS0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBTcDgyWlFoUFVBbVNHc1V0RVpkUXZ1MUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83MTZhOTAtZDI5NS00OTAzLTkwZjkt
ZDhjN2VmMTU1MTFkLzEveV9uWnFYSFBuMkhsbmNpSl84NF83QmN2b2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83MTZhOTAtZDI5NS00OTAzLTkwZjktZDhjN2VmMTU1MTFk
LzEvODBTcDgyWlFoUFVBbVNHc1V0RVpkUXZ1MUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwg10MA0G
CSqGSIb3DQEBCwUAA4IBAQAGdT7SJIvRj58FhWdrDhZiQb85k+QVK8rV+P1iW0UU
/ldcirgTP5kqw2xI9ci0DU3nL4FuskfP0e4fPxO6wW+YJvmqp83DSWXmPP5cj2Yw
/knk4fQln24tpI8rm9i8WWgzAUcX1argCXvam3K3xPPLRkZTdGLNOouD/g/Km0Vx
5YZppo5Gjr7Z4f4FiMTnCMeO/5DY4SfbYHp2kK06IzYa8IC+H+YKH5w/hXas3//G
wiw/Yo0GHWqpmlOWXqECo1dAy7tym/jUy2pBIAGI78Z+eTve1ot4wrObclhGvvxA
eY1SRKhct8EFjHbR5u9Kv7HVzaZ+JkNyyAfE6tgSTyPg
-----END CERTIFICATE-----