Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/8bcaba-38ad-4051-b414-94d37e9595c1/1/R6tvJUwCzy5yZ2zHoSKSQsd2tgI.roa
File:                     R6tvJUwCzy5yZ2zHoSKSQsd2tgI.roa (raw, json)
Hash identifier:          a0AhFSl9XV1oYp2vtUH4AN506zL11Zoc40m8ixL61xU=
Subject key identifier:   47:AB:6F:25:4C:02:CF:2E:72:67:6C:C7:A1:22:92:42:C7:76:B6:02
Certificate issuer:       /CN=3d8afec17a41b39dbf69013eca167bdf63aa865d
Certificate serial:       018CC26D5416B08B1DED9DBCFD251D519079
Authority key identifier: 3D:8A:FE:C1:7A:41:B3:9D:BF:69:01:3E:CA:16:7B:DF:63:AA:86:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYr-wXpBs52_aQE-yhZ732Oqhl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/8bcaba-38ad-4051-b414-94d37e9595c1/1/R6tvJUwCzy5yZ2zHoSKSQsd2tgI.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41337
IP address blocks:        194.9.2.0/23 maxlen: 23
                          2a07:2fc0::/48 maxlen: 48
                          2a07:2fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/8bcaba-38ad-4051-b414-94d37e9595c1/1/PYr-wXpBs52_aQE-yhZ732Oqhl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/8bcaba-38ad-4051-b414-94d37e9595c1/1/PYr-wXpBs52_aQE-yhZ732Oqhl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYr-wXpBs52_aQE-yhZ732Oqhl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:54:16:b0:8b:1d:ed:9d:bc:fd:25:1d:51:90:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8afec17a41b39dbf69013eca167bdf63aa865d
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47ab6f254c02cf2e72676cc7a1229242c776b602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e4:f3:a3:b3:e6:b8:9a:1b:f7:35:fa:78:ab:
                    31:c2:9c:06:c0:81:d0:07:be:7f:1a:76:35:68:61:
                    11:54:ae:89:e0:66:4c:26:07:65:78:32:72:7f:4d:
                    72:a8:74:44:93:ac:93:95:a3:ec:12:ec:61:a8:f1:
                    76:69:f4:be:c8:c4:5a:50:15:4f:a6:d8:7f:0b:38:
                    ce:c3:c0:48:38:d2:fa:64:85:01:c4:7f:a4:0c:4e:
                    e8:7b:f2:f7:fa:29:41:82:5d:ba:1b:17:ac:3e:77:
                    98:87:12:9e:57:54:fa:1f:96:61:4a:37:6b:a0:9e:
                    f0:fd:e2:1b:61:a0:15:db:47:18:1f:4a:93:de:37:
                    7e:4c:be:e7:ac:bf:c5:20:4b:e7:9b:65:89:94:9a:
                    c6:6f:a2:2b:48:0f:d4:63:db:0e:aa:00:99:47:cd:
                    03:1e:bc:07:f9:25:80:a0:90:1e:0c:35:c5:27:ce:
                    63:40:57:20:e4:96:f6:e4:ad:7c:9e:81:1d:2f:65:
                    77:15:2d:99:3e:d3:20:b8:2b:ef:76:f2:de:a0:1c:
                    93:7a:9a:79:62:1c:90:85:ea:bc:91:00:2f:2a:cb:
                    f0:2d:0a:40:83:c0:3e:51:65:66:87:9b:92:7d:96:
                    e8:76:aa:c2:4b:c6:3f:c1:f6:45:b9:9b:53:ba:1d:
                    cf:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:AB:6F:25:4C:02:CF:2E:72:67:6C:C7:A1:22:92:42:C7:76:B6:02
            X509v3 Authority Key Identifier:
                keyid:3D:8A:FE:C1:7A:41:B3:9D:BF:69:01:3E:CA:16:7B:DF:63:AA:86:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYr-wXpBs52_aQE-yhZ732Oqhl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/8bcaba-38ad-4051-b414-94d37e9595c1/1/R6tvJUwCzy5yZ2zHoSKSQsd2tgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/8bcaba-38ad-4051-b414-94d37e9595c1/1/PYr-wXpBs52_aQE-yhZ732Oqhl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.2.0/23
                IPv6:
                  2a07:2fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         e8:53:c9:36:0e:3d:20:36:5f:2c:83:ba:95:37:1f:9a:c6:43:
         1b:61:67:e5:5e:18:79:02:73:67:0e:8a:49:d4:ef:91:4b:03:
         96:5f:11:e4:79:a2:ed:e6:b9:6e:ec:1e:f7:db:a5:51:1c:7b:
         c6:7c:86:5a:6e:69:2e:f4:9e:73:cb:9b:3f:07:8f:27:aa:f0:
         34:81:97:f0:db:70:a4:11:45:60:e8:0e:27:f2:01:22:01:31:
         17:75:e5:6b:41:c3:21:07:da:52:7f:fa:ef:e8:8b:0c:81:8b:
         31:af:55:d9:41:d8:29:a9:0b:de:7c:0d:d1:44:8f:08:e5:22:
         8d:c3:41:4f:ff:d2:9a:d2:54:d2:c3:67:a0:b4:4e:c6:58:1e:
         58:35:9d:ca:f5:5a:1a:0e:1a:6d:74:7a:1a:ad:a3:63:25:3b:
         2c:d1:01:9a:84:08:f5:08:29:51:23:ba:c9:1f:02:2f:0e:85:
         9e:60:2f:5b:2f:40:53:a4:88:44:cf:8c:65:80:d4:23:b2:f9:
         f3:a5:37:95:36:93:d1:b5:d0:43:09:53:11:76:b1:f6:43:d8:
         4b:a6:3c:ac:92:7e:f3:af:0f:c6:dd:dc:b8:ab:b4:6a:67:a5:
         aa:b3:38:82:b2:04:86:5c:9e:a7:ab:07:10:3f:b2:ca:61:d1:
         83:29:37:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbVQWsIsd7Z28/SUdUZB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGFmZWMxN2E0MWIzOWRiZjY5MDEzZWNhMTY3YmRmNjNh
YTg2NWQwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2FiNmYyNTRjMDJjZjJlNzI2NzZjYzdhMTIyOTI0MmM3NzZiNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOTzo7PmuJob9zX6eKsxwpwGwIHQ
B75/GnY1aGERVK6J4GZMJgdleDJyf01yqHREk6yTlaPsEuxhqPF2afS+yMRaUBVP
pth/CzjOw8BIONL6ZIUBxH+kDE7oe/L3+ilBgl26GxesPneYhxKeV1T6H5ZhSjdr
oJ7w/eIbYaAV20cYH0qT3jd+TL7nrL/FIEvnm2WJlJrGb6IrSA/UY9sOqgCZR80D
HrwH+SWAoJAeDDXFJ85jQFcg5Jb25K18noEdL2V3FS2ZPtMguCvvdvLeoByTepp5
YhyQheq8kQAvKsvwLQpAg8A+UWVmh5uSfZbodqrCS8Y/wfZFuZtTuh3PowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEerbyVMAs8ucmdsx6EikkLHdrYCMB8GA1UdIwQY
MBaAFD2K/sF6QbOdv2kBPsoWe99jqoZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlyLXdYcEJzNTJfYVFFLXloWjczMk9xaGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy84YmNhYmEtMzhhZC00MDUxLWI0MTQt
OTRkMzdlOTU5NWMxLzEvUjZ0dkpVd0N6eTV5WjJ6SG9TS1NRc2QydGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy84YmNhYmEtMzhhZC00MDUxLWI0MTQtOTRkMzdlOTU5NWMx
LzEvUFlyLXdYcEJzNTJfYVFFLXloWjczMk9xaGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwgkCMA0E
AgACMAcDBQMqBy/AMA0GCSqGSIb3DQEBCwUAA4IBAQDoU8k2Dj0gNl8sg7qVNx+a
xkMbYWflXhh5AnNnDopJ1O+RSwOWXxHkeaLt5rlu7B7326VRHHvGfIZabmku9J5z
y5s/B48nqvA0gZfw23CkEUVg6A4n8gEiATEXdeVrQcMhB9pSf/rv6IsMgYsxr1XZ
QdgpqQvefA3RRI8I5SKNw0FP/9Ka0lTSw2egtE7GWB5YNZ3K9VoaDhptdHoaraNj
JTss0QGahAj1CClRI7rJHwIvDoWeYC9bL0BTpIhEz4xlgNQjsvnzpTeVNpPRtdBD
CVMRdrH2Q9hLpjyskn7zrw/G3dy4q7RqZ6WqsziCsgSGXJ6nqwcQP7LKYdGDKTdf
-----END CERTIFICATE-----