Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/Ylx6v_bhKPwecR88nin8YLZ7Vps.roa
File:                     Ylx6v_bhKPwecR88nin8YLZ7Vps.roa (raw, json)
Hash identifier:          RbNEo2yQllBf7yBOVA7XOt0Vup+3z5hxoq2hxpToGgk=
Subject key identifier:   62:5C:7A:BF:F6:E1:28:FC:1E:71:1F:3C:9E:29:FC:60:B6:7B:56:9B
Certificate issuer:       /CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
Certificate serial:       018CC26D68F745E4834BEC698630CC2AC091
Authority key identifier: C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/Ylx6v_bhKPwecR88nin8YLZ7Vps.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199430
IP address blocks:        37.203.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:68:f7:45:e4:83:4b:ec:69:86:30:cc:2a:c0:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=625c7abff6e128fc1e711f3c9e29fc60b67b569b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d7:8b:47:4f:84:f0:96:23:84:58:b8:0d:b1:
                    64:99:7b:16:b9:34:d2:a8:16:93:6d:49:cd:17:0e:
                    56:88:24:49:2b:f6:da:8d:82:1a:35:73:44:88:22:
                    88:c7:ea:5d:c0:0e:41:e9:f1:ab:c1:6f:71:e2:54:
                    c8:8f:2c:58:0b:5d:7f:3a:dc:03:02:36:44:12:56:
                    d2:7a:64:a0:fe:2e:6d:39:c4:3f:7e:cd:5a:50:06:
                    49:1f:64:4b:55:0c:88:7b:36:66:12:f6:66:ed:d1:
                    80:d7:ab:b4:a5:ae:c9:70:3e:d3:5f:16:a1:bd:6c:
                    30:50:47:b1:46:56:f8:8d:f0:e4:58:d4:3b:20:c9:
                    29:01:7f:90:c7:04:da:bf:01:e4:41:f3:60:c6:61:
                    dd:a2:c0:71:21:a9:d1:2a:24:35:3f:ed:66:6f:d1:
                    d9:35:24:41:a8:c7:75:a5:7d:d9:f7:87:26:7a:7a:
                    14:d3:c8:26:c6:78:f1:8d:a6:7b:fb:86:73:15:6a:
                    ac:34:f4:94:b9:df:36:73:54:22:1a:cc:fb:31:e6:
                    f7:2d:24:2a:82:a0:25:99:c3:cf:aa:4b:97:62:a5:
                    e0:b6:4d:54:63:41:2b:21:95:f4:f0:e8:7f:d4:ae:
                    b3:f1:40:cd:95:79:59:d5:44:d6:6a:9e:aa:85:a9:
                    c5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5C:7A:BF:F6:E1:28:FC:1E:71:1F:3C:9E:29:FC:60:B6:7B:56:9B
            X509v3 Authority Key Identifier:
                keyid:C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/Ylx6v_bhKPwecR88nin8YLZ7Vps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:1a:fa:4a:40:24:f8:27:51:37:e9:59:4d:8f:e8:a7:26:f2:
         73:59:65:f4:71:fb:bd:30:78:1d:3b:ec:9f:6f:6a:c0:9c:50:
         ce:a7:c9:bd:b6:c4:a3:9c:2e:91:07:d2:7d:36:5b:ca:8a:38:
         fe:6f:43:1b:44:b8:fa:0b:66:0b:95:52:66:bb:a0:ec:d3:09:
         50:7c:e4:d9:8b:78:c5:df:0b:88:1b:19:91:53:ae:cb:b5:6c:
         38:3a:3d:b9:ad:02:5e:67:38:f4:fa:62:db:fb:ff:45:5a:24:
         9a:12:e4:11:ab:5d:4c:ae:db:4e:54:34:e0:61:bf:fa:2a:ad:
         9f:8c:be:d9:9f:e7:57:87:b1:a7:e7:e0:b6:a1:48:98:20:3f:
         12:8c:7c:29:fe:c3:2b:8b:99:87:6b:6f:89:6a:c1:aa:cd:24:
         26:45:0a:69:7b:e1:50:38:db:8c:e8:8d:41:c1:ab:ed:1b:3c:
         e6:de:64:14:94:bb:60:de:5e:3d:6f:ce:0a:5c:db:03:c9:41:
         9c:26:2b:cb:36:b7:cd:bd:32:26:85:1e:4c:4b:cb:42:d8:0b:
         87:54:a4:ca:f4:53:5d:59:ae:bc:5a:4b:60:03:78:40:a6:ab:
         37:42:b9:3e:b8:7a:ca:d9:ea:c5:9f:32:ac:5f:03:d1:90:e6:
         2d:bc:89:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWj3ReSDS+xphjDMKsCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWIyNDdjNjM2YWQzODliZjlmOGM1MDc0YzgyMjAyMzBl
OGVkY2MwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVjN2FiZmY2ZTEyOGZjMWU3MTFmM2M5ZTI5ZmM2MGI2N2I1NjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdeLR0+E8JYjhFi4DbFkmXsWuTTS
qBaTbUnNFw5WiCRJK/bajYIaNXNEiCKIx+pdwA5B6fGrwW9x4lTIjyxYC11/OtwD
AjZEElbSemSg/i5tOcQ/fs1aUAZJH2RLVQyIezZmEvZm7dGA16u0pa7JcD7TXxah
vWwwUEexRlb4jfDkWNQ7IMkpAX+QxwTavwHkQfNgxmHdosBxIanRKiQ1P+1mb9HZ
NSRBqMd1pX3Z94cmenoU08gmxnjxjaZ7+4ZzFWqsNPSUud82c1QiGsz7Meb3LSQq
gqAlmcPPqkuXYqXgtk1UY0ErIZX08Oh/1K6z8UDNlXlZ1UTWap6qhanFowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJcer/24Sj8HnEfPJ4p/GC2e1abMB8GA1UdIwQY
MBaAFMGrJHxjatOJv5+MUHTIIgIw6O3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmIt
MjdiMTEzY2ZmNTNiLzEvWWx4NnZfYmhLUHdlY1I4OG5pbjhZTFo3VnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmItMjdiMTEzY2ZmNTNi
LzEvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcvxMA0G
CSqGSIb3DQEBCwUAA4IBAQCYGvpKQCT4J1E36VlNj+inJvJzWWX0cfu9MHgdO+yf
b2rAnFDOp8m9tsSjnC6RB9J9NlvKijj+b0MbRLj6C2YLlVJmu6Ds0wlQfOTZi3jF
3wuIGxmRU67LtWw4Oj25rQJeZzj0+mLb+/9FWiSaEuQRq11MrttOVDTgYb/6Kq2f
jL7Zn+dXh7Gn5+C2oUiYID8SjHwp/sMri5mHa2+JasGqzSQmRQppe+FQONuM6I1B
wavtGzzm3mQUlLtg3l49b84KXNsDyUGcJivLNrfNvTImhR5MS8tC2AuHVKTK9FNd
Wa68WktgA3hApqs3Qrk+uHrK2erFnzKsXwPRkOYtvInP
-----END CERTIFICATE-----