Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c60ba7-796b-4140-b0ac-addd65bc5a6a/1/1yFYKFDc6uI325M4UHJrXLyveVU.roa
File:                     1yFYKFDc6uI325M4UHJrXLyveVU.roa (raw, json)
Hash identifier:          l2DFM8QVLUhfc9K2jK31QA3yfTt2kj+4d44TvAM2lpQ=
Subject key identifier:   D7:21:58:28:50:DC:EA:E2:37:DB:93:38:50:72:6B:5C:BC:AF:79:55
Certificate issuer:       /CN=348c2f0d9677a4d15865601f18e6af1ff7c7ea4f
Certificate serial:       018CC5013C966C9B30A5A94811CFF99140FB
Authority key identifier: 34:8C:2F:0D:96:77:A4:D1:58:65:60:1F:18:E6:AF:1F:F7:C7:EA:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIwvDZZ3pNFYZWAfGOavH_fH6k8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c60ba7-796b-4140-b0ac-addd65bc5a6a/1/1yFYKFDc6uI325M4UHJrXLyveVU.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49820
IP address blocks:        195.93.224.0/23 maxlen: 23
                          2001:67c:1e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c60ba7-796b-4140-b0ac-addd65bc5a6a/1/NIwvDZZ3pNFYZWAfGOavH_fH6k8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c60ba7-796b-4140-b0ac-addd65bc5a6a/1/NIwvDZZ3pNFYZWAfGOavH_fH6k8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIwvDZZ3pNFYZWAfGOavH_fH6k8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3c:96:6c:9b:30:a5:a9:48:11:cf:f9:91:40:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=348c2f0d9677a4d15865601f18e6af1ff7c7ea4f
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d721582850dceae237db933850726b5cbcaf7955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:7c:86:9e:83:48:63:4f:07:f7:88:66:4c:
                    12:9a:55:ef:a3:79:0d:15:bd:e5:62:df:73:d9:0e:
                    b4:e6:da:89:a5:a8:10:bd:0e:1f:14:ac:0a:5d:a9:
                    a5:48:5d:11:47:f9:e3:86:d4:a5:03:2f:5d:bb:ca:
                    ba:d9:cf:b2:14:fc:40:f3:c5:3f:31:91:0c:11:b4:
                    22:a9:1c:2b:ed:a3:ba:13:7a:42:9d:6a:7a:d2:5e:
                    89:ed:09:3e:ea:09:e3:cf:52:f2:9e:17:cb:0b:52:
                    40:62:b3:dc:49:f7:56:37:3d:4c:ca:1c:bd:df:fc:
                    17:8a:b1:d1:d5:6c:45:1b:55:f1:af:61:4e:a5:40:
                    95:ce:c9:1a:c5:5c:77:d7:17:0e:30:52:8a:8f:de:
                    bd:31:f6:d6:8a:11:82:2d:9d:cb:ca:e2:47:19:58:
                    41:10:29:02:7a:6e:4f:9c:39:f7:6e:e2:45:e2:7e:
                    1a:88:9b:c0:c9:2c:38:81:58:56:0d:0b:47:42:fc:
                    63:d6:24:49:cd:bb:50:29:c4:ef:b0:1a:ec:fb:6b:
                    36:90:30:2c:ba:c3:ee:2b:49:f6:ac:5d:b8:98:c3:
                    31:fb:37:af:af:54:74:02:a1:95:3d:29:a2:3e:b8:
                    92:7c:71:cd:00:f6:ee:11:c1:83:c2:cc:64:55:3b:
                    7e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:21:58:28:50:DC:EA:E2:37:DB:93:38:50:72:6B:5C:BC:AF:79:55
            X509v3 Authority Key Identifier:
                keyid:34:8C:2F:0D:96:77:A4:D1:58:65:60:1F:18:E6:AF:1F:F7:C7:EA:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIwvDZZ3pNFYZWAfGOavH_fH6k8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c60ba7-796b-4140-b0ac-addd65bc5a6a/1/1yFYKFDc6uI325M4UHJrXLyveVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c60ba7-796b-4140-b0ac-addd65bc5a6a/1/NIwvDZZ3pNFYZWAfGOavH_fH6k8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.224.0/23
                IPv6:
                  2001:67c:1e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:06:4f:4a:79:d3:6c:82:fe:85:a3:66:68:55:e7:85:a8:5c:
         1f:62:8d:d1:fd:2e:5f:a6:d1:82:ee:fd:3e:0e:a7:e5:d8:fb:
         43:1c:97:e8:cd:63:e9:5b:27:92:c8:88:b4:8e:04:86:d0:46:
         40:9a:71:c1:6e:79:71:21:9d:e7:41:b9:6d:19:17:f2:1f:48:
         c0:9a:49:4f:83:2c:21:c9:8e:f4:4d:a1:9a:b4:f3:86:8c:e5:
         e3:67:07:b5:ce:ef:b5:4a:f2:bd:e8:a5:8c:f3:17:54:70:73:
         b5:8d:15:a1:da:38:11:b8:53:77:6f:0e:2f:59:01:e1:0d:95:
         cf:35:13:88:f8:d6:20:fc:29:5a:19:70:80:6f:18:80:2b:c9:
         1c:74:8a:dc:78:a4:b7:fc:04:41:6c:8b:cd:12:f1:ae:61:1a:
         d0:1b:38:65:e6:d3:49:61:49:9a:56:70:5a:a2:d2:23:ee:c5:
         0d:8c:d6:f4:7f:18:89:37:45:f5:6d:e5:b0:31:90:60:a2:31:
         e1:8d:16:14:b2:8e:8e:31:8b:28:0c:cc:d5:fe:61:86:9d:ba:
         39:df:11:56:a9:c4:ac:7e:92:78:8e:c1:c9:8d:26:68:92:8e:
         5c:2f:93:eb:c7:b5:a5:07:05:e3:7e:ef:e8:06:0d:f1:ac:9c:
         59:51:6f:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFATyWbJswpalIEc/5kUD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OGMyZjBkOTY3N2E0ZDE1ODY1NjAxZjE4ZTZhZjFmZjdj
N2VhNGYwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzIxNTgyODUwZGNlYWUyMzdkYjkzMzg1MDcyNmI1Y2JjYWY3OTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv718hp6DSGNPB/eIZkwSmlXvo3kN
Fb3lYt9z2Q605tqJpagQvQ4fFKwKXamlSF0RR/njhtSlAy9du8q62c+yFPxA88U/
MZEMEbQiqRwr7aO6E3pCnWp60l6J7Qk+6gnjz1LynhfLC1JAYrPcSfdWNz1Myhy9
3/wXirHR1WxFG1Xxr2FOpUCVzskaxVx31xcOMFKKj969MfbWihGCLZ3LyuJHGVhB
ECkCem5PnDn3buJF4n4aiJvAySw4gVhWDQtHQvxj1iRJzbtQKcTvsBrs+2s2kDAs
usPuK0n2rF24mMMx+zevr1R0AqGVPSmiPriSfHHNAPbuEcGDwsxkVTt+WwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNchWChQ3OriN9uTOFBya1y8r3lVMB8GA1UdIwQY
MBaAFDSMLw2Wd6TRWGVgHxjmrx/3x+pPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkl3dkRaWjNwTkZZWldBZkdPYXZIX2ZINms4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jNjBiYTctNzk2Yi00MTQwLWIwYWMt
YWRkZDY1YmM1YTZhLzEvMXlGWUtGRGM2dUkzMjVNNFVISnJYTHl2ZVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jNjBiYTctNzk2Yi00MTQwLWIwYWMtYWRkZDY1YmM1YTZh
LzEvTkl3dkRaWjNwTkZZWldBZkdPYXZIX2ZINms4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw13gMA8E
AgACMAkDBwAgAQZ8AegwDQYJKoZIhvcNAQELBQADggEBAJ4GT0p502yC/oWjZmhV
54WoXB9ijdH9Ll+m0YLu/T4Op+XY+0Mcl+jNY+lbJ5LIiLSOBIbQRkCaccFueXEh
nedBuW0ZF/IfSMCaSU+DLCHJjvRNoZq084aM5eNnB7XO77VK8r3opYzzF1Rwc7WN
FaHaOBG4U3dvDi9ZAeENlc81E4j41iD8KVoZcIBvGIAryRx0itx4pLf8BEFsi80S
8a5hGtAbOGXm00lhSZpWcFqi0iPuxQ2M1vR/GIk3RfVt5bAxkGCiMeGNFhSyjo4x
iygMzNX+YYadujnfEVapxKx+kniOwcmNJmiSjlwvk+vHtaUHBeN+7+gGDfGsnFlR
b1I=
-----END CERTIFICATE-----