Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/yH3vj653QK4mci0dGSva4G4MfLg.roa
File:                     yH3vj653QK4mci0dGSva4G4MfLg.roa (raw, json)
Hash identifier:          75EpJlxL/V0QxjX9JzTW0/pgmCHrsP4gpgcrfF1jzeo=
Subject key identifier:   C8:7D:EF:8F:AE:77:40:AE:26:72:2D:1D:19:2B:DA:E0:6E:0C:7C:B8
Certificate issuer:       /CN=c68ec9c7f1ecc27cb2ec713c2764a0214fce7828
Certificate serial:       018CC4931AEF2A8481CF9DE39E46DBC205E1
Authority key identifier: C6:8E:C9:C7:F1:EC:C2:7C:B2:EC:71:3C:27:64:A0:21:4F:CE:78:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/yH3vj653QK4mci0dGSva4G4MfLg.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210236
IP address blocks:        194.110.160.0/22 maxlen: 24
                          2a05:3a40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1a:ef:2a:84:81:cf:9d:e3:9e:46:db:c2:05:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c68ec9c7f1ecc27cb2ec713c2764a0214fce7828
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c87def8fae7740ae26722d1d192bdae06e0c7cb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:7e:84:c6:b4:ec:11:93:b6:2e:89:ea:2d:
                    b4:70:74:51:58:79:92:31:1d:e3:56:c6:a6:e8:a5:
                    2e:c1:92:f9:30:35:0f:31:71:30:53:8d:b9:b5:58:
                    10:72:9b:93:b1:48:22:6c:b7:80:a9:de:aa:bf:10:
                    ca:dc:1d:72:db:ce:b4:ef:1b:26:43:21:f6:61:13:
                    c8:9b:50:04:04:7b:7b:90:54:60:73:ec:d5:c4:79:
                    82:c3:ab:cf:46:d5:fd:35:39:0c:67:97:99:a7:ba:
                    49:1e:ae:c6:bd:15:49:64:dc:2e:39:94:fa:d8:82:
                    30:5e:98:04:5c:71:fa:ec:f7:6e:f3:30:de:d7:40:
                    e4:a9:ad:57:dd:33:09:5a:a5:75:3e:7a:25:31:dc:
                    1a:09:9b:bf:26:9c:14:3a:32:cf:e4:79:b2:3e:98:
                    3d:17:3a:67:08:cd:b3:a6:f6:a6:37:5a:bd:eb:8b:
                    f8:d4:ee:29:b1:f7:42:7f:25:b8:44:37:df:a1:7f:
                    37:fc:e5:66:c3:1d:20:e0:fb:b6:34:95:80:f9:0c:
                    51:e6:e9:37:cb:fa:41:17:4c:50:b8:6f:96:d4:25:
                    55:29:35:46:40:b6:32:4f:f5:c1:6c:76:0f:b6:b7:
                    c2:f7:8e:ac:97:2c:00:c6:fa:01:f1:fa:07:64:4b:
                    3c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:7D:EF:8F:AE:77:40:AE:26:72:2D:1D:19:2B:DA:E0:6E:0C:7C:B8
            X509v3 Authority Key Identifier:
                keyid:C6:8E:C9:C7:F1:EC:C2:7C:B2:EC:71:3C:27:64:A0:21:4F:CE:78:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/yH3vj653QK4mci0dGSva4G4MfLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d74c9e-04f0-4e63-af30-8632ee94145b/1/xo7Jx_Hswnyy7HE8J2SgIU_OeCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.160.0/22
                IPv6:
                  2a05:3a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:2d:5c:de:f4:8e:eb:de:ea:14:6b:f3:19:a8:40:66:0d:d8:
         18:12:2b:99:3d:e4:30:9f:e1:00:d7:a6:8e:da:4f:9c:0b:e1:
         d6:f3:c5:e1:f1:49:98:ee:d6:16:bd:52:a3:a8:1a:79:d1:d4:
         59:16:f4:f8:ba:ed:ac:ec:4f:5e:b5:f9:bb:ba:bd:ef:58:4e:
         42:1a:60:fc:a3:c6:85:3b:a5:be:af:00:93:64:45:6d:42:7f:
         15:66:ec:10:61:5f:60:23:8d:ca:18:da:7c:3e:43:e6:c2:fd:
         a2:a7:9f:c3:5f:f2:36:2a:2d:6e:03:ef:48:08:59:bb:1e:00:
         b2:2b:3a:81:4d:ad:ff:0a:78:e5:fe:a6:1b:4e:33:3e:d2:ee:
         ae:45:c4:77:aa:6a:9b:58:5f:56:eb:1c:29:6d:5a:30:bc:b3:
         95:50:f0:ba:94:b0:42:f2:da:5a:0f:1e:9c:b3:9d:6c:2d:17:
         49:19:2a:1f:9f:96:af:d5:82:12:c8:13:63:17:01:99:d2:7c:
         51:e9:cb:7a:f8:5a:63:22:97:58:44:09:6d:2d:77:72:5c:30:
         27:c5:c9:77:58:3a:60:dc:d2:47:8b:38:b8:78:1d:11:5d:4e:
         c1:fc:5e:f6:12:8d:77:65:ac:8c:bc:ae:ed:de:c3:0d:43:d6:
         f4:44:ea:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkxrvKoSBz53jnkbbwgXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OGVjOWM3ZjFlY2MyN2NiMmVjNzEzYzI3NjRhMDIxNGZj
ZTc4MjgwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdkZWY4ZmFlNzc0MGFlMjY3MjJkMWQxOTJiZGFlMDZlMGM3Y2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq95+hMa07BGTti6J6i20cHRRWHmS
MR3jVsam6KUuwZL5MDUPMXEwU425tVgQcpuTsUgibLeAqd6qvxDK3B1y28607xsm
QyH2YRPIm1AEBHt7kFRgc+zVxHmCw6vPRtX9NTkMZ5eZp7pJHq7GvRVJZNwuOZT6
2IIwXpgEXHH67Pdu8zDe10Dkqa1X3TMJWqV1PnolMdwaCZu/JpwUOjLP5HmyPpg9
FzpnCM2zpvamN1q964v41O4psfdCfyW4RDffoX83/OVmwx0g4Pu2NJWA+QxR5uk3
y/pBF0xQuG+W1CVVKTVGQLYyT/XBbHYPtrfC946slywAxvoB8foHZEs86wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMh974+ud0CuJnItHRkr2uBuDHy4MB8GA1UdIwQY
MBaAFMaOycfx7MJ8suxxPCdkoCFPzngoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG83SnhfSHN3bnl5N0hFOEoyU2dJVV9PZUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kNzRjOWUtMDRmMC00ZTYzLWFmMzAt
ODYzMmVlOTQxNDViLzEveUgzdmo2NTNRSzRtY2kwZEdTdmE0RzRNZkxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kNzRjOWUtMDRmMC00ZTYzLWFmMzAtODYzMmVlOTQxNDVi
LzEveG83SnhfSHN3bnl5N0hFOEoyU2dJVV9PZUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwm6gMA0E
AgACMAcDBQAqBTpAMA0GCSqGSIb3DQEBCwUAA4IBAQCzLVze9I7r3uoUa/MZqEBm
DdgYEiuZPeQwn+EA16aO2k+cC+HW88Xh8UmY7tYWvVKjqBp50dRZFvT4uu2s7E9e
tfm7ur3vWE5CGmD8o8aFO6W+rwCTZEVtQn8VZuwQYV9gI43KGNp8PkPmwv2ip5/D
X/I2Ki1uA+9ICFm7HgCyKzqBTa3/Cnjl/qYbTjM+0u6uRcR3qmqbWF9W6xwpbVow
vLOVUPC6lLBC8tpaDx6cs51sLRdJGSofn5av1YISyBNjFwGZ0nxR6ct6+FpjIpdY
RAltLXdyXDAnxcl3WDpg3NJHizi4eB0RXU7B/F72Eo13ZayMvK7t3sMNQ9b0ROpi
-----END CERTIFICATE-----