Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/ydbrxRqi320he8CDGenuJI_6mko.roa
File:                     ydbrxRqi320he8CDGenuJI_6mko.roa (raw, json)
Hash identifier:          HNLvDGZvRDZ1Say10b0gA3/e1jhcj7avMUvmyNE8zeA=
Subject key identifier:   C9:D6:EB:C5:1A:A2:DF:6D:21:7B:C0:83:19:E9:EE:24:8F:FA:9A:4A
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       018CCA2BC4F8482B0B99CD87C0C97B0A7CFC
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/ydbrxRqi320he8CDGenuJI_6mko.roa
Signing time:             Tue 02 Jan 2024 12:35:15 +0000
ROA not before:           Tue 02 Jan 2024 12:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207300
IP address blocks:        109.205.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c4:f8:48:2b:0b:99:cd:87:c0:c9:7b:0a:7c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jan  2 12:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9d6ebc51aa2df6d217bc08319e9ee248ffa9a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:10:da:37:26:88:a5:ad:75:d3:0c:5f:4e:63:
                    5d:97:0a:86:5d:40:90:d0:9e:3f:89:02:06:a1:ec:
                    d3:14:f7:10:13:58:75:48:5c:d7:45:8a:23:f4:b5:
                    53:62:47:1f:a9:b4:3f:e7:9e:1a:91:cf:cc:fe:6e:
                    ce:ec:81:a3:a4:87:79:7a:3e:05:7c:c8:85:47:18:
                    23:b6:12:e0:dd:1b:f3:fa:9d:ed:24:0f:fc:a1:37:
                    da:8e:ec:2d:8e:4e:4e:eb:3d:b8:1d:60:15:09:79:
                    e2:92:1d:92:58:dd:22:21:c5:62:40:93:a6:f1:05:
                    e7:cf:7d:c2:e2:93:84:4f:67:a8:0b:06:08:33:aa:
                    57:8f:57:c3:91:af:87:a5:4b:3e:88:3d:47:96:ae:
                    30:2b:5c:4d:1a:2b:99:b4:fc:9a:d8:1e:8d:9c:48:
                    7a:6f:0e:12:58:a9:a1:21:f1:c3:46:32:ff:14:a5:
                    3f:9b:79:90:6e:d7:e4:34:28:4f:92:05:9b:e5:96:
                    fc:26:fb:64:61:af:6d:8a:47:0a:4e:86:94:1b:77:
                    c3:1c:44:ef:c2:f9:9a:b0:99:0f:4f:99:71:e9:d1:
                    71:e5:d2:23:59:11:ef:94:e5:51:d4:06:24:5a:0c:
                    db:71:88:30:88:fb:1e:15:ac:81:53:dd:2b:3b:93:
                    6a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D6:EB:C5:1A:A2:DF:6D:21:7B:C0:83:19:E9:EE:24:8F:FA:9A:4A
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/ydbrxRqi320he8CDGenuJI_6mko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:2c:3f:26:12:b5:34:ba:62:f4:a4:af:f1:0d:6a:2c:c2:9c:
         f7:64:71:a5:dc:3a:f9:5a:55:49:b1:54:03:2b:f3:db:75:6a:
         72:fc:eb:1f:14:ba:b7:0a:f3:8e:d5:b8:d1:21:aa:d9:07:94:
         b5:9a:d6:da:96:e9:4b:c2:d1:4b:40:cc:1a:06:27:cf:f0:84:
         6c:ca:14:a3:51:9b:7d:ac:39:93:61:f2:f5:ff:88:10:c3:54:
         0c:24:30:19:d4:4f:6c:0f:64:6f:58:67:c5:23:1d:40:66:9d:
         33:bd:96:bd:7a:61:35:2d:a2:53:27:69:49:6d:84:77:57:e7:
         c3:55:44:cc:0a:e6:13:67:88:08:ea:e4:8f:0b:ba:38:8c:10:
         14:48:a0:24:74:06:1b:63:3a:a9:01:6d:de:da:da:7a:4c:76:
         0a:63:fd:4e:a0:73:36:46:e1:cf:47:85:39:58:ab:97:c2:89:
         97:01:b6:6c:a2:6c:9d:d4:d2:5c:46:d9:b9:3f:f0:e4:51:f7:
         4b:05:bb:6f:c7:26:61:ef:4a:2e:cd:43:1d:b9:18:c4:4e:87:
         1a:32:71:04:0a:b7:a4:1e:73:b6:75:e5:80:0a:3b:f6:7d:51:
         b1:24:58:92:65:d0:92:32:58:ee:f3:0b:f9:01:be:2a:2b:16:
         f0:5f:71:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8T4SCsLmc2HwMl7Cnz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjQwMTAyMTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ2ZWJjNTFhYTJkZjZkMjE3YmMwODMxOWU5ZWUyNDhmZmE5YTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxDaNyaIpa110wxfTmNdlwqGXUCQ
0J4/iQIGoezTFPcQE1h1SFzXRYoj9LVTYkcfqbQ/554akc/M/m7O7IGjpId5ej4F
fMiFRxgjthLg3Rvz+p3tJA/8oTfajuwtjk5O6z24HWAVCXnikh2SWN0iIcViQJOm
8QXnz33C4pOET2eoCwYIM6pXj1fDka+HpUs+iD1Hlq4wK1xNGiuZtPya2B6NnEh6
bw4SWKmhIfHDRjL/FKU/m3mQbtfkNChPkgWb5Zb8JvtkYa9tikcKToaUG3fDHETv
wvmasJkPT5lx6dFx5dIjWRHvlOVR1AYkWgzbcYgwiPseFayBU90rO5NqawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnW68Uaot9tIXvAgxnp7iSP+ppKMB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEveWRicnhScWkzMjBoZThDREdlbnVKSV82bWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc2+MA0G
CSqGSIb3DQEBCwUAA4IBAQAuLD8mErU0umL0pK/xDWoswpz3ZHGl3Dr5WlVJsVQD
K/PbdWpy/OsfFLq3CvOO1bjRIarZB5S1mtbalulLwtFLQMwaBifP8IRsyhSjUZt9
rDmTYfL1/4gQw1QMJDAZ1E9sD2RvWGfFIx1AZp0zvZa9emE1LaJTJ2lJbYR3V+fD
VUTMCuYTZ4gI6uSPC7o4jBAUSKAkdAYbYzqpAW3e2tp6THYKY/1OoHM2RuHPR4U5
WKuXwomXAbZsomyd1NJcRtm5P/DkUfdLBbtvxyZh70ouzUMduRjETocaMnEECrek
HnO2deWACjv2fVGxJFiSZdCSMlju8wv5Ab4qKxbwX3G9
-----END CERTIFICATE-----