Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/7fb7a0-2eb8-47c6-86e4-9ea286bd55fb/1/Y8gtGDs_CUKxAaTQ6gz1tn2eVgI.roa
File:                     Y8gtGDs_CUKxAaTQ6gz1tn2eVgI.roa (raw, json)
Hash identifier:          bHQZLLLtQW3BFC12bj2MaYi7yhqKocl8d34hQZDu8LA=
Subject key identifier:   63:C8:2D:18:3B:3F:09:42:B1:01:A4:D0:EA:0C:F5:B6:7D:9E:56:02
Certificate issuer:       /CN=268d10d109dd91255c84dd62307641002374fc3a
Certificate serial:       018DAC4CA9C079F889A5C21877CA91329426
Authority key identifier: 26:8D:10:D1:09:DD:91:25:5C:84:DD:62:30:76:41:00:23:74:FC:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jo0Q0QndkSVchN1iMHZBACN0_Do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/7fb7a0-2eb8-47c6-86e4-9ea286bd55fb/1/Y8gtGDs_CUKxAaTQ6gz1tn2eVgI.roa
Signing time:             Thu 15 Feb 2024 10:25:21 +0000
ROA not before:           Thu 15 Feb 2024 10:25:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7042
IP address blocks:        194.5.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/7fb7a0-2eb8-47c6-86e4-9ea286bd55fb/1/Jo0Q0QndkSVchN1iMHZBACN0_Do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/7fb7a0-2eb8-47c6-86e4-9ea286bd55fb/1/Jo0Q0QndkSVchN1iMHZBACN0_Do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jo0Q0QndkSVchN1iMHZBACN0_Do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:4c:a9:c0:79:f8:89:a5:c2:18:77:ca:91:32:94:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=268d10d109dd91255c84dd62307641002374fc3a
        Validity
            Not Before: Feb 15 10:25:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63c82d183b3f0942b101a4d0ea0cf5b67d9e5602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3e:7f:3e:a4:ad:ad:87:c1:97:15:e8:3f:a9:
                    28:0b:33:58:9f:f9:d2:28:8c:80:78:0e:c3:76:e2:
                    fb:bf:da:bd:3b:78:53:bc:08:5a:14:28:ef:49:5d:
                    79:1e:5e:4e:6c:e3:0d:e2:cb:10:94:58:03:aa:0e:
                    10:8f:f7:56:a0:21:af:37:33:1d:43:d6:b2:b7:ac:
                    93:f7:69:63:3b:02:0e:7f:a3:c8:ef:ce:65:87:e1:
                    dd:1b:ba:48:11:8a:9a:e0:cf:2e:bd:b5:27:01:38:
                    fa:db:25:25:66:c9:b3:02:db:db:bf:31:32:59:ee:
                    d6:ed:05:69:a9:88:73:0e:91:92:28:54:7a:18:db:
                    4e:02:d5:98:01:82:f3:80:6f:40:b9:cb:be:d8:73:
                    f6:d6:3b:2b:be:6e:93:e2:5a:5b:6d:cc:f8:d8:1e:
                    7f:45:9f:3e:75:62:30:00:3e:29:15:22:da:9f:73:
                    50:4f:b1:52:70:c8:43:01:24:a8:bb:3b:1f:3b:8a:
                    ff:44:fa:09:70:30:64:0e:37:70:41:40:1d:0d:99:
                    43:3a:0b:48:de:f7:81:63:7b:18:fc:13:75:8d:da:
                    e2:17:c2:96:68:cf:da:65:92:c2:b9:7d:7f:d1:ba:
                    f8:95:0c:83:6a:17:50:68:b6:73:44:db:1d:7d:4c:
                    24:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C8:2D:18:3B:3F:09:42:B1:01:A4:D0:EA:0C:F5:B6:7D:9E:56:02
            X509v3 Authority Key Identifier:
                keyid:26:8D:10:D1:09:DD:91:25:5C:84:DD:62:30:76:41:00:23:74:FC:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jo0Q0QndkSVchN1iMHZBACN0_Do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7fb7a0-2eb8-47c6-86e4-9ea286bd55fb/1/Y8gtGDs_CUKxAaTQ6gz1tn2eVgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7fb7a0-2eb8-47c6-86e4-9ea286bd55fb/1/Jo0Q0QndkSVchN1iMHZBACN0_Do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a6:9d:94:00:0d:c9:ad:bf:9d:19:72:33:47:99:e5:43:2f:
         5b:a8:44:c2:87:ca:b9:97:1c:87:da:16:ff:ea:0a:06:30:1d:
         1f:af:c5:e0:46:d8:8b:10:0d:50:15:35:c9:c7:e4:d0:99:1e:
         b7:4a:b2:ad:81:29:09:0f:17:dc:3e:6f:96:d5:9b:3b:14:e9:
         19:2a:79:2d:96:d7:42:c4:be:f3:64:0c:d8:53:1a:9b:d5:c0:
         f4:fd:48:da:ef:e8:59:df:08:31:7c:fb:2c:5c:f3:1e:a9:1d:
         e1:a7:42:44:22:24:af:a8:ba:89:0d:7c:15:db:48:a6:f2:5b:
         4b:60:44:9b:69:65:44:5e:dc:bd:12:3d:30:bb:1b:1a:24:b4:
         e7:cb:a6:25:c6:cf:0f:6b:fb:a1:58:24:fc:e0:63:e3:71:e5:
         1a:0f:e7:bb:9c:3c:7b:cb:4f:82:31:01:4b:65:ec:96:30:e0:
         41:ba:32:1e:55:eb:72:93:87:c1:69:5b:ed:3b:7b:47:57:b1:
         dc:19:62:a4:b4:e0:7f:dc:81:18:ad:e9:ba:37:43:99:bd:48:
         c7:02:88:47:96:5c:13:1b:66:42:a5:d9:ad:d7:80:4f:bc:c6:
         78:84:3f:fc:46:57:03:5d:1f:cc:b8:3b:85:f8:45:95:6c:a3:
         92:72:1d:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sTKnAefiJpcIYd8qRMpQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2OGQxMGQxMDlkZDkxMjU1Yzg0ZGQ2MjMwNzY0MTAwMjM3
NGZjM2EwHhcNMjQwMjE1MTAyNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2M4MmQxODNiM2YwOTQyYjEwMWE0ZDBlYTBjZjViNjdkOWU1NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2T5/PqStrYfBlxXoP6koCzNYn/nS
KIyAeA7DduL7v9q9O3hTvAhaFCjvSV15Hl5ObOMN4ssQlFgDqg4Qj/dWoCGvNzMd
Q9ayt6yT92ljOwIOf6PI785lh+HdG7pIEYqa4M8uvbUnATj62yUlZsmzAtvbvzEy
We7W7QVpqYhzDpGSKFR6GNtOAtWYAYLzgG9Aucu+2HP21jsrvm6T4lpbbcz42B5/
RZ8+dWIwAD4pFSLan3NQT7FScMhDASSouzsfO4r/RPoJcDBkDjdwQUAdDZlDOgtI
3veBY3sY/BN1jdriF8KWaM/aZZLCuX1/0br4lQyDahdQaLZzRNsdfUwkGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPILRg7PwlCsQGk0OoM9bZ9nlYCMB8GA1UdIwQY
MBaAFCaNENEJ3ZElXITdYjB2QQAjdPw6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm8wUTBRbmRrU1ZjaE4xaU1IWkJBQ04wX0RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy83ZmI3YTAtMmViOC00N2M2LTg2ZTQt
OWVhMjg2YmQ1NWZiLzEvWThndEdEc19DVUt4QWFUUTZnejF0bjJlVmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy83ZmI3YTAtMmViOC00N2M2LTg2ZTQtOWVhMjg2YmQ1NWZi
LzEvSm8wUTBRbmRrU1ZjaE4xaU1IWkJBQ04wX0RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgX8MA0G
CSqGSIb3DQEBCwUAA4IBAQBopp2UAA3Jrb+dGXIzR5nlQy9bqETCh8q5lxyH2hb/
6goGMB0fr8XgRtiLEA1QFTXJx+TQmR63SrKtgSkJDxfcPm+W1Zs7FOkZKnktltdC
xL7zZAzYUxqb1cD0/Uja7+hZ3wgxfPssXPMeqR3hp0JEIiSvqLqJDXwV20im8ltL
YESbaWVEXty9Ej0wuxsaJLTny6Ylxs8Pa/uhWCT84GPjceUaD+e7nDx7y0+CMQFL
ZeyWMOBBujIeVetyk4fBaVvtO3tHV7HcGWKktOB/3IEYrem6N0OZvUjHAohHllwT
G2ZCpdmt14BPvMZ4hD/8RlcDXR/MuDuF+EWVbKOSch3i
-----END CERTIFICATE-----