Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/yAKpuy-7QgVIsDSB_-whiK27uGI.roa
File:                     yAKpuy-7QgVIsDSB_-whiK27uGI.roa (raw, json)
Hash identifier:          SPbKaCWZxbEZW8S9eKkdQJHNPJtPSLqPQFzncgSBlvI=
Subject key identifier:   C8:02:A9:BB:2F:BB:42:05:48:B0:34:81:FF:EC:21:88:AD:BB:B8:62
Certificate issuer:       /CN=ace3634464861bd4bf8c5bc7e3c9bfd3d246a4dd
Certificate serial:       018CC94D24F5D12A40E7FD8933AF33819E5A
Authority key identifier: AC:E3:63:44:64:86:1B:D4:BF:8C:5B:C7:E3:C9:BF:D3:D2:46:A4:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rONjRGSGG9S_jFvH48m_09JGpN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/yAKpuy-7QgVIsDSB_-whiK27uGI.roa
Signing time:             Tue 02 Jan 2024 08:32:05 +0000
ROA not before:           Tue 02 Jan 2024 08:32:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8455
IP address blocks:        195.248.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/rONjRGSGG9S_jFvH48m_09JGpN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/rONjRGSGG9S_jFvH48m_09JGpN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rONjRGSGG9S_jFvH48m_09JGpN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:24:f5:d1:2a:40:e7:fd:89:33:af:33:81:9e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ace3634464861bd4bf8c5bc7e3c9bfd3d246a4dd
        Validity
            Not Before: Jan  2 08:32:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c802a9bb2fbb420548b03481ffec2188adbbb862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:40:25:49:99:3f:0c:61:c8:46:51:39:e6:d6:
                    8f:db:7c:ef:38:51:9a:7b:0c:2b:25:e7:32:0c:1e:
                    ab:84:79:3e:71:ae:2d:42:8a:19:5f:d0:da:c3:9c:
                    1d:a9:76:69:61:96:3e:0f:28:24:f7:73:8a:49:bb:
                    ff:9c:14:07:9e:05:6a:15:a9:68:47:8b:9f:56:13:
                    98:b7:b6:e6:97:e1:a5:6d:7e:04:2b:36:b7:a8:61:
                    13:b1:d7:53:5c:ea:2e:63:9a:0f:c2:08:8e:1b:82:
                    6e:53:96:c5:79:ae:ce:f6:bf:d5:6f:55:c3:60:6d:
                    b3:8b:cb:d2:b9:eb:cb:26:9e:b2:61:a7:e3:d9:cd:
                    26:54:81:86:de:68:0b:37:ab:bb:77:42:c0:74:0c:
                    ce:5b:14:1c:e4:15:a4:73:df:23:79:08:31:1d:87:
                    2b:e0:61:4d:1b:19:b6:fa:6c:d9:60:33:55:1f:44:
                    3f:c2:1f:c4:7c:2a:6b:b0:b4:1e:f5:6b:bb:0c:73:
                    a5:50:1c:d9:34:e4:6d:ec:89:7f:d8:fa:86:ee:b9:
                    6f:c1:09:96:b5:58:64:9a:c4:ad:6a:8e:1a:02:80:
                    a6:1c:d1:c1:57:80:c9:6f:50:be:28:85:bc:2a:40:
                    e2:11:b9:b9:e6:bd:6b:a2:19:d1:c9:92:19:ad:3f:
                    b2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:02:A9:BB:2F:BB:42:05:48:B0:34:81:FF:EC:21:88:AD:BB:B8:62
            X509v3 Authority Key Identifier:
                keyid:AC:E3:63:44:64:86:1B:D4:BF:8C:5B:C7:E3:C9:BF:D3:D2:46:A4:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rONjRGSGG9S_jFvH48m_09JGpN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/yAKpuy-7QgVIsDSB_-whiK27uGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/rONjRGSGG9S_jFvH48m_09JGpN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:87:7f:af:f1:ec:66:44:b0:22:26:10:ab:a9:67:1f:8d:68:
         c9:f9:2c:38:d3:de:00:76:5e:bb:f3:22:ba:10:89:00:98:f5:
         b1:7f:c3:81:d5:e9:f4:10:55:2d:89:19:44:05:3c:49:7a:a6:
         a4:8a:de:03:72:9d:aa:a1:fe:60:28:54:ed:19:a7:ef:b9:a1:
         46:ba:ef:a8:58:e0:84:c7:42:62:c8:da:f1:91:84:e4:8a:db:
         1d:1a:d7:ac:62:75:e1:9f:42:c6:df:dc:d9:30:93:0b:d5:e6:
         6c:4b:fe:70:33:ed:34:15:16:e2:43:80:c8:b0:0c:db:56:b3:
         fa:e2:a9:67:e5:89:ce:9b:33:69:69:e0:ac:37:4c:43:43:ef:
         47:51:06:63:eb:f2:f9:7e:00:4a:74:f3:e8:e3:2f:26:5b:93:
         ac:ad:ee:b7:59:2f:8e:c3:7b:40:9e:55:5a:8b:95:57:88:0e:
         e4:c9:9a:cb:0a:90:a2:0f:36:3e:33:f8:7b:a2:13:3a:48:27:
         7b:97:22:60:dd:30:a7:1e:3d:64:48:4e:53:a8:99:65:b8:f4:
         8a:23:58:09:29:67:ac:be:5f:91:7d:25:9d:57:50:e8:d4:ff:
         73:de:47:7b:64:3a:95:b9:b8:8c:d2:09:6b:14:a9:b2:df:56:
         20:f8:8e:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTST10SpA5/2JM68zgZ5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZTM2MzQ0NjQ4NjFiZDRiZjhjNWJjN2UzYzliZmQzZDI0
NmE0ZGQwHhcNMjQwMTAyMDgzMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODAyYTliYjJmYmI0MjA1NDhiMDM0ODFmZmVjMjE4OGFkYmJiODYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0AlSZk/DGHIRlE55taP23zvOFGa
ewwrJecyDB6rhHk+ca4tQooZX9Daw5wdqXZpYZY+Dygk93OKSbv/nBQHngVqFalo
R4ufVhOYt7bml+GlbX4EKza3qGETsddTXOouY5oPwgiOG4JuU5bFea7O9r/Vb1XD
YG2zi8vSuevLJp6yYafj2c0mVIGG3mgLN6u7d0LAdAzOWxQc5BWkc98jeQgxHYcr
4GFNGxm2+mzZYDNVH0Q/wh/EfCprsLQe9Wu7DHOlUBzZNORt7Il/2PqG7rlvwQmW
tVhkmsStao4aAoCmHNHBV4DJb1C+KIW8KkDiEbm55r1rohnRyZIZrT+ylwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgCqbsvu0IFSLA0gf/sIYitu7hiMB8GA1UdIwQY
MBaAFKzjY0RkhhvUv4xbx+PJv9PSRqTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck9OalJHU0dHOVNfakZ2SDQ4bV8wOUpHcE4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMGVmNTktMTg0Mi00Y2EzLTk4NjUt
MDY3Y2M0NDI2YzI4LzEveUFLcHV5LTdRZ1ZJc0RTQl8td2hpSzI3dUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMGVmNTktMTg0Mi00Y2EzLTk4NjUtMDY3Y2M0NDI2YzI4
LzEvck9OalJHU0dHOVNfakZ2SDQ4bV8wOUpHcE4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hXMA0G
CSqGSIb3DQEBCwUAA4IBAQB3h3+v8exmRLAiJhCrqWcfjWjJ+Sw4094Adl678yK6
EIkAmPWxf8OB1en0EFUtiRlEBTxJeqakit4Dcp2qof5gKFTtGafvuaFGuu+oWOCE
x0JiyNrxkYTkitsdGtesYnXhn0LG39zZMJML1eZsS/5wM+00FRbiQ4DIsAzbVrP6
4qln5YnOmzNpaeCsN0xDQ+9HUQZj6/L5fgBKdPPo4y8mW5Osre63WS+Ow3tAnlVa
i5VXiA7kyZrLCpCiDzY+M/h7ohM6SCd7lyJg3TCnHj1kSE5TqJlluPSKI1gJKWes
vl+RfSWdV1Do1P9z3kd7ZDqVubiM0glrFKmy31Yg+I4g
-----END CERTIFICATE-----