Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/yLYPVLqD6-I1K7QZKN1qx3Or1_4.roa
File:                     yLYPVLqD6-I1K7QZKN1qx3Or1_4.roa (raw, json)
Hash identifier:          pVynJ/XEmpOGLXb2N7jQgEjQcn+TEpB9B2+/o0+YyHE=
Subject key identifier:   C8:B6:0F:54:BA:83:EB:E2:35:2B:B4:19:28:DD:6A:C7:73:AB:D7:FE
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       018F62CF0B22CBADB6DEEE1192B149B8E11E
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/yLYPVLqD6-I1K7QZKN1qx3Or1_4.roa
Signing time:             Fri 10 May 2024 14:01:26 +0000
ROA not before:           Fri 10 May 2024 14:01:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205516
IP address blocks:        193.106.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:cf:0b:22:cb:ad:b6:de:ee:11:92:b1:49:b8:e1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: May 10 14:01:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8b60f54ba83ebe2352bb41928dd6ac773abd7fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a0:ca:81:b7:4c:87:0b:8e:44:ab:a1:3c:0c:
                    de:79:9c:f9:e9:68:6f:b0:6d:2c:e2:ef:d2:58:fd:
                    ce:bf:69:6e:52:78:0f:36:f3:62:5a:c1:66:6a:0c:
                    63:24:bd:65:41:a9:2a:af:ca:92:81:ef:f1:95:42:
                    0e:20:d5:2e:1f:e3:e0:41:ed:71:69:e7:9f:ec:2e:
                    00:12:67:32:c9:16:1b:84:cf:90:cd:9b:61:c6:65:
                    bc:0b:c3:0f:a7:38:ee:64:de:dc:68:e1:a5:d9:9a:
                    c3:c0:fc:ed:ef:e6:06:ab:93:6b:9e:e4:5a:bc:db:
                    2a:6b:dd:ae:11:62:45:06:38:e9:fd:64:3e:fe:51:
                    8e:ad:96:c6:6d:0a:55:9f:c7:4c:4c:0e:a2:e1:a6:
                    b8:cd:4f:1f:db:2b:95:ac:b5:4d:f0:f7:c6:94:d0:
                    6c:4b:41:e5:3e:90:c8:0f:d9:0a:2a:73:d3:5c:1d:
                    49:69:a6:4f:41:1d:9b:83:19:a2:22:5d:34:81:e2:
                    15:41:f6:15:02:a3:6e:36:55:87:7a:af:e9:12:2b:
                    3e:9a:d3:53:75:a0:09:a5:45:ac:6b:14:a9:42:23:
                    7b:66:a4:0c:68:06:14:6b:1a:a1:65:10:6f:38:d4:
                    48:b9:bb:33:fd:6f:32:0e:05:26:84:98:4f:b6:8b:
                    8d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B6:0F:54:BA:83:EB:E2:35:2B:B4:19:28:DD:6A:C7:73:AB:D7:FE
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/yLYPVLqD6-I1K7QZKN1qx3Or1_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a9:9a:e2:6d:63:d2:3f:09:85:ee:cd:4b:a0:f7:d4:39:83:
         04:90:91:5c:07:24:e3:40:f3:b4:6d:82:13:c5:0a:9e:95:19:
         e9:45:b9:b8:9b:cc:55:78:6b:a0:44:de:3b:85:d3:16:5a:16:
         2d:29:1a:58:75:dc:35:ad:f8:74:7c:59:2b:94:3f:e1:04:17:
         f3:3a:12:5a:97:46:14:d6:39:f0:7d:96:7d:66:f5:70:d7:72:
         1b:e4:37:2b:93:33:09:3a:44:f6:68:39:82:cf:6c:02:7e:b9:
         10:aa:6a:c7:91:2b:ac:b9:d8:9a:38:10:5c:8d:c5:3e:5b:1d:
         45:26:1a:43:e8:ee:29:39:36:08:d3:19:d3:3e:65:50:a4:7a:
         e8:c3:65:2e:8f:43:f8:a4:72:f3:24:5b:ff:2b:93:46:c0:06:
         79:7d:76:f3:e3:e6:57:46:dc:9a:05:ef:df:d8:22:21:f7:aa:
         3c:bd:1d:a8:7a:1d:06:1c:b5:64:3b:f1:c8:7b:a7:65:0b:12:
         6e:4a:31:f7:81:66:4e:17:cb:1b:86:58:81:76:b7:c0:0c:d8:
         9e:e4:f6:6c:55:c1:da:87:66:52:87:cf:6b:e8:f0:49:e4:87:
         76:94:62:9e:d7:03:f4:38:9e:19:f2:19:8a:14:31:a6:7f:88:
         eb:db:3a:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9izwsiy6223u4RkrFJuOEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjQwNTEwMTQwMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI2MGY1NGJhODNlYmUyMzUyYmI0MTkyOGRkNmFjNzczYWJkN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6DKgbdMhwuORKuhPAzeeZz56Whv
sG0s4u/SWP3Ov2luUngPNvNiWsFmagxjJL1lQakqr8qSge/xlUIOINUuH+PgQe1x
aeef7C4AEmcyyRYbhM+QzZthxmW8C8MPpzjuZN7caOGl2ZrDwPzt7+YGq5NrnuRa
vNsqa92uEWJFBjjp/WQ+/lGOrZbGbQpVn8dMTA6i4aa4zU8f2yuVrLVN8PfGlNBs
S0HlPpDID9kKKnPTXB1JaaZPQR2bgxmiIl00geIVQfYVAqNuNlWHeq/pEis+mtNT
daAJpUWsaxSpQiN7ZqQMaAYUaxqhZRBvONRIubsz/W8yDgUmhJhPtouNIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi2D1S6g+viNSu0GSjdasdzq9f+MB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEveUxZUFZMcUQ2LUkxSzdRWktOMXF4M09yMV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWpjMA0G
CSqGSIb3DQEBCwUAA4IBAQAYqZribWPSPwmF7s1LoPfUOYMEkJFcByTjQPO0bYIT
xQqelRnpRbm4m8xVeGugRN47hdMWWhYtKRpYddw1rfh0fFkrlD/hBBfzOhJal0YU
1jnwfZZ9ZvVw13Ib5DcrkzMJOkT2aDmCz2wCfrkQqmrHkSusudiaOBBcjcU+Wx1F
JhpD6O4pOTYI0xnTPmVQpHrow2Uuj0P4pHLzJFv/K5NGwAZ5fXbz4+ZXRtyaBe/f
2CIh96o8vR2oeh0GHLVkO/HIe6dlCxJuSjH3gWZOF8sbhliBdrfADNie5PZsVcHa
h2ZSh89r6PBJ5Id2lGKe1wP0OJ4Z8hmKFDGmf4jr2zqh
-----END CERTIFICATE-----