Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/ycqa0ZTilGzSSpqbhCSGA6bVxtc.roa
File:                     ycqa0ZTilGzSSpqbhCSGA6bVxtc.roa (raw, json)
Hash identifier:          wD4vOdvqXdS8PvYbGcZEXrAE08wOI0s/mnBwb5u3zwA=
Subject key identifier:   C9:CA:9A:D1:94:E2:94:6C:D2:4A:9A:9B:84:24:86:03:A6:D5:C6:D7
Certificate issuer:       /CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
Certificate serial:       018CC5001CCC75DBB75D11932C5E759C3FC0
Authority key identifier: 1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/ycqa0ZTilGzSSpqbhCSGA6bVxtc.roa
Signing time:             Mon 01 Jan 2024 12:29:28 +0000
ROA not before:           Mon 01 Jan 2024 12:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50201
IP address blocks:        109.232.88.0/21 maxlen: 21
                          109.232.94.0/23 maxlen: 23
                          109.232.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1c:cc:75:db:b7:5d:11:93:2c:5e:75:9c:3f:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9ca9ad194e2946cd24a9a9b84248603a6d5c6d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:52:d9:9f:6c:89:92:52:bb:0f:88:e6:76:bc:
                    52:88:75:bd:1f:56:3d:be:62:a7:64:35:af:e6:f6:
                    60:74:ca:9d:47:b6:19:0f:fe:1f:6f:d7:c5:e6:50:
                    ee:07:36:ef:4e:f0:bd:bc:b3:00:2b:d9:41:2d:85:
                    1b:08:f3:c6:e9:2a:23:a4:71:55:f1:c6:a2:ba:6c:
                    7f:f6:66:3e:c2:d4:1d:44:11:90:d6:b4:46:43:9c:
                    9b:81:26:b7:46:06:a3:c6:29:e1:49:ef:51:10:9c:
                    6b:80:b0:70:88:cf:07:1e:94:2f:57:9c:dc:4e:36:
                    2a:51:1a:1b:71:0c:00:be:32:20:fe:e4:42:2e:c8:
                    7f:19:b6:16:5e:e8:a7:7f:43:7c:c5:6d:5c:53:79:
                    d2:04:d3:48:00:42:4a:e6:af:6f:61:77:46:23:37:
                    8a:a5:e2:d7:6d:1d:2b:d5:63:8e:8f:c9:16:b7:2e:
                    9b:55:09:1d:76:04:c5:99:5d:ec:77:dd:20:1a:dd:
                    15:bb:e8:74:3d:f0:4b:33:36:fd:b7:f7:96:cc:42:
                    ab:f8:76:56:b4:2e:7a:c4:db:e5:9d:b0:fd:d5:10:
                    79:c4:c7:84:8a:e0:e6:13:e1:ea:59:c1:af:4f:64:
                    2b:4f:59:50:5e:bf:ff:80:eb:38:c9:d4:0c:ab:85:
                    e9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CA:9A:D1:94:E2:94:6C:D2:4A:9A:9B:84:24:86:03:A6:D5:C6:D7
            X509v3 Authority Key Identifier:
                keyid:1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/ycqa0ZTilGzSSpqbhCSGA6bVxtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:0e:eb:d1:a3:ef:a0:5b:4a:1d:e7:e6:8f:9d:a1:cf:cc:e7:
         b1:3e:56:d3:40:c2:c6:34:58:be:ed:3a:e1:f8:94:9c:45:3d:
         51:33:1d:86:53:6d:d5:08:3d:5d:59:cd:ac:53:f0:93:e1:ba:
         34:e3:09:f5:e3:00:20:b2:8a:f9:41:ba:51:82:7e:3a:00:4e:
         2a:3a:f7:d4:d1:3b:f7:45:4f:22:1d:d4:52:90:7e:2c:cd:34:
         63:1b:61:36:3d:b9:41:93:43:ae:6c:ab:25:a0:d5:8e:20:93:
         bc:12:a3:f5:a0:4f:c5:f4:c0:94:97:68:4e:59:73:03:db:f6:
         6f:ca:48:05:90:96:e4:31:7c:4f:67:57:80:1c:fa:86:b3:76:
         5d:fe:7b:d3:77:b0:2e:8d:dc:0d:f9:9f:76:db:9b:43:98:e6:
         ca:6d:8b:4a:7b:81:52:d5:51:21:bc:40:2b:ad:9b:79:4c:bf:
         72:85:68:31:50:ff:31:d2:55:d6:96:19:1e:1a:a6:61:23:d7:
         8d:79:a2:db:57:d0:8f:90:2b:31:36:e3:a2:d2:e7:36:fc:73:
         bc:97:3b:35:cf:7e:20:e6:50:2a:7c:c1:70:68:4c:17:72:de:
         e3:1b:ac:93:7b:5b:6f:e3:c9:c5:75:cd:9e:6d:0b:f9:04:e7:
         24:d1:3b:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABzMddu3XRGTLF51nD/AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWEyZjA4M2Y0NzFkZmI5NTA3YjRjOTczY2I1YzNhY2Q0
OTc1OWQwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNhOWFkMTk0ZTI5NDZjZDI0YTlhOWI4NDI0ODYwM2E2ZDVjNmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFLZn2yJklK7D4jmdrxSiHW9H1Y9
vmKnZDWv5vZgdMqdR7YZD/4fb9fF5lDuBzbvTvC9vLMAK9lBLYUbCPPG6SojpHFV
8caiumx/9mY+wtQdRBGQ1rRGQ5ybgSa3RgajxinhSe9REJxrgLBwiM8HHpQvV5zc
TjYqURobcQwAvjIg/uRCLsh/GbYWXuinf0N8xW1cU3nSBNNIAEJK5q9vYXdGIzeK
peLXbR0r1WOOj8kWty6bVQkddgTFmV3sd90gGt0Vu+h0PfBLMzb9t/eWzEKr+HZW
tC56xNvlnbD91RB5xMeEiuDmE+HqWcGvT2QrT1lQXr//gOs4ydQMq4XpfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnKmtGU4pRs0kqam4QkhgOm1cbXMB8GA1UdIwQY
MBaAFB6aLwg/Rx37lQe0yXPLXDrNSXWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYt
MjVkNmU4NjEzZGM0LzEveWNxYTBaVGlsR3pTU3BxYmhDU0dBNmJWeHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYtMjVkNmU4NjEzZGM0
LzEvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbehYMA0G
CSqGSIb3DQEBCwUAA4IBAQAJDuvRo++gW0od5+aPnaHPzOexPlbTQMLGNFi+7Trh
+JScRT1RMx2GU23VCD1dWc2sU/CT4bo04wn14wAgsor5QbpRgn46AE4qOvfU0Tv3
RU8iHdRSkH4szTRjG2E2PblBk0OubKsloNWOIJO8EqP1oE/F9MCUl2hOWXMD2/Zv
ykgFkJbkMXxPZ1eAHPqGs3Zd/nvTd7AujdwN+Z9225tDmObKbYtKe4FS1VEhvEAr
rZt5TL9yhWgxUP8x0lXWlhkeGqZhI9eNeaLbV9CPkCsxNuOi0uc2/HO8lzs1z34g
5lAqfMFwaEwXct7jG6yTe1tv48nFdc2ebQv5BOck0TsJ
-----END CERTIFICATE-----