Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/IzPONJbDcPLAN7R-0u_JAPyySGA.roa
File:                     IzPONJbDcPLAN7R-0u_JAPyySGA.roa (raw, json)
Hash identifier:          vT7I4r/sdjJ5U7NJxlUAxdk0dgo+g9tMDaezQYY9Vms=
Subject key identifier:   23:33:CE:34:96:C3:70:F2:C0:37:B4:7E:D2:EF:C9:00:FC:B2:48:60
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF795A21F18C63E2810F6632D238BA
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/IzPONJbDcPLAN7R-0u_JAPyySGA.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198371
IP address blocks:        185.47.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:79:5a:21:f1:8c:63:e2:81:0f:66:32:d2:38:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2333ce3496c370f2c037b47ed2efc900fcb24860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c1:15:20:79:53:ea:cc:56:ee:63:52:c4:2d:
                    c0:c8:1f:69:6c:04:a1:36:c2:c0:72:63:39:e0:63:
                    a8:fa:5a:f9:35:a8:65:f1:98:66:45:59:dd:91:44:
                    68:4f:a2:7a:2f:d9:f5:87:7f:2c:80:02:08:b2:9c:
                    9e:7a:1a:bb:39:69:b7:bf:86:1c:72:3d:b9:aa:3c:
                    65:73:b7:08:9e:30:a0:2c:d5:45:2c:41:44:c9:93:
                    54:e7:cc:5d:7e:fd:ad:c1:0c:5e:36:a9:6e:e9:0e:
                    d0:a2:71:c9:68:ea:8d:12:2e:40:c5:5a:ce:71:25:
                    44:15:51:28:17:50:9c:9a:31:af:78:b8:18:6a:cd:
                    44:22:3a:af:4a:15:cd:aa:d8:5e:b9:dc:a5:5f:32:
                    d3:17:b5:39:6f:39:2b:88:4d:a7:f1:2e:df:28:87:
                    50:70:dc:93:d0:88:7f:ba:7c:40:4a:3e:78:34:94:
                    b5:6b:81:00:8f:99:6d:92:a9:a8:9c:e9:a0:55:92:
                    86:63:ce:04:d4:f3:06:26:22:18:c3:a8:95:dc:bb:
                    b0:f5:a4:bd:da:ce:ac:d0:b7:ce:40:95:72:ef:da:
                    fa:4c:e5:af:ff:ee:04:52:40:bb:59:6f:af:63:c6:
                    8e:bd:a6:03:40:1c:7d:2d:f2:0c:3b:87:e1:ae:96:
                    c8:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:33:CE:34:96:C3:70:F2:C0:37:B4:7E:D2:EF:C9:00:FC:B2:48:60
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/IzPONJbDcPLAN7R-0u_JAPyySGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:fd:27:53:12:4b:01:4a:ee:c3:63:eb:4e:60:e2:19:ad:b6:
         18:68:ce:7f:a9:ac:55:03:3e:ad:3e:7a:1e:55:c4:ec:fe:7a:
         4c:27:da:14:06:7e:5c:0c:79:44:05:4d:d0:f4:e8:07:be:28:
         49:a1:d2:b6:fb:cb:15:c8:b8:68:39:87:f6:fa:e3:99:12:cc:
         63:7f:f6:2f:b6:c0:a1:20:df:71:79:1e:68:8a:f9:c6:1e:e6:
         74:10:9c:14:6b:ab:ce:bd:39:3d:68:60:e2:c3:00:15:da:fc:
         7b:72:ea:7a:52:c4:c0:d2:93:3d:01:50:c7:57:9c:35:73:65:
         06:f7:09:31:00:c5:76:60:14:67:88:e6:3a:e0:83:b8:d2:24:
         a0:3e:b5:e9:66:d7:2b:9c:4b:ee:0e:97:bd:5e:58:b7:84:f7:
         c2:0d:71:fe:0a:51:6f:94:6c:44:66:98:6c:35:e8:cd:02:81:
         2a:e4:66:c6:5b:52:6f:d6:8f:bd:a8:60:3f:ba:1f:ae:93:48:
         c4:6b:1e:7d:2d:64:be:f4:01:53:e4:b8:31:57:ce:cb:2b:54:
         7b:e1:65:52:f1:0a:a6:1f:5e:40:67:f1:17:c0:60:75:3d:87:
         07:af:b3:ab:aa:18:f8:3d:6d:02:49:05:55:1d:3f:73:49:6e:
         81:04:02:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33laIfGMY+KBD2Yy0ji6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMzY2UzNDk2YzM3MGYyYzAzN2I0N2VkMmVmYzkwMGZjYjI0ODYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcEVIHlT6sxW7mNSxC3AyB9pbASh
NsLAcmM54GOo+lr5Nahl8ZhmRVndkURoT6J6L9n1h38sgAIIspyeehq7OWm3v4Yc
cj25qjxlc7cInjCgLNVFLEFEyZNU58xdfv2twQxeNqlu6Q7QonHJaOqNEi5AxVrO
cSVEFVEoF1CcmjGveLgYas1EIjqvShXNqtheudylXzLTF7U5bzkriE2n8S7fKIdQ
cNyT0Ih/unxASj54NJS1a4EAj5ltkqmonOmgVZKGY84E1PMGJiIYw6iV3Luw9aS9
2s6s0LfOQJVy79r6TOWv/+4EUkC7WW+vY8aOvaYDQBx9LfIMO4fhrpbIhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMzzjSWw3DywDe0ftLvyQD8skhgMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvSXpQT05KYkRjUExBTjdSLTB1X0pBUHl5U0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS/TMA0G
CSqGSIb3DQEBCwUAA4IBAQCU/SdTEksBSu7DY+tOYOIZrbYYaM5/qaxVAz6tPnoe
VcTs/npMJ9oUBn5cDHlEBU3Q9OgHvihJodK2+8sVyLhoOYf2+uOZEsxjf/YvtsCh
IN9xeR5oivnGHuZ0EJwUa6vOvTk9aGDiwwAV2vx7cup6UsTA0pM9AVDHV5w1c2UG
9wkxAMV2YBRniOY64IO40iSgPrXpZtcrnEvuDpe9Xli3hPfCDXH+ClFvlGxEZphs
NejNAoEq5GbGW1Jv1o+9qGA/uh+uk0jEax59LWS+9AFT5LgxV87LK1R74WVS8Qqm
H15AZ/EXwGB1PYcHr7Orqhj4PW0CSQVVHT9zSW6BBAKz
-----END CERTIFICATE-----