Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/CNY6yXWXgRVxZvk9zMGAEX-VCiI.roa
File:                     CNY6yXWXgRVxZvk9zMGAEX-VCiI.roa (raw, json)
Hash identifier:          oAcmAP8eaQ2say9VCiIgS1sskzd/482Y0xoD7eTMp44=
Subject key identifier:   08:D6:3A:C9:75:97:81:15:71:66:F9:3D:CC:C1:80:11:7F:95:0A:22
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018F819EE25726BB7BCA3AD728E6E8069BF5
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/CNY6yXWXgRVxZvk9zMGAEX-VCiI.roa
Signing time:             Thu 16 May 2024 13:37:04 +0000
ROA not before:           Thu 16 May 2024 13:37:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1072
IP address blocks:        193.118.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:9e:e2:57:26:bb:7b:ca:3a:d7:28:e6:e8:06:9b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: May 16 13:37:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08d63ac9759781157166f93dccc180117f950a22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:a0:19:56:7f:74:6b:61:2e:1b:0d:22:ef:
                    e7:85:37:66:82:99:84:c2:66:92:b1:ab:cd:4c:9b:
                    11:74:55:56:1f:32:19:c6:88:cb:ca:2e:a5:99:b6:
                    8d:86:02:3a:e8:51:7b:8b:5d:90:81:1c:ab:f6:5b:
                    b5:55:c7:3f:b4:ba:6f:a9:72:2e:81:ab:01:78:74:
                    f9:9e:8f:19:dc:75:98:ab:7a:ae:6c:f0:4e:6f:9c:
                    16:91:4a:bc:a1:a2:a8:bd:05:47:58:2c:f9:7c:ac:
                    4d:bc:93:3c:ed:3c:c0:db:ad:00:4f:90:30:73:25:
                    5e:aa:98:71:f8:1b:72:56:34:3e:2e:e5:33:61:94:
                    e5:ab:2c:88:74:66:c5:3f:a0:c4:15:4e:b2:f3:39:
                    e5:12:66:26:b4:fd:4c:8a:08:58:28:6b:1d:5b:13:
                    b5:12:bf:83:62:35:ca:f4:46:98:25:70:b3:e4:62:
                    d0:1a:c0:2e:c6:ac:b4:f2:49:6e:68:63:b0:d3:ce:
                    7a:7e:17:bb:a7:12:25:6a:ac:c0:95:2b:45:44:41:
                    c4:eb:ec:e8:cb:e6:62:21:ba:c0:9d:0c:a1:c1:11:
                    6f:1c:bf:27:fd:10:aa:30:33:07:56:5c:0e:6e:b7:
                    3c:4c:e8:e3:56:93:08:95:fc:7d:49:3b:a4:d3:fd:
                    94:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D6:3A:C9:75:97:81:15:71:66:F9:3D:CC:C1:80:11:7F:95:0A:22
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/CNY6yXWXgRVxZvk9zMGAEX-VCiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:72:ae:18:1e:72:93:11:b4:6f:90:99:27:53:cb:92:88:0f:
         f0:68:cf:1b:40:82:7c:32:04:71:c8:dd:53:19:64:ed:b7:16:
         f2:75:8f:93:80:de:5e:a3:e0:66:0a:c1:a0:ae:88:7a:79:95:
         df:ba:fe:32:33:f4:97:9a:7d:a5:0c:93:ac:84:e3:de:4d:ab:
         81:3b:bc:a0:e7:df:fa:d6:86:78:ab:36:b7:f9:c6:12:08:77:
         07:d7:82:33:20:b5:77:e9:f9:13:41:fe:3f:36:24:26:34:63:
         86:58:b0:ed:d0:ca:49:21:20:00:35:9f:ff:8d:20:02:12:94:
         c7:72:9e:6a:ea:d6:a0:55:94:a7:ab:a8:39:a5:96:a2:7f:99:
         05:ce:9c:b5:15:f2:12:5a:88:c0:26:a8:ff:ef:b1:17:a6:64:
         73:5d:01:c3:49:d8:0e:8b:f5:81:45:c5:fe:f6:72:7c:ba:02:
         02:91:4b:96:9b:f5:aa:1e:b2:fe:81:18:f8:8f:d1:56:2a:4b:
         0e:0f:c9:6b:24:91:ad:5c:85:e0:5b:48:22:a2:c6:8d:49:cc:
         a2:84:b7:2f:c6:4c:ad:fa:80:0d:28:ed:c6:19:48:a1:a5:37:
         86:87:f8:a0:3a:a4:e1:29:1c:7b:0b:86:b5:bc:d1:63:43:21:
         f5:98:c2:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+BnuJXJrt7yjrXKOboBpv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwNTE2MTMzNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ2M2FjOTc1OTc4MTE1NzE2NmY5M2RjY2MxODAxMTdmOTUwYTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLOgGVZ/dGthLhsNIu/nhTdmgpmE
wmaSsavNTJsRdFVWHzIZxojLyi6lmbaNhgI66FF7i12QgRyr9lu1Vcc/tLpvqXIu
gasBeHT5no8Z3HWYq3qubPBOb5wWkUq8oaKovQVHWCz5fKxNvJM87TzA260AT5Aw
cyVeqphx+BtyVjQ+LuUzYZTlqyyIdGbFP6DEFU6y8znlEmYmtP1MighYKGsdWxO1
Er+DYjXK9EaYJXCz5GLQGsAuxqy08kluaGOw0856fhe7pxIlaqzAlStFREHE6+zo
y+ZiIbrAnQyhwRFvHL8n/RCqMDMHVlwObrc8TOjjVpMIlfx9STuk0/2UUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjWOsl1l4EVcWb5PczBgBF/lQoiMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvQ05ZNnlYV1hnUlZ4WnZrOXpNR0FFWC1WQ2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXapMA0G
CSqGSIb3DQEBCwUAA4IBAQBMcq4YHnKTEbRvkJknU8uSiA/waM8bQIJ8MgRxyN1T
GWTttxbydY+TgN5eo+BmCsGgroh6eZXfuv4yM/SXmn2lDJOshOPeTauBO7yg59/6
1oZ4qza3+cYSCHcH14IzILV36fkTQf4/NiQmNGOGWLDt0MpJISAANZ//jSACEpTH
cp5q6tagVZSnq6g5pZaif5kFzpy1FfISWojAJqj/77EXpmRzXQHDSdgOi/WBRcX+
9nJ8ugICkUuWm/WqHrL+gRj4j9FWKksOD8lrJJGtXIXgW0giosaNScyihLcvxkyt
+oANKO3GGUihpTeGh/igOqThKRx7C4a1vNFjQyH1mMKx
-----END CERTIFICATE-----