Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/481466-0e38-4e3b-9bf3-285745647f5f/1/YJwPJW7mei5XQ_mQMlYdS_u_jQo.roa
File:                     YJwPJW7mei5XQ_mQMlYdS_u_jQo.roa (raw, json)
Hash identifier:          FaX78c0VaQL/kwSdfergBsupLANMaNpdpZSo2X88RWs=
Subject key identifier:   60:9C:0F:25:6E:E6:7A:2E:57:43:F9:90:32:56:1D:4B:FB:BF:8D:0A
Certificate issuer:       /CN=997a6477dd970c94b2a17b52502982d4fc75b244
Certificate serial:       018E51F26DC2E7FD2FDFD8A3ED54A7EEF8D7
Authority key identifier: 99:7A:64:77:DD:97:0C:94:B2:A1:7B:52:50:29:82:D4:FC:75:B2:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mXpkd92XDJSyoXtSUCmC1Px1skQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/481466-0e38-4e3b-9bf3-285745647f5f/1/YJwPJW7mei5XQ_mQMlYdS_u_jQo.roa
Signing time:             Mon 18 Mar 2024 14:23:45 +0000
ROA not before:           Mon 18 Mar 2024 14:23:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215444
IP address blocks:        193.242.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/481466-0e38-4e3b-9bf3-285745647f5f/1/mXpkd92XDJSyoXtSUCmC1Px1skQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/481466-0e38-4e3b-9bf3-285745647f5f/1/mXpkd92XDJSyoXtSUCmC1Px1skQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mXpkd92XDJSyoXtSUCmC1Px1skQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:f2:6d:c2:e7:fd:2f:df:d8:a3:ed:54:a7:ee:f8:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=997a6477dd970c94b2a17b52502982d4fc75b244
        Validity
            Not Before: Mar 18 14:23:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=609c0f256ee67a2e5743f99032561d4bfbbf8d0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:7d:ef:35:75:22:ef:fb:79:f0:21:3d:b6:61:
                    92:b7:1b:7a:61:bb:8f:18:c7:9b:7f:75:ff:ae:e3:
                    ba:5d:8d:4f:f5:ab:66:cf:1f:3c:db:da:0c:35:5f:
                    c2:40:a8:4b:76:09:c1:8b:33:4b:74:e9:5a:1c:3b:
                    ff:25:8f:f4:07:4c:0d:11:7a:10:d8:98:7a:ce:42:
                    f4:d7:62:88:2f:d9:a8:52:e0:82:e9:28:77:cc:b9:
                    a6:14:4d:ca:8e:d5:b7:25:d8:f0:73:6f:5b:f3:5e:
                    f8:7f:53:70:59:59:54:ed:a4:86:da:8b:01:0c:57:
                    85:07:ca:aa:ab:c2:fc:9b:56:4c:4e:f1:87:55:60:
                    2d:05:4e:56:3e:c8:c6:6d:f8:67:6e:10:b5:2c:13:
                    11:d0:05:82:56:ad:e8:02:90:68:e4:6c:ce:2d:33:
                    51:eb:44:77:58:7a:38:f2:e1:c4:bb:49:a4:82:59:
                    61:b2:18:1b:4b:af:19:38:dc:51:32:f2:d7:be:f8:
                    0f:eb:94:21:50:32:67:35:c2:a1:16:a3:44:ad:91:
                    a4:83:23:e7:e1:32:8c:91:c0:99:12:21:6a:78:dc:
                    dc:f9:e0:3f:8c:9b:75:e8:61:a1:5b:da:77:40:e9:
                    f0:0b:4d:df:10:0e:4f:03:16:62:00:b9:51:01:34:
                    76:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9C:0F:25:6E:E6:7A:2E:57:43:F9:90:32:56:1D:4B:FB:BF:8D:0A
            X509v3 Authority Key Identifier:
                keyid:99:7A:64:77:DD:97:0C:94:B2:A1:7B:52:50:29:82:D4:FC:75:B2:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mXpkd92XDJSyoXtSUCmC1Px1skQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/481466-0e38-4e3b-9bf3-285745647f5f/1/YJwPJW7mei5XQ_mQMlYdS_u_jQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/481466-0e38-4e3b-9bf3-285745647f5f/1/mXpkd92XDJSyoXtSUCmC1Px1skQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:bb:51:bf:c0:69:15:7e:c3:1e:cb:f9:95:89:c0:3f:bb:de:
         f9:89:ba:b2:88:1f:b2:9f:62:6b:a9:13:94:4a:d4:df:57:38:
         73:6e:f2:fd:48:d3:36:ae:ab:9e:21:ce:50:43:ba:4d:48:68:
         85:42:8d:87:50:71:cc:11:33:4f:77:60:d5:d5:22:7b:97:80:
         d3:16:cf:88:f1:c5:78:51:ee:98:bc:62:30:48:8c:4d:ad:b6:
         f6:18:d1:a3:c8:c1:1c:ed:8a:48:75:64:5f:84:91:de:0d:88:
         96:58:68:a3:14:05:bd:66:1b:5d:bc:91:2a:b2:80:3a:1b:d7:
         47:30:34:6f:ee:74:76:c1:32:e6:e0:27:a3:5f:30:db:8d:31:
         b2:8b:49:2b:14:22:e6:e4:54:5f:b5:98:95:0a:ae:66:ba:5d:
         84:d5:0b:82:62:eb:33:bd:be:f8:3b:e1:5e:05:6a:13:72:6a:
         72:98:d7:3e:49:e9:ad:03:32:b0:3d:97:71:f7:aa:12:67:08:
         90:c3:e9:3e:8e:ef:1f:4d:a0:b9:1d:e6:a3:8d:14:2d:49:f5:
         c5:c3:d1:9c:39:f3:be:03:63:f4:07:2f:a4:e8:8d:9a:20:02:
         17:c4:3b:c8:8e:d9:00:c0:d0:4b:74:1b:60:d0:f5:0c:72:01:
         36:8f:cd:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5R8m3C5/0v39ij7VSn7vjXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5N2E2NDc3ZGQ5NzBjOTRiMmExN2I1MjUwMjk4MmQ0ZmM3
NWIyNDQwHhcNMjQwMzE4MTQyMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDljMGYyNTZlZTY3YTJlNTc0M2Y5OTAzMjU2MWQ0YmZiYmY4ZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjn3vNXUi7/t58CE9tmGStxt6YbuP
GMebf3X/ruO6XY1P9atmzx8829oMNV/CQKhLdgnBizNLdOlaHDv/JY/0B0wNEXoQ
2Jh6zkL012KIL9moUuCC6Sh3zLmmFE3KjtW3Jdjwc29b8174f1NwWVlU7aSG2osB
DFeFB8qqq8L8m1ZMTvGHVWAtBU5WPsjGbfhnbhC1LBMR0AWCVq3oApBo5GzOLTNR
60R3WHo48uHEu0mkgllhshgbS68ZONxRMvLXvvgP65QhUDJnNcKhFqNErZGkgyPn
4TKMkcCZEiFqeNzc+eA/jJt16GGhW9p3QOnwC03fEA5PAxZiALlRATR2swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCcDyVu5nouV0P5kDJWHUv7v40KMB8GA1UdIwQY
MBaAFJl6ZHfdlwyUsqF7UlApgtT8dbJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVhwa2Q5MlhESlN5b1h0U1VDbUMxUHgxc2tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS80ODE0NjYtMGUzOC00ZTNiLTliZjMt
Mjg1NzQ1NjQ3ZjVmLzEvWUp3UEpXN21laTVYUV9tUU1sWWRTX3VfalFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS80ODE0NjYtMGUzOC00ZTNiLTliZjMtMjg1NzQ1NjQ3ZjVm
LzEvbVhwa2Q5MlhESlN5b1h0U1VDbUMxUHgxc2tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfK5MA0G
CSqGSIb3DQEBCwUAA4IBAQAnu1G/wGkVfsMey/mVicA/u975ibqyiB+yn2JrqROU
StTfVzhzbvL9SNM2rqueIc5QQ7pNSGiFQo2HUHHMETNPd2DV1SJ7l4DTFs+I8cV4
Ue6YvGIwSIxNrbb2GNGjyMEc7YpIdWRfhJHeDYiWWGijFAW9ZhtdvJEqsoA6G9dH
MDRv7nR2wTLm4CejXzDbjTGyi0krFCLm5FRftZiVCq5mul2E1QuCYuszvb74O+Fe
BWoTcmpymNc+SemtAzKwPZdx96oSZwiQw+k+ju8fTaC5HeajjRQtSfXFw9GcOfO+
A2P0By+k6I2aIAIXxDvIjtkAwNBLdBtg0PUMcgE2j81q
-----END CERTIFICATE-----