Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/54d445-a307-4987-8b68-b6aa0b8920e5/1/yuLqwV6fOSLmWt6Jb533HykVY3s.roa
File:                     yuLqwV6fOSLmWt6Jb533HykVY3s.roa (raw, json)
Hash identifier:          DMeu+CSTd/eGAGI3gB9pAThLKIDa+4N8IWZoIbkxlLI=
Subject key identifier:   CA:E2:EA:C1:5E:9F:39:22:E6:5A:DE:89:6F:9D:F7:1F:29:15:63:7B
Certificate issuer:       /CN=f1307479f991b5043b7d37f7f8fd90466a2abf27
Certificate serial:       018CC4936E8CE02E436D9025E88CAD78DC2D
Authority key identifier: F1:30:74:79:F9:91:B5:04:3B:7D:37:F7:F8:FD:90:46:6A:2A:BF:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TB0efmRtQQ7fTf3-P2QRmoqvyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/54d445-a307-4987-8b68-b6aa0b8920e5/1/yuLqwV6fOSLmWt6Jb533HykVY3s.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12815
IP address blocks:        193.17.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/54d445-a307-4987-8b68-b6aa0b8920e5/1/8TB0efmRtQQ7fTf3-P2QRmoqvyc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/54d445-a307-4987-8b68-b6aa0b8920e5/1/8TB0efmRtQQ7fTf3-P2QRmoqvyc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TB0efmRtQQ7fTf3-P2QRmoqvyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6e:8c:e0:2e:43:6d:90:25:e8:8c:ad:78:dc:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1307479f991b5043b7d37f7f8fd90466a2abf27
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cae2eac15e9f3922e65ade896f9df71f2915637b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:83:ea:5b:2b:2e:f3:88:d8:84:e8:da:6e:ec:
                    aa:60:92:53:3b:fc:be:8f:18:56:e7:f0:87:fc:21:
                    e5:9d:8e:30:ae:df:a1:bc:e2:9d:78:4e:04:85:ed:
                    b4:83:8a:4a:3b:35:60:4b:83:5f:a9:b6:1a:63:7d:
                    b9:2a:2f:37:d9:a5:0a:bd:86:51:88:7a:9a:f5:3a:
                    0c:94:c0:fb:64:84:2a:cd:5b:d2:db:fe:cc:14:71:
                    b7:fb:70:ab:b8:44:88:67:74:50:ec:4f:b3:e2:34:
                    9f:f4:45:2e:c6:f5:8f:72:e1:d8:4b:61:ab:ad:f3:
                    15:6f:18:12:91:2b:30:8e:3f:29:47:a7:1b:4e:93:
                    a5:a2:9c:ab:75:4c:6f:85:60:10:21:81:0b:2d:cb:
                    8d:23:39:9e:42:e4:09:fa:ed:6b:0b:2f:d4:da:81:
                    e2:ff:ce:b8:3f:f9:d5:72:2f:d4:07:09:f9:bf:91:
                    02:43:5e:2b:00:a1:9f:a0:c3:4d:46:e5:3c:07:35:
                    48:0f:5d:dd:ca:04:3f:5c:f9:f4:29:9f:6a:e7:33:
                    33:5f:de:71:b2:3e:a3:15:6c:74:a4:d2:b7:0b:a5:
                    49:97:b4:09:98:5c:42:3d:14:2c:22:83:7d:38:30:
                    13:6e:a9:34:f5:d4:0e:51:b1:8b:08:1a:4f:e0:7b:
                    79:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E2:EA:C1:5E:9F:39:22:E6:5A:DE:89:6F:9D:F7:1F:29:15:63:7B
            X509v3 Authority Key Identifier:
                keyid:F1:30:74:79:F9:91:B5:04:3B:7D:37:F7:F8:FD:90:46:6A:2A:BF:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TB0efmRtQQ7fTf3-P2QRmoqvyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/54d445-a307-4987-8b68-b6aa0b8920e5/1/yuLqwV6fOSLmWt6Jb533HykVY3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/54d445-a307-4987-8b68-b6aa0b8920e5/1/8TB0efmRtQQ7fTf3-P2QRmoqvyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:26:a7:02:18:cf:ed:b6:ad:df:a1:c6:0b:4a:76:f9:0a:54:
         04:43:3b:d1:13:9c:ad:21:32:2e:5f:a3:e5:04:a3:22:17:df:
         20:0a:9d:85:59:81:32:ee:59:75:8c:ae:7a:ad:8f:29:74:6f:
         20:4d:fa:f3:0a:2a:6f:d3:c0:33:e2:35:de:ab:9f:ae:d5:93:
         c6:52:6f:cc:96:bc:d8:c8:0f:cb:dc:7b:8a:5a:5f:72:33:c2:
         1b:3d:9e:90:35:26:a1:72:a7:23:01:af:e0:f6:44:d8:2f:22:
         b0:82:f1:87:35:9b:b6:76:ed:ed:56:73:cc:13:28:b0:25:4a:
         b2:ae:cb:ea:c8:d6:0c:dd:f9:ed:3c:a1:92:b5:a4:06:22:0e:
         d1:76:63:df:02:d8:14:65:3a:48:53:09:cd:30:e9:ca:d8:45:
         b2:0b:f7:c3:c8:7c:ca:c2:7a:c3:bc:bf:0e:a5:97:c8:10:39:
         4b:ed:5b:08:d1:4b:19:00:15:2d:20:6f:9a:6e:f5:ff:ee:bf:
         51:29:e6:a0:ee:31:91:27:c2:01:87:2f:d2:bf:e9:5b:37:3d:
         a5:7c:e4:07:53:a3:25:60:ce:7f:a4:7e:42:f0:f2:0a:60:a6:
         98:b1:0f:0d:b1:4e:54:0c:69:87:5d:ce:0e:e8:8d:ea:96:08:
         b0:e2:0d:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk26M4C5DbZAl6IyteNwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzA3NDc5Zjk5MWI1MDQzYjdkMzdmN2Y4ZmQ5MDQ2NmEy
YWJmMjcwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWUyZWFjMTVlOWYzOTIyZTY1YWRlODk2ZjlkZjcxZjI5MTU2MzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4PqWysu84jYhOjabuyqYJJTO/y+
jxhW5/CH/CHlnY4wrt+hvOKdeE4Ehe20g4pKOzVgS4NfqbYaY325Ki832aUKvYZR
iHqa9ToMlMD7ZIQqzVvS2/7MFHG3+3CruESIZ3RQ7E+z4jSf9EUuxvWPcuHYS2Gr
rfMVbxgSkSswjj8pR6cbTpOlopyrdUxvhWAQIYELLcuNIzmeQuQJ+u1rCy/U2oHi
/864P/nVci/UBwn5v5ECQ14rAKGfoMNNRuU8BzVID13dygQ/XPn0KZ9q5zMzX95x
sj6jFWx0pNK3C6VJl7QJmFxCPRQsIoN9ODATbqk09dQOUbGLCBpP4Ht5QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMri6sFenzki5lreiW+d9x8pFWN7MB8GA1UdIwQY
MBaAFPEwdHn5kbUEO3039/j9kEZqKr8nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRCMGVmbVJ0UVE3ZlRmMy1QMlFSbW9xdnljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy81NGQ0NDUtYTMwNy00OTg3LThiNjgt
YjZhYTBiODkyMGU1LzEveXVMcXdWNmZPU0xtV3Q2SmI1MzNIeWtWWTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy81NGQ0NDUtYTMwNy00OTg3LThiNjgtYjZhYTBiODkyMGU1
LzEvOFRCMGVmbVJ0UVE3ZlRmMy1QMlFSbW9xdnljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHlMA0G
CSqGSIb3DQEBCwUAA4IBAQBRJqcCGM/ttq3focYLSnb5ClQEQzvRE5ytITIuX6Pl
BKMiF98gCp2FWYEy7ll1jK56rY8pdG8gTfrzCipv08Az4jXeq5+u1ZPGUm/MlrzY
yA/L3HuKWl9yM8IbPZ6QNSahcqcjAa/g9kTYLyKwgvGHNZu2du3tVnPMEyiwJUqy
rsvqyNYM3fntPKGStaQGIg7RdmPfAtgUZTpIUwnNMOnK2EWyC/fDyHzKwnrDvL8O
pZfIEDlL7VsI0UsZABUtIG+abvX/7r9RKeag7jGRJ8IBhy/Sv+lbNz2lfOQHU6Ml
YM5/pH5C8PIKYKaYsQ8NsU5UDGmHXc4O6I3qlgiw4g1q
-----END CERTIFICATE-----