Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/YXm5y-WOgIFgpIBoOkw5Gb-LiE4.roa
File:                     YXm5y-WOgIFgpIBoOkw5Gb-LiE4.roa (raw, json)
Hash identifier:          KQh0AHwc0Xmc3z/+bh2TpMj4l+e4GV4oZo0Y4NqRYTk=
Subject key identifier:   61:79:B9:CB:E5:8E:80:81:60:A4:80:68:3A:4C:39:19:BF:8B:88:4E
Certificate issuer:       /CN=b31f0671f399e4da20a48bd327c47afa4a41ffc3
Certificate serial:       018CC3B68CB5284832C52F3E850C0FEC757D
Authority key identifier: B3:1F:06:71:F3:99:E4:DA:20:A4:8B:D3:27:C4:7A:FA:4A:41:FF:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/YXm5y-WOgIFgpIBoOkw5Gb-LiE4.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        147.231.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8c:b5:28:48:32:c5:2f:3e:85:0c:0f:ec:75:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31f0671f399e4da20a48bd327c47afa4a41ffc3
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6179b9cbe58e808160a480683a4c3919bf8b884e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d5:2b:4d:d3:fc:88:3d:50:bf:c8:db:9c:0d:
                    b4:dd:44:e4:22:9c:78:4e:8f:79:9c:d0:e9:0d:79:
                    16:79:de:43:59:c8:7b:53:5c:74:54:d0:e8:0d:d6:
                    49:06:f3:0f:54:aa:a9:47:3e:6a:0c:56:90:65:34:
                    1a:a3:ef:60:c1:26:cf:44:64:ce:cf:a3:f7:f1:b2:
                    52:47:cf:59:d9:03:28:40:c2:41:11:04:e6:42:25:
                    cd:3d:ac:31:6a:df:3f:01:3d:ab:fb:a5:23:7d:a5:
                    a3:d4:a9:a2:44:36:15:e9:11:52:68:19:d7:23:83:
                    10:62:da:71:08:01:9c:6d:0c:df:22:41:d9:1e:41:
                    e5:6a:0a:4b:02:9f:7c:70:51:16:a1:62:0e:01:0b:
                    ea:bc:ce:85:26:21:01:d7:06:63:37:43:4f:74:82:
                    78:70:65:28:04:ee:82:e3:2d:c9:76:c5:04:13:90:
                    19:96:f5:83:cc:dc:51:ee:04:19:c0:68:9d:bc:75:
                    34:c5:99:9b:f5:b7:5b:79:e5:69:ea:e8:8f:4a:7c:
                    1e:c3:bc:e8:ca:72:f7:9b:0f:86:80:c1:69:a9:ea:
                    c9:51:4a:03:a8:2c:21:b2:4b:57:45:d5:51:72:cf:
                    f1:31:4d:2c:69:e6:2c:87:be:f0:43:00:b6:67:75:
                    1f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:79:B9:CB:E5:8E:80:81:60:A4:80:68:3A:4C:39:19:BF:8B:88:4E
            X509v3 Authority Key Identifier:
                keyid:B3:1F:06:71:F3:99:E4:DA:20:A4:8B:D3:27:C4:7A:FA:4A:41:FF:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/YXm5y-WOgIFgpIBoOkw5Gb-LiE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.231.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         55:08:c6:28:31:a5:c2:b5:63:97:fa:55:81:0f:ea:09:2a:9e:
         e1:03:3b:f5:59:21:f8:c4:0e:1d:3f:ab:5b:24:b5:15:d7:a8:
         33:3b:e2:09:ec:82:07:37:7b:5a:da:aa:8e:66:c4:ac:bc:70:
         1f:03:71:83:59:ce:25:69:d7:ea:8a:8f:9d:24:c2:60:78:8c:
         89:b0:5d:c2:5c:9a:48:99:d2:cb:97:4f:a9:8d:84:b8:ad:e6:
         6f:54:d3:54:ab:fe:7b:c7:a3:08:bd:02:35:e5:d8:fa:e5:b8:
         76:0d:0f:c6:83:49:1c:c7:e5:87:00:4e:11:d5:17:76:9f:ff:
         62:79:1d:03:6f:ab:05:da:1e:1f:87:91:ae:d1:ef:39:6a:5e:
         0e:5c:0e:18:d6:83:d4:54:57:2f:41:df:6a:8f:20:ec:25:03:
         4b:06:34:1b:ec:e8:86:0f:7f:9d:3e:a4:06:4a:b3:86:74:a8:
         80:bf:5e:36:b2:52:c4:57:05:b6:71:1a:24:2b:ed:ca:6f:1e:
         ec:27:73:e6:08:12:f4:5b:d4:5b:a4:f6:c5:b2:3a:56:9c:44:
         cc:e3:9e:8f:e2:0b:06:9f:e0:95:b5:5a:c6:6f:73:e9:05:5b:
         cd:73:13:9c:14:30:d3:ae:21:e4:a6:17:db:7a:6b:fc:13:f5:
         e5:83:d7:d5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtoy1KEgyxS8+hQwP7HV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWYwNjcxZjM5OWU0ZGEyMGE0OGJkMzI3YzQ3YWZhNGE0
MWZmYzMwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc5YjljYmU1OGU4MDgxNjBhNDgwNjgzYTRjMzkxOWJmOGI4ODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdUrTdP8iD1Qv8jbnA203UTkIpx4
To95nNDpDXkWed5DWch7U1x0VNDoDdZJBvMPVKqpRz5qDFaQZTQao+9gwSbPRGTO
z6P38bJSR89Z2QMoQMJBEQTmQiXNPawxat8/AT2r+6UjfaWj1KmiRDYV6RFSaBnX
I4MQYtpxCAGcbQzfIkHZHkHlagpLAp98cFEWoWIOAQvqvM6FJiEB1wZjN0NPdIJ4
cGUoBO6C4y3JdsUEE5AZlvWDzNxR7gQZwGidvHU0xZmb9bdbeeVp6uiPSnwew7zo
ynL3mw+GgMFpqerJUUoDqCwhsktXRdVRcs/xMU0saeYsh77wQwC2Z3Uf1QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGF5ucvljoCBYKSAaDpMORm/i4hOMB8GA1UdIwQY
MBaAFLMfBnHzmeTaIKSL0yfEevpKQf/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3g4R2NmT1o1Tm9ncEl2VEo4UjYta3BCXzhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC84NzhhMWMtYTdhMC00ZmQxLTk4YTAt
MzNlNDQ2MjFkYjA3LzEvWVhtNXktV09nSUZncElCb09rdzVHYi1MaUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC84NzhhMWMtYTdhMC00ZmQxLTk4YTAtMzNlNDQ2MjFkYjA3
LzEvc3g4R2NmT1o1Tm9ncEl2VEo4UjYta3BCXzhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk+cwDQYJ
KoZIhvcNAQELBQADggEBAFUIxigxpcK1Y5f6VYEP6gkqnuEDO/VZIfjEDh0/q1sk
tRXXqDM74gnsggc3e1raqo5mxKy8cB8DcYNZziVp1+qKj50kwmB4jImwXcJcmkiZ
0suXT6mNhLit5m9U01Sr/nvHowi9AjXl2PrluHYND8aDSRzH5YcAThHVF3af/2J5
HQNvqwXaHh+Hka7R7zlqXg5cDhjWg9RUVy9B32qPIOwlA0sGNBvs6IYPf50+pAZK
s4Z0qIC/XjayUsRXBbZxGiQr7cpvHuwnc+YIEvRb1Fuk9sWyOlacRMzjno/iCwaf
4JW1WsZvc+kFW81zE5wUMNOuIeSmF9t6a/wT9eWD19U=
-----END CERTIFICATE-----