Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/YJat0ypVBvGXuB7rjLWwFO_ieuE.roa
File:                     YJat0ypVBvGXuB7rjLWwFO_ieuE.roa (raw, json)
Hash identifier:          Bzr6PKNVWT81WpGDtx96KwCGccLFdxLbMZpJWozgbYk=
Subject key identifier:   60:96:AD:D3:2A:55:06:F1:97:B8:1E:EB:8C:B5:B0:14:EF:E2:7A:E1
Certificate issuer:       /CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
Certificate serial:       01942369E8DA74ADC952FBACC04384149972
Authority key identifier: D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/YJat0ypVBvGXuB7rjLWwFO_ieuE.roa
Signing time:             Wed 01 Jan 2025 19:48:50 +0000
ROA not before:           Wed 01 Jan 2025 19:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.134.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e8:da:74:ad:c9:52:fb:ac:c0:43:84:14:99:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
        Validity
            Not Before: Jan  1 19:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6096add32a5506f197b81eeb8cb5b014efe27ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:6f:de:09:8a:f4:4f:9e:6d:2e:59:7c:4c:ab:
                    18:27:91:10:52:c1:4d:43:7b:12:de:dd:a3:8e:b4:
                    2f:7b:c6:b2:4a:0a:dd:2f:c9:7f:0f:f9:4f:a0:9e:
                    5e:61:32:97:aa:90:a1:20:db:5e:8b:dd:ae:75:49:
                    64:7e:be:28:88:35:11:e0:c3:a1:85:05:ed:1b:23:
                    ff:1b:3a:13:6b:a8:d2:c5:72:b9:51:fb:7f:7b:02:
                    ab:bd:63:e6:c4:18:13:83:14:34:78:b0:07:a4:bd:
                    da:1c:51:23:ba:0f:ee:b2:f6:0a:a4:03:a3:16:40:
                    56:4c:09:8a:95:03:d7:50:94:72:9e:28:55:b7:8b:
                    88:01:fe:a4:31:cf:0c:f5:57:81:ed:2f:45:ff:ef:
                    04:e2:6a:fb:7e:a7:99:ed:b2:33:ef:5d:bd:17:a4:
                    ac:e9:da:8a:95:47:d8:38:5f:c1:f7:62:a5:b7:52:
                    f4:9d:09:b6:a0:89:2c:ca:8e:33:e3:46:07:d6:73:
                    18:4e:78:29:83:9a:d1:fe:89:66:54:e3:fb:40:e5:
                    5f:b5:c2:72:51:5b:fb:62:c9:82:3c:78:dc:3f:41:
                    4f:08:7b:a0:73:31:ac:71:05:7b:0e:b0:3f:08:3b:
                    e9:c5:bf:5b:b9:8e:06:8b:3e:75:19:68:f1:25:54:
                    7b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:96:AD:D3:2A:55:06:F1:97:B8:1E:EB:8C:B5:B0:14:EF:E2:7A:E1
            X509v3 Authority Key Identifier:
                keyid:D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/YJat0ypVBvGXuB7rjLWwFO_ieuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:2b:13:36:fd:ff:4c:c2:72:1f:4b:5d:87:6b:5a:a6:f8:99:
         a2:cb:e4:4b:3e:06:cb:90:6f:16:dc:4f:e7:93:2e:7d:9c:66:
         95:1c:17:f9:14:d6:cf:7e:83:8e:e5:bf:27:ca:c5:5f:25:d6:
         69:c1:7e:77:4e:b2:ba:24:86:c5:bd:c7:cd:1e:57:c3:ac:08:
         e1:6b:b9:59:aa:65:15:47:a4:43:06:97:65:15:17:64:ad:29:
         27:c5:fd:70:39:c1:c0:fa:56:cb:21:5e:1e:a2:77:be:8a:10:
         dc:e4:ba:cc:d3:79:b2:e4:f3:56:73:2f:cc:a4:8a:99:96:97:
         a3:a2:3f:b8:28:f7:44:ab:67:a8:88:ec:4a:68:99:38:d1:9c:
         5d:09:69:8f:80:68:6d:13:fe:31:ef:b8:2a:cd:d9:1e:ac:49:
         a5:3c:63:fb:84:43:0e:89:ba:52:65:59:02:f3:4b:a9:38:63:
         00:30:b1:f8:8d:dc:cc:52:36:55:bd:34:25:17:71:91:8c:85:
         3f:1d:4a:5b:28:75:51:80:fd:b1:2c:3a:4d:b2:79:5e:ed:ac:
         f4:e7:f8:62:bf:01:5a:da:52:8d:5e:d2:14:ae:dc:b0:13:c5:
         50:58:66:c6:18:98:cf:c0:08:3b:20:4e:07:3f:2a:4d:3f:0d:
         66:bf:b5:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaejadK3JUvuswEOEFJlyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjIwMGUyZDM4NjgzYTdjYjFjZTVjYWJiZWUzNGMwNjg4
MzRhMGIwHhcNMjUwMTAxMTk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk2YWRkMzJhNTUwNmYxOTdiODFlZWI4Y2I1YjAxNGVmZTI3YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3m/eCYr0T55tLll8TKsYJ5EQUsFN
Q3sS3t2jjrQve8aySgrdL8l/D/lPoJ5eYTKXqpChINtei92udUlkfr4oiDUR4MOh
hQXtGyP/GzoTa6jSxXK5Uft/ewKrvWPmxBgTgxQ0eLAHpL3aHFEjug/usvYKpAOj
FkBWTAmKlQPXUJRynihVt4uIAf6kMc8M9VeB7S9F/+8E4mr7fqeZ7bIz7129F6Ss
6dqKlUfYOF/B92Klt1L0nQm2oIksyo4z40YH1nMYTngpg5rR/olmVOP7QOVftcJy
UVv7YsmCPHjcP0FPCHugczGscQV7DrA/CDvpxb9buY4Giz51GWjxJVR7+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCWrdMqVQbxl7ge64y1sBTv4nrhMB8GA1UdIwQY
MBaAFNnyAOLThoOnyxzlyrvuNMBog0oLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEt
MDljOGZlNzI0Y2Q3LzEvWUphdDB5cFZCdkdYdUI3cmpMV3dGT19pZXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEtMDljOGZlNzI0Y2Q3
LzEvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAyKxM2/f9MwnIfS12Ha1qm+Jmiy+RLPgbLkG8W3E/n
ky59nGaVHBf5FNbPfoOO5b8nysVfJdZpwX53TrK6JIbFvcfNHlfDrAjha7lZqmUV
R6RDBpdlFRdkrSknxf1wOcHA+lbLIV4eone+ihDc5LrM03my5PNWcy/MpIqZlpej
oj+4KPdEq2eoiOxKaJk40ZxdCWmPgGhtE/4x77gqzdkerEmlPGP7hEMOibpSZVkC
80upOGMAMLH4jdzMUjZVvTQlF3GRjIU/HUpbKHVRgP2xLDpNsnle7az05/hivwFa
2lKNXtIUrtywE8VQWGbGGJjPwAg7IE4HPypNPw1mv7XJ
-----END CERTIFICATE-----