Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/41a51d-4269-41a0-92df-4d29a5e2985d/1/YISxUUryyHZuqglEJ03yYy1mNHo.roa
File:                     YISxUUryyHZuqglEJ03yYy1mNHo.roa (raw, json)
Hash identifier:          N73wC0pkv+O5IjiCoDhnpvs29+1VpirEUVUcDUMmxX0=
Subject key identifier:   60:84:B1:51:4A:F2:C8:76:6E:AA:09:44:27:4D:F2:63:2D:66:34:7A
Certificate issuer:       /CN=db880e2dc34bae80f42bb1e38457fe197a87d4b3
Certificate serial:       018CC727598C0461BEF812E3AFEE48DE839D
Authority key identifier: DB:88:0E:2D:C3:4B:AE:80:F4:2B:B1:E3:84:57:FE:19:7A:87:D4:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/24gOLcNLroD0K7HjhFf-GXqH1LM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/41a51d-4269-41a0-92df-4d29a5e2985d/1/YISxUUryyHZuqglEJ03yYy1mNHo.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15470
IP address blocks:        193.239.60.0/22 maxlen: 22
                          195.225.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/41a51d-4269-41a0-92df-4d29a5e2985d/1/24gOLcNLroD0K7HjhFf-GXqH1LM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/41a51d-4269-41a0-92df-4d29a5e2985d/1/24gOLcNLroD0K7HjhFf-GXqH1LM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/24gOLcNLroD0K7HjhFf-GXqH1LM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:59:8c:04:61:be:f8:12:e3:af:ee:48:de:83:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db880e2dc34bae80f42bb1e38457fe197a87d4b3
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6084b1514af2c8766eaa0944274df2632d66347a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:27:ac:f7:b2:f5:ac:d9:2a:3d:5a:d2:2c:5d:
                    4f:2b:e9:19:16:52:52:e4:75:5d:9c:d3:29:d2:88:
                    f6:18:44:78:2d:41:3c:43:d8:78:d4:83:36:da:b8:
                    41:95:63:d1:2f:0f:30:6e:70:80:9d:97:9b:83:97:
                    a3:fe:1c:3d:63:3c:73:27:c7:3e:6b:db:71:10:18:
                    4a:c7:37:1b:bb:57:20:8b:ae:bc:eb:42:aa:c7:4d:
                    7d:49:12:0f:c7:fe:8f:0f:3d:a6:6a:8e:53:d9:65:
                    e5:ee:e1:71:de:43:d1:2d:a7:79:92:ea:35:a1:3d:
                    46:28:6b:b9:de:a0:85:b7:3d:0f:2d:33:67:a2:c8:
                    d1:e5:43:39:e9:3d:45:39:88:1c:b1:a6:09:00:1e:
                    06:52:ea:95:b1:8b:98:65:df:c9:fd:2a:8a:a8:57:
                    7d:a3:96:50:b6:59:d4:a9:95:8c:41:aa:f0:88:5f:
                    e4:09:04:d7:e0:3d:4a:36:11:b6:99:fa:7b:4e:6b:
                    d2:bc:6b:ef:8f:83:8d:2e:7d:50:27:c2:c1:ab:d7:
                    58:40:ec:eb:4e:fa:2f:dc:eb:b8:56:3b:af:b5:9d:
                    0d:d9:0d:5c:bc:26:0d:6d:ae:58:3c:6c:93:32:e0:
                    d1:83:bb:35:6e:67:dc:d9:84:2e:7b:3f:65:ba:c4:
                    95:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:84:B1:51:4A:F2:C8:76:6E:AA:09:44:27:4D:F2:63:2D:66:34:7A
            X509v3 Authority Key Identifier:
                keyid:DB:88:0E:2D:C3:4B:AE:80:F4:2B:B1:E3:84:57:FE:19:7A:87:D4:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/24gOLcNLroD0K7HjhFf-GXqH1LM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/41a51d-4269-41a0-92df-4d29a5e2985d/1/YISxUUryyHZuqglEJ03yYy1mNHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/41a51d-4269-41a0-92df-4d29a5e2985d/1/24gOLcNLroD0K7HjhFf-GXqH1LM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.60.0/22
                  195.225.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:1a:df:1b:22:f7:57:79:a2:e6:f7:8f:0c:90:79:ae:79:d5:
         51:e9:07:ce:80:e1:de:a9:a2:5b:60:db:4a:f0:75:1d:fa:fb:
         7e:0d:04:ca:49:c4:cd:07:d4:1a:2f:ae:34:6e:ea:1b:67:1d:
         da:ea:49:63:bd:53:d6:99:5b:89:d3:0f:86:d7:74:f7:5a:3c:
         c6:a0:7e:63:5f:d7:f6:da:32:26:71:d3:73:90:69:ef:03:c4:
         f1:ad:23:91:7c:bb:b9:a2:7e:a3:30:9c:d4:98:05:91:e5:82:
         b4:bd:cf:6a:53:01:0d:c4:63:1b:5e:d6:0c:53:5c:82:28:ca:
         d4:6d:eb:06:1e:47:a2:71:62:9b:19:8d:23:12:68:ae:2b:71:
         2b:13:94:a4:50:c3:2b:06:47:c8:8f:d6:1c:9f:b6:d8:2a:36:
         b1:7f:45:0d:9b:ab:f8:10:41:ad:c2:d2:c4:c5:db:43:f9:c9:
         b9:bc:ae:ca:99:d6:56:72:f3:01:e6:3b:e5:3a:2c:5c:0b:6c:
         09:14:da:61:b3:8d:f7:ad:53:26:6a:90:ba:1b:79:42:8c:fa:
         4b:75:97:5e:9e:f7:98:0b:d4:1b:47:a9:b9:92:d9:9d:bc:1f:
         99:f2:b2:e3:6d:55:ef:ea:60:5b:54:da:b6:7b:33:72:13:39:
         94:42:c9:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ1mMBGG++BLjr+5I3oOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiODgwZTJkYzM0YmFlODBmNDJiYjFlMzg0NTdmZTE5N2E4
N2Q0YjMwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDg0YjE1MTRhZjJjODc2NmVhYTA5NDQyNzRkZjI2MzJkNjYzNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yes97L1rNkqPVrSLF1PK+kZFlJS
5HVdnNMp0oj2GER4LUE8Q9h41IM22rhBlWPRLw8wbnCAnZebg5ej/hw9YzxzJ8c+
a9txEBhKxzcbu1cgi66860Kqx019SRIPx/6PDz2mao5T2WXl7uFx3kPRLad5kuo1
oT1GKGu53qCFtz0PLTNnosjR5UM56T1FOYgcsaYJAB4GUuqVsYuYZd/J/SqKqFd9
o5ZQtlnUqZWMQarwiF/kCQTX4D1KNhG2mfp7TmvSvGvvj4ONLn1QJ8LBq9dYQOzr
Tvov3Ou4VjuvtZ0N2Q1cvCYNba5YPGyTMuDRg7s1bmfc2YQuez9lusSVqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGCEsVFK8sh2bqoJRCdN8mMtZjR6MB8GA1UdIwQY
MBaAFNuIDi3DS66A9Cux44RX/hl6h9SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjRnT0xjTkxyb0QwSzdIamhGZi1HWHFIMUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80MWE1MWQtNDI2OS00MWEwLTkyZGYt
NGQyOWE1ZTI5ODVkLzEvWUlTeFVVcnl5SFp1cWdsRUowM3lZeTFtTkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80MWE1MWQtNDI2OS00MWEwLTkyZGYtNGQyOWE1ZTI5ODVk
LzEvMjRnT0xjTkxyb0QwSzdIamhGZi1HWHFIMUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwe88AwQC
w+HUMA0GCSqGSIb3DQEBCwUAA4IBAQB9Gt8bIvdXeaLm948MkHmuedVR6QfOgOHe
qaJbYNtK8HUd+vt+DQTKScTNB9QaL640buobZx3a6kljvVPWmVuJ0w+G13T3WjzG
oH5jX9f22jImcdNzkGnvA8TxrSORfLu5on6jMJzUmAWR5YK0vc9qUwENxGMbXtYM
U1yCKMrUbesGHkeicWKbGY0jEmiuK3ErE5SkUMMrBkfIj9Ycn7bYKjaxf0UNm6v4
EEGtwtLExdtD+cm5vK7KmdZWcvMB5jvlOixcC2wJFNphs433rVMmapC6G3lCjPpL
dZdenveYC9QbR6m5ktmdvB+Z8rLjbVXv6mBbVNq2ezNyEzmUQsl1
-----END CERTIFICATE-----