Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/yCb8wWS8I0_s7FZyHr7k_JD9VuE.roa
File:                     yCb8wWS8I0_s7FZyHr7k_JD9VuE.roa (raw, json)
Hash identifier:          P5P/BBd9G/dVAWA5JTVrZ7SZxRUYtgKKha9rZcZ+D1A=
Subject key identifier:   C8:26:FC:C1:64:BC:23:4F:EC:EC:56:72:1E:BE:E4:FC:90:FD:56:E1
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019227FE492047972E82FC8DF137A3C5467C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/yCb8wWS8I0_s7FZyHr7k_JD9VuE.roa
Signing time:             Wed 25 Sep 2024 07:03:49 +0000
ROA not before:           Wed 25 Sep 2024 07:03:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207957
IP address blocks:        213.176.72.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:27:fe:49:20:47:97:2e:82:fc:8d:f1:37:a3:c5:46:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Sep 25 07:03:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c826fcc164bc234fecec56721ebee4fc90fd56e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d3:b6:b5:e0:2b:01:db:23:79:ca:e8:4e:bc:
                    f4:b9:88:86:fe:4a:b6:c0:69:80:10:5c:16:af:c1:
                    bf:1b:14:9e:6c:b2:2d:b2:20:48:08:cb:f7:60:14:
                    08:78:6c:97:f6:86:e4:ef:09:cb:47:9d:00:48:24:
                    8f:07:41:32:eb:8a:20:f8:50:cb:54:a9:2f:84:5e:
                    1f:16:9b:cd:85:97:c2:37:65:38:21:e4:60:59:b8:
                    a5:8b:93:a9:a3:bd:00:13:9d:13:73:40:55:27:e9:
                    0d:b7:a5:8a:43:77:0c:e5:a6:90:c2:db:b5:c1:12:
                    66:bc:61:a9:12:3d:ce:b7:76:6c:42:9b:ba:d1:10:
                    8e:4b:5d:b1:8c:38:99:5a:e5:3a:70:98:85:16:d1:
                    75:7c:85:56:7b:46:65:3f:42:e6:5a:8c:31:81:c8:
                    59:8c:7c:64:18:4d:1c:cd:ae:cb:46:c1:0c:ee:de:
                    30:39:5b:a8:7b:7f:75:81:f1:46:4c:c7:f2:03:d0:
                    19:ce:1f:c7:e8:ca:97:c4:6e:51:8b:e9:90:3b:f2:
                    8f:f5:10:3f:4c:2b:bd:2c:34:90:06:92:cf:31:24:
                    ef:f7:a3:e6:2c:a1:ee:e6:a8:b2:0c:b3:c7:04:16:
                    ca:2c:e8:8f:08:20:45:b4:c1:de:8b:3b:89:01:a6:
                    d2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:26:FC:C1:64:BC:23:4F:EC:EC:56:72:1E:BE:E4:FC:90:FD:56:E1
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/yCb8wWS8I0_s7FZyHr7k_JD9VuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cd:e1:a1:e7:b8:07:d0:1c:29:47:a6:e6:ea:fd:32:3c:01:86:
         f5:2a:00:b0:ec:35:83:8c:6b:48:03:54:77:1a:a0:d2:86:63:
         0c:f7:26:3c:c0:53:15:37:be:ac:c1:bd:b9:f4:a4:3c:5e:48:
         a5:7d:9a:a6:36:f2:59:ad:ec:8d:15:83:b9:ca:88:56:58:39:
         bc:dc:a8:51:ea:cd:fb:c1:5a:5b:52:a5:a8:38:cf:db:d3:65:
         00:39:fc:93:21:a4:f3:12:49:72:4d:01:34:62:48:ec:fe:e0:
         f2:2a:c1:7a:f2:5c:de:14:e4:b0:14:d7:7c:49:71:33:97:b9:
         89:85:b9:a4:5d:f0:40:74:2c:fe:f0:32:10:c8:47:fd:c9:13:
         c5:02:c9:b0:28:6e:01:95:c8:f3:06:fe:7c:01:b4:47:47:ae:
         67:f7:95:a3:91:d4:6b:6a:d4:a7:97:de:d6:da:dc:6f:3d:30:
         e1:67:66:48:ad:42:f5:45:d6:d5:1a:3e:21:9f:e2:68:81:bf:
         75:88:7c:48:06:43:d0:52:1c:35:a0:d9:48:18:fd:9f:9e:f1:
         da:08:d3:02:e4:26:90:ef:7c:e0:87:2e:bb:b6:7a:8f:32:7d:
         9e:1b:a1:9d:cb:8b:f7:0e:26:1c:a7:ff:62:7c:1a:13:73:b5:
         16:bd:db:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIn/kkgR5cugvyN8TejxUZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwOTI1MDcwMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI2ZmNjMTY0YmMyMzRmZWNlYzU2NzIxZWJlZTRmYzkwZmQ1NmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydO2teArAdsjecroTrz0uYiG/kq2
wGmAEFwWr8G/GxSebLItsiBICMv3YBQIeGyX9obk7wnLR50ASCSPB0Ey64og+FDL
VKkvhF4fFpvNhZfCN2U4IeRgWbili5Opo70AE50Tc0BVJ+kNt6WKQ3cM5aaQwtu1
wRJmvGGpEj3Ot3ZsQpu60RCOS12xjDiZWuU6cJiFFtF1fIVWe0ZlP0LmWowxgchZ
jHxkGE0cza7LRsEM7t4wOVuoe391gfFGTMfyA9AZzh/H6MqXxG5Ri+mQO/KP9RA/
TCu9LDSQBpLPMSTv96PmLKHu5qiyDLPHBBbKLOiPCCBFtMHeizuJAabSSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgm/MFkvCNP7OxWch6+5PyQ/VbhMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEveUNiOHdXUzhJMF9zN0ZaeUhyN2tfSkQ5VnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1bBIMA0G
CSqGSIb3DQEBCwUAA4IBAQDN4aHnuAfQHClHpubq/TI8AYb1KgCw7DWDjGtIA1R3
GqDShmMM9yY8wFMVN76swb259KQ8XkilfZqmNvJZreyNFYO5yohWWDm83KhR6s37
wVpbUqWoOM/b02UAOfyTIaTzEklyTQE0Ykjs/uDyKsF68lzeFOSwFNd8SXEzl7mJ
hbmkXfBAdCz+8DIQyEf9yRPFAsmwKG4BlcjzBv58AbRHR65n95WjkdRratSnl97W
2txvPTDhZ2ZIrUL1RdbVGj4hn+Jogb91iHxIBkPQUhw1oNlIGP2fnvHaCNMC5CaQ
73zghy67tnqPMn2eG6Gdy4v3DiYcp/9ifBoTc7UWvds7
-----END CERTIFICATE-----