Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/yojZQYcWjnDkamFtDlKwVxqTj-8.roa
File:                     yojZQYcWjnDkamFtDlKwVxqTj-8.roa (raw, json)
Hash identifier:          1nN7ToQ1TCcBumv9PQ5fqkL6Th6URCdHRWDpagNj8ZU=
Subject key identifier:   CA:88:D9:41:87:16:8E:70:E4:6A:61:6D:0E:52:B0:57:1A:93:8F:EF
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01927F96A6BE8E4A6A700AB7574737034BB9
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/yojZQYcWjnDkamFtDlKwVxqTj-8.roa
Signing time:             Sat 12 Oct 2024 07:17:12 +0000
ROA not before:           Sat 12 Oct 2024 07:17:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55933
IP address blocks:        213.176.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7f:96:a6:be:8e:4a:6a:70:0a:b7:57:47:37:03:4b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Oct 12 07:17:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca88d94187168e70e46a616d0e52b0571a938fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:d3:06:b8:b1:4a:44:60:41:46:9b:be:90:
                    f6:4f:ec:72:d9:9a:a2:e7:1a:a6:e8:13:bd:ce:c2:
                    a0:bb:a1:0f:b3:32:bc:39:13:09:c1:c5:54:e2:7d:
                    26:8a:81:a6:33:43:e2:cf:9a:89:e8:1f:ff:0b:ca:
                    07:ed:c4:7e:e3:58:60:c1:09:53:01:e0:ce:d5:57:
                    75:5b:4a:35:5a:4d:62:18:04:ef:b6:78:bb:bc:1a:
                    c0:68:65:54:3d:d8:64:0e:81:f9:b2:69:a5:83:e4:
                    15:73:ad:f4:4e:25:7b:de:98:5b:c2:5b:e4:09:49:
                    d4:bc:87:fd:e0:a1:8c:7d:db:db:ea:a8:bc:d6:c5:
                    96:5b:cc:7e:97:35:e5:ca:15:16:0c:d0:41:a6:76:
                    78:9c:44:01:df:a7:20:e6:05:ef:72:8a:67:f0:cd:
                    25:80:1a:b3:56:26:5e:d0:ed:ee:f4:91:a5:d7:f3:
                    68:33:ae:31:3f:2b:e7:85:5a:70:52:d4:bf:68:d5:
                    f7:ee:03:ec:d0:5f:c2:54:ac:96:8a:ce:e8:a7:e2:
                    5f:c3:38:45:0d:14:94:ff:e6:e1:39:20:5a:7a:36:
                    99:df:4d:e8:62:f6:fe:2b:35:4c:a8:34:5b:74:2c:
                    54:18:5e:69:f9:e3:38:4a:11:fd:d5:21:86:28:0a:
                    77:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:88:D9:41:87:16:8E:70:E4:6A:61:6D:0E:52:B0:57:1A:93:8F:EF
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/yojZQYcWjnDkamFtDlKwVxqTj-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:1b:0f:63:e6:54:81:c6:5f:9c:02:c8:c0:09:37:2f:b5:28:
         2d:2e:70:1b:d8:12:a4:dc:bf:1f:f5:c3:64:d7:c5:6f:6c:5d:
         42:b9:2b:83:95:c1:fe:0c:df:90:7c:52:5d:12:06:ca:9b:f1:
         66:3a:c8:b5:09:9d:fb:1b:48:63:be:dd:76:2c:c5:d0:66:10:
         0e:7d:71:9d:0d:ce:ed:1e:02:54:95:4d:04:f1:a2:e3:af:e0:
         9f:57:99:52:f1:08:06:56:85:3b:39:31:e2:18:46:fd:86:72:
         95:87:a2:87:b0:c9:6e:86:c5:d3:4d:f7:38:65:08:d7:3f:e1:
         56:75:b8:4e:91:00:6a:22:db:fa:77:69:b7:c3:43:93:a9:98:
         73:dc:4f:40:fe:26:3d:36:39:3f:e8:8e:89:dd:3a:dd:b3:af:
         6d:78:d5:f8:2e:c4:df:00:50:92:07:75:6c:16:52:84:41:82:
         6d:03:6c:9d:8d:83:be:ed:74:0d:03:4c:5c:86:13:74:f5:c3:
         55:85:64:2f:ad:e0:08:ca:aa:b0:81:d1:99:85:33:7e:8f:58:
         4a:2a:4f:44:ca:8a:e5:a4:91:07:09:1e:8f:bd:23:ba:60:b1:
         30:e8:d9:31:ff:8e:23:1a:27:2b:1e:9d:37:32:22:e0:40:36:
         dc:05:02:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ/lqa+jkpqcAq3V0c3A0u5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQxMDEyMDcxNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg4ZDk0MTg3MTY4ZTcwZTQ2YTYxNmQwZTUyYjA1NzFhOTM4ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb/TBrixSkRgQUabvpD2T+xy2Zqi
5xqm6BO9zsKgu6EPszK8ORMJwcVU4n0mioGmM0Piz5qJ6B//C8oH7cR+41hgwQlT
AeDO1Vd1W0o1Wk1iGATvtni7vBrAaGVUPdhkDoH5smmlg+QVc630TiV73phbwlvk
CUnUvIf94KGMfdvb6qi81sWWW8x+lzXlyhUWDNBBpnZ4nEQB36cg5gXvcopn8M0l
gBqzViZe0O3u9JGl1/NoM64xPyvnhVpwUtS/aNX37gPs0F/CVKyWis7op+JfwzhF
DRSU/+bhOSBaejaZ303oYvb+KzVMqDRbdCxUGF5p+eM4ShH91SGGKAp3UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqI2UGHFo5w5GphbQ5SsFcak4/vMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEveW9qWlFZY1dqbkRrYW1GdERsS3dWeHFUai04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bBJMA0G
CSqGSIb3DQEBCwUAA4IBAQCqGw9j5lSBxl+cAsjACTcvtSgtLnAb2BKk3L8f9cNk
18VvbF1CuSuDlcH+DN+QfFJdEgbKm/FmOsi1CZ37G0hjvt12LMXQZhAOfXGdDc7t
HgJUlU0E8aLjr+CfV5lS8QgGVoU7OTHiGEb9hnKVh6KHsMluhsXTTfc4ZQjXP+FW
dbhOkQBqItv6d2m3w0OTqZhz3E9A/iY9Njk/6I6J3Trds69teNX4LsTfAFCSB3Vs
FlKEQYJtA2ydjYO+7XQNA0xchhN09cNVhWQvreAIyqqwgdGZhTN+j1hKKk9Eyorl
pJEHCR6PvSO6YLEw6Nkx/44jGicrHp03MiLgQDbcBQIu
-----END CERTIFICATE-----