Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Y0xLMOZiSdfcVmbjJStvrz20xf4.roa
File:                     Y0xLMOZiSdfcVmbjJStvrz20xf4.roa (raw, json)
Hash identifier:          5AASr8o921HziSh9QDL2oX2u55tx2QMOjKt8usVkT+s=
Subject key identifier:   63:4C:4B:30:E6:62:49:D7:DC:56:66:E3:25:2B:6F:AF:3D:B4:C5:FE
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DAF6FC062DE8C948182A4CF30477
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Y0xLMOZiSdfcVmbjJStvrz20xf4.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48318
IP address blocks:        194.209.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:da:f6:fc:06:2d:e8:c9:48:18:2a:4c:f3:04:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=634c4b30e66249d7dc5666e3252b6faf3db4c5fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cc:37:a8:99:71:bb:a8:7e:72:29:ac:6f:80:
                    55:0b:a5:11:7b:5a:0b:2d:66:cb:bf:70:23:65:d7:
                    be:42:c7:f4:3b:87:1e:35:da:ee:6b:e5:e9:72:bf:
                    de:e7:6c:b3:57:77:c2:cc:ab:80:87:04:1a:ac:f3:
                    1d:ba:e0:8a:23:97:6b:a7:11:42:ff:90:36:0c:2a:
                    f0:61:6a:d0:71:12:6b:85:30:d9:32:2a:0a:f1:69:
                    00:51:e9:a6:22:7e:57:e9:ba:56:d5:02:9e:e1:b2:
                    b9:a6:b3:bc:3b:de:c4:a7:46:22:62:77:9f:26:83:
                    34:bb:be:40:2e:6c:53:61:64:df:29:62:39:5e:37:
                    df:d6:46:1b:5b:73:59:aa:20:ff:10:a5:89:3b:66:
                    ef:d5:fc:6e:5c:30:44:49:53:c8:91:80:05:fb:37:
                    65:36:19:60:20:cf:f2:35:ea:28:b7:38:2b:f1:b6:
                    be:39:3f:6e:38:bc:40:2f:d0:db:f3:1a:c8:27:df:
                    cd:cf:98:02:a2:9b:de:d7:6e:89:b9:c2:a0:35:bc:
                    42:68:e2:91:09:2f:11:17:2c:cc:93:f0:15:cb:8d:
                    44:33:09:83:5f:4b:16:61:42:1d:ca:5c:b0:cb:df:
                    8f:66:a9:9d:6c:d0:d3:89:26:46:a5:c7:96:3c:02:
                    9c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:4C:4B:30:E6:62:49:D7:DC:56:66:E3:25:2B:6F:AF:3D:B4:C5:FE
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Y0xLMOZiSdfcVmbjJStvrz20xf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:da:df:dd:29:64:ec:eb:f0:6c:33:46:c0:69:fe:e8:ce:56:
         fc:2a:63:1d:27:d1:60:15:8a:e5:6b:3c:6c:57:a5:90:1c:13:
         3e:ee:c9:ed:2f:64:a4:24:42:da:d1:16:c9:03:55:f2:09:a3:
         b1:e8:34:32:dc:a9:78:63:74:2d:48:f7:76:de:a5:62:94:96:
         ca:c7:59:3a:5b:79:f9:c9:14:ec:0c:3e:5d:d3:f7:83:9a:b8:
         89:d3:75:7e:79:d2:bb:05:10:f8:a5:d6:79:18:d0:de:b5:1e:
         71:1f:9b:d9:69:03:35:3b:7c:8e:59:04:d6:75:ac:32:de:2d:
         63:ee:e2:85:f3:b4:cd:b5:bd:82:92:61:22:e1:80:0b:de:0d:
         0a:19:33:9c:3b:73:0a:1e:5b:09:1b:9d:f9:96:51:b6:d9:75:
         83:e8:62:b7:a6:05:0e:98:98:df:1f:e8:41:eb:ae:e7:3a:67:
         b7:f1:cc:f3:99:0d:b9:61:f1:36:f7:14:08:1a:72:7d:2d:a7:
         8f:b6:31:cc:25:da:0e:f6:6c:c2:9a:2a:aa:f1:a4:3e:a0:90:
         bc:3f:0c:06:be:c1:35:94:cc:4e:0d:1e:af:df:05:9e:88:75:
         1f:c8:6d:20:7d:87:e8:09:60:73:9e:5d:03:20:b4:58:c1:a6:
         b8:a4:c8:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNr2/AYt6MlIGCpM8wR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzRjNGIzMGU2NjI0OWQ3ZGM1NjY2ZTMyNTJiNmZhZjNkYjRjNWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8w3qJlxu6h+cimsb4BVC6URe1oL
LWbLv3AjZde+Qsf0O4ceNdrua+Xpcr/e52yzV3fCzKuAhwQarPMduuCKI5drpxFC
/5A2DCrwYWrQcRJrhTDZMioK8WkAUemmIn5X6bpW1QKe4bK5prO8O97Ep0YiYnef
JoM0u75ALmxTYWTfKWI5Xjff1kYbW3NZqiD/EKWJO2bv1fxuXDBESVPIkYAF+zdl
NhlgIM/yNeootzgr8ba+OT9uOLxAL9Db8xrIJ9/Nz5gCopve126JucKgNbxCaOKR
CS8RFyzMk/AVy41EMwmDX0sWYUIdylywy9+PZqmdbNDTiSZGpceWPAKcwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNMSzDmYknX3FZm4yUrb689tMX+MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvWTB4TE1PWmlTZGZjVm1iakpTdHZyejIweGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtHjMA0G
CSqGSIb3DQEBCwUAA4IBAQAx2t/dKWTs6/BsM0bAaf7ozlb8KmMdJ9FgFYrlazxs
V6WQHBM+7sntL2SkJELa0RbJA1XyCaOx6DQy3Kl4Y3QtSPd23qVilJbKx1k6W3n5
yRTsDD5d0/eDmriJ03V+edK7BRD4pdZ5GNDetR5xH5vZaQM1O3yOWQTWdawy3i1j
7uKF87TNtb2CkmEi4YAL3g0KGTOcO3MKHlsJG535llG22XWD6GK3pgUOmJjfH+hB
667nOme38czzmQ25YfE29xQIGnJ9LaePtjHMJdoO9mzCmiqq8aQ+oJC8PwwGvsE1
lMxODR6v3wWeiHUfyG0gfYfoCWBznl0DILRYwaa4pMi2
-----END CERTIFICATE-----