Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y7I4kDuEZNartQMmgQUNwHdMZS0.roa
File:                     y7I4kDuEZNartQMmgQUNwHdMZS0.roa (raw, json)
Hash identifier:          Y3sYx47OQZHpKnidaD5TUvmSJxtOwliJj3xu5Bwjuok=
Subject key identifier:   CB:B2:38:90:3B:84:64:D6:AB:B5:03:26:81:05:0D:C0:77:4C:65:2D
Certificate issuer:       /CN=cb889feed135dc03492d8b3e828c7309587d1411
Certificate serial:       018CC794BBBC333C1D8FAA8F6ED19E4F0F18
Authority key identifier: CB:88:9F:EE:D1:35:DC:03:49:2D:8B:3E:82:8C:73:09:58:7D:14:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y4if7tE13ANJLYs-goxzCVh9FBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y7I4kDuEZNartQMmgQUNwHdMZS0.roa
Signing time:             Tue 02 Jan 2024 00:31:02 +0000
ROA not before:           Tue 02 Jan 2024 00:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4749
IP address blocks:        147.189.33.0/24 maxlen: 24
                          147.189.32.0/24 maxlen: 24
                          147.189.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y4if7tE13ANJLYs-goxzCVh9FBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y4if7tE13ANJLYs-goxzCVh9FBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y4if7tE13ANJLYs-goxzCVh9FBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:bb:bc:33:3c:1d:8f:aa:8f:6e:d1:9e:4f:0f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb889feed135dc03492d8b3e828c7309587d1411
        Validity
            Not Before: Jan  2 00:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbb238903b8464d6abb5032681050dc0774c652d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d4:3e:d8:d1:5b:98:1a:fd:af:01:76:e2:e2:
                    07:54:31:43:a8:79:b0:eb:82:a5:ff:48:41:c0:96:
                    7f:4d:09:c0:39:5c:93:44:97:6a:06:d7:05:f1:1c:
                    26:68:71:5d:ff:fb:9e:59:da:07:41:f2:01:5a:ff:
                    f7:ac:98:f7:e9:b5:5d:12:12:55:b5:fb:9d:c4:b3:
                    bc:d1:e9:05:b4:97:d5:c7:bb:e1:df:4a:1d:5e:3e:
                    2f:9f:25:65:d0:74:3e:45:1d:24:40:e7:19:dc:60:
                    6f:8c:2c:36:1c:8f:1c:5a:ad:71:87:77:85:cf:d3:
                    af:ab:66:97:84:aa:72:38:3c:c4:bb:d5:e4:76:7e:
                    3d:20:62:3b:f5:23:62:d5:92:cb:e4:31:a1:9b:93:
                    cd:72:a3:c4:d5:81:b0:07:52:60:1c:ec:c6:ea:67:
                    80:d5:01:5c:2f:bb:d3:16:23:46:f6:bd:76:fb:12:
                    05:31:18:6c:72:e5:c7:7a:36:a5:97:a3:82:4b:4c:
                    73:1e:38:42:3b:b3:c1:36:8f:a1:9e:f7:c1:22:b3:
                    e8:12:d7:eb:6b:97:e6:b0:af:e1:0a:8a:dc:f0:8f:
                    c9:86:0b:9f:08:6a:34:e0:2d:71:82:76:ed:97:af:
                    d9:61:a9:a7:64:54:9a:3e:2c:ce:d9:5b:02:42:dd:
                    d1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B2:38:90:3B:84:64:D6:AB:B5:03:26:81:05:0D:C0:77:4C:65:2D
            X509v3 Authority Key Identifier:
                keyid:CB:88:9F:EE:D1:35:DC:03:49:2D:8B:3E:82:8C:73:09:58:7D:14:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y4if7tE13ANJLYs-goxzCVh9FBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y7I4kDuEZNartQMmgQUNwHdMZS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y4if7tE13ANJLYs-goxzCVh9FBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:45:4b:b0:ec:5c:75:bd:ca:ea:74:f3:be:48:22:ac:a4:2c:
         73:17:72:27:01:ea:6c:a2:4a:90:9f:e3:fe:fe:57:9b:e1:f7:
         b9:e3:7f:d8:4c:17:d2:59:9b:aa:83:4c:90:6b:38:6f:4a:87:
         25:05:1f:56:31:28:e8:ad:a5:95:b7:7f:cd:cb:c2:eb:df:15:
         27:65:99:3a:27:7d:0a:3b:8c:2f:57:20:b2:69:25:67:5b:16:
         49:c4:2b:39:bd:85:89:8a:54:5c:3c:ff:e2:23:ba:f0:a2:5d:
         0e:3d:44:ad:64:57:3e:60:63:d5:41:ed:ea:65:8c:c3:cd:6e:
         5b:4a:37:40:51:f6:30:8d:7b:7a:e2:44:87:ec:db:e2:02:8d:
         ba:99:49:7c:6e:cf:f0:1a:b6:1f:7d:1b:fa:bf:c0:c9:cb:03:
         81:c8:3b:32:d1:bc:83:0f:7e:7b:d8:96:91:26:70:91:67:07:
         86:22:21:d6:33:4e:88:b9:e2:dc:4a:7a:c5:df:90:1e:47:97:
         b8:57:01:b3:3d:14:52:df:d7:c1:9f:20:a0:36:de:f8:5f:5e:
         d5:47:a0:0d:c8:15:93:62:e0:40:a8:58:c2:65:34:10:9c:ed:
         08:6b:48:a7:55:c9:49:00:f9:94:c0:09:88:dc:7b:9b:34:01:
         cc:e7:f1:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlLu8Mzwdj6qPbtGeTw8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiODg5ZmVlZDEzNWRjMDM0OTJkOGIzZTgyOGM3MzA5NTg3
ZDE0MTEwHhcNMjQwMTAyMDAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmIyMzg5MDNiODQ2NGQ2YWJiNTAzMjY4MTA1MGRjMDc3NGM2NTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptQ+2NFbmBr9rwF24uIHVDFDqHmw
64Kl/0hBwJZ/TQnAOVyTRJdqBtcF8RwmaHFd//ueWdoHQfIBWv/3rJj36bVdEhJV
tfudxLO80ekFtJfVx7vh30odXj4vnyVl0HQ+RR0kQOcZ3GBvjCw2HI8cWq1xh3eF
z9Ovq2aXhKpyODzEu9Xkdn49IGI79SNi1ZLL5DGhm5PNcqPE1YGwB1JgHOzG6meA
1QFcL7vTFiNG9r12+xIFMRhscuXHejall6OCS0xzHjhCO7PBNo+hnvfBIrPoEtfr
a5fmsK/hCorc8I/JhgufCGo04C1xgnbtl6/ZYamnZFSaPizO2VsCQt3RNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuyOJA7hGTWq7UDJoEFDcB3TGUtMB8GA1UdIwQY
MBaAFMuIn+7RNdwDSS2LPoKMcwlYfRQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTRpZjd0RTEzQU5KTFlzLWdveHpDVmg5RkJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9kZjBlODEtYmRjYi00YTI0LTg0MzUt
YzFmMTJlNThmZWRkLzEveTdJNGtEdUVaTmFydFFNbWdRVU53SGRNWlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9kZjBlODEtYmRjYi00YTI0LTg0MzUtYzFmMTJlNThmZWRk
LzEveTRpZjd0RTEzQU5KTFlzLWdveHpDVmg5RkJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk70gMA0G
CSqGSIb3DQEBCwUAA4IBAQAWRUuw7Fx1vcrqdPO+SCKspCxzF3InAepsokqQn+P+
/leb4fe543/YTBfSWZuqg0yQazhvSoclBR9WMSjoraWVt3/Ny8Lr3xUnZZk6J30K
O4wvVyCyaSVnWxZJxCs5vYWJilRcPP/iI7rwol0OPUStZFc+YGPVQe3qZYzDzW5b
SjdAUfYwjXt64kSH7NviAo26mUl8bs/wGrYffRv6v8DJywOByDsy0byDD3572JaR
JnCRZweGIiHWM06IueLcSnrF35AeR5e4VwGzPRRS39fBnyCgNt74X17VR6ANyBWT
YuBAqFjCZTQQnO0Ia0inVclJAPmUwAmI3HubNAHM5/HC
-----END CERTIFICATE-----