Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/YZPx_G3bCY0zsiDzh4ous6jycbE.roa
File:                     YZPx_G3bCY0zsiDzh4ous6jycbE.roa (raw, json)
Hash identifier:          55qOHypvqZYOGwoP6jWuhAvV2BGJFrBq4aUt72AEAnk=
Subject key identifier:   61:93:F1:FC:6D:DB:09:8D:33:B2:20:F3:87:8A:2E:B3:A8:F2:71:B1
Certificate issuer:       /CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
Certificate serial:       018CC9BBCBECA9F8428C21898C8D7E9262A1
Authority key identifier: 8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/YZPx_G3bCY0zsiDzh4ous6jycbE.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51242
IP address blocks:        193.239.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cb:ec:a9:f8:42:8c:21:89:8c:8d:7e:92:62:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6193f1fc6ddb098d33b220f3878a2eb3a8f271b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:32:bc:9f:a4:75:c9:30:6e:db:81:27:4e:bc:
                    83:33:c5:f8:40:d8:33:e5:7e:2f:a6:9c:e2:39:07:
                    c4:73:c4:52:e7:bc:9f:af:13:37:a9:6d:72:be:98:
                    07:ec:ea:42:52:50:a8:98:d3:54:7b:87:52:bc:3f:
                    56:a3:42:4a:34:ad:9c:11:61:6b:e0:d9:27:32:63:
                    39:a8:89:99:d5:42:df:bb:bc:66:e8:ab:b4:3f:97:
                    bd:02:4d:69:32:7b:67:31:8e:4c:59:6c:d1:b9:72:
                    fc:4b:a9:3e:ce:75:10:40:11:c5:c6:7d:1b:70:37:
                    95:61:aa:49:d9:12:fe:f7:b7:be:0e:55:3a:c4:e3:
                    3f:13:8b:dd:4c:cb:73:bb:4a:de:fe:04:13:d6:19:
                    37:61:3e:b1:77:40:8e:a9:a4:96:6a:ef:fd:d8:ec:
                    0d:78:82:a6:c7:14:0f:74:3a:52:c9:a4:35:80:43:
                    9e:10:24:ee:07:e4:c4:df:ca:ec:12:8a:1c:fb:33:
                    39:08:64:4b:79:cb:0d:73:cf:6c:36:77:9e:37:3e:
                    c1:f5:62:3d:84:9c:3c:8e:f4:ea:60:f1:40:93:c9:
                    d4:b4:d2:d0:03:91:1d:66:1c:bd:f5:59:84:4c:8d:
                    ae:7a:7d:73:6d:4b:d2:53:af:a6:c4:0d:77:f6:9b:
                    0f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:93:F1:FC:6D:DB:09:8D:33:B2:20:F3:87:8A:2E:B3:A8:F2:71:B1
            X509v3 Authority Key Identifier:
                keyid:8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/YZPx_G3bCY0zsiDzh4ous6jycbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:59:ca:22:c0:15:5b:b8:33:ac:5c:10:a4:61:32:a5:1f:62:
         77:be:f7:f7:f0:2f:1b:0a:8e:86:c3:07:04:d5:0d:fa:26:68:
         81:27:20:b8:6c:5e:50:42:c8:bb:1e:cb:a4:97:88:7b:5e:cd:
         2c:96:af:20:29:d8:e7:60:b1:59:d4:87:89:7b:9b:07:66:fa:
         81:fc:d6:d6:d6:9e:1b:33:e9:42:07:74:2d:9e:10:7f:b7:ed:
         91:cd:63:6b:3e:01:c1:8c:f6:a7:64:72:00:e5:09:46:73:a8:
         e4:3f:ab:53:b1:1e:7b:c1:f1:84:60:fd:21:6a:e5:8d:e7:da:
         a9:c3:d1:79:44:11:d1:67:5c:90:32:eb:d4:e7:79:5f:d8:c2:
         7b:41:11:44:b4:15:bd:77:32:47:06:69:aa:a6:7c:5c:ff:c0:
         07:c9:4d:52:16:33:f0:69:da:f6:7e:e1:b0:7a:66:39:d0:2e:
         25:6a:0c:81:5d:6e:02:72:df:84:c2:20:20:6e:f3:30:83:76:
         6e:4c:76:63:b1:7b:d1:5d:59:96:f1:73:88:89:09:36:39:c9:
         2b:86:45:9e:8e:13:c5:f8:01:4c:5d:01:d9:4b:d8:6e:76:be:
         2b:d4:a5:29:d7:16:0f:79:1f:a4:20:a8:59:73:a7:91:22:8a:
         87:30:3c:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8vsqfhCjCGJjI1+kmKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNTFiNWI4MTMyZjllMzA3YjcxN2EzZTFlNTRkMWY3ZjQ1
YWU1MTcwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTkzZjFmYzZkZGIwOThkMzNiMjIwZjM4NzhhMmViM2E4ZjI3MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizK8n6R1yTBu24EnTryDM8X4QNgz
5X4vppziOQfEc8RS57yfrxM3qW1yvpgH7OpCUlComNNUe4dSvD9Wo0JKNK2cEWFr
4NknMmM5qImZ1ULfu7xm6Ku0P5e9Ak1pMntnMY5MWWzRuXL8S6k+znUQQBHFxn0b
cDeVYapJ2RL+97e+DlU6xOM/E4vdTMtzu0re/gQT1hk3YT6xd0COqaSWau/92OwN
eIKmxxQPdDpSyaQ1gEOeECTuB+TE38rsEooc+zM5CGRLecsNc89sNneeNz7B9WI9
hJw8jvTqYPFAk8nUtNLQA5EdZhy99VmETI2uen1zbUvSU6+mxA139psPEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGT8fxt2wmNM7Ig84eKLrOo8nGxMB8GA1UdIwQY
MBaAFI9RtbgTL54we3F6Ph5U0ff0WuUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzct
ZTIyNTFlNDg5Y2JiLzEvWVpQeF9HM2JDWTB6c2lEemg0b3VzNmp5Y2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzctZTIyNTFlNDg5Y2Ji
LzEvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+iMA0G
CSqGSIb3DQEBCwUAA4IBAQCOWcoiwBVbuDOsXBCkYTKlH2J3vvf38C8bCo6GwwcE
1Q36JmiBJyC4bF5QQsi7Hsukl4h7Xs0slq8gKdjnYLFZ1IeJe5sHZvqB/NbW1p4b
M+lCB3QtnhB/t+2RzWNrPgHBjPanZHIA5QlGc6jkP6tTsR57wfGEYP0hauWN59qp
w9F5RBHRZ1yQMuvU53lf2MJ7QRFEtBW9dzJHBmmqpnxc/8AHyU1SFjPwadr2fuGw
emY50C4lagyBXW4Cct+EwiAgbvMwg3ZuTHZjsXvRXVmW8XOIiQk2OckrhkWejhPF
+AFMXQHZS9hudr4r1KUp1xYPeR+kIKhZc6eRIoqHMDyl
-----END CERTIFICATE-----