Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/yaj2IQ16nNjJwCAaigO50zZoMqM.roa
File:                     yaj2IQ16nNjJwCAaigO50zZoMqM.roa (raw, json)
Hash identifier:          SzfrMdYeKIt2EKK8d35zC8Jnu1ICIxShzBAEnclIpI4=
Subject key identifier:   C9:A8:F6:21:0D:7A:9C:D8:C9:C0:20:1A:8A:03:B9:D3:36:68:32:A3
Certificate issuer:       /CN=9fbddc6313efc4b672a7e2b32ae3c4484fe5f630
Certificate serial:       018CC86F0ACD12836E301BBC3BA9A89AE94E
Authority key identifier: 9F:BD:DC:63:13:EF:C4:B6:72:A7:E2:B3:2A:E3:C4:48:4F:E5:F6:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/yaj2IQ16nNjJwCAaigO50zZoMqM.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48748
IP address blocks:        195.88.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0a:cd:12:83:6e:30:1b:bc:3b:a9:a8:9a:e9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fbddc6313efc4b672a7e2b32ae3c4484fe5f630
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a8f6210d7a9cd8c9c0201a8a03b9d3366832a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:16:0d:16:48:71:3d:f9:be:a4:1b:b1:dc:e9:
                    d7:03:d3:cb:60:60:c6:31:82:bd:40:3f:89:ce:53:
                    61:f8:77:02:d1:c0:f6:30:24:f6:a3:37:d1:f5:85:
                    01:7a:a6:43:5e:f7:e1:17:48:7d:bb:87:2f:de:34:
                    75:66:a7:a6:a3:b5:81:9d:03:85:b7:39:b6:db:18:
                    32:90:b5:6e:21:08:f2:34:04:81:30:5d:64:34:7f:
                    bb:5a:ab:48:36:d5:d9:18:fa:d4:0b:f1:54:b4:86:
                    19:0a:69:8b:58:18:a0:1c:54:69:79:58:14:77:04:
                    d1:59:9e:72:33:40:f2:c3:d3:0a:4b:98:27:c9:3b:
                    34:1a:67:02:2c:6c:c8:0e:4d:89:ae:a6:a5:f5:6a:
                    1e:6a:a2:cd:7e:86:f4:01:96:6c:23:c8:3a:45:19:
                    9f:13:59:45:77:25:bf:41:5b:f4:89:64:f5:b8:01:
                    ca:31:75:04:4f:41:38:5f:36:e7:8f:66:61:17:13:
                    b7:f5:c4:4a:0b:4c:24:d8:3d:92:b6:4f:e6:7f:62:
                    72:33:1a:5c:e6:0b:96:64:bd:35:40:91:87:4a:db:
                    d2:57:d0:b7:c6:1b:76:36:a4:9a:9d:cf:32:3f:0e:
                    45:42:0d:30:b8:2c:b5:2b:1e:9f:54:7b:46:35:60:
                    19:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A8:F6:21:0D:7A:9C:D8:C9:C0:20:1A:8A:03:B9:D3:36:68:32:A3
            X509v3 Authority Key Identifier:
                keyid:9F:BD:DC:63:13:EF:C4:B6:72:A7:E2:B3:2A:E3:C4:48:4F:E5:F6:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/yaj2IQ16nNjJwCAaigO50zZoMqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:10:ee:21:55:64:eb:2e:90:74:a9:8b:12:c9:a6:8e:9e:66:
         09:e4:69:be:31:4f:7e:99:ec:fd:b5:a9:62:e8:75:65:3f:55:
         4d:59:de:0d:0f:a0:a6:a2:cc:19:dc:0a:c1:f6:35:fd:26:02:
         b1:46:c7:13:3c:2c:f6:63:0c:a4:37:e6:04:54:d1:30:df:83:
         aa:10:36:77:f6:d7:33:9a:b8:d9:10:ab:de:1d:4b:0a:e7:40:
         bb:d3:d0:91:22:17:b6:ca:e6:5f:13:f0:4a:e3:c0:ad:f1:f7:
         f4:c4:34:d2:b3:24:ab:15:d9:42:fd:06:74:46:d0:6e:09:18:
         01:e5:52:c4:9e:e8:c7:c0:a4:6e:0e:15:06:83:77:31:1c:0b:
         90:76:be:3b:36:f8:f0:76:90:67:af:b3:de:db:30:69:b3:ad:
         5e:42:26:b3:e0:2f:56:e2:3a:b6:e7:93:ba:d9:42:3b:47:ac:
         9a:d7:f8:d4:30:da:8f:a3:4b:ce:5b:37:19:06:34:fd:e7:48:
         af:5b:27:d8:35:4d:7f:99:71:fc:d3:de:77:75:9c:9f:e5:fe:
         77:c6:0d:a6:cc:53:56:e1:3b:bc:69:5b:4e:9f:52:bc:a1:12:
         00:ab:6b:09:17:81:98:7a:0f:9f:e9:b3:d1:1d:66:20:90:8a:
         f7:dd:db:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwrNEoNuMBu8O6momulOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYmRkYzYzMTNlZmM0YjY3MmE3ZTJiMzJhZTNjNDQ4NGZl
NWY2MzAwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWE4ZjYyMTBkN2E5Y2Q4YzljMDIwMWE4YTAzYjlkMzM2NjgzMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxYNFkhxPfm+pBux3OnXA9PLYGDG
MYK9QD+JzlNh+HcC0cD2MCT2ozfR9YUBeqZDXvfhF0h9u4cv3jR1Zqemo7WBnQOF
tzm22xgykLVuIQjyNASBMF1kNH+7WqtINtXZGPrUC/FUtIYZCmmLWBigHFRpeVgU
dwTRWZ5yM0Dyw9MKS5gnyTs0GmcCLGzIDk2Jrqal9WoeaqLNfob0AZZsI8g6RRmf
E1lFdyW/QVv0iWT1uAHKMXUET0E4Xzbnj2ZhFxO39cRKC0wk2D2Stk/mf2JyMxpc
5guWZL01QJGHStvSV9C3xht2NqSanc8yPw5FQg0wuCy1Kx6fVHtGNWAZPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmo9iENepzYycAgGooDudM2aDKjMB8GA1UdIwQY
MBaAFJ+93GMT78S2cqfisyrjxEhP5fYwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjczY1l4UHZ4TFp5cC1Lekt1UEVTRV9sOWpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZTA2OWEtMzQyMS00MGFiLTllMGMt
NDVjYzJkZDZlNDkxLzEveWFqMklRMTZuTmpKd0NBYWlnTzUwelpvTXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZTA2OWEtMzQyMS00MGFiLTllMGMtNDVjYzJkZDZlNDkx
LzEvbjczY1l4UHZ4TFp5cC1Lekt1UEVTRV9sOWpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1gaMA0G
CSqGSIb3DQEBCwUAA4IBAQBjEO4hVWTrLpB0qYsSyaaOnmYJ5Gm+MU9+mez9tali
6HVlP1VNWd4ND6CmoswZ3ArB9jX9JgKxRscTPCz2YwykN+YEVNEw34OqEDZ39tcz
mrjZEKveHUsK50C709CRIhe2yuZfE/BK48Ct8ff0xDTSsySrFdlC/QZ0RtBuCRgB
5VLEnujHwKRuDhUGg3cxHAuQdr47NvjwdpBnr7Pe2zBps61eQiaz4C9W4jq255O6
2UI7R6ya1/jUMNqPo0vOWzcZBjT950ivWyfYNU1/mXH80953dZyf5f53xg2mzFNW
4Tu8aVtOn1K8oRIAq2sJF4GYeg+f6bPRHWYgkIr33dtK
-----END CERTIFICATE-----