Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ye0KpsooB_qv0yq-X6APv1O3aak.roa
File:                     ye0KpsooB_qv0yq-X6APv1O3aak.roa (raw, json)
Hash identifier:          OUl/Z8cT4kBevW+Bv1i/nQriZnZzbjTD41Q/uiZ7zkg=
Subject key identifier:   C9:ED:0A:A6:CA:28:07:FA:AF:D3:2A:BE:5F:A0:0F:BF:53:B7:69:A9
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01935B6ED62BBDDC3AF1AB8150391E1A168C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ye0KpsooB_qv0yq-X6APv1O3aak.roa
Signing time:             Sat 23 Nov 2024 23:50:10 +0000
ROA not before:           Sat 23 Nov 2024 23:50:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210538
IP address blocks:        193.57.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5b:6e:d6:2b:bd:dc:3a:f1:ab:81:50:39:1e:1a:16:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 23 23:50:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9ed0aa6ca2807faafd32abe5fa00fbf53b769a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:7f:d6:95:36:d8:d8:f3:42:7e:b9:19:cb:
                    06:19:60:94:e4:e9:47:c2:89:8c:2d:d6:8a:65:e2:
                    81:72:22:82:06:7b:6d:07:e5:bd:22:75:b5:06:90:
                    01:22:24:bd:e2:27:04:47:9e:cb:a3:9c:bd:9b:c4:
                    a2:ff:ed:e0:03:c7:c6:f3:fc:bf:a7:6c:6d:8c:4b:
                    af:ca:63:9c:8a:63:ed:0f:87:20:85:47:12:a0:68:
                    9e:c6:bf:b6:1c:d7:11:2a:ad:c1:b2:e2:a1:ac:9a:
                    a1:74:5c:31:54:90:9c:13:52:d1:00:98:9d:dd:7c:
                    2f:d3:8d:a5:bf:69:f1:25:20:38:06:ba:32:c1:27:
                    9b:e3:da:db:b6:96:5e:e4:63:a8:86:c6:7d:92:13:
                    a8:90:08:8c:36:08:d9:72:1f:f3:74:63:9f:0f:c0:
                    11:25:6b:93:38:bd:7b:e4:9d:b2:c4:ea:af:ba:c6:
                    db:b7:7f:56:13:4e:5d:71:34:6f:5f:88:a6:64:8b:
                    9f:57:5a:07:ce:46:a2:fd:f8:90:f4:8e:92:7b:66:
                    fe:fd:9d:8d:49:27:03:66:e6:90:b4:5b:d5:95:18:
                    8e:86:6b:d9:54:18:5f:1a:e0:6f:6b:29:43:16:37:
                    88:88:3f:b5:82:fe:9e:65:37:45:0c:73:d2:48:1e:
                    f9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:ED:0A:A6:CA:28:07:FA:AF:D3:2A:BE:5F:A0:0F:BF:53:B7:69:A9
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ye0KpsooB_qv0yq-X6APv1O3aak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:2e:64:e0:b1:db:54:0e:cb:ab:3b:9c:50:7b:46:fc:c6:d9:
         32:19:85:46:59:9d:6f:90:2d:7b:ed:30:2c:b2:92:84:73:17:
         c7:10:f1:ca:3e:5d:c6:2b:ad:a8:59:a5:98:85:7f:4d:b0:05:
         d1:32:15:5f:34:4a:87:d4:e7:6c:a4:42:f2:95:61:af:e5:18:
         32:10:05:72:36:f4:0f:2e:93:09:ef:44:7e:14:59:ff:8b:e9:
         20:46:37:39:37:e5:72:7c:1d:cd:d5:a8:9f:4f:bc:8d:5e:ca:
         c6:65:5c:73:f7:58:1e:2e:fd:6d:6b:83:7d:8b:d4:8e:30:97:
         fd:18:4f:42:04:6a:b2:88:f1:80:33:1a:09:a5:b3:49:36:62:
         b8:a7:de:3d:bb:da:2f:84:a5:2c:5b:8c:6b:59:60:3e:70:d7:
         ef:84:15:27:a3:40:4a:a1:8d:03:d4:f1:38:c7:fb:70:f8:43:
         b4:23:e5:73:df:81:08:57:15:74:e6:f1:9d:ae:f2:32:b2:10:
         36:bb:a3:f4:37:85:ba:6c:e2:9c:56:ee:79:8d:8b:fc:e5:24:
         cb:6b:9d:42:f0:84:b0:e4:1d:c1:cb:93:a3:7c:f7:c3:03:09:
         11:3c:9f:97:63:f4:94:68:27:7e:d3:83:a0:de:f6:a8:f9:88:
         3d:b9:6c:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNbbtYrvdw68auBUDkeGhaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQxMTIzMjM1MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWVkMGFhNmNhMjgwN2ZhYWZkMzJhYmU1ZmEwMGZiZjUzYjc2OWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdF/1pU22NjzQn65GcsGGWCU5OlH
womMLdaKZeKBciKCBnttB+W9InW1BpABIiS94icER57Lo5y9m8Si/+3gA8fG8/y/
p2xtjEuvymOcimPtD4cghUcSoGiexr+2HNcRKq3BsuKhrJqhdFwxVJCcE1LRAJid
3Xwv042lv2nxJSA4BroywSeb49rbtpZe5GOohsZ9khOokAiMNgjZch/zdGOfD8AR
JWuTOL175J2yxOqvusbbt39WE05dcTRvX4imZIufV1oHzkai/fiQ9I6Se2b+/Z2N
SScDZuaQtFvVlRiOhmvZVBhfGuBvaylDFjeIiD+1gv6eZTdFDHPSSB756QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMntCqbKKAf6r9Mqvl+gD79Tt2mpMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEveWUwS3Bzb29CX3F2MHlxLVg2QVB2MU8zYWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTkpMA0G
CSqGSIb3DQEBCwUAA4IBAQBSLmTgsdtUDsurO5xQe0b8xtkyGYVGWZ1vkC177TAs
spKEcxfHEPHKPl3GK62oWaWYhX9NsAXRMhVfNEqH1OdspELylWGv5RgyEAVyNvQP
LpMJ70R+FFn/i+kgRjc5N+VyfB3N1aifT7yNXsrGZVxz91geLv1ta4N9i9SOMJf9
GE9CBGqyiPGAMxoJpbNJNmK4p949u9ovhKUsW4xrWWA+cNfvhBUno0BKoY0D1PE4
x/tw+EO0I+Vz34EIVxV05vGdrvIyshA2u6P0N4W6bOKcVu55jYv85STLa51C8ISw
5B3By5OjfPfDAwkRPJ+XY/SUaCd+04Og3vao+Yg9uWw8
-----END CERTIFICATE-----