Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/b4566b-bcc8-4df5-ba2f-e15e666ad6c2/1/Yu-cZ-gJfopD9BxHRXy1IGzI5zc.roa
File:                     Yu-cZ-gJfopD9BxHRXy1IGzI5zc.roa (raw, json)
Hash identifier:          c4TVPan/vxVZ2iSY2RzfqLpDqHA6untQeLG5iVnov/E=
Subject key identifier:   62:EF:9C:67:E8:09:7E:8A:43:F4:1C:47:45:7C:B5:20:6C:C8:E7:37
Certificate issuer:       /CN=075e993e76f9d7fa404d69a6cb60d4bf98f2ba1e
Certificate serial:       0191E04F7263DD770661ABB334BBBCE0AB6A
Authority key identifier: 07:5E:99:3E:76:F9:D7:FA:40:4D:69:A6:CB:60:D4:BF:98:F2:BA:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B16ZPnb51_pATWmmy2DUv5jyuh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/b4566b-bcc8-4df5-ba2f-e15e666ad6c2/1/Yu-cZ-gJfopD9BxHRXy1IGzI5zc.roa
Signing time:             Wed 11 Sep 2024 08:59:48 +0000
ROA not before:           Wed 11 Sep 2024 08:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.11.156.0/22 maxlen: 23
                          2001:67c:5d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/b4566b-bcc8-4df5-ba2f-e15e666ad6c2/1/B16ZPnb51_pATWmmy2DUv5jyuh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/b4566b-bcc8-4df5-ba2f-e15e666ad6c2/1/B16ZPnb51_pATWmmy2DUv5jyuh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B16ZPnb51_pATWmmy2DUv5jyuh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e0:4f:72:63:dd:77:06:61:ab:b3:34:bb:bc:e0:ab:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=075e993e76f9d7fa404d69a6cb60d4bf98f2ba1e
        Validity
            Not Before: Sep 11 08:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62ef9c67e8097e8a43f41c47457cb5206cc8e737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:56:2e:17:2a:9d:5b:cd:ef:5b:aa:05:29:c4:
                    a4:64:c4:64:f7:3d:eb:7f:e9:8b:69:a9:4c:93:73:
                    f9:13:0d:4b:d9:e2:a8:4b:df:0a:33:1f:cf:c8:46:
                    01:60:92:ac:26:6d:54:0e:f9:79:e8:84:cc:b8:fb:
                    12:fe:fa:b0:58:ce:81:16:98:af:b4:45:27:64:c7:
                    96:3d:08:eb:4c:1a:6c:29:84:1b:b5:3d:38:d3:01:
                    c6:62:d3:0b:59:5e:ea:f0:a0:03:99:1d:55:00:f9:
                    94:69:ab:c9:d3:06:f7:a7:9c:d7:ae:2d:81:33:a4:
                    04:0c:8c:6a:f0:d4:5a:b5:05:da:94:49:80:00:0f:
                    72:f9:72:5b:5b:20:eb:29:f4:49:1d:33:15:9a:ea:
                    3f:bc:53:68:c0:30:10:76:6e:da:dd:c0:15:bb:d7:
                    5d:fc:82:48:50:c8:36:b1:13:25:9e:e9:62:62:db:
                    0f:41:da:c1:70:8e:ce:f2:0e:ea:49:d1:c1:70:b4:
                    31:db:a6:c4:78:a9:8a:b5:f1:e8:3b:b1:22:a6:3c:
                    78:eb:2a:60:9a:87:04:56:29:98:c1:4f:83:6e:45:
                    9b:83:0a:76:bd:c1:75:63:e9:f6:26:88:da:6e:8e:
                    28:72:22:36:0c:ab:26:1e:47:bb:ea:4d:0a:61:92:
                    12:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:EF:9C:67:E8:09:7E:8A:43:F4:1C:47:45:7C:B5:20:6C:C8:E7:37
            X509v3 Authority Key Identifier:
                keyid:07:5E:99:3E:76:F9:D7:FA:40:4D:69:A6:CB:60:D4:BF:98:F2:BA:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B16ZPnb51_pATWmmy2DUv5jyuh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b4566b-bcc8-4df5-ba2f-e15e666ad6c2/1/Yu-cZ-gJfopD9BxHRXy1IGzI5zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b4566b-bcc8-4df5-ba2f-e15e666ad6c2/1/B16ZPnb51_pATWmmy2DUv5jyuh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.156.0/22
                IPv6:
                  2001:67c:5d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:7c:75:bd:00:72:8f:d1:59:79:20:0a:23:fe:de:3d:44:73:
         ed:8d:81:bf:66:78:1d:5a:a9:49:7a:f0:2d:4f:86:7f:51:ba:
         46:64:48:4d:5b:dd:b1:61:85:a5:4a:51:75:6e:2a:fc:f6:d2:
         de:6e:4a:07:b0:69:7e:7e:97:12:a4:5c:98:63:86:19:5a:11:
         79:55:82:2c:55:94:28:21:3c:0c:22:f2:a7:f8:4c:71:ba:f3:
         84:84:ce:ed:7e:f4:54:50:e9:b2:f7:56:01:e4:ca:08:c3:3d:
         88:25:30:d8:4e:7a:24:5d:10:00:9b:8f:a5:50:61:b9:c1:12:
         3f:a4:dc:28:38:cb:bd:68:0e:19:ad:06:c6:e1:1d:f9:4f:aa:
         23:76:b8:44:dc:6d:f7:b9:7f:d3:90:5d:3b:26:de:a8:c7:89:
         8a:c1:c0:28:e4:28:c7:1a:28:71:4d:3e:5a:b1:0c:11:37:7a:
         bf:42:97:2a:2c:06:7d:b1:03:e8:34:f2:66:b3:2b:a0:88:92:
         e7:ad:83:b8:10:f0:c6:8f:71:f3:e4:15:7f:4a:55:a1:63:1a:
         ff:d8:71:98:f2:f6:4a:7c:77:0d:2d:78:00:90:b1:5e:92:f8:
         ad:0b:f5:85:be:f0:36:6e:82:6d:ab:e2:9d:d9:48:9a:e7:5e:
         2b:4d:4c:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZHgT3Jj3XcGYauzNLu84KtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NWU5OTNlNzZmOWQ3ZmE0MDRkNjlhNmNiNjBkNGJmOThm
MmJhMWUwHhcNMjQwOTExMDg1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmVmOWM2N2U4MDk3ZThhNDNmNDFjNDc0NTdjYjUyMDZjYzhlNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVYuFyqdW83vW6oFKcSkZMRk9z3r
f+mLaalMk3P5Ew1L2eKoS98KMx/PyEYBYJKsJm1UDvl56ITMuPsS/vqwWM6BFpiv
tEUnZMeWPQjrTBpsKYQbtT040wHGYtMLWV7q8KADmR1VAPmUaavJ0wb3p5zXri2B
M6QEDIxq8NRatQXalEmAAA9y+XJbWyDrKfRJHTMVmuo/vFNowDAQdm7a3cAVu9dd
/IJIUMg2sRMlnuliYtsPQdrBcI7O8g7qSdHBcLQx26bEeKmKtfHoO7Eipjx46ypg
mocEVimYwU+DbkWbgwp2vcF1Y+n2Jojabo4ociI2DKsmHke76k0KYZISiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGLvnGfoCX6KQ/QcR0V8tSBsyOc3MB8GA1UdIwQY
MBaAFAdemT52+df6QE1ppstg1L+Y8roeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjE2WlBuYjUxX3BBVFdtbXkyRFV2NWp5dWg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iNDU2NmItYmNjOC00ZGY1LWJhMmYt
ZTE1ZTY2NmFkNmMyLzEvWXUtY1otZ0pmb3BEOUJ4SFJYeTFJR3pJNXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iNDU2NmItYmNjOC00ZGY1LWJhMmYtZTE1ZTY2NmFkNmMy
LzEvQjE2WlBuYjUxX3BBVFdtbXkyRFV2NWp5dWg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwgucMA8E
AgACMAkDBwAgAQZ8BdgwDQYJKoZIhvcNAQELBQADggEBADV8db0Aco/RWXkgCiP+
3j1Ec+2Ngb9meB1aqUl68C1Phn9RukZkSE1b3bFhhaVKUXVuKvz20t5uSgewaX5+
lxKkXJhjhhlaEXlVgixVlCghPAwi8qf4THG684SEzu1+9FRQ6bL3VgHkygjDPYgl
MNhOeiRdEACbj6VQYbnBEj+k3Cg4y71oDhmtBsbhHflPqiN2uETcbfe5f9OQXTsm
3qjHiYrBwCjkKMcaKHFNPlqxDBE3er9ClyosBn2xA+g08mazK6CIkuetg7gQ8MaP
cfPkFX9KVaFjGv/YcZjy9kp8dw0teACQsV6S+K0L9YW+8DZugm2r4p3ZSJrnXitN
TPo=
-----END CERTIFICATE-----