Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/0461d2-2182-408e-86df-39f753757848/1/YhX2CrB5Nz7z7jLLa3hFvLZDdzU.roa
File:                     YhX2CrB5Nz7z7jLLa3hFvLZDdzU.roa (raw, json)
Hash identifier:          lvInM5p7mVP/Sy0AaI8vR+7+SNoAUzSiZUOULxm36rs=
Subject key identifier:   62:15:F6:0A:B0:79:37:3E:F3:EE:32:CB:6B:78:45:BC:B6:43:77:35
Certificate issuer:       /CN=a93e37eb9cb198325d656673289258d28eb9f3b8
Certificate serial:       018CC94CBCF54A01BCEB0A01A706AC64CD57
Authority key identifier: A9:3E:37:EB:9C:B1:98:32:5D:65:66:73:28:92:58:D2:8E:B9:F3:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qT4365yxmDJdZWZzKJJY0o6587g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/0461d2-2182-408e-86df-39f753757848/1/YhX2CrB5Nz7z7jLLa3hFvLZDdzU.roa
Signing time:             Tue 02 Jan 2024 08:31:38 +0000
ROA not before:           Tue 02 Jan 2024 08:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12350
IP address blocks:        193.247.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/0461d2-2182-408e-86df-39f753757848/1/qT4365yxmDJdZWZzKJJY0o6587g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/0461d2-2182-408e-86df-39f753757848/1/qT4365yxmDJdZWZzKJJY0o6587g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qT4365yxmDJdZWZzKJJY0o6587g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:bc:f5:4a:01:bc:eb:0a:01:a7:06:ac:64:cd:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a93e37eb9cb198325d656673289258d28eb9f3b8
        Validity
            Not Before: Jan  2 08:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6215f60ab079373ef3ee32cb6b7845bcb6437735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d7:33:26:84:48:2b:47:f4:31:23:b6:43:fb:
                    a2:b7:d0:3d:8e:3f:f8:2d:15:ed:f1:bc:70:72:39:
                    48:b2:45:d8:20:0c:cd:71:d9:33:17:88:e6:d5:ec:
                    91:ad:d6:aa:b2:18:14:43:22:e9:a2:1e:e6:b1:e1:
                    02:78:46:f7:9a:ad:7c:5c:c6:ec:82:f1:45:c2:d1:
                    5b:1d:a0:a0:5a:99:8c:81:09:8a:c6:60:b1:f9:de:
                    8b:39:0e:53:ed:7d:2f:ff:22:80:5e:9a:04:9d:3d:
                    cf:b5:82:af:9f:eb:ee:b2:1c:71:a6:cc:2d:f1:b1:
                    e5:d8:c3:a3:bb:ec:af:20:13:c4:7e:d3:ab:d6:8c:
                    02:c4:f9:8e:25:19:50:76:d9:ad:46:c0:bb:85:2e:
                    0f:fe:fc:0b:b3:bf:af:99:d4:94:06:3c:7c:71:0a:
                    ae:d3:7b:3b:39:21:a0:c8:5e:09:33:ff:89:0a:c1:
                    38:80:e2:22:39:58:e2:b0:9d:bc:a8:06:be:d2:9e:
                    69:e1:65:7f:a2:b5:60:4b:1a:95:7e:87:b5:ae:b6:
                    6e:f9:16:83:a4:0a:34:33:0c:b4:c5:be:53:62:44:
                    56:5e:4d:e7:ca:c9:2a:ed:6c:3a:17:5d:38:2f:3e:
                    bf:fa:f6:0c:2c:fc:2e:b1:c4:6a:d4:90:1f:8e:10:
                    bf:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:15:F6:0A:B0:79:37:3E:F3:EE:32:CB:6B:78:45:BC:B6:43:77:35
            X509v3 Authority Key Identifier:
                keyid:A9:3E:37:EB:9C:B1:98:32:5D:65:66:73:28:92:58:D2:8E:B9:F3:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qT4365yxmDJdZWZzKJJY0o6587g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/0461d2-2182-408e-86df-39f753757848/1/YhX2CrB5Nz7z7jLLa3hFvLZDdzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/0461d2-2182-408e-86df-39f753757848/1/qT4365yxmDJdZWZzKJJY0o6587g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:36:20:f6:47:01:61:06:5f:62:56:94:f8:6d:ab:25:99:26:
         fe:c9:2a:77:81:c8:13:07:8a:ea:00:15:a6:23:1b:f0:0c:26:
         99:b5:32:94:d6:68:a8:de:79:ba:9d:76:43:3a:7b:c0:35:c8:
         79:9e:a3:36:18:eb:81:b4:44:3f:c6:5f:46:27:5f:86:3d:ca:
         75:af:bd:f9:8a:61:30:75:25:81:a5:25:88:4b:98:3d:cd:bb:
         1a:28:25:3c:f1:f9:a2:f0:69:b1:91:83:cb:82:96:3e:1a:0d:
         a4:70:10:37:9c:33:95:71:d3:18:e7:80:3b:d1:7e:85:b5:3d:
         9d:b9:96:d9:dc:7f:6b:db:e5:b8:6e:ec:bb:4d:17:c6:2c:ce:
         0e:64:3b:f8:b3:54:2b:ca:e2:33:07:9b:67:fd:8a:d1:14:a7:
         6f:38:69:9c:c7:78:24:56:cb:07:aa:6b:8b:b3:78:f0:4d:cf:
         3a:bc:97:ae:de:d3:eb:a2:f1:40:50:fb:d0:13:9e:bb:c4:6a:
         4b:3c:92:b4:00:f9:75:90:2f:7b:5f:f4:e3:15:ab:b8:fe:91:
         b8:29:ca:f3:95:1e:a5:b6:b3:b1:87:02:ca:b1:59:05:75:60:
         bc:f0:da:35:4a:ea:4a:02:45:3d:cc:96:19:56:81:34:2e:d1:
         bc:00:e8:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTLz1SgG86woBpwasZM1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5M2UzN2ViOWNiMTk4MzI1ZDY1NjY3MzI4OTI1OGQyOGVi
OWYzYjgwHhcNMjQwMTAyMDgzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjE1ZjYwYWIwNzkzNzNlZjNlZTMyY2I2Yjc4NDViY2I2NDM3NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9czJoRIK0f0MSO2Q/uit9A9jj/4
LRXt8bxwcjlIskXYIAzNcdkzF4jm1eyRrdaqshgUQyLpoh7mseECeEb3mq18XMbs
gvFFwtFbHaCgWpmMgQmKxmCx+d6LOQ5T7X0v/yKAXpoEnT3PtYKvn+vushxxpswt
8bHl2MOju+yvIBPEftOr1owCxPmOJRlQdtmtRsC7hS4P/vwLs7+vmdSUBjx8cQqu
03s7OSGgyF4JM/+JCsE4gOIiOVjisJ28qAa+0p5p4WV/orVgSxqVfoe1rrZu+RaD
pAo0Mwy0xb5TYkRWXk3nyskq7Ww6F104Lz6/+vYMLPwuscRq1JAfjhC/MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIV9gqweTc+8+4yy2t4Rby2Q3c1MB8GA1UdIwQY
MBaAFKk+N+ucsZgyXWVmcyiSWNKOufO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVQ0MzY1eXhtREpkWldaektKSlkwbzY1ODdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8wNDYxZDItMjE4Mi00MDhlLTg2ZGYt
MzlmNzUzNzU3ODQ4LzEvWWhYMkNyQjVOejd6N2pMTGEzaEZ2TFpEZHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8wNDYxZDItMjE4Mi00MDhlLTg2ZGYtMzlmNzUzNzU3ODQ4
LzEvcVQ0MzY1eXhtREpkWldaektKSlkwbzY1ODdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfdCMA0G
CSqGSIb3DQEBCwUAA4IBAQB6NiD2RwFhBl9iVpT4baslmSb+ySp3gcgTB4rqABWm
IxvwDCaZtTKU1mio3nm6nXZDOnvANch5nqM2GOuBtEQ/xl9GJ1+GPcp1r735imEw
dSWBpSWIS5g9zbsaKCU88fmi8GmxkYPLgpY+Gg2kcBA3nDOVcdMY54A70X6FtT2d
uZbZ3H9r2+W4buy7TRfGLM4OZDv4s1QryuIzB5tn/YrRFKdvOGmcx3gkVssHqmuL
s3jwTc86vJeu3tProvFAUPvQE567xGpLPJK0APl1kC97X/TjFau4/pG4KcrzlR6l
trOxhwLKsVkFdWC88No1SupKAkU9zJYZVoE0LtG8AOh7
-----END CERTIFICATE-----