Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/YHCofV86c13WRpG9Unl6I_FRPk8.roa
File:                     YHCofV86c13WRpG9Unl6I_FRPk8.roa (raw, json)
Hash identifier:          EdGLvgJMciz2OlHcfh+y/ytKsdgWhQbv4OPSIh90mQg=
Subject key identifier:   60:70:A8:7D:5F:3A:73:5D:D6:46:91:BD:52:79:7A:23:F1:51:3E:4F
Certificate issuer:       /CN=5df40ee7489e95c57f104271919da268bc513f9b
Certificate serial:       018CC5DC2B753DC10DD2D49F940B4723DEB8
Authority key identifier: 5D:F4:0E:E7:48:9E:95:C5:7F:10:42:71:91:9D:A2:68:BC:51:3F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/YHCofV86c13WRpG9Unl6I_FRPk8.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207673
IP address blocks:        194.76.58.0/23 maxlen: 23
                          194.76.104.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2b:75:3d:c1:0d:d2:d4:9f:94:0b:47:23:de:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5df40ee7489e95c57f104271919da268bc513f9b
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6070a87d5f3a735dd64691bd52797a23f1513e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7d:d0:24:e2:be:10:3a:f4:6b:84:13:08:e0:
                    16:89:7d:b0:af:78:82:f9:9b:50:97:d1:39:58:40:
                    00:51:b7:d8:78:e5:cf:b7:c5:36:a8:d9:c9:dc:d7:
                    f6:5c:43:e4:9a:7b:df:59:91:03:22:49:11:b1:8b:
                    a6:08:78:7a:d0:7e:fd:6d:3d:c2:24:81:5e:aa:5e:
                    7c:e4:03:de:0d:f3:c5:0a:e7:a0:21:f0:c8:34:91:
                    77:6d:9d:fd:d4:1f:46:e9:73:6a:5f:4f:2d:06:4f:
                    a3:2a:cc:19:a9:23:29:96:ff:5b:ad:bb:36:0e:86:
                    d9:19:ee:7a:f4:1b:77:e0:fd:1b:0a:a0:6b:d7:99:
                    63:7c:a5:b3:f0:90:c2:7e:68:f8:b6:dd:e8:c9:d8:
                    d1:6f:99:d0:ae:c8:e1:3e:51:81:a7:4f:8f:ea:39:
                    fe:a8:27:f2:98:d0:3d:54:a0:ba:e0:06:d1:6f:13:
                    70:a9:69:8a:c6:0e:64:e3:bc:be:62:80:cc:55:27:
                    70:ad:30:a4:90:56:d6:e8:03:73:20:59:dc:aa:30:
                    28:d0:60:a9:11:a6:19:59:42:65:72:1d:a5:be:a6:
                    7d:c2:63:d5:06:a2:96:81:4c:81:d6:70:7e:79:08:
                    1c:13:e2:f1:f7:b1:53:41:6b:dd:63:4f:88:57:6d:
                    4c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:70:A8:7D:5F:3A:73:5D:D6:46:91:BD:52:79:7A:23:F1:51:3E:4F
            X509v3 Authority Key Identifier:
                keyid:5D:F4:0E:E7:48:9E:95:C5:7F:10:42:71:91:9D:A2:68:BC:51:3F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/YHCofV86c13WRpG9Unl6I_FRPk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.58.0/23
                  194.76.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         da:f0:63:a2:e1:53:1f:01:9c:eb:75:df:6c:8a:71:93:70:99:
         fe:ca:9f:1e:c7:5d:16:04:57:41:36:93:21:47:2e:37:2e:bf:
         38:c3:ff:43:af:8d:53:56:09:33:36:3f:4c:a5:bc:a2:66:ab:
         9e:0a:f3:fb:67:87:19:3a:86:f7:ae:34:64:68:84:dc:94:71:
         9d:8e:8c:83:28:04:e2:33:69:1a:d0:81:f2:0f:4e:e6:69:a0:
         50:99:ae:61:35:61:42:f4:a0:ed:55:5d:cd:e6:4c:dd:d7:da:
         0d:3f:9e:53:b6:b9:78:a6:76:06:0c:cf:b4:9a:92:cc:0f:3f:
         8e:53:fc:2e:97:71:c0:ad:61:79:11:0c:c6:ae:da:7a:eb:96:
         93:19:2b:38:4e:b6:17:c8:f1:ee:a4:0c:c8:43:f6:5f:f5:60:
         ef:38:48:3c:57:f0:1b:f9:65:4f:b3:28:89:90:af:60:20:1c:
         0b:d6:33:94:b6:d9:c6:c9:ab:3f:a5:4d:c1:ef:ff:73:80:2d:
         15:b6:e8:96:67:9c:e8:56:ce:6d:56:7c:e2:59:b7:23:28:a4:
         28:89:99:00:10:fb:9e:9f:55:c2:64:00:b1:80:60:7a:1d:51:
         c5:e8:7d:6d:b1:0b:75:06:f4:95:a4:0e:08:04:3b:21:bd:a9:
         8c:3f:a2:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Ct1PcEN0tSflAtHI964MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZjQwZWU3NDg5ZTk1YzU3ZjEwNDI3MTkxOWRhMjY4YmM1
MTNmOWIwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDcwYTg3ZDVmM2E3MzVkZDY0NjkxYmQ1Mjc5N2EyM2YxNTEzZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin3QJOK+EDr0a4QTCOAWiX2wr3iC
+ZtQl9E5WEAAUbfYeOXPt8U2qNnJ3Nf2XEPkmnvfWZEDIkkRsYumCHh60H79bT3C
JIFeql585APeDfPFCuegIfDINJF3bZ391B9G6XNqX08tBk+jKswZqSMplv9brbs2
DobZGe569Bt34P0bCqBr15ljfKWz8JDCfmj4tt3oydjRb5nQrsjhPlGBp0+P6jn+
qCfymNA9VKC64AbRbxNwqWmKxg5k47y+YoDMVSdwrTCkkFbW6ANzIFncqjAo0GCp
EaYZWUJlch2lvqZ9wmPVBqKWgUyB1nB+eQgcE+Lx97FTQWvdY0+IV21MtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGBwqH1fOnNd1kaRvVJ5eiPxUT5PMB8GA1UdIwQY
MBaAFF30DudInpXFfxBCcZGdomi8UT+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGZRTzUwaWVsY1ZfRUVKeGtaMmlhTHhSUDVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hN2U4NTAtMDBiZS00ZGMyLThjNDEt
Mzg2NmI5NWY0ODVmLzEvWUhDb2ZWODZjMTNXUnBHOVVubDZJX0ZSUGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hN2U4NTAtMDBiZS00ZGMyLThjNDEtMzg2NmI5NWY0ODVm
LzEvWGZRTzUwaWVsY1ZfRUVKeGtaMmlhTHhSUDVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwkw6AwQB
wkxoMA0GCSqGSIb3DQEBCwUAA4IBAQDa8GOi4VMfAZzrdd9sinGTcJn+yp8ex10W
BFdBNpMhRy43Lr84w/9Dr41TVgkzNj9MpbyiZqueCvP7Z4cZOob3rjRkaITclHGd
joyDKATiM2ka0IHyD07maaBQma5hNWFC9KDtVV3N5kzd19oNP55Ttrl4pnYGDM+0
mpLMDz+OU/wul3HArWF5EQzGrtp665aTGSs4TrYXyPHupAzIQ/Zf9WDvOEg8V/Ab
+WVPsyiJkK9gIBwL1jOUttnGyas/pU3B7/9zgC0VtuiWZ5zoVs5tVnziWbcjKKQo
iZkAEPuen1XCZACxgGB6HVHF6H1tsQt1BvSVpA4IBDshvamMP6I0
-----END CERTIFICATE-----