Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/ac69d2-9299-49b0-91c8-0233b7b26d5d/1/yw_4sZfVVcGsg0c8xQlqbkWiv3w.roa
File:                     yw_4sZfVVcGsg0c8xQlqbkWiv3w.roa (raw, json)
Hash identifier:          qVoeVM5J72PxStltyQTSJrKUEbqG6dAAfjOoeKlsdjY=
Subject key identifier:   CB:0F:F8:B1:97:D5:55:C1:AC:83:47:3C:C5:09:6A:6E:45:A2:BF:7C
Certificate issuer:       /CN=40d4e33be71d339f3bc0cc6dae65e8792ff4d5dc
Certificate serial:       018CC86F88D644057B96B548E3804A21B85C
Authority key identifier: 40:D4:E3:3B:E7:1D:33:9F:3B:C0:CC:6D:AE:65:E8:79:2F:F4:D5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNTjO-cdM587wMxtrmXoeS_01dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/ac69d2-9299-49b0-91c8-0233b7b26d5d/1/yw_4sZfVVcGsg0c8xQlqbkWiv3w.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196621
IP address blocks:        193.5.68.0/23 maxlen: 23
                          2001:67c:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/ac69d2-9299-49b0-91c8-0233b7b26d5d/1/QNTjO-cdM587wMxtrmXoeS_01dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/ac69d2-9299-49b0-91c8-0233b7b26d5d/1/QNTjO-cdM587wMxtrmXoeS_01dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNTjO-cdM587wMxtrmXoeS_01dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:88:d6:44:05:7b:96:b5:48:e3:80:4a:21:b8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d4e33be71d339f3bc0cc6dae65e8792ff4d5dc
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb0ff8b197d555c1ac83473cc5096a6e45a2bf7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b8:3a:c2:e4:4a:ae:1c:a7:5e:b1:b1:12:e7:
                    5e:64:aa:01:57:a2:c5:a2:78:7d:bb:d3:ab:a9:d6:
                    23:3f:27:0b:4e:e0:b0:18:e6:4c:5d:ab:d8:b2:05:
                    78:71:50:f9:f9:fd:ed:43:ac:b5:f4:57:00:85:94:
                    ad:27:64:ce:c2:11:ad:4f:c5:b0:29:47:0e:d0:d6:
                    c8:18:7b:a4:28:a0:c3:6d:2f:38:2e:ba:94:dc:41:
                    1b:d4:67:b5:6c:a9:1d:aa:e6:18:9b:0a:e7:27:30:
                    21:ad:89:d4:4a:db:b0:bc:10:3b:ff:09:1e:03:a6:
                    ba:45:ed:7c:81:1a:87:a3:bb:b1:62:28:ef:74:1f:
                    69:38:54:02:38:b5:64:a6:51:8f:5a:53:3d:cb:df:
                    b9:85:ff:fe:7d:0d:6b:e9:e7:7d:48:b2:6a:44:30:
                    71:66:48:a2:52:08:8d:90:ab:40:fb:73:f1:11:80:
                    2c:fe:c3:93:50:02:ad:aa:42:db:21:dc:27:99:bf:
                    40:a5:ab:cf:a0:02:d3:1e:a4:a4:d3:dc:2c:36:0a:
                    f0:90:e5:37:4d:3f:61:ef:47:a0:fc:93:4e:5c:a4:
                    01:c3:35:42:95:b5:b9:da:7d:ee:5e:e8:c2:67:b6:
                    bd:62:24:14:54:70:a2:06:0f:5a:c0:1b:3e:a0:60:
                    71:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0F:F8:B1:97:D5:55:C1:AC:83:47:3C:C5:09:6A:6E:45:A2:BF:7C
            X509v3 Authority Key Identifier:
                keyid:40:D4:E3:3B:E7:1D:33:9F:3B:C0:CC:6D:AE:65:E8:79:2F:F4:D5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNTjO-cdM587wMxtrmXoeS_01dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ac69d2-9299-49b0-91c8-0233b7b26d5d/1/yw_4sZfVVcGsg0c8xQlqbkWiv3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ac69d2-9299-49b0-91c8-0233b7b26d5d/1/QNTjO-cdM587wMxtrmXoeS_01dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.68.0/23
                IPv6:
                  2001:67c:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:13:3f:dd:79:e2:32:90:57:70:b6:e0:8d:32:5c:3d:85:2e:
         af:3f:9c:55:fa:8d:91:bf:7b:26:92:6f:7e:9f:08:2c:46:77:
         53:c7:af:ff:85:2e:12:ce:62:8a:c6:cc:c9:c0:99:87:8f:fe:
         ba:c6:9f:ac:47:f7:dc:8a:32:49:3d:db:5c:93:4a:11:c8:a1:
         1f:9c:88:57:24:2f:89:52:a8:89:c9:40:d3:10:d9:6e:28:ec:
         6e:69:6b:40:51:fb:ab:4f:44:a5:90:46:ed:3c:08:6a:08:fb:
         d5:08:65:e0:23:66:c0:21:9a:8c:c1:6b:b3:5d:3f:be:29:eb:
         7e:f3:b1:70:34:95:60:70:05:c9:33:de:b6:a8:9b:ad:8c:b6:
         7a:ee:23:eb:63:e4:37:8b:67:66:b0:1c:e1:f7:5a:50:8b:09:
         6f:97:3a:6d:85:4d:de:f0:30:6c:11:a1:48:87:f2:32:f4:7f:
         a9:6f:02:8e:8f:55:e1:20:cd:8e:bd:08:a5:ff:1e:ad:fa:48:
         07:ff:cc:50:bf:d9:2e:db:e1:c6:48:ff:e8:c9:a4:8c:d5:4c:
         cc:21:24:39:dd:67:dc:a9:2d:a1:44:ad:5a:31:ad:27:21:bb:
         5a:3c:52:73:da:69:63:7e:ce:ab:87:f4:7b:68:3e:59:a2:91:
         0c:1a:7f:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIb4jWRAV7lrVI44BKIbhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDRlMzNiZTcxZDMzOWYzYmMwY2M2ZGFlNjVlODc5MmZm
NGQ1ZGMwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjBmZjhiMTk3ZDU1NWMxYWM4MzQ3M2NjNTA5NmE2ZTQ1YTJiZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLg6wuRKrhynXrGxEudeZKoBV6LF
onh9u9OrqdYjPycLTuCwGOZMXavYsgV4cVD5+f3tQ6y19FcAhZStJ2TOwhGtT8Ww
KUcO0NbIGHukKKDDbS84LrqU3EEb1Ge1bKkdquYYmwrnJzAhrYnUStuwvBA7/wke
A6a6Re18gRqHo7uxYijvdB9pOFQCOLVkplGPWlM9y9+5hf/+fQ1r6ed9SLJqRDBx
ZkiiUgiNkKtA+3PxEYAs/sOTUAKtqkLbIdwnmb9ApavPoALTHqSk09wsNgrwkOU3
TT9h70eg/JNOXKQBwzVClbW52n3uXujCZ7a9YiQUVHCiBg9awBs+oGBxcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMsP+LGX1VXBrINHPMUJam5For98MB8GA1UdIwQY
MBaAFEDU4zvnHTOfO8DMba5l6Hkv9NXcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5Uak8tY2RNNTg3d014dHJtWG9lU18wMWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hYzY5ZDItOTI5OS00OWIwLTkxYzgt
MDIzM2I3YjI2ZDVkLzEveXdfNHNaZlZWY0dzZzBjOHhRbHFia1dpdjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hYzY5ZDItOTI5OS00OWIwLTkxYzgtMDIzM2I3YjI2ZDVk
LzEvUU5Uak8tY2RNNTg3d014dHJtWG9lU18wMWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwQVEMA8E
AgACMAkDBwAgAQZ8AAgwDQYJKoZIhvcNAQELBQADggEBAJcTP9154jKQV3C24I0y
XD2FLq8/nFX6jZG/eyaSb36fCCxGd1PHr/+FLhLOYorGzMnAmYeP/rrGn6xH99yK
Mkk921yTShHIoR+ciFckL4lSqInJQNMQ2W4o7G5pa0BR+6tPRKWQRu08CGoI+9UI
ZeAjZsAhmozBa7NdP74p637zsXA0lWBwBckz3raom62MtnruI+tj5DeLZ2awHOH3
WlCLCW+XOm2FTd7wMGwRoUiH8jL0f6lvAo6PVeEgzY69CKX/Hq36SAf/zFC/2S7b
4cZI/+jJpIzVTMwhJDndZ9ypLaFErVoxrSchu1o8UnPaaWN+zquH9HtoPlmikQwa
f4o=
-----END CERTIFICATE-----