Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/YD3-YjUBPdZORsvBLEKqWxSHP3c.roa
File:                     YD3-YjUBPdZORsvBLEKqWxSHP3c.roa (raw, json)
Hash identifier:          lSO7hhSALWPqwmQ4eedbjZpdsiNC5FFVKYdq3tBSkl4=
Subject key identifier:   60:3D:FE:62:35:01:3D:D6:4E:46:CB:C1:2C:42:AA:5B:14:87:3F:77
Certificate issuer:       /CN=0a4a702f677f336d9b3e36c384ebc8c9fd8859f4
Certificate serial:       018CC7940CF5389B046196DED9AE74B5A90B
Authority key identifier: 0A:4A:70:2F:67:7F:33:6D:9B:3E:36:C3:84:EB:C8:C9:FD:88:59:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkpwL2d_M22bPjbDhOvIyf2IWfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/YD3-YjUBPdZORsvBLEKqWxSHP3c.roa
Signing time:             Tue 02 Jan 2024 00:30:17 +0000
ROA not before:           Tue 02 Jan 2024 00:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208395
IP address blocks:        45.139.136.0/22 maxlen: 22
                          2a0e:b940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/CkpwL2d_M22bPjbDhOvIyf2IWfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/CkpwL2d_M22bPjbDhOvIyf2IWfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkpwL2d_M22bPjbDhOvIyf2IWfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0c:f5:38:9b:04:61:96:de:d9:ae:74:b5:a9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a4a702f677f336d9b3e36c384ebc8c9fd8859f4
        Validity
            Not Before: Jan  2 00:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=603dfe6235013dd64e46cbc12c42aa5b14873f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:75:9f:16:49:e6:6b:8d:9c:f7:cc:04:bc:
                    67:0e:fb:14:bd:9b:fa:19:a7:24:fa:b6:b5:a1:c2:
                    c2:01:4b:27:6a:65:66:cd:ac:60:f5:c7:53:25:92:
                    4d:82:41:7a:ed:dc:ef:7e:34:8b:39:3d:6e:00:01:
                    82:4e:a4:33:45:7c:3d:1e:22:db:22:61:36:af:53:
                    3c:b3:73:79:3f:0e:29:bd:5e:bc:7d:25:d0:f5:86:
                    d5:b3:2b:f6:93:a1:54:59:fd:7e:f2:09:69:4f:27:
                    a6:a7:aa:8c:16:51:7d:36:2b:44:15:d1:c3:7b:8f:
                    94:89:7a:eb:b3:41:70:fe:e8:de:d9:ce:60:7c:d4:
                    f6:00:f1:5b:44:dd:1b:fd:80:98:a3:6f:f8:ba:a7:
                    16:df:f5:fb:db:46:27:39:77:a2:ea:b6:b0:ae:d2:
                    fa:b7:d4:ce:33:25:8a:8c:82:32:74:46:83:09:05:
                    a1:2c:ed:29:20:95:2d:ad:0e:6f:f6:5e:fa:e0:56:
                    a2:c7:13:3d:38:12:23:24:56:6f:dd:9f:e7:6b:08:
                    ce:00:92:50:f4:70:fd:6e:c3:e5:1f:e0:ea:d3:a5:
                    92:1f:4d:3c:c3:ac:5c:ad:50:9a:9f:21:41:06:6f:
                    1d:e6:31:95:ce:58:f4:0f:2c:e7:01:43:77:57:51:
                    2f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:3D:FE:62:35:01:3D:D6:4E:46:CB:C1:2C:42:AA:5B:14:87:3F:77
            X509v3 Authority Key Identifier:
                keyid:0A:4A:70:2F:67:7F:33:6D:9B:3E:36:C3:84:EB:C8:C9:FD:88:59:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkpwL2d_M22bPjbDhOvIyf2IWfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/YD3-YjUBPdZORsvBLEKqWxSHP3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/CkpwL2d_M22bPjbDhOvIyf2IWfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.136.0/22
                IPv6:
                  2a0e:b940::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:e2:c9:7e:cc:9a:3f:78:54:c8:fe:69:ec:35:1e:76:6a:47:
         da:5f:80:f4:01:27:5f:23:d4:d1:a7:bd:1f:1b:7a:b8:45:fb:
         d8:af:b4:4b:6f:4f:00:b2:06:4d:79:57:73:9a:04:28:77:b5:
         8d:21:63:da:28:04:24:73:4c:61:b4:e5:e7:51:c4:47:28:98:
         12:5c:f8:e3:6f:c9:6b:16:80:b2:e1:f8:55:9f:4d:37:38:1f:
         36:41:21:ab:63:95:05:ad:ba:f2:05:09:f5:99:ce:d9:12:86:
         90:d5:0c:91:0c:8b:43:91:d9:97:18:99:0a:68:85:c6:97:8e:
         c1:97:4f:f2:70:a7:d2:88:9d:b3:d8:9e:0f:87:d7:49:2b:3c:
         56:53:ab:0d:23:e8:6c:9b:5e:0e:14:9d:4d:ce:d0:a2:e2:52:
         1b:c9:5d:23:43:cb:7e:50:a6:48:ee:e8:10:9d:ae:ba:1b:5f:
         bf:74:34:92:58:d4:8a:dc:96:0f:0e:d9:df:c2:52:e0:c4:dd:
         c6:80:a9:b3:f5:cf:18:90:b8:2b:df:e6:e2:f4:fd:3d:d0:ea:
         8e:c1:72:cc:e3:70:6a:c1:7d:da:2a:9f:56:5f:b7:13:22:0e:
         86:05:7f:e6:41:74:5d:32:dd:dc:ec:63:62:69:11:a8:3a:0d:
         45:68:61:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlAz1OJsEYZbe2a50takLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNGE3MDJmNjc3ZjMzNmQ5YjNlMzZjMzg0ZWJjOGM5ZmQ4
ODU5ZjQwHhcNMjQwMTAyMDAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDNkZmU2MjM1MDEzZGQ2NGU0NmNiYzEyYzQyYWE1YjE0ODczZjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3x1nxZJ5muNnPfMBLxnDvsUvZv6
Gack+ra1ocLCAUsnamVmzaxg9cdTJZJNgkF67dzvfjSLOT1uAAGCTqQzRXw9HiLb
ImE2r1M8s3N5Pw4pvV68fSXQ9YbVsyv2k6FUWf1+8glpTyemp6qMFlF9NitEFdHD
e4+UiXrrs0Fw/uje2c5gfNT2APFbRN0b/YCYo2/4uqcW3/X720YnOXei6rawrtL6
t9TOMyWKjIIydEaDCQWhLO0pIJUtrQ5v9l764FaixxM9OBIjJFZv3Z/nawjOAJJQ
9HD9bsPlH+Dq06WSH008w6xcrVCanyFBBm8d5jGVzlj0DyznAUN3V1EvbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGA9/mI1AT3WTkbLwSxCqlsUhz93MB8GA1UdIwQY
MBaAFApKcC9nfzNtmz42w4TryMn9iFn0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2twd0wyZF9NMjJiUGpiRGhPdkl5ZjJJV2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kYTViMzItMjBhNy00ZTBhLWI4MzQt
ZWYzMTcxNTYxMWFhLzEvWUQzLVlqVUJQZFpPUnN2QkxFS3FXeFNIUDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kYTViMzItMjBhNy00ZTBhLWI4MzQtZWYzMTcxNTYxMWFh
LzEvQ2twd0wyZF9NMjJiUGpiRGhPdkl5ZjJJV2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYuIMA0E
AgACMAcDBQMqDrlAMA0GCSqGSIb3DQEBCwUAA4IBAQBu4sl+zJo/eFTI/mnsNR52
akfaX4D0ASdfI9TRp70fG3q4RfvYr7RLb08AsgZNeVdzmgQod7WNIWPaKAQkc0xh
tOXnUcRHKJgSXPjjb8lrFoCy4fhVn003OB82QSGrY5UFrbryBQn1mc7ZEoaQ1QyR
DItDkdmXGJkKaIXGl47Bl0/ycKfSiJ2z2J4Ph9dJKzxWU6sNI+hsm14OFJ1NztCi
4lIbyV0jQ8t+UKZI7ugQna66G1+/dDSSWNSK3JYPDtnfwlLgxN3GgKmz9c8YkLgr
3+bi9P090OqOwXLM43BqwX3aKp9WX7cTIg6GBX/mQXRdMt3c7GNiaRGoOg1FaGFC
-----END CERTIFICATE-----