Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/2yPA37Xjs_56r7CnSQ5wAfDsZig.roa
File:                     2yPA37Xjs_56r7CnSQ5wAfDsZig.roa (raw, json)
Hash identifier:          O75QYRrCmELEAxv4lMditbuHjysHWx55WpeNBq6D0g0=
Subject key identifier:   DB:23:C0:DF:B5:E3:B3:FE:7A:AF:B0:A7:49:0E:70:01:F0:EC:66:28
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AE28CAADABB10C1EFAD7290447FB0
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/2yPA37Xjs_56r7CnSQ5wAfDsZig.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34648
IP address blocks:        217.156.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e2:8c:aa:da:bb:10:c1:ef:ad:72:90:44:7f:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db23c0dfb5e3b3fe7aafb0a7490e7001f0ec6628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:69:ad:2b:f2:0a:2b:70:36:55:b7:e8:23:e6:
                    74:15:f1:cf:c4:a6:51:4c:c3:09:7a:19:41:30:41:
                    5a:4b:c5:b7:ad:55:cc:21:b5:3f:67:31:f4:fd:58:
                    68:d1:58:d2:b2:36:6c:02:b3:7d:c9:6d:69:1c:c3:
                    d7:e2:d5:56:be:6d:ac:54:97:3b:dd:a4:95:fa:4a:
                    41:a0:f5:05:fe:fd:9b:6b:6c:5c:c9:92:f0:e1:20:
                    0d:2b:7c:ef:b5:e8:24:51:98:21:fa:14:93:75:3f:
                    75:d6:d8:7c:a2:cf:0a:31:22:98:52:7d:a8:8e:1a:
                    3c:28:de:9a:2b:c5:4b:14:32:8a:0c:87:f2:10:60:
                    1e:36:aa:65:80:ee:15:bf:0f:59:b7:40:15:54:e6:
                    f4:99:3d:02:13:29:23:88:c1:62:e7:83:9a:3c:74:
                    f1:f8:9c:c7:c5:7f:a8:7b:2f:53:e4:cf:36:0c:47:
                    77:82:25:49:94:b5:12:9d:88:7e:03:20:2e:9a:96:
                    08:07:b4:29:3d:ad:29:ed:6c:e5:6f:34:3b:7c:4a:
                    80:bd:c8:9e:9c:52:c7:2b:00:1a:e5:80:5f:d3:50:
                    b6:67:fb:54:2c:6d:7e:4b:82:36:82:95:2b:ad:28:
                    3e:4d:31:9c:17:5f:26:9b:ad:fc:2a:fa:e2:7e:c3:
                    f1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:23:C0:DF:B5:E3:B3:FE:7A:AF:B0:A7:49:0E:70:01:F0:EC:66:28
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/2yPA37Xjs_56r7CnSQ5wAfDsZig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:90:b8:28:5a:f4:e3:e6:e0:dc:8d:13:9b:eb:ef:fd:65:31:
         d3:36:cb:eb:29:b5:0c:09:d5:73:9b:17:40:04:af:a1:72:fd:
         38:c6:f6:b8:3c:00:e5:77:52:0e:e8:6b:c1:26:70:40:66:22:
         8c:0a:11:f3:78:b3:ce:8f:60:02:06:6f:8e:7b:4b:fe:42:9e:
         41:a3:0b:b8:24:81:57:e3:17:8a:21:07:5e:c4:a5:2a:66:f7:
         b4:38:c6:e3:0c:60:e0:d9:f7:3b:30:cd:aa:ab:e5:fe:25:3b:
         68:79:45:d1:d9:1b:50:a0:8a:e8:df:f0:a7:5c:4d:79:4c:9a:
         50:c8:30:5b:0b:3b:ff:88:b8:c9:a9:a6:f7:06:b9:ee:40:6a:
         b2:a9:82:47:52:b3:be:49:17:b3:21:26:91:03:3e:7b:bc:af:
         e8:ec:3a:ab:80:ea:37:78:8f:dc:12:ce:a2:0e:1e:3a:b3:c8:
         81:88:a4:a2:de:84:2d:ec:ab:ab:db:67:a2:31:f3:b5:78:e0:
         e0:47:c3:76:27:9b:fe:2e:b7:fd:55:8d:87:a9:97:e9:38:27:
         d5:a1:18:a1:31:db:92:c1:a9:da:64:02:74:2e:66:42:90:bf:
         10:ad:76:90:f7:8b:aa:a8:42:d9:17:7a:ed:b7:fa:f6:52:05:
         14:72:c0:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuKMqtq7EMHvrXKQRH+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjIzYzBkZmI1ZTNiM2ZlN2FhZmIwYTc0OTBlNzAwMWYwZWM2NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGmtK/IKK3A2VbfoI+Z0FfHPxKZR
TMMJehlBMEFaS8W3rVXMIbU/ZzH0/Vho0VjSsjZsArN9yW1pHMPX4tVWvm2sVJc7
3aSV+kpBoPUF/v2ba2xcyZLw4SANK3zvtegkUZgh+hSTdT911th8os8KMSKYUn2o
jho8KN6aK8VLFDKKDIfyEGAeNqplgO4Vvw9Zt0AVVOb0mT0CEykjiMFi54OaPHTx
+JzHxX+oey9T5M82DEd3giVJlLUSnYh+AyAumpYIB7QpPa0p7WzlbzQ7fEqAvcie
nFLHKwAa5YBf01C2Z/tULG1+S4I2gpUrrSg+TTGcF18mm638KvrifsPxjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsjwN+147P+eq+wp0kOcAHw7GYoMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMnlQQTM3WGpzXzU2cjdDblNRNXdBZkRzWmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZwkMA0G
CSqGSIb3DQEBCwUAA4IBAQC8kLgoWvTj5uDcjROb6+/9ZTHTNsvrKbUMCdVzmxdA
BK+hcv04xva4PADld1IO6GvBJnBAZiKMChHzeLPOj2ACBm+Oe0v+Qp5Bowu4JIFX
4xeKIQdexKUqZve0OMbjDGDg2fc7MM2qq+X+JTtoeUXR2RtQoIro3/CnXE15TJpQ
yDBbCzv/iLjJqab3BrnuQGqyqYJHUrO+SRezISaRAz57vK/o7DqrgOo3eI/cEs6i
Dh46s8iBiKSi3oQt7Kur22eiMfO1eODgR8N2J5v+Lrf9VY2HqZfpOCfVoRihMduS
wanaZAJ0LmZCkL8QrXaQ94uqqELZF3rtt/r2UgUUcsCj
-----END CERTIFICATE-----