Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yvQBnbaCMZtI3U4-W4nQjJuZApI.roa
File:                     yvQBnbaCMZtI3U4-W4nQjJuZApI.roa (raw, json)
Hash identifier:          pxLOu/Owr2wVWao2taNmKF5fH/BPoCqQcbTJhDiV5+U=
Subject key identifier:   CA:F4:01:9D:B6:82:31:9B:48:DD:4E:3E:5B:89:D0:8C:9B:99:02:92
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7953706F8570BD7909C7A0B0E5004D7
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yvQBnbaCMZtI3U4-W4nQjJuZApI.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210352
IP address blocks:        193.233.49.0/24 maxlen: 24
                          193.233.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:37:06:f8:57:0b:d7:90:9c:7a:0b:0e:50:04:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caf4019db682319b48dd4e3e5b89d08c9b990292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9d:f7:9f:ae:b3:2d:4d:94:97:4a:df:d7:13:
                    6f:1c:26:6a:08:d9:bf:70:ea:a7:61:15:d6:bf:dc:
                    81:dd:2f:f9:e7:3f:70:44:ba:32:7c:70:2d:5e:3a:
                    03:b2:b4:21:94:d5:91:82:f8:54:47:3b:e5:df:5c:
                    d7:40:76:ff:d8:99:08:88:7e:16:d2:38:f2:9a:f4:
                    36:f6:3d:f5:3a:ba:6c:4f:49:bf:77:a8:a9:a6:0c:
                    37:77:27:93:eb:13:6e:67:7e:22:26:33:32:dc:55:
                    ef:00:b2:98:26:ed:86:c2:88:f2:7c:c3:e3:9a:1a:
                    8f:c7:67:e7:c7:4b:07:3d:dd:51:d3:5d:90:a6:a0:
                    e9:b3:84:6a:c8:a8:b6:0f:3d:38:93:70:1b:d7:a2:
                    37:b1:2b:14:ee:62:45:c8:1d:e6:6f:17:1c:b5:99:
                    7e:37:2c:c1:2a:02:0e:93:4b:4d:c4:85:ac:4a:94:
                    b0:bb:61:52:82:27:9a:c7:e8:56:1b:4f:ad:31:4b:
                    57:25:82:65:86:b9:5e:d2:72:76:db:94:bc:29:51:
                    70:f5:d7:10:7a:64:b0:54:e9:fb:ad:84:29:89:3b:
                    44:28:a3:7c:1e:59:2e:ce:fb:9f:fc:a1:77:0f:35:
                    65:ff:a8:8d:77:94:af:8a:33:a3:92:98:68:ab:2f:
                    94:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F4:01:9D:B6:82:31:9B:48:DD:4E:3E:5B:89:D0:8C:9B:99:02:92
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yvQBnbaCMZtI3U4-W4nQjJuZApI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:7e:49:5c:93:31:f2:c7:7d:5b:51:e5:75:1a:57:cf:45:68:
         8b:db:b6:42:7b:87:30:a1:19:cc:a1:ab:05:c8:dd:50:0d:c6:
         e4:c6:16:55:c2:f0:ea:4c:d0:af:98:9c:95:a8:05:d7:eb:49:
         c3:30:0c:92:01:15:9d:6c:8e:bf:01:67:f5:b1:32:bf:45:3f:
         3c:34:9e:7d:d3:97:23:f5:d3:aa:bc:e8:2b:57:95:5c:ad:23:
         e0:bc:85:63:76:72:5c:2e:1b:0a:a8:62:5f:04:ee:95:25:1b:
         09:a1:82:09:66:e7:12:da:20:71:84:7d:c9:c4:0d:90:59:7c:
         0f:49:52:59:04:34:3c:c1:b6:7d:b4:e6:f8:91:89:b6:7b:8a:
         e6:2f:40:0c:f7:d9:75:66:9e:65:e2:30:9a:87:8e:a0:0f:c3:
         05:e4:53:42:ec:63:47:d4:d5:8b:b9:0c:e2:b2:1b:15:c0:67:
         ac:8c:45:ea:d3:c4:34:fb:67:bd:89:35:fa:bc:af:07:fd:a6:
         f0:58:af:5b:90:8a:f1:4c:f7:24:bd:ca:f6:fb:6e:b4:a5:95:
         89:a7:a4:38:ea:35:07:0b:27:54:86:f7:ea:b5:99:ea:fc:52:
         77:19:72:fb:c3:2b:a8:76:b4:52:44:03:f4:9f:8d:17:f7:e8:
         e1:89:8e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTcG+FcL15CcegsOUATXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWY0MDE5ZGI2ODIzMTliNDhkZDRlM2U1Yjg5ZDA4YzliOTkwMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ33n66zLU2Ul0rf1xNvHCZqCNm/
cOqnYRXWv9yB3S/55z9wRLoyfHAtXjoDsrQhlNWRgvhURzvl31zXQHb/2JkIiH4W
0jjymvQ29j31OrpsT0m/d6ippgw3dyeT6xNuZ34iJjMy3FXvALKYJu2GwojyfMPj
mhqPx2fnx0sHPd1R012QpqDps4RqyKi2Dz04k3Ab16I3sSsU7mJFyB3mbxcctZl+
NyzBKgIOk0tNxIWsSpSwu2FSgieax+hWG0+tMUtXJYJlhrle0nJ225S8KVFw9dcQ
emSwVOn7rYQpiTtEKKN8Hlkuzvuf/KF3DzVl/6iNd5SvijOjkphoqy+UswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMr0AZ22gjGbSN1OPluJ0IybmQKSMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveXZRQm5iYUNNWnRJM1U0LVc0blFqSnVaQXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwekwMA0G
CSqGSIb3DQEBCwUAA4IBAQBofklckzHyx31bUeV1GlfPRWiL27ZCe4cwoRnMoasF
yN1QDcbkxhZVwvDqTNCvmJyVqAXX60nDMAySARWdbI6/AWf1sTK/RT88NJ5905cj
9dOqvOgrV5VcrSPgvIVjdnJcLhsKqGJfBO6VJRsJoYIJZucS2iBxhH3JxA2QWXwP
SVJZBDQ8wbZ9tOb4kYm2e4rmL0AM99l1Zp5l4jCah46gD8MF5FNC7GNH1NWLuQzi
shsVwGesjEXq08Q0+2e9iTX6vK8H/abwWK9bkIrxTPckvcr2+260pZWJp6Q46jUH
CydUhvfqtZnq/FJ3GXL7wyuodrRSRAP0n40X9+jhiY51
-----END CERTIFICATE-----