Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/y-M-li5oZbPcd_v9xzkPOEw3AHE.roa
File:                     y-M-li5oZbPcd_v9xzkPOEw3AHE.roa (raw, json)
Hash identifier:          ARgiNJn6Mtqmxp8PcG8Di0va0O17Y+4GUcg5BnMf/Ok=
Subject key identifier:   CB:E3:3E:96:2E:68:65:B3:DC:77:FB:FD:C7:39:0F:38:4C:37:00:71
Certificate issuer:       /CN=d152b4c1f5d484eefc2b1597f455003ab654b055
Certificate serial:       018CC86F2F528E836996825C6A69D491B7D7
Authority key identifier: D1:52:B4:C1:F5:D4:84:EE:FC:2B:15:97:F4:55:00:3A:B6:54:B0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0VK0wfXUhO78KxWX9FUAOrZUsFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/y-M-li5oZbPcd_v9xzkPOEw3AHE.roa
Signing time:             Tue 02 Jan 2024 04:29:38 +0000
ROA not before:           Tue 02 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209721
IP address blocks:        194.26.120.0/21 maxlen: 21
                          2001:67c:2e0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/0VK0wfXUhO78KxWX9FUAOrZUsFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/0VK0wfXUhO78KxWX9FUAOrZUsFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0VK0wfXUhO78KxWX9FUAOrZUsFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2f:52:8e:83:69:96:82:5c:6a:69:d4:91:b7:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d152b4c1f5d484eefc2b1597f455003ab654b055
        Validity
            Not Before: Jan  2 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbe33e962e6865b3dc77fbfdc7390f384c370071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:d4:af:56:2e:c9:cf:ff:22:b0:06:8e:d0:
                    10:60:16:dc:a0:7a:e7:5f:7b:3c:53:78:ad:9b:3e:
                    b1:d3:56:94:d2:cf:f0:41:e6:70:e2:69:0f:da:92:
                    7b:14:95:39:97:3a:2b:95:73:f7:e6:a0:4c:ae:a3:
                    47:0d:2f:24:6c:4a:57:6c:d2:6e:7d:1c:ed:86:ef:
                    41:3f:17:f5:8d:e5:23:38:38:72:e4:58:f1:14:e6:
                    cb:c9:a1:b6:cc:d1:37:47:bb:0f:c8:c8:f6:c8:ae:
                    39:ad:9e:67:41:6a:f0:0e:59:87:aa:99:2b:98:f7:
                    9e:2a:67:81:40:6e:cb:9d:bd:0b:16:06:1b:4f:c4:
                    33:5f:51:51:e4:93:98:74:38:cd:83:41:04:81:a4:
                    9b:ed:06:9d:80:f4:b0:33:97:a6:71:bc:96:79:3e:
                    d4:93:be:61:07:ab:10:7f:76:a3:62:ed:a6:09:7d:
                    4c:f5:39:bf:c0:72:d0:e3:19:92:25:b2:6f:c3:2b:
                    46:f1:47:b8:7a:31:5d:cb:ef:cb:da:89:2b:0a:f9:
                    57:32:fe:22:58:78:ac:ba:56:cf:35:b1:26:13:5d:
                    81:96:aa:a1:5f:ee:4d:04:6c:53:96:4f:54:0e:14:
                    72:95:c6:4a:d3:82:04:13:a0:5f:38:ca:c8:aa:21:
                    cb:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E3:3E:96:2E:68:65:B3:DC:77:FB:FD:C7:39:0F:38:4C:37:00:71
            X509v3 Authority Key Identifier:
                keyid:D1:52:B4:C1:F5:D4:84:EE:FC:2B:15:97:F4:55:00:3A:B6:54:B0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0VK0wfXUhO78KxWX9FUAOrZUsFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/y-M-li5oZbPcd_v9xzkPOEw3AHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/0VK0wfXUhO78KxWX9FUAOrZUsFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.120.0/21
                IPv6:
                  2001:67c:2e0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:a5:6d:78:9f:38:2f:20:56:45:cf:ec:f6:8d:8c:1e:b9:0d:
         ea:10:51:a1:22:e4:40:4a:0d:e7:f8:48:81:b0:77:9f:2b:c6:
         ec:a0:ae:c1:94:be:5d:2c:ed:5b:df:c7:6e:fe:c2:8f:58:15:
         55:a0:c6:4f:52:fc:f7:46:b0:d2:01:88:c5:e8:1c:a1:c2:2b:
         ac:f2:26:e4:82:80:93:72:65:6b:f3:d6:16:5a:f4:e7:6b:3b:
         50:88:58:b7:3e:14:b7:9d:b4:c9:74:c2:be:41:13:07:1d:25:
         4b:a7:ab:4e:dd:d3:fb:e7:49:d9:5b:f1:df:ee:ec:10:64:31:
         db:97:e8:9e:0e:70:38:68:b1:e5:fe:cd:79:d5:e7:68:5d:84:
         9e:bf:45:2f:89:b9:05:54:4a:d1:d3:9d:6a:35:5f:cc:f2:4e:
         a2:5e:cd:be:d6:45:3e:bc:f9:b4:4c:b4:80:38:65:92:fa:43:
         32:8b:cb:7a:34:87:8d:81:7d:dc:0f:ce:5c:a6:dc:61:59:8c:
         04:6a:cf:0c:2e:2c:47:56:1b:2e:a3:c8:a8:1d:11:6c:22:da:
         f0:44:6b:8e:fa:87:20:72:8a:28:50:57:74:83:39:6e:f8:55:
         5e:de:eb:fb:77:cc:d8:ee:50:a3:b6:8d:34:9a:3e:32:91:3b:
         a8:59:49:fd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIby9SjoNploJcamnUkbfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxNTJiNGMxZjVkNDg0ZWVmYzJiMTU5N2Y0NTUwMDNhYjY1
NGIwNTUwHhcNMjQwMTAyMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmUzM2U5NjJlNjg2NWIzZGM3N2ZiZmRjNzM5MGYzODRjMzcwMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ/Ur1Yuyc//IrAGjtAQYBbcoHrn
X3s8U3itmz6x01aU0s/wQeZw4mkP2pJ7FJU5lzorlXP35qBMrqNHDS8kbEpXbNJu
fRzthu9BPxf1jeUjODhy5FjxFObLyaG2zNE3R7sPyMj2yK45rZ5nQWrwDlmHqpkr
mPeeKmeBQG7Lnb0LFgYbT8QzX1FR5JOYdDjNg0EEgaSb7QadgPSwM5emcbyWeT7U
k75hB6sQf3ajYu2mCX1M9Tm/wHLQ4xmSJbJvwytG8Ue4ejFdy+/L2okrCvlXMv4i
WHisulbPNbEmE12BlqqhX+5NBGxTlk9UDhRylcZK04IEE6BfOMrIqiHLQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMvjPpYuaGWz3Hf7/cc5DzhMNwBxMB8GA1UdIwQY
MBaAFNFStMH11ITu/CsVl/RVADq2VLBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFZLMHdmWFVoTzc4S3hXWDlGVUFPclpVc0ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8zNzllMzItMDJlMC00MzM5LTg4MmIt
MmY3NTE5NTIxNmI5LzEveS1NLWxpNW9aYlBjZF92OXh6a1BPRXczQUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8zNzllMzItMDJlMC00MzM5LTg4MmItMmY3NTE5NTIxNmI5
LzEvMFZLMHdmWFVoTzc4S3hXWDlGVUFPclpVc0ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwhp4MA8E
AgACMAkDBwAgAQZ8LgwwDQYJKoZIhvcNAQELBQADggEBAAmlbXifOC8gVkXP7PaN
jB65DeoQUaEi5EBKDef4SIGwd58rxuygrsGUvl0s7Vvfx27+wo9YFVWgxk9S/PdG
sNIBiMXoHKHCK6zyJuSCgJNyZWvz1hZa9OdrO1CIWLc+FLedtMl0wr5BEwcdJUun
q07d0/vnSdlb8d/u7BBkMduX6J4OcDhoseX+zXnV52hdhJ6/RS+JuQVUStHTnWo1
X8zyTqJezb7WRT68+bRMtIA4ZZL6QzKLy3o0h42BfdwPzlym3GFZjARqzwwuLEdW
Gy6jyKgdEWwi2vBEa476hyByiihQV3SDOW74VV7e6/t3zNjuUKO2jTSaPjKRO6hZ
Sf0=
-----END CERTIFICATE-----