Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/67d07c-a561-457f-a044-ce0b8a51a451/1/yWc41PdzlD_sJNcrjVnceFv_b9c.roa
File:                     yWc41PdzlD_sJNcrjVnceFv_b9c.roa (raw, json)
Hash identifier:          OvWz5Fw3RAttGcLbboVStuThyV/zzHmxLNlgziN8Q/8=
Subject key identifier:   C9:67:38:D4:F7:73:94:3F:EC:24:D7:2B:8D:59:DC:78:5B:FF:6F:D7
Certificate issuer:       /CN=9060c6f01df85d4a033f125653e1317b6f42864e
Certificate serial:       018CC7257BAA4CD599B1F54EA881270B47FB
Authority key identifier: 90:60:C6:F0:1D:F8:5D:4A:03:3F:12:56:53:E1:31:7B:6F:42:86:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kGDG8B34XUoDPxJWU-Exe29Chk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/67d07c-a561-457f-a044-ce0b8a51a451/1/yWc41PdzlD_sJNcrjVnceFv_b9c.roa
Signing time:             Mon 01 Jan 2024 22:29:31 +0000
ROA not before:           Mon 01 Jan 2024 22:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210962
IP address blocks:        194.26.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/67d07c-a561-457f-a044-ce0b8a51a451/1/kGDG8B34XUoDPxJWU-Exe29Chk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/67d07c-a561-457f-a044-ce0b8a51a451/1/kGDG8B34XUoDPxJWU-Exe29Chk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kGDG8B34XUoDPxJWU-Exe29Chk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 22:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:7b:aa:4c:d5:99:b1:f5:4e:a8:81:27:0b:47:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9060c6f01df85d4a033f125653e1317b6f42864e
        Validity
            Not Before: Jan  1 22:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c96738d4f773943fec24d72b8d59dc785bff6fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:79:63:f8:2a:37:27:de:e5:a3:41:cd:95:d4:
                    1f:06:2a:47:e6:f0:00:65:67:7a:f3:d6:6c:1e:cb:
                    5a:cd:64:b1:97:7f:a6:a4:45:2c:40:86:7b:3c:e0:
                    57:78:39:5b:60:3f:10:db:dc:9a:9d:cb:d3:3f:b0:
                    86:8e:0d:3c:c6:8f:e3:ea:7b:16:a4:8f:31:0e:06:
                    5f:72:5f:2e:1f:3b:ca:a3:22:93:b9:c6:d4:a2:0c:
                    49:3e:db:2d:34:54:f9:de:72:6a:35:0f:31:3d:f1:
                    23:05:94:00:e8:59:a1:de:ee:4c:8c:cf:23:e6:13:
                    16:de:ef:51:e1:c4:1e:80:90:67:73:bc:10:30:f4:
                    c4:07:a2:0b:a3:d8:67:bc:73:de:f3:f1:db:03:74:
                    d0:d9:d6:59:6d:d1:3f:f3:6d:ee:cb:61:7f:b6:19:
                    72:c0:fb:2c:37:e4:b3:5e:3f:45:8a:d0:56:57:4c:
                    66:8d:db:81:b1:54:71:a6:34:49:54:41:fb:53:c1:
                    f0:42:fb:a5:8f:4b:81:20:be:8f:95:7a:5a:92:69:
                    85:f5:da:87:cd:3b:c8:60:14:84:d3:4e:55:c5:63:
                    95:5a:10:e6:9a:8a:f9:29:95:e4:38:30:15:0c:61:
                    9c:65:ed:2c:66:dd:55:8f:b3:ec:e6:b2:bd:57:ca:
                    fe:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:67:38:D4:F7:73:94:3F:EC:24:D7:2B:8D:59:DC:78:5B:FF:6F:D7
            X509v3 Authority Key Identifier:
                keyid:90:60:C6:F0:1D:F8:5D:4A:03:3F:12:56:53:E1:31:7B:6F:42:86:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGDG8B34XUoDPxJWU-Exe29Chk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/67d07c-a561-457f-a044-ce0b8a51a451/1/yWc41PdzlD_sJNcrjVnceFv_b9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/67d07c-a561-457f-a044-ce0b8a51a451/1/kGDG8B34XUoDPxJWU-Exe29Chk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:be:88:cc:95:05:04:e6:0b:3c:c2:94:08:cc:0d:87:2f:
         71:00:2d:b2:8f:01:bf:7e:24:23:14:51:be:f5:5d:b3:3f:ae:
         16:5f:96:10:83:26:2a:0b:cd:23:4c:1b:15:15:a4:71:00:7b:
         9e:23:06:d4:da:2d:bc:84:fc:f8:ad:b3:85:df:38:32:73:e4:
         12:72:ff:e9:d8:d7:2c:4f:02:85:4a:85:f3:e2:6a:76:bf:63:
         af:aa:9c:f3:5b:bf:f8:a9:bd:3a:9a:bf:73:9f:63:53:f9:77:
         db:55:9e:c3:7d:b2:bc:6b:de:84:e7:50:70:71:38:f1:76:b9:
         ff:7d:16:ef:fd:4b:8f:c2:34:73:57:90:f8:13:20:98:9a:37:
         17:b9:a8:02:3e:42:ad:c6:17:e9:c9:bb:90:8c:00:0e:8c:bb:
         6d:b5:5c:4b:36:ec:5a:35:38:b3:57:2b:72:fc:43:b5:1f:3d:
         a6:eb:90:62:66:d6:da:a3:66:b9:a2:14:b7:f3:92:5b:97:d4:
         4a:60:79:cb:8c:a6:b5:9a:88:d8:ba:13:18:d3:d3:ac:91:b0:
         c0:3a:05:7b:69:f6:ad:02:8d:36:fa:04:e1:62:68:f5:cf:22:
         f3:51:ab:f1:3b:4a:7d:c1:28:03:ba:97:05:5e:23:ad:5b:75:
         23:84:c3:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXuqTNWZsfVOqIEnC0f7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjBjNmYwMWRmODVkNGEwMzNmMTI1NjUzZTEzMTdiNmY0
Mjg2NGUwHhcNMjQwMTAxMjIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTY3MzhkNGY3NzM5NDNmZWMyNGQ3MmI4ZDU5ZGM3ODViZmY2ZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynlj+Co3J97lo0HNldQfBipH5vAA
ZWd689ZsHstazWSxl3+mpEUsQIZ7POBXeDlbYD8Q29yancvTP7CGjg08xo/j6nsW
pI8xDgZfcl8uHzvKoyKTucbUogxJPtstNFT53nJqNQ8xPfEjBZQA6Fmh3u5MjM8j
5hMW3u9R4cQegJBnc7wQMPTEB6ILo9hnvHPe8/HbA3TQ2dZZbdE/823uy2F/thly
wPssN+SzXj9FitBWV0xmjduBsVRxpjRJVEH7U8HwQvulj0uBIL6PlXpakmmF9dqH
zTvIYBSE005VxWOVWhDmmor5KZXkODAVDGGcZe0sZt1Vj7Ps5rK9V8r+QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlnONT3c5Q/7CTXK41Z3Hhb/2/XMB8GA1UdIwQY
MBaAFJBgxvAd+F1KAz8SVlPhMXtvQoZOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dERzhCMzRYVW9EUHhKV1UtRXhlMjlDaGs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82N2QwN2MtYTU2MS00NTdmLWEwNDQt
Y2UwYjhhNTFhNDUxLzEveVdjNDFQZHpsRF9zSk5jcmpWbmNlRnZfYjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82N2QwN2MtYTU2MS00NTdmLWEwNDQtY2UwYjhhNTFhNDUx
LzEva0dERzhCMzRYVW9EUHhKV1UtRXhlMjlDaGs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhpmMA0G
CSqGSIb3DQEBCwUAA4IBAQBHxb6IzJUFBOYLPMKUCMwNhy9xAC2yjwG/fiQjFFG+
9V2zP64WX5YQgyYqC80jTBsVFaRxAHueIwbU2i28hPz4rbOF3zgyc+QScv/p2Ncs
TwKFSoXz4mp2v2OvqpzzW7/4qb06mr9zn2NT+XfbVZ7DfbK8a96E51BwcTjxdrn/
fRbv/UuPwjRzV5D4EyCYmjcXuagCPkKtxhfpybuQjAAOjLtttVxLNuxaNTizVyty
/EO1Hz2m65BiZtbao2a5ohS385Jbl9RKYHnLjKa1mojYuhMY09OskbDAOgV7afat
Ao02+gThYmj1zyLzUavxO0p9wSgDupcFXiOtW3UjhMNP
-----END CERTIFICATE-----