Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/9312a2-da20-483f-9797-97fd76b80827/1/256OYm3_E0VfxLRNftANFHWSZrU.roa
File:                     256OYm3_E0VfxLRNftANFHWSZrU.roa (raw, json)
Hash identifier:          zbkjzcmxdhR2fwN3RVftV4X3wQz+42ogFjy5SIpSa0c=
Subject key identifier:   DB:9E:8E:62:6D:FF:13:45:5F:C4:B4:4D:7E:D0:0D:14:75:92:66:B5
Certificate issuer:       /CN=62272d68fb3895eb229b68f8d4334124b967c70e
Certificate serial:       018CC94DEBD8A20A7D53C1DFE3FDF8671EE8
Authority key identifier: 62:27:2D:68:FB:38:95:EB:22:9B:68:F8:D4:33:41:24:B9:67:C7:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YictaPs4lesim2j41DNBJLlnxw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/9312a2-da20-483f-9797-97fd76b80827/1/256OYm3_E0VfxLRNftANFHWSZrU.roa
Signing time:             Tue 02 Jan 2024 08:32:56 +0000
ROA not before:           Tue 02 Jan 2024 08:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211441
IP address blocks:        193.38.246.0/24 maxlen: 24
                          2a10:e2c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/9312a2-da20-483f-9797-97fd76b80827/1/YictaPs4lesim2j41DNBJLlnxw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/9312a2-da20-483f-9797-97fd76b80827/1/YictaPs4lesim2j41DNBJLlnxw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YictaPs4lesim2j41DNBJLlnxw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:eb:d8:a2:0a:7d:53:c1:df:e3:fd:f8:67:1e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62272d68fb3895eb229b68f8d4334124b967c70e
        Validity
            Not Before: Jan  2 08:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db9e8e626dff13455fc4b44d7ed00d14759266b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5f:3f:5d:70:5b:2f:3b:cd:ed:7f:02:8f:59:
                    d2:8f:77:d0:36:1c:f6:87:76:e4:54:73:e3:4a:36:
                    cd:eb:2d:8d:39:39:94:17:70:ba:f6:6e:79:0b:57:
                    ff:98:8b:39:51:28:0d:1f:ba:9f:5d:1b:87:b8:08:
                    13:f2:54:04:98:15:22:d1:4d:f3:5c:81:15:77:88:
                    6d:70:a5:9a:01:de:22:ba:6f:77:3f:f3:83:06:3f:
                    e8:71:42:15:9d:e3:3c:31:cc:1c:c2:89:8c:ad:54:
                    84:2d:d8:47:ea:37:6e:d6:2a:96:7d:12:2c:fd:06:
                    74:77:1d:93:24:a5:2c:d5:7d:d2:61:50:d9:2f:72:
                    dc:5a:be:be:48:cb:da:ec:57:1f:f3:4a:49:2d:56:
                    a0:5d:0b:e5:aa:cb:c5:20:37:21:9d:41:67:0e:0c:
                    8a:b0:04:05:28:92:78:73:b2:96:dc:aa:1a:99:e2:
                    f7:e8:0e:ec:66:ae:42:78:56:1d:de:fe:7f:31:b9:
                    47:f3:81:97:f6:ed:af:8d:22:76:2a:ea:ba:f0:09:
                    a3:e7:fd:ad:bc:8f:62:73:83:80:c8:72:1b:40:dd:
                    8d:0d:51:d1:5c:e2:37:67:82:00:d8:56:48:48:31:
                    1c:70:75:d5:e4:94:68:3f:b0:a1:e7:26:bc:31:62:
                    b7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9E:8E:62:6D:FF:13:45:5F:C4:B4:4D:7E:D0:0D:14:75:92:66:B5
            X509v3 Authority Key Identifier:
                keyid:62:27:2D:68:FB:38:95:EB:22:9B:68:F8:D4:33:41:24:B9:67:C7:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YictaPs4lesim2j41DNBJLlnxw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/9312a2-da20-483f-9797-97fd76b80827/1/256OYm3_E0VfxLRNftANFHWSZrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/9312a2-da20-483f-9797-97fd76b80827/1/YictaPs4lesim2j41DNBJLlnxw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.246.0/24
                IPv6:
                  2a10:e2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:d0:f9:80:62:3e:46:11:47:1c:0f:cc:1e:b2:22:9b:00:75:
         a2:84:9c:4c:e8:16:41:f7:f1:d5:ad:cf:d3:bf:70:bc:38:4e:
         11:e0:33:06:fd:e4:cf:a7:15:98:50:ac:2f:f4:9d:2c:f9:c9:
         8b:38:73:9c:ad:04:c4:44:6a:ec:af:71:ce:9a:dc:23:02:5c:
         20:fc:26:a1:21:26:cc:98:6e:06:7c:85:9f:7b:cb:e5:e3:42:
         c1:e5:4d:d9:f5:9f:bb:02:f4:51:84:0a:41:97:54:1e:24:f7:
         df:27:48:12:fe:14:07:9c:77:ff:f9:97:bc:2f:3a:4c:aa:87:
         30:6c:2b:7c:42:8f:7a:2a:a6:d6:2d:d6:6c:9e:73:e3:c3:ca:
         89:ea:55:80:65:03:26:91:9f:2f:a7:46:2d:d7:7d:6f:2f:f8:
         f8:ce:ea:c5:4f:2d:98:39:92:64:d6:f6:f2:5d:ba:80:ad:2f:
         5d:0e:03:86:64:5c:70:de:f8:21:cd:61:19:b5:4a:4e:d2:89:
         91:b7:8e:63:ea:dc:bb:a5:38:c9:05:91:cc:9d:a3:a6:ec:25:
         ff:1f:33:db:ea:a2:05:73:73:d1:90:c2:ad:e5:5e:c6:9f:99:
         41:59:0a:13:42:ca:e1:87:9a:f0:71:b2:c4:79:4f:b6:2c:8b:
         48:61:df:1d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTevYogp9U8Hf4/34Zx7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjcyZDY4ZmIzODk1ZWIyMjliNjhmOGQ0MzM0MTI0Yjk2
N2M3MGUwHhcNMjQwMTAyMDgzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjllOGU2MjZkZmYxMzQ1NWZjNGI0NGQ3ZWQwMGQxNDc1OTI2NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm18/XXBbLzvN7X8Cj1nSj3fQNhz2
h3bkVHPjSjbN6y2NOTmUF3C69m55C1f/mIs5USgNH7qfXRuHuAgT8lQEmBUi0U3z
XIEVd4htcKWaAd4ium93P/ODBj/ocUIVneM8McwcwomMrVSELdhH6jdu1iqWfRIs
/QZ0dx2TJKUs1X3SYVDZL3LcWr6+SMva7Fcf80pJLVagXQvlqsvFIDchnUFnDgyK
sAQFKJJ4c7KW3KoameL36A7sZq5CeFYd3v5/MblH84GX9u2vjSJ2Kuq68Amj5/2t
vI9ic4OAyHIbQN2NDVHRXOI3Z4IA2FZISDEccHXV5JRoP7Ch5ya8MWK3CQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNuejmJt/xNFX8S0TX7QDRR1kma1MB8GA1UdIwQY
MBaAFGInLWj7OJXrIpto+NQzQSS5Z8cOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWljdGFQczRsZXNpbTJqNDFETkJKTGxueHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My85MzEyYTItZGEyMC00ODNmLTk3OTct
OTdmZDc2YjgwODI3LzEvMjU2T1ltM19FMFZmeExSTmZ0QU5GSFdTWnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My85MzEyYTItZGEyMC00ODNmLTk3OTctOTdmZDc2YjgwODI3
LzEvWWljdGFQczRsZXNpbTJqNDFETkJKTGxueHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSb2MA0E
AgACMAcDBQMqEOLAMA0GCSqGSIb3DQEBCwUAA4IBAQAo0PmAYj5GEUccD8wesiKb
AHWihJxM6BZB9/HVrc/Tv3C8OE4R4DMG/eTPpxWYUKwv9J0s+cmLOHOcrQTERGrs
r3HOmtwjAlwg/CahISbMmG4GfIWfe8vl40LB5U3Z9Z+7AvRRhApBl1QeJPffJ0gS
/hQHnHf/+Ze8LzpMqocwbCt8Qo96KqbWLdZsnnPjw8qJ6lWAZQMmkZ8vp0Yt131v
L/j4zurFTy2YOZJk1vbyXbqArS9dDgOGZFxw3vghzWEZtUpO0omRt45j6ty7pTjJ
BZHMnaOm7CX/HzPb6qIFc3PRkMKt5V7Gn5lBWQoTQsrhh5rwcbLEeU+2LItIYd8d
-----END CERTIFICATE-----