Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/300983-4dfd-419c-bc20-202c2689dfa0/1/y1HEhbSslgw7lcwLwCrVYusjtP8.roa
File:                     y1HEhbSslgw7lcwLwCrVYusjtP8.roa (raw, json)
Hash identifier:          9+QzUqzlMREZLVoxt0NdknNmC6MSkSEuuhm5eKNc3xA=
Subject key identifier:   CB:51:C4:85:B4:AC:96:0C:3B:95:CC:0B:C0:2A:D5:62:EB:23:B4:FF
Certificate issuer:       /CN=cb324555940ae51af5d1f42bd5ac715864fa1829
Certificate serial:       018CC6B78E5F4917EE5265E0926D7E7AE59C
Authority key identifier: CB:32:45:55:94:0A:E5:1A:F5:D1:F4:2B:D5:AC:71:58:64:FA:18:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yzJFVZQK5Rr10fQr1axxWGT6GCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/300983-4dfd-419c-bc20-202c2689dfa0/1/y1HEhbSslgw7lcwLwCrVYusjtP8.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60393
IP address blocks:        194.55.232.0/23 maxlen: 24
                          2001:67c:bfc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/300983-4dfd-419c-bc20-202c2689dfa0/1/yzJFVZQK5Rr10fQr1axxWGT6GCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/300983-4dfd-419c-bc20-202c2689dfa0/1/yzJFVZQK5Rr10fQr1axxWGT6GCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yzJFVZQK5Rr10fQr1axxWGT6GCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8e:5f:49:17:ee:52:65:e0:92:6d:7e:7a:e5:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb324555940ae51af5d1f42bd5ac715864fa1829
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb51c485b4ac960c3b95cc0bc02ad562eb23b4ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8d:37:cb:54:24:3f:4f:86:9c:79:46:12:37:
                    1d:5b:07:15:c6:60:16:9b:3c:ec:e7:5f:8d:1d:87:
                    82:64:98:dc:bd:07:b9:6d:44:90:66:bf:07:30:15:
                    59:e7:cc:10:6d:85:85:66:55:f1:93:5b:bc:6d:98:
                    34:1d:f8:5b:99:d9:b6:89:5b:59:f1:dc:50:41:36:
                    3c:48:b7:88:9e:f0:8b:e3:7e:94:e4:95:f6:bb:0a:
                    2f:1f:48:3d:1f:2b:95:fe:bf:a4:ba:dd:64:3a:bf:
                    83:00:35:0d:dd:64:81:fc:b2:a7:c4:e1:d5:9b:25:
                    45:62:72:b4:92:a3:6f:dd:d4:08:0f:2b:83:37:51:
                    e9:fc:d9:a7:54:6b:7a:9e:69:d5:db:e8:8e:b4:26:
                    4c:01:ef:0a:f4:67:b7:5d:ac:ed:6f:5d:fc:04:d1:
                    34:69:6c:f6:7c:9d:9e:6a:80:b3:c5:f0:82:b8:bd:
                    b8:fa:47:f5:a5:40:bb:a8:60:bd:cf:87:e0:64:26:
                    13:64:aa:ba:47:66:4f:cf:09:cd:a8:96:4c:c9:dd:
                    5b:b9:36:00:61:c9:c3:67:4c:2d:c9:8c:01:f1:db:
                    24:ae:b8:8d:f3:f1:08:a0:2d:85:28:68:54:64:e5:
                    ed:f0:42:ea:29:e8:50:24:e0:96:c1:9f:5d:59:85:
                    35:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:51:C4:85:B4:AC:96:0C:3B:95:CC:0B:C0:2A:D5:62:EB:23:B4:FF
            X509v3 Authority Key Identifier:
                keyid:CB:32:45:55:94:0A:E5:1A:F5:D1:F4:2B:D5:AC:71:58:64:FA:18:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yzJFVZQK5Rr10fQr1axxWGT6GCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/300983-4dfd-419c-bc20-202c2689dfa0/1/y1HEhbSslgw7lcwLwCrVYusjtP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/300983-4dfd-419c-bc20-202c2689dfa0/1/yzJFVZQK5Rr10fQr1axxWGT6GCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.232.0/23
                IPv6:
                  2001:67c:bfc::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:c0:ae:21:de:3e:2b:92:c1:9f:3b:77:b4:44:64:89:49:27:
         39:53:b4:49:47:06:82:ed:cb:82:b6:26:de:14:05:08:ec:3d:
         b5:cc:30:d4:26:60:ad:a1:b5:0e:ea:6f:f9:8f:27:35:fe:a4:
         2d:dc:72:0a:84:4d:36:ad:dd:0c:fa:79:eb:ab:b0:26:a3:5f:
         5c:fb:af:0b:60:5d:0e:bb:13:ce:f3:b3:96:e3:1e:91:a1:47:
         cd:50:20:d3:e9:c8:4b:11:dd:90:d8:28:f9:11:0b:bb:34:79:
         0b:a5:ad:de:25:5d:43:51:a2:ac:14:54:ba:b6:bd:e5:fe:01:
         a0:a3:5f:02:c2:b3:39:f0:d1:2b:05:e1:f2:80:4c:8f:9c:85:
         1a:c7:ed:e9:b5:13:d3:fd:76:92:8a:fa:ee:d4:ca:9d:3b:bf:
         95:bc:8c:f3:23:4e:c0:68:0a:bf:bf:fb:17:82:ea:f0:62:ae:
         b4:3d:4f:85:b8:a3:79:05:4c:cc:9c:2d:b4:57:42:89:aa:4c:
         4d:f1:32:d7:5a:74:72:96:d2:5a:67:3f:c6:0f:32:34:4a:a5:
         f8:c4:31:6d:f4:ac:26:d9:09:41:3d:a8:2b:bb:87:9c:dc:09:
         b3:c5:53:38:f2:d8:74:c5:5e:2c:34:73:fb:77:f0:bc:29:b5:
         69:ef:dc:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt45fSRfuUmXgkm1+euWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMzI0NTU1OTQwYWU1MWFmNWQxZjQyYmQ1YWM3MTU4NjRm
YTE4MjkwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUxYzQ4NWI0YWM5NjBjM2I5NWNjMGJjMDJhZDU2MmViMjNiNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnI03y1QkP0+GnHlGEjcdWwcVxmAW
mzzs51+NHYeCZJjcvQe5bUSQZr8HMBVZ58wQbYWFZlXxk1u8bZg0Hfhbmdm2iVtZ
8dxQQTY8SLeInvCL436U5JX2uwovH0g9HyuV/r+kut1kOr+DADUN3WSB/LKnxOHV
myVFYnK0kqNv3dQIDyuDN1Hp/NmnVGt6nmnV2+iOtCZMAe8K9Ge3Xaztb138BNE0
aWz2fJ2eaoCzxfCCuL24+kf1pUC7qGC9z4fgZCYTZKq6R2ZPzwnNqJZMyd1buTYA
YcnDZ0wtyYwB8dskrriN8/EIoC2FKGhUZOXt8ELqKehQJOCWwZ9dWYU10wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMtRxIW0rJYMO5XMC8Aq1WLrI7T/MB8GA1UdIwQY
MBaAFMsyRVWUCuUa9dH0K9WscVhk+hgpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXpKRlZaUUs1UnIxMGZRcjFheHhXR1Q2R0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zMDA5ODMtNGRmZC00MTljLWJjMjAt
MjAyYzI2ODlkZmEwLzEveTFIRWhiU3NsZ3c3bGN3THdDclZZdXNqdFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zMDA5ODMtNGRmZC00MTljLWJjMjAtMjAyYzI2ODlkZmEw
LzEveXpKRlZaUUs1UnIxMGZRcjFheHhXR1Q2R0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwjfoMA8E
AgACMAkDBwAgAQZ8C/wwDQYJKoZIhvcNAQELBQADggEBAKrAriHePiuSwZ87d7RE
ZIlJJzlTtElHBoLty4K2Jt4UBQjsPbXMMNQmYK2htQ7qb/mPJzX+pC3ccgqETTat
3Qz6eeursCajX1z7rwtgXQ67E87zs5bjHpGhR81QINPpyEsR3ZDYKPkRC7s0eQul
rd4lXUNRoqwUVLq2veX+AaCjXwLCsznw0SsF4fKATI+chRrH7em1E9P9dpKK+u7U
yp07v5W8jPMjTsBoCr+/+xeC6vBirrQ9T4W4o3kFTMycLbRXQomqTE3xMtdadHKW
0lpnP8YPMjRKpfjEMW30rCbZCUE9qCu7h5zcCbPFUzjy2HTFXiw0c/t38LwptWnv
3Bg=
-----END CERTIFICATE-----