Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/PYqAA4BWP6tHtlvkxM-9bbUV8gY.roa
File:                     PYqAA4BWP6tHtlvkxM-9bbUV8gY.roa (raw, json)
Hash identifier:          tAr1ukdhDleeCwdmbah5A74hIyhnIa4DFauDPj8e0Qs=
Subject key identifier:   3D:8A:80:03:80:56:3F:AB:47:B6:5B:E4:C4:CF:BD:6D:B5:15:F2:06
Certificate issuer:       /CN=19ac1498860e2bb0958173854bd04c869a369017
Certificate serial:       018CC7272DAF2869CCECC80DB261C98631BD
Authority key identifier: 19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/PYqAA4BWP6tHtlvkxM-9bbUV8gY.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        37.143.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2d:af:28:69:cc:ec:c8:0d:b2:61:c9:86:31:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ac1498860e2bb0958173854bd04c869a369017
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d8a800380563fab47b65be4c4cfbd6db515f206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fc:97:b6:bd:69:d6:28:50:0e:25:71:78:16:
                    9f:fd:35:d8:76:c2:e1:93:0e:9a:c0:ff:be:d2:e1:
                    42:75:3f:eb:6f:65:29:3a:67:77:88:da:95:0e:b8:
                    b7:85:0a:a8:e0:d8:5b:e1:5e:0a:44:eb:88:7c:64:
                    54:c7:20:f4:1a:90:c2:ad:1f:58:9c:25:0b:15:cc:
                    80:d9:79:8c:6e:7f:d1:e3:c4:da:fd:c8:23:d1:d8:
                    c8:4d:a9:e4:3b:fe:00:4e:a0:e6:ae:1d:86:86:6d:
                    75:b6:26:06:db:8d:d0:74:e6:f0:70:5c:a8:69:08:
                    8f:b0:b8:05:e2:0e:37:54:21:23:da:3d:8b:a4:f3:
                    7e:4a:e7:33:80:98:ef:09:ba:ff:5d:07:dd:e9:80:
                    49:43:26:d5:42:65:da:71:de:49:89:80:8e:8f:c1:
                    16:60:8c:6c:d9:7a:2f:36:ea:5d:e0:40:62:31:99:
                    56:d8:28:6a:bd:d6:42:99:fd:10:fd:35:1d:78:81:
                    46:62:19:f0:c9:e6:91:bf:28:92:66:b6:59:50:fa:
                    08:1e:3b:f4:18:1c:67:21:e9:6b:11:d1:fb:d7:00:
                    55:05:e7:1c:d5:a0:c8:a0:72:7e:71:4c:09:c2:92:
                    d0:61:ef:34:ad:67:37:5d:56:46:81:99:c5:ab:8a:
                    ab:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:8A:80:03:80:56:3F:AB:47:B6:5B:E4:C4:CF:BD:6D:B5:15:F2:06
            X509v3 Authority Key Identifier:
                keyid:19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/PYqAA4BWP6tHtlvkxM-9bbUV8gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:dc:8a:db:c5:d3:09:59:c6:67:70:a8:49:64:f1:56:98:be:
         71:62:5c:7e:5c:ad:4e:a5:1b:c3:f2:78:34:8b:76:e5:a5:3e:
         86:04:49:62:ad:cb:fb:3c:ef:16:f9:70:46:42:ce:d8:89:b5:
         0b:ac:60:c5:3e:22:55:08:2e:03:5a:d2:f1:b4:16:58:67:de:
         66:ec:11:76:c9:1f:ef:3d:8f:c5:0a:9f:76:0a:b9:0a:ac:de:
         2b:d8:e3:fa:f8:fb:71:f6:7d:8e:25:35:16:14:6e:94:66:a6:
         ba:00:ac:8b:5a:4a:78:eb:5f:0c:ed:6e:0a:a5:cf:d3:fe:47:
         cd:eb:4a:53:53:64:a4:38:d7:10:96:1f:ca:ad:42:9f:b3:7e:
         34:b8:69:53:6b:a4:b1:10:15:4a:4b:06:fb:51:e2:5a:d8:a2:
         e0:7b:9f:10:b3:c2:42:f4:2a:72:04:06:85:b5:6c:1b:2c:b9:
         c3:8e:35:63:ce:4a:0b:3d:67:a4:29:5d:29:de:59:ab:60:55:
         7c:84:d2:58:cc:34:9c:4e:66:36:eb:48:dd:ec:d5:f8:a1:79:
         09:8b:f0:24:6a:45:36:a4:7b:46:73:39:00:9e:92:f1:dc:d6:
         fa:dc:98:c4:70:90:e4:4b:d4:97:b0:01:72:ee:49:94:45:54:
         52:7d:35:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy2vKGnM7MgNsmHJhjG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YWMxNDk4ODYwZTJiYjA5NTgxNzM4NTRiZDA0Yzg2OWEz
NjkwMTcwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhhODAwMzgwNTYzZmFiNDdiNjViZTRjNGNmYmQ2ZGI1MTVmMjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvyXtr1p1ihQDiVxeBaf/TXYdsLh
kw6awP++0uFCdT/rb2UpOmd3iNqVDri3hQqo4Nhb4V4KROuIfGRUxyD0GpDCrR9Y
nCULFcyA2XmMbn/R48Ta/cgj0djITankO/4ATqDmrh2Ghm11tiYG243QdObwcFyo
aQiPsLgF4g43VCEj2j2LpPN+SuczgJjvCbr/XQfd6YBJQybVQmXacd5JiYCOj8EW
YIxs2XovNupd4EBiMZlW2ChqvdZCmf0Q/TUdeIFGYhnwyeaRvyiSZrZZUPoIHjv0
GBxnIelrEdH71wBVBecc1aDIoHJ+cUwJwpLQYe80rWc3XVZGgZnFq4qrlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2KgAOAVj+rR7Zb5MTPvW21FfIGMB8GA1UdIwQY
MBaAFBmsFJiGDiuwlYFzhUvQTIaaNpAXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2F3VW1JWU9LN0NWZ1hPRlM5Qk1ocG8ya0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82OWMzODktMTdjOS00NDYxLWEzOTAt
N2FhMjkwZTg1N2U5LzEvUFlxQUE0QldQNnRIdGx2a3hNLTliYlVWOGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82OWMzODktMTdjOS00NDYxLWEzOTAtN2FhMjkwZTg1N2U5
LzEvR2F3VW1JWU9LN0NWZ1hPRlM5Qk1ocG8ya0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJY+DMA0G
CSqGSIb3DQEBCwUAA4IBAQAW3IrbxdMJWcZncKhJZPFWmL5xYlx+XK1OpRvD8ng0
i3blpT6GBElircv7PO8W+XBGQs7YibULrGDFPiJVCC4DWtLxtBZYZ95m7BF2yR/v
PY/FCp92CrkKrN4r2OP6+Ptx9n2OJTUWFG6UZqa6AKyLWkp4618M7W4Kpc/T/kfN
60pTU2SkONcQlh/KrUKfs340uGlTa6SxEBVKSwb7UeJa2KLge58Qs8JC9CpyBAaF
tWwbLLnDjjVjzkoLPWekKV0p3lmrYFV8hNJYzDScTmY260jd7NX4oXkJi/AkakU2
pHtGczkAnpLx3Nb63JjEcJDkS9SXsAFy7kmURVRSfTXx
-----END CERTIFICATE-----