Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/94d485-5d19-46bc-b336-faafe478bdce/1/ycJV2LNizmx5YUjVBC1KOeeop6w.roa
File:                     ycJV2LNizmx5YUjVBC1KOeeop6w.roa (raw, json)
Hash identifier:          zxYENwY2mv8A6D6hiTnV1rrfhtdU6jcWPKJSQjwdDoU=
Subject key identifier:   C9:C2:55:D8:B3:62:CE:6C:79:61:48:D5:04:2D:4A:39:E7:A8:A7:AC
Certificate issuer:       /CN=5151824c12bd3e2af7a987524a7a33a8f19d81e7
Certificate serial:       018F773E598848AC105060B5621A0D52262C
Authority key identifier: 51:51:82:4C:12:BD:3E:2A:F7:A9:87:52:4A:7A:33:A8:F1:9D:81:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UVGCTBK9Pir3qYdSSnozqPGdgec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/94d485-5d19-46bc-b336-faafe478bdce/1/ycJV2LNizmx5YUjVBC1KOeeop6w.roa
Signing time:             Tue 14 May 2024 13:15:25 +0000
ROA not before:           Tue 14 May 2024 13:15:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.226.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/94d485-5d19-46bc-b336-faafe478bdce/1/UVGCTBK9Pir3qYdSSnozqPGdgec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/94d485-5d19-46bc-b336-faafe478bdce/1/UVGCTBK9Pir3qYdSSnozqPGdgec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UVGCTBK9Pir3qYdSSnozqPGdgec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:3e:59:88:48:ac:10:50:60:b5:62:1a:0d:52:26:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5151824c12bd3e2af7a987524a7a33a8f19d81e7
        Validity
            Not Before: May 14 13:15:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9c255d8b362ce6c796148d5042d4a39e7a8a7ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8b:bc:3d:78:bb:68:62:91:93:59:bf:27:94:
                    de:10:8a:8f:11:be:90:8b:f5:26:93:aa:13:d3:b7:
                    8d:98:a0:f0:e4:17:2f:82:9f:25:bd:bd:ac:b1:8c:
                    c4:a4:1f:fb:62:a0:c0:29:14:f3:e6:f2:9e:b7:33:
                    f8:e1:57:9d:ad:b5:4d:44:eb:84:a5:1b:20:f9:29:
                    d6:02:5c:c5:91:57:57:1f:80:d1:2e:46:bc:c5:55:
                    7e:40:bc:3a:44:b5:d4:5d:31:6b:97:c6:66:4f:a3:
                    66:e1:41:16:9e:29:9f:e4:60:9d:0d:bf:9c:a6:d8:
                    6b:df:fc:20:11:d7:d0:46:33:79:ab:dd:65:28:7a:
                    4f:17:ac:c0:93:84:8d:b9:67:bb:cd:70:7c:1d:9e:
                    1e:05:b1:25:9b:21:4a:52:31:aa:f3:14:40:86:34:
                    26:8a:0c:ea:64:d1:20:04:5d:ef:8f:4b:13:6c:d2:
                    8a:5b:a7:cd:12:17:77:95:7e:2c:5c:86:e9:b4:1b:
                    4b:45:2b:fd:39:aa:9d:dc:fd:c2:93:23:39:df:8a:
                    44:61:01:39:28:b2:02:95:42:a0:2f:6f:e3:1d:9b:
                    2e:61:5b:ce:fb:0c:14:01:37:1d:07:7d:c6:d9:de:
                    bb:72:4b:76:bc:1e:16:0c:20:31:7a:39:a2:2c:e6:
                    4f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:C2:55:D8:B3:62:CE:6C:79:61:48:D5:04:2D:4A:39:E7:A8:A7:AC
            X509v3 Authority Key Identifier:
                keyid:51:51:82:4C:12:BD:3E:2A:F7:A9:87:52:4A:7A:33:A8:F1:9D:81:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UVGCTBK9Pir3qYdSSnozqPGdgec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/94d485-5d19-46bc-b336-faafe478bdce/1/ycJV2LNizmx5YUjVBC1KOeeop6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/94d485-5d19-46bc-b336-faafe478bdce/1/UVGCTBK9Pir3qYdSSnozqPGdgec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:48:d5:b9:0a:69:a0:22:ef:21:06:6e:bf:94:c8:2a:9c:d1:
         f3:ba:ec:cb:10:1a:66:69:0c:1a:03:0c:05:42:91:0f:a1:4c:
         af:27:f5:57:29:7c:b9:60:c7:6c:a9:f5:6e:45:85:11:2f:07:
         47:73:7d:76:80:ff:2f:6a:c6:15:82:38:82:b1:e8:97:56:1e:
         a0:04:7d:6f:7a:2b:bb:c7:e6:99:f0:6e:9d:12:f3:b8:62:36:
         09:48:5c:46:0f:71:20:79:96:f5:37:e4:66:c7:f5:b2:05:21:
         ef:b3:12:6a:8c:92:1f:d5:f2:52:c4:57:2e:47:f5:33:d9:ca:
         e9:88:35:fd:a0:59:5e:2c:b0:91:d3:7e:05:38:7b:17:dd:a6:
         40:95:81:25:c0:4e:5a:21:f3:f0:76:27:c2:4f:18:e4:b2:67:
         c6:a7:02:7b:a2:69:ad:17:3b:a0:a8:f7:1f:13:f6:34:0e:87:
         ba:2a:ef:88:04:09:10:29:a2:d0:0a:8c:02:d7:77:a3:b6:33:
         be:3e:56:4a:62:d6:08:15:ec:3e:d0:20:55:cb:47:9e:59:86:
         ce:36:20:e4:c7:e5:56:47:58:09:bd:72:2a:6a:a2:71:1c:06:
         a9:44:09:61:a4:a3:f6:eb:bf:7f:c5:39:b3:1e:4a:ba:0a:8d:
         12:e6:f5:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY93PlmISKwQUGC1YhoNUiYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNTE4MjRjMTJiZDNlMmFmN2E5ODc1MjRhN2EzM2E4ZjE5
ZDgxZTcwHhcNMjQwNTE0MTMxNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWMyNTVkOGIzNjJjZTZjNzk2MTQ4ZDUwNDJkNGEzOWU3YThhN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Iu8PXi7aGKRk1m/J5TeEIqPEb6Q
i/Umk6oT07eNmKDw5Bcvgp8lvb2ssYzEpB/7YqDAKRTz5vKetzP44VedrbVNROuE
pRsg+SnWAlzFkVdXH4DRLka8xVV+QLw6RLXUXTFrl8ZmT6Nm4UEWnimf5GCdDb+c
pthr3/wgEdfQRjN5q91lKHpPF6zAk4SNuWe7zXB8HZ4eBbElmyFKUjGq8xRAhjQm
igzqZNEgBF3vj0sTbNKKW6fNEhd3lX4sXIbptBtLRSv9Oaqd3P3CkyM534pEYQE5
KLIClUKgL2/jHZsuYVvO+wwUATcdB33G2d67ckt2vB4WDCAxejmiLOZPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnCVdizYs5seWFI1QQtSjnnqKesMB8GA1UdIwQY
MBaAFFFRgkwSvT4q96mHUkp6M6jxnYHnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVZHQ1RCSzlQaXIzcVlkU1Nub3pxUEdkZ2VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC85NGQ0ODUtNWQxOS00NmJjLWIzMzYt
ZmFhZmU0NzhiZGNlLzEveWNKVjJMTml6bXg1WVVqVkJDMUtPZWVvcDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC85NGQ0ODUtNWQxOS00NmJjLWIzMzYtZmFhZmU0NzhiZGNl
LzEvVVZHQ1RCSzlQaXIzcVlkU1Nub3pxUEdkZ2VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+LTMA0G
CSqGSIb3DQEBCwUAA4IBAQB6SNW5CmmgIu8hBm6/lMgqnNHzuuzLEBpmaQwaAwwF
QpEPoUyvJ/VXKXy5YMdsqfVuRYURLwdHc312gP8vasYVgjiCseiXVh6gBH1veiu7
x+aZ8G6dEvO4YjYJSFxGD3EgeZb1N+Rmx/WyBSHvsxJqjJIf1fJSxFcuR/Uz2crp
iDX9oFleLLCR034FOHsX3aZAlYElwE5aIfPwdifCTxjksmfGpwJ7ommtFzugqPcf
E/Y0Doe6Ku+IBAkQKaLQCowC13ejtjO+PlZKYtYIFew+0CBVy0eeWYbONiDkx+VW
R1gJvXIqaqJxHAapRAlhpKP2679/xTmzHkq6Co0S5vUi
-----END CERTIFICATE-----