Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/y5K12qvOcIh12car8TjOAJyIQgg.roa
File:                     y5K12qvOcIh12car8TjOAJyIQgg.roa (raw, json)
Hash identifier:          kmrY1bB+ys0vcBOpszRInY4s0FM4T603fNJ1uhG1zag=
Subject key identifier:   CB:92:B5:DA:AB:CE:70:88:75:D9:C6:AB:F1:38:CE:00:9C:88:42:08
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255BDA74A08D27D1CC51635D9A1619
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/y5K12qvOcIh12car8TjOAJyIQgg.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39458
IP address blocks:        193.34.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5b:da:74:a0:8d:27:d1:cc:51:63:5d:9a:16:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb92b5daabce708875d9c6abf138ce009c884208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:94:91:75:5b:01:c5:c4:c6:7d:5c:5d:51:4a:
                    7e:e2:32:9b:5b:a6:27:61:7f:d8:e5:fe:94:89:a9:
                    82:92:ab:3f:e1:87:fa:d4:75:14:f8:47:21:91:54:
                    1c:84:b3:9d:d5:fd:bb:64:f1:0b:84:c7:00:8b:a2:
                    8c:16:32:10:a7:cb:d3:f3:42:cc:f3:8c:1c:af:12:
                    2c:cf:c6:d5:77:11:f0:ba:16:2a:12:02:ba:d7:97:
                    68:1d:b8:5b:39:a9:b2:f6:09:13:e2:be:6a:cb:bd:
                    32:f0:e4:5e:05:9b:25:db:2f:51:b3:be:49:27:e5:
                    13:dc:78:12:21:ce:3c:9f:7c:0e:95:e2:44:c0:77:
                    b9:1d:c5:b8:16:c2:7e:7a:71:88:a5:e2:17:83:93:
                    56:f4:ad:70:fd:e7:bf:75:5a:3a:51:47:69:e7:cb:
                    d9:bc:d8:9d:6d:f7:39:ea:31:3a:63:a8:1b:4e:0e:
                    7e:f1:88:7f:28:f9:57:86:7d:ea:32:00:c9:77:22:
                    b0:7c:2b:27:b1:84:77:d3:3e:c7:6c:c2:d6:5f:c7:
                    3f:7f:04:9b:5d:73:6f:6d:6e:85:17:ee:cb:a6:d8:
                    91:5e:ab:81:0b:10:a1:88:b2:1f:9e:e7:a6:94:4a:
                    dd:67:29:af:98:8a:00:78:21:3f:5a:0a:ac:9e:be:
                    4f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:92:B5:DA:AB:CE:70:88:75:D9:C6:AB:F1:38:CE:00:9C:88:42:08
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/y5K12qvOcIh12car8TjOAJyIQgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:75:c8:c0:25:94:bf:70:19:ca:cf:ae:f5:5b:e3:03:19:54:
         ac:94:7c:e4:df:7a:bf:67:81:7f:c8:40:0b:53:51:50:9d:53:
         9b:e0:a2:e7:b3:1b:1b:e3:c0:5e:07:f7:5f:9c:8e:fe:34:ec:
         e5:2d:96:31:59:47:bc:a9:c0:d2:eb:14:e6:e6:d4:0b:28:35:
         c0:51:3e:00:fa:8a:64:99:76:3e:32:d5:e4:d8:36:ba:30:be:
         ca:23:2c:55:0a:bb:e1:25:4d:cc:0d:a8:3e:38:33:ad:b0:76:
         a9:65:87:0a:5b:f1:56:2b:49:0c:2c:54:2e:5a:ad:c0:1b:5f:
         15:a3:fb:ac:03:4b:02:66:28:f5:e4:9e:2b:4d:f5:9c:f9:5f:
         d8:a6:4b:23:68:12:22:18:1b:07:08:02:d1:67:9a:cb:35:4a:
         8a:2a:7a:f6:9f:80:e9:92:2a:d6:df:eb:e8:35:80:5c:56:d0:
         72:e8:54:98:a1:3e:64:08:ae:e7:3a:cb:9e:3c:e4:a4:06:48:
         b5:bb:0d:37:fc:fa:0c:f5:39:e4:36:18:aa:76:b8:27:9b:4d:
         8b:5a:b2:3b:b7:de:14:46:2a:4d:a4:b3:36:3a:06:43:f6:7c:
         ae:8b:fa:b6:39:f0:24:35:dc:88:60:41:28:09:99:86:25:9d:
         ff:7f:59:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVvadKCNJ9HMUWNdmhYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjkyYjVkYWFiY2U3MDg4NzVkOWM2YWJmMTM4Y2UwMDljODg0MjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5SRdVsBxcTGfVxdUUp+4jKbW6Yn
YX/Y5f6UiamCkqs/4Yf61HUU+EchkVQchLOd1f27ZPELhMcAi6KMFjIQp8vT80LM
84wcrxIsz8bVdxHwuhYqEgK615doHbhbOamy9gkT4r5qy70y8OReBZsl2y9Rs75J
J+UT3HgSIc48n3wOleJEwHe5HcW4FsJ+enGIpeIXg5NW9K1w/ee/dVo6UUdp58vZ
vNidbfc56jE6Y6gbTg5+8Yh/KPlXhn3qMgDJdyKwfCsnsYR30z7HbMLWX8c/fwSb
XXNvbW6FF+7LptiRXquBCxChiLIfnuemlErdZymvmIoAeCE/Wgqsnr5P+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuStdqrznCIddnGq/E4zgCciEIIMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEveTVLMTJxdk9jSWgxMmNhcjhUak9BSnlJUWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSJOMA0G
CSqGSIb3DQEBCwUAA4IBAQCjdcjAJZS/cBnKz671W+MDGVSslHzk33q/Z4F/yEAL
U1FQnVOb4KLnsxsb48BeB/dfnI7+NOzlLZYxWUe8qcDS6xTm5tQLKDXAUT4A+opk
mXY+MtXk2Da6ML7KIyxVCrvhJU3MDag+ODOtsHapZYcKW/FWK0kMLFQuWq3AG18V
o/usA0sCZij15J4rTfWc+V/YpksjaBIiGBsHCALRZ5rLNUqKKnr2n4DpkirW3+vo
NYBcVtBy6FSYoT5kCK7nOsuePOSkBki1uw03/PoM9TnkNhiqdrgnm02LWrI7t94U
RipNpLM2OgZD9nyui/q2OfAkNdyIYEEoCZmGJZ3/f1kp
-----END CERTIFICATE-----