Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/c92c90-0eeb-4fc2-a7e1-ba14e76548e8/1/tzyKlyRknVzoOtD5Rm3-ypzIAFk.roa
File:                     tzyKlyRknVzoOtD5Rm3-ypzIAFk.roa (raw, json)
Hash identifier:          VDe/57UCwA+z4M/nsrgjI1Mugo0q8Jtsrp2Rozd8f1c=
Subject key identifier:   B7:3C:8A:97:24:64:9D:5C:E8:3A:D0:F9:46:6D:FE:CA:9C:C8:00:59
Certificate issuer:       /CN=cb257316b841d773dcb79ade8a8f3e7259f112ab
Certificate serial:       018D5EC73A55B7AAEAB49FC31AE0614B84D0
Authority key identifier: CB:25:73:16:B8:41:D7:73:DC:B7:9A:DE:8A:8F:3E:72:59:F1:12:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyVzFrhB13Pct5reio8-clnxEqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/c92c90-0eeb-4fc2-a7e1-ba14e76548e8/1/tzyKlyRknVzoOtD5Rm3-ypzIAFk.roa
Signing time:             Wed 31 Jan 2024 09:08:51 +0000
ROA not before:           Wed 31 Jan 2024 09:08:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        194.106.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/c92c90-0eeb-4fc2-a7e1-ba14e76548e8/1/yyVzFrhB13Pct5reio8-clnxEqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/c92c90-0eeb-4fc2-a7e1-ba14e76548e8/1/yyVzFrhB13Pct5reio8-clnxEqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yyVzFrhB13Pct5reio8-clnxEqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c7:3a:55:b7:aa:ea:b4:9f:c3:1a:e0:61:4b:84:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb257316b841d773dcb79ade8a8f3e7259f112ab
        Validity
            Not Before: Jan 31 09:08:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b73c8a9724649d5ce83ad0f9466dfeca9cc80059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:73:e8:b5:9b:e3:88:3d:36:d8:01:94:f7:6e:
                    a7:9c:a0:a6:15:36:2e:c9:30:0e:da:e3:65:da:3e:
                    41:c7:11:cd:20:04:7b:03:9a:cf:84:80:a3:00:e0:
                    8c:e2:fe:6e:49:fa:c1:74:56:4a:e3:77:5a:f2:42:
                    f1:c1:27:5c:d5:74:a7:ca:d5:57:b7:b3:ca:80:da:
                    c1:52:e6:63:38:7c:e1:5d:41:40:d0:55:a6:14:62:
                    af:6f:3c:ee:dc:73:f7:06:5a:89:d1:5c:50:13:ef:
                    b9:47:00:6f:6f:2b:0a:d2:a1:a3:f4:b3:4c:57:4e:
                    fc:ff:00:b4:a4:d2:53:f3:be:6d:38:c5:b0:e5:bb:
                    96:81:ba:a7:b5:66:e7:05:7e:a4:54:a0:e2:a4:10:
                    df:fe:62:ba:6d:c9:2f:61:96:db:2a:79:84:7f:46:
                    d5:37:32:de:9f:2f:ff:74:51:3e:e2:47:e7:88:41:
                    4f:b8:75:32:92:bf:7e:28:97:2f:3e:59:18:64:11:
                    e2:0e:d8:41:16:e1:25:e9:26:1d:bc:29:be:f2:89:
                    88:eb:5c:65:f1:f4:ee:eb:26:78:88:77:e2:26:86:
                    49:c2:83:45:c9:2f:37:3b:c9:d9:6f:5f:bd:98:6b:
                    61:38:4f:82:4e:7c:d9:23:35:93:7a:77:0e:7d:45:
                    c4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:3C:8A:97:24:64:9D:5C:E8:3A:D0:F9:46:6D:FE:CA:9C:C8:00:59
            X509v3 Authority Key Identifier:
                keyid:CB:25:73:16:B8:41:D7:73:DC:B7:9A:DE:8A:8F:3E:72:59:F1:12:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyVzFrhB13Pct5reio8-clnxEqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c92c90-0eeb-4fc2-a7e1-ba14e76548e8/1/tzyKlyRknVzoOtD5Rm3-ypzIAFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c92c90-0eeb-4fc2-a7e1-ba14e76548e8/1/yyVzFrhB13Pct5reio8-clnxEqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.106.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:0a:da:bc:3f:aa:68:b6:92:5b:a6:6a:52:c8:a2:bb:dc:30:
         39:d7:cb:a2:b9:e5:0d:98:94:b9:0c:fb:13:7b:59:7c:84:fd:
         0c:ba:dc:ab:04:7e:7b:1d:e8:33:3a:a1:b2:d0:cc:d0:73:ec:
         ff:48:56:99:d3:2d:50:7f:1f:f2:e4:42:18:2e:23:df:7c:19:
         8a:18:29:d6:a4:06:8f:50:ed:a0:30:c0:13:da:66:82:1a:71:
         85:90:58:7e:af:2c:c4:38:1f:26:9b:83:6b:dc:2d:cc:3a:f4:
         36:26:ea:34:6a:de:fe:0b:71:4f:78:b4:0f:96:c0:4c:24:a6:
         c5:38:8b:86:fc:e0:ce:d5:f2:2b:f3:7b:f2:e6:42:4f:4d:4c:
         71:f1:35:18:d8:1c:d4:88:31:9d:05:45:51:06:d8:19:7e:79:
         1d:e7:b9:bc:0b:4f:9b:e9:5d:1d:ca:e0:35:e6:9b:40:a0:5a:
         13:f8:ec:36:ac:7f:a8:d9:e0:98:e3:5c:0d:a9:d3:43:72:e5:
         7a:42:e4:aa:dd:e6:b9:6c:81:eb:1e:ae:ef:95:ab:7c:32:04:
         64:07:36:ed:b7:e0:2e:28:9f:cb:95:2d:44:2a:c8:34:8c:32:
         60:0c:dc:f6:72:34:36:4f:22:bf:08:7d:30:f2:2e:62:89:b1:
         c4:e0:c6:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1exzpVt6rqtJ/DGuBhS4TQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjU3MzE2Yjg0MWQ3NzNkY2I3OWFkZThhOGYzZTcyNTlm
MTEyYWIwHhcNMjQwMTMxMDkwODUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzNjOGE5NzI0NjQ5ZDVjZTgzYWQwZjk0NjZkZmVjYTljYzgwMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnPotZvjiD022AGU926nnKCmFTYu
yTAO2uNl2j5BxxHNIAR7A5rPhICjAOCM4v5uSfrBdFZK43da8kLxwSdc1XSnytVX
t7PKgNrBUuZjOHzhXUFA0FWmFGKvbzzu3HP3BlqJ0VxQE++5RwBvbysK0qGj9LNM
V078/wC0pNJT875tOMWw5buWgbqntWbnBX6kVKDipBDf/mK6bckvYZbbKnmEf0bV
NzLeny//dFE+4kfniEFPuHUykr9+KJcvPlkYZBHiDthBFuEl6SYdvCm+8omI61xl
8fTu6yZ4iHfiJoZJwoNFyS83O8nZb1+9mGthOE+CTnzZIzWTencOfUXE1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLc8ipckZJ1c6DrQ+UZt/sqcyABZMB8GA1UdIwQY
MBaAFMslcxa4Qddz3Lea3oqPPnJZ8RKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlWekZyaEIxM1BjdDVyZWlvOC1jbG54RXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jOTJjOTAtMGVlYi00ZmMyLWE3ZTEt
YmExNGU3NjU0OGU4LzEvdHp5S2x5UmtuVnpvT3RENVJtMy15cHpJQUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jOTJjOTAtMGVlYi00ZmMyLWE3ZTEtYmExNGU3NjU0OGU4
LzEveXlWekZyaEIxM1BjdDVyZWlvOC1jbG54RXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmrOMA0G
CSqGSIb3DQEBCwUAA4IBAQBeCtq8P6potpJbpmpSyKK73DA518uiueUNmJS5DPsT
e1l8hP0MutyrBH57HegzOqGy0MzQc+z/SFaZ0y1Qfx/y5EIYLiPffBmKGCnWpAaP
UO2gMMAT2maCGnGFkFh+ryzEOB8mm4Nr3C3MOvQ2Juo0at7+C3FPeLQPlsBMJKbF
OIuG/ODO1fIr83vy5kJPTUxx8TUY2BzUiDGdBUVRBtgZfnkd57m8C0+b6V0dyuA1
5ptAoFoT+Ow2rH+o2eCY41wNqdNDcuV6QuSq3ea5bIHrHq7vlat8MgRkBzbtt+Au
KJ/LlS1EKsg0jDJgDNz2cjQ2TyK/CH0w8i5iibHE4MaZ
-----END CERTIFICATE-----