Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/8YVZ8OTgJl8O4K7vbkqzv9ABpgk.roa
File:                     8YVZ8OTgJl8O4K7vbkqzv9ABpgk.roa (raw, json)
Hash identifier:          km+xhPJFpRyb6bldDmN0TsfMYrGiKoiGv/hYyMTsMio=
Subject key identifier:   F1:85:59:F0:E4:E0:26:5F:0E:E0:AE:EF:6E:4A:B3:BF:D0:01:A6:09
Certificate issuer:       /CN=bc075a22749762ecaaff9cbc217b82f17269e362
Certificate serial:       018CC50144ED1D0D42CE1430C7F567B4AC50
Authority key identifier: BC:07:5A:22:74:97:62:EC:AA:FF:9C:BC:21:7B:82:F1:72:69:E3:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vAdaInSXYuyq_5y8IXuC8XJp42I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/8YVZ8OTgJl8O4K7vbkqzv9ABpgk.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210728
IP address blocks:        213.173.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/vAdaInSXYuyq_5y8IXuC8XJp42I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/vAdaInSXYuyq_5y8IXuC8XJp42I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vAdaInSXYuyq_5y8IXuC8XJp42I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:44:ed:1d:0d:42:ce:14:30:c7:f5:67:b4:ac:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc075a22749762ecaaff9cbc217b82f17269e362
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f18559f0e4e0265f0ee0aeef6e4ab3bfd001a609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4d:16:83:b1:ef:48:48:f9:c4:c9:49:a9:2d:
                    fb:61:be:08:d1:b2:80:be:72:7f:34:28:62:b8:66:
                    23:bf:22:ef:f3:77:02:6f:fe:40:98:8a:b8:96:7f:
                    49:e5:d8:e3:c0:60:8f:c0:97:60:26:85:29:d7:f2:
                    e5:ee:3a:64:6f:06:16:ff:00:da:f7:69:71:ab:65:
                    a2:ed:9a:27:c9:66:23:78:ef:d8:61:9e:3f:50:96:
                    ef:3a:a4:e2:89:fa:cd:a7:0d:1f:8e:e6:8e:25:cb:
                    af:39:23:21:4a:cd:65:af:28:22:b7:b8:55:2b:90:
                    d8:c3:2b:41:cf:e4:fc:69:36:6f:6c:e7:b7:20:b9:
                    84:e7:48:94:11:ee:24:b5:9d:df:57:14:6a:1e:93:
                    4d:f2:19:03:bc:ea:27:8d:8e:32:aa:6a:b6:8c:42:
                    c3:2f:ff:6c:5e:dd:2f:25:75:27:f0:d8:d2:c0:35:
                    5e:1a:d7:65:e5:78:2b:cd:d8:fe:6b:ef:08:83:34:
                    bc:d7:11:91:61:61:fc:13:ad:fd:2a:a2:3b:10:c2:
                    18:2b:47:8c:9f:b0:5b:c7:91:fc:81:21:49:ad:e4:
                    f3:b3:27:b6:aa:50:f5:5c:30:93:8e:e3:9c:65:b4:
                    fe:60:75:70:42:7c:52:53:6a:6f:59:43:04:45:1d:
                    cd:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:85:59:F0:E4:E0:26:5F:0E:E0:AE:EF:6E:4A:B3:BF:D0:01:A6:09
            X509v3 Authority Key Identifier:
                keyid:BC:07:5A:22:74:97:62:EC:AA:FF:9C:BC:21:7B:82:F1:72:69:E3:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vAdaInSXYuyq_5y8IXuC8XJp42I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/8YVZ8OTgJl8O4K7vbkqzv9ABpgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/492c8d-61a9-4804-9b05-c39c2cdc8362/1/vAdaInSXYuyq_5y8IXuC8XJp42I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.173.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:7f:8b:d8:98:36:a7:87:b4:ce:6e:48:0c:38:fe:3e:4a:4f:
         cd:6f:4d:e0:5e:a5:f7:af:88:95:18:65:c3:ac:93:95:d4:91:
         a8:f3:a0:4b:7b:2e:e4:f6:90:77:6b:68:fa:51:ea:80:75:54:
         d5:b4:9d:22:7c:33:cb:51:cc:3a:59:a5:34:00:52:b5:8b:fb:
         09:9e:be:1f:78:33:3a:39:73:ec:74:e2:3d:d2:07:61:b9:9a:
         7a:fa:2f:e6:e0:aa:9c:59:fd:ff:cd:3c:39:27:05:e3:78:69:
         31:d5:73:b6:97:92:fe:6d:2d:05:14:0f:97:c6:28:20:22:f0:
         94:e5:db:14:6b:7b:21:42:48:95:42:15:06:de:6d:74:86:b1:
         cc:03:98:20:f5:bf:c5:7e:40:7d:d2:90:3b:71:4d:ee:3c:c6:
         be:34:4e:96:34:df:58:25:35:4c:56:1f:4e:a9:dc:be:56:d5:
         4c:a9:c2:24:42:40:45:50:61:25:68:6b:00:58:1b:84:30:29:
         46:ff:4a:84:7c:eb:1e:f0:bc:5d:99:69:c1:ec:84:f1:e3:3a:
         18:6a:19:6f:88:a0:5b:86:01:84:c2:43:76:4f:4e:95:53:5a:
         8e:2d:07:ea:a1:f7:71:2f:63:f5:38:64:8d:5c:b0:0d:67:ea:
         9b:e0:74:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUTtHQ1CzhQwx/VntKxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMDc1YTIyNzQ5NzYyZWNhYWZmOWNiYzIxN2I4MmYxNzI2
OWUzNjIwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTg1NTlmMGU0ZTAyNjVmMGVlMGFlZWY2ZTRhYjNiZmQwMDFhNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk00Wg7HvSEj5xMlJqS37Yb4I0bKA
vnJ/NChiuGYjvyLv83cCb/5AmIq4ln9J5djjwGCPwJdgJoUp1/Ll7jpkbwYW/wDa
92lxq2Wi7ZonyWYjeO/YYZ4/UJbvOqTiifrNpw0fjuaOJcuvOSMhSs1lrygit7hV
K5DYwytBz+T8aTZvbOe3ILmE50iUEe4ktZ3fVxRqHpNN8hkDvOonjY4yqmq2jELD
L/9sXt0vJXUn8NjSwDVeGtdl5Xgrzdj+a+8IgzS81xGRYWH8E639KqI7EMIYK0eM
n7Bbx5H8gSFJreTzsye2qlD1XDCTjuOcZbT+YHVwQnxSU2pvWUMERR3NlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGFWfDk4CZfDuCu725Ks7/QAaYJMB8GA1UdIwQY
MBaAFLwHWiJ0l2Lsqv+cvCF7gvFyaeNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkFkYUluU1hZdXlxXzV5OElYdUM4WEpwNDJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi80OTJjOGQtNjFhOS00ODA0LTliMDUt
YzM5YzJjZGM4MzYyLzEvOFlWWjhPVGdKbDhPNEs3dmJrcXp2OUFCcGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi80OTJjOGQtNjFhOS00ODA0LTliMDUtYzM5YzJjZGM4MzYy
LzEvdkFkYUluU1hZdXlxXzV5OElYdUM4WEpwNDJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a0nMA0G
CSqGSIb3DQEBCwUAA4IBAQBkf4vYmDanh7TObkgMOP4+Sk/Nb03gXqX3r4iVGGXD
rJOV1JGo86BLey7k9pB3a2j6UeqAdVTVtJ0ifDPLUcw6WaU0AFK1i/sJnr4feDM6
OXPsdOI90gdhuZp6+i/m4KqcWf3/zTw5JwXjeGkx1XO2l5L+bS0FFA+XxiggIvCU
5dsUa3shQkiVQhUG3m10hrHMA5gg9b/FfkB90pA7cU3uPMa+NE6WNN9YJTVMVh9O
qdy+VtVMqcIkQkBFUGElaGsAWBuEMClG/0qEfOse8LxdmWnB7ITx4zoYahlviKBb
hgGEwkN2T06VU1qOLQfqofdxL2P1OGSNXLANZ+qb4HQl
-----END CERTIFICATE-----