Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/yhnzhcohI1yi-v1t5snFuy3zosQ.roa
File:                     yhnzhcohI1yi-v1t5snFuy3zosQ.roa (raw, json)
Hash identifier:          Q5Nx5LWywrIzLDogpkc8GQdmdxKoZGwT+784F2ga5WI=
Subject key identifier:   CA:19:F3:85:CA:21:23:5C:A2:FA:FD:6D:E6:C9:C5:BB:2D:F3:A2:C4
Certificate issuer:       /CN=f3409b83d114c809211116ca2c8db38dce1680f9
Certificate serial:       018CC86F86E52B72B5CCBB4113062B1C7CBF
Authority key identifier: F3:40:9B:83:D1:14:C8:09:21:11:16:CA:2C:8D:B3:8D:CE:16:80:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80Cbg9EUyAkhERbKLI2zjc4WgPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/yhnzhcohI1yi-v1t5snFuy3zosQ.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212292
IP address blocks:        195.246.232.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/80Cbg9EUyAkhERbKLI2zjc4WgPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/80Cbg9EUyAkhERbKLI2zjc4WgPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80Cbg9EUyAkhERbKLI2zjc4WgPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:86:e5:2b:72:b5:cc:bb:41:13:06:2b:1c:7c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3409b83d114c809211116ca2c8db38dce1680f9
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca19f385ca21235ca2fafd6de6c9c5bb2df3a2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:2c:2c:c5:20:bd:c1:95:1d:a8:b7:6b:ec:07:
                    a0:6f:57:ec:7a:6c:6f:82:08:a3:d7:c9:66:91:88:
                    78:df:db:01:63:41:e8:a7:b9:81:4d:56:e7:9c:c2:
                    3b:48:e2:1e:fd:66:57:0f:60:88:67:47:2e:46:a5:
                    b5:11:47:40:1e:df:ce:22:e5:66:3c:c5:ae:d6:25:
                    8e:39:8f:c6:b4:ba:9f:a3:0b:d4:92:44:59:f7:ec:
                    c6:e1:b8:23:64:ea:d7:8a:f8:51:da:e2:66:50:1b:
                    2c:22:fc:3d:42:31:ef:99:d4:ac:da:76:bf:27:d7:
                    da:de:57:91:6e:9d:d0:12:f0:ab:d9:66:ed:8e:cd:
                    b0:88:d2:6d:e0:23:f0:ba:a4:68:df:6c:d8:fb:dc:
                    79:b3:a0:f0:f8:f9:c7:58:9e:fa:5c:0e:0f:f3:10:
                    e7:d5:c7:b9:6c:fa:80:dd:c4:87:14:d4:45:24:e1:
                    9e:06:a7:66:b3:e9:74:24:2f:6a:76:e1:aa:36:f9:
                    fa:d2:48:45:06:00:69:97:fa:8e:05:e6:50:42:3c:
                    12:54:86:52:5b:86:7a:b3:30:4c:53:8f:63:5b:bf:
                    83:4c:7c:87:c1:01:df:6b:35:58:e2:5c:93:da:51:
                    6a:1f:92:2d:5c:94:35:19:6c:37:88:bc:a4:cd:94:
                    27:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:19:F3:85:CA:21:23:5C:A2:FA:FD:6D:E6:C9:C5:BB:2D:F3:A2:C4
            X509v3 Authority Key Identifier:
                keyid:F3:40:9B:83:D1:14:C8:09:21:11:16:CA:2C:8D:B3:8D:CE:16:80:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80Cbg9EUyAkhERbKLI2zjc4WgPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/yhnzhcohI1yi-v1t5snFuy3zosQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c0afd4-e27f-41ca-bbe4-db78a0525797/1/80Cbg9EUyAkhERbKLI2zjc4WgPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:01:56:06:02:48:dd:4a:26:64:e8:df:0d:ca:22:f5:d2:d8:
         99:74:fe:35:ad:38:04:5c:9b:21:d3:64:d7:78:77:64:2e:9c:
         9d:9d:f3:3b:c0:b0:e1:9c:53:85:57:51:a9:2a:52:ba:74:17:
         73:79:21:d4:dd:66:83:55:8a:b0:aa:67:26:e9:2d:75:05:24:
         db:2a:be:72:b8:e6:e2:24:e0:4a:4a:38:61:f2:af:3b:95:f1:
         9b:ce:f6:f7:92:89:df:83:1c:bc:f1:2f:52:d3:c0:00:4d:5d:
         77:7d:d3:9e:28:fb:0b:9f:12:80:ed:ea:da:89:08:fe:46:a6:
         b7:a9:0c:45:ea:03:e9:87:6d:59:36:8c:68:10:2e:c8:52:b7:
         fa:df:9c:d6:57:fe:4d:10:24:bf:8a:57:cc:72:18:39:72:f7:
         46:30:d1:0f:8f:dd:2f:65:5e:d7:94:3a:24:80:41:b3:7c:a4:
         70:7f:23:ec:e8:99:a3:3e:d1:17:ec:62:bd:57:79:51:f4:8f:
         bc:51:d7:66:1a:75:e9:15:e1:c4:21:21:d5:dc:6c:90:62:84:
         7b:c4:ae:d7:5b:bd:dd:db:85:b0:f4:87:3b:62:1e:8d:04:45:
         26:24:a2:79:9d:ef:67:85:ae:e2:54:28:1d:14:cc:99:3e:da:
         dc:91:24:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4blK3K1zLtBEwYrHHy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDA5YjgzZDExNGM4MDkyMTExMTZjYTJjOGRiMzhkY2Ux
NjgwZjkwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE5ZjM4NWNhMjEyMzVjYTJmYWZkNmRlNmM5YzViYjJkZjNhMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8SwsxSC9wZUdqLdr7Aegb1fsemxv
ggij18lmkYh439sBY0Hop7mBTVbnnMI7SOIe/WZXD2CIZ0cuRqW1EUdAHt/OIuVm
PMWu1iWOOY/GtLqfowvUkkRZ9+zG4bgjZOrXivhR2uJmUBssIvw9QjHvmdSs2na/
J9fa3leRbp3QEvCr2Wbtjs2wiNJt4CPwuqRo32zY+9x5s6Dw+PnHWJ76XA4P8xDn
1ce5bPqA3cSHFNRFJOGeBqdms+l0JC9qduGqNvn60khFBgBpl/qOBeZQQjwSVIZS
W4Z6szBMU49jW7+DTHyHwQHfazVY4lyT2lFqH5ItXJQ1GWw3iLykzZQnJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoZ84XKISNcovr9bebJxbst86LEMB8GA1UdIwQY
MBaAFPNAm4PRFMgJIREWyiyNs43OFoD5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBDYmc5RVV5QWtoRVJiS0xJMnpqYzRXZ1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jMGFmZDQtZTI3Zi00MWNhLWJiZTQt
ZGI3OGEwNTI1Nzk3LzEveWhuemhjb2hJMXlpLXYxdDVzbkZ1eTN6b3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jMGFmZDQtZTI3Zi00MWNhLWJiZTQtZGI3OGEwNTI1Nzk3
LzEvODBDYmc5RVV5QWtoRVJiS0xJMnpqYzRXZ1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/boMA0G
CSqGSIb3DQEBCwUAA4IBAQCfAVYGAkjdSiZk6N8NyiL10tiZdP41rTgEXJsh02TX
eHdkLpydnfM7wLDhnFOFV1GpKlK6dBdzeSHU3WaDVYqwqmcm6S11BSTbKr5yuObi
JOBKSjhh8q87lfGbzvb3konfgxy88S9S08AATV13fdOeKPsLnxKA7eraiQj+Rqa3
qQxF6gPph21ZNoxoEC7IUrf635zWV/5NECS/ilfMchg5cvdGMNEPj90vZV7XlDok
gEGzfKRwfyPs6JmjPtEX7GK9V3lR9I+8UddmGnXpFeHEISHV3GyQYoR7xK7XW73d
24Ww9Ic7Yh6NBEUmJKJ5ne9nha7iVCgdFMyZPtrckSTT
-----END CERTIFICATE-----