Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/cb373f-764d-4532-8333-62d94af801b5/1/y1eNonPm-xDoV8NymYRtF2EpeOc.roa
File:                     y1eNonPm-xDoV8NymYRtF2EpeOc.roa (raw, json)
Hash identifier:          d8oBs9FAoUPkCtfFtsC89RR2ZOTyWLlCTtpwEsArFVE=
Subject key identifier:   CB:57:8D:A2:73:E6:FB:10:E8:57:C3:72:99:84:6D:17:61:29:78:E7
Certificate issuer:       /CN=6777a62846df4edbe5666b89e8420e919ab08627
Certificate serial:       018CCA2A655DA41B72CF8DC72499A957B04D
Authority key identifier: 67:77:A6:28:46:DF:4E:DB:E5:66:6B:89:E8:42:0E:91:9A:B0:86:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z3emKEbfTtvlZmuJ6EIOkZqwhic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/cb373f-764d-4532-8333-62d94af801b5/1/y1eNonPm-xDoV8NymYRtF2EpeOc.roa
Signing time:             Tue 02 Jan 2024 12:33:45 +0000
ROA not before:           Tue 02 Jan 2024 12:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34046
IP address blocks:        195.245.80.0/23 maxlen: 23
                          195.242.112.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/cb373f-764d-4532-8333-62d94af801b5/1/Z3emKEbfTtvlZmuJ6EIOkZqwhic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/cb373f-764d-4532-8333-62d94af801b5/1/Z3emKEbfTtvlZmuJ6EIOkZqwhic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z3emKEbfTtvlZmuJ6EIOkZqwhic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:65:5d:a4:1b:72:cf:8d:c7:24:99:a9:57:b0:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6777a62846df4edbe5666b89e8420e919ab08627
        Validity
            Not Before: Jan  2 12:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb578da273e6fb10e857c37299846d17612978e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:94:7a:39:4e:7c:8b:c3:b7:b3:42:91:c8:
                    b2:11:e3:ad:09:95:55:18:07:4c:29:2e:0a:ba:33:
                    25:ee:fc:66:83:8f:3a:5f:87:f9:4e:87:c2:2b:97:
                    f7:5b:f8:17:22:34:99:81:80:02:f2:af:33:bb:37:
                    77:cc:e7:9f:99:1e:0c:af:83:65:eb:8c:92:6c:8f:
                    8e:3f:e1:9b:6a:73:82:96:bc:36:e1:03:5c:10:55:
                    55:bb:2f:eb:b9:bb:d8:83:51:53:e1:5e:c0:f4:e9:
                    e8:30:ea:9b:28:40:c2:31:27:e6:f4:91:3d:a5:04:
                    f1:7f:2f:9b:4d:a0:cb:5f:3f:8c:2b:9a:97:35:b3:
                    6f:a5:cc:7f:4c:a6:d9:bc:2e:26:3e:91:c7:7d:c8:
                    49:07:d5:29:82:fb:5f:7f:6a:d7:05:5f:36:48:8d:
                    aa:39:90:ae:0a:0b:ae:10:2b:fd:8f:39:dc:3d:5b:
                    45:d9:52:76:e2:7c:7b:e0:21:d9:37:46:68:ce:4c:
                    4b:2a:50:05:68:92:19:25:28:cc:f9:15:75:8a:f6:
                    71:f5:e5:da:a7:ef:96:d5:fd:37:c2:66:2b:a2:49:
                    aa:90:25:52:e2:54:52:d4:c5:41:36:50:67:7b:8d:
                    d6:aa:88:3b:c8:18:df:01:39:6d:57:28:59:10:2a:
                    b3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:57:8D:A2:73:E6:FB:10:E8:57:C3:72:99:84:6D:17:61:29:78:E7
            X509v3 Authority Key Identifier:
                keyid:67:77:A6:28:46:DF:4E:DB:E5:66:6B:89:E8:42:0E:91:9A:B0:86:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z3emKEbfTtvlZmuJ6EIOkZqwhic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cb373f-764d-4532-8333-62d94af801b5/1/y1eNonPm-xDoV8NymYRtF2EpeOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cb373f-764d-4532-8333-62d94af801b5/1/Z3emKEbfTtvlZmuJ6EIOkZqwhic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.112.0/23
                  195.245.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:5e:e6:3c:19:a9:49:8e:77:54:15:d7:73:ae:0e:12:d8:80:
         c6:19:51:38:60:fe:51:d4:ac:87:b3:08:95:e6:0d:ae:57:00:
         0a:1b:7b:95:e4:af:63:f8:53:b6:1e:8c:19:0c:79:b7:1d:4a:
         ec:f5:c3:e2:64:7e:e5:2c:52:3d:7b:a3:4e:1e:8e:4f:07:c1:
         ae:7e:2a:4f:bd:3e:c2:ba:43:84:74:ab:a2:0d:79:bf:d7:9a:
         9a:f9:ff:34:a4:cc:5a:b5:f0:a8:ba:09:c3:7b:94:e9:9e:0d:
         83:4f:80:96:cf:89:92:64:a4:91:11:11:ad:87:02:35:2a:45:
         03:5f:aa:ca:8c:d9:a0:b4:c2:e3:e4:b8:7f:9f:8a:d0:29:b7:
         08:d0:d2:23:9b:56:f8:e6:77:ed:18:b3:eb:72:1e:b4:67:db:
         11:e7:9f:ee:cd:2d:51:ae:43:d0:f8:32:84:6f:1f:c6:aa:f0:
         82:d1:eb:8d:89:54:96:36:e3:00:24:ff:3c:b2:5f:90:6d:0d:
         64:f4:4b:03:80:91:28:a3:50:b3:84:bc:f0:66:d8:06:ad:53:
         f1:18:f6:bb:7e:2a:17:0e:67:c1:ab:4a:31:bc:b8:63:a9:fb:
         da:da:0a:c7:fd:7f:78:41:2c:3b:b6:b2:70:5f:f5:90:3e:ef:
         b9:01:46:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKmVdpBtyz43HJJmpV7BNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NzdhNjI4NDZkZjRlZGJlNTY2NmI4OWU4NDIwZTkxOWFi
MDg2MjcwHhcNMjQwMTAyMTIzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjU3OGRhMjczZTZmYjEwZTg1N2MzNzI5OTg0NmQxNzYxMjk3OGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomOUejlOfIvDt7NCkciyEeOtCZVV
GAdMKS4KujMl7vxmg486X4f5TofCK5f3W/gXIjSZgYAC8q8zuzd3zOefmR4Mr4Nl
64ySbI+OP+GbanOClrw24QNcEFVVuy/rubvYg1FT4V7A9OnoMOqbKEDCMSfm9JE9
pQTxfy+bTaDLXz+MK5qXNbNvpcx/TKbZvC4mPpHHfchJB9Upgvtff2rXBV82SI2q
OZCuCguuECv9jzncPVtF2VJ24nx74CHZN0ZozkxLKlAFaJIZJSjM+RV1ivZx9eXa
p++W1f03wmYrokmqkCVS4lRS1MVBNlBne43Wqog7yBjfATltVyhZECqz2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMtXjaJz5vsQ6FfDcpmEbRdhKXjnMB8GA1UdIwQY
MBaAFGd3pihG307b5WZriehCDpGasIYnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjNlbUtFYmZUdHZsWm11SjZFSU9rWnF3aGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9jYjM3M2YtNzY0ZC00NTMyLTgzMzMt
NjJkOTRhZjgwMWI1LzEveTFlTm9uUG0teERvVjhOeW1ZUnRGMkVwZU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9jYjM3M2YtNzY0ZC00NTMyLTgzMzMtNjJkOTRhZjgwMWI1
LzEvWjNlbUtFYmZUdHZsWm11SjZFSU9rWnF3aGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw/JwAwQB
w/VQMA0GCSqGSIb3DQEBCwUAA4IBAQBlXuY8GalJjndUFddzrg4S2IDGGVE4YP5R
1KyHswiV5g2uVwAKG3uV5K9j+FO2HowZDHm3HUrs9cPiZH7lLFI9e6NOHo5PB8Gu
fipPvT7CukOEdKuiDXm/15qa+f80pMxatfCougnDe5Tpng2DT4CWz4mSZKSRERGt
hwI1KkUDX6rKjNmgtMLj5Lh/n4rQKbcI0NIjm1b45nftGLPrch60Z9sR55/uzS1R
rkPQ+DKEbx/GqvCC0euNiVSWNuMAJP88sl+QbQ1k9EsDgJEoo1CzhLzwZtgGrVPx
GPa7fioXDmfBq0oxvLhjqfva2grH/X94QSw7trJwX/WQPu+5AUZS
-----END CERTIFICATE-----