Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/Yb77ClolpYtQLM-rWCa0RZKXAU8.roa
File:                     Yb77ClolpYtQLM-rWCa0RZKXAU8.roa (raw, json)
Hash identifier:          I/vGqomlfLVT9wrTgzUl0pMWG7x1iZa19WWL/YANLdI=
Subject key identifier:   61:BE:FB:0A:5A:25:A5:8B:50:2C:CF:AB:58:26:B4:45:92:97:01:4F
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC794A09EF3B0B71A8800CA19C3BC43C1
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/Yb77ClolpYtQLM-rWCa0RZKXAU8.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48870
IP address blocks:        194.213.100.0/23 maxlen: 23
                          62.122.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a0:9e:f3:b0:b7:1a:88:00:ca:19:c3:bc:43:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61befb0a5a25a58b502ccfab5826b4459297014f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:86:2c:b6:00:48:ff:ba:61:84:46:85:50:cb:
                    91:ca:17:57:42:ec:18:15:65:4b:cf:2a:66:4f:55:
                    13:d4:5b:1d:3e:6a:db:05:ca:6d:00:c4:08:6c:9c:
                    45:1a:82:5a:6f:97:c3:32:56:eb:e3:7a:e2:00:76:
                    05:7e:86:c2:b3:65:f8:fa:cb:db:51:e6:54:eb:e6:
                    19:4e:7c:b6:bb:15:3b:94:1e:f2:26:60:bf:e7:b9:
                    ce:e6:27:c1:6d:99:97:82:f9:93:f1:38:7d:1c:17:
                    15:0f:b9:7c:76:b2:5a:83:5f:cb:5e:59:93:d0:c5:
                    45:6c:a5:88:a5:76:1a:69:fc:75:b0:be:39:f4:72:
                    4d:77:ef:74:dd:22:c4:3e:ed:0a:16:de:e8:db:9a:
                    e7:39:6c:c7:3e:99:38:d1:28:ed:12:c5:17:2b:7f:
                    c6:33:f4:06:d9:cc:f5:36:c4:14:71:c9:3d:a7:26:
                    34:af:3f:bf:8e:42:9e:17:1a:f0:e0:84:5a:65:a8:
                    d2:27:3e:63:7d:a6:f8:f6:e7:49:4d:d7:17:46:a7:
                    95:f9:73:ed:23:31:6f:b2:1f:9f:4d:46:22:0b:a1:
                    55:91:c5:b0:10:9f:52:5e:d4:7e:a6:fd:b1:de:32:
                    66:7f:b9:e1:a6:94:76:8e:23:7e:16:fe:d9:62:9b:
                    85:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BE:FB:0A:5A:25:A5:8B:50:2C:CF:AB:58:26:B4:45:92:97:01:4F
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/Yb77ClolpYtQLM-rWCa0RZKXAU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.16.0/21
                  194.213.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:9a:44:c0:8a:c5:7a:82:95:95:13:8e:69:6c:4f:e9:34:d4:
         57:8d:16:66:e4:e4:91:ef:c3:84:63:8c:6b:9a:ef:22:48:fe:
         e3:92:6b:90:1f:f6:49:25:e4:c0:d4:c3:8e:3e:47:e1:db:cf:
         86:3f:24:c4:97:6b:cf:ee:bd:4a:34:96:bc:4d:fd:3b:6c:58:
         c8:89:e0:1b:96:eb:a3:60:50:45:13:e5:15:3a:3f:96:c9:5c:
         dd:86:a0:d4:b0:ff:84:bc:85:3f:8c:89:7b:79:f0:cc:7c:3d:
         08:96:24:e9:58:2f:20:77:aa:af:2f:f3:4c:d1:da:61:17:f6:
         37:e8:d4:cd:be:6d:3b:af:d7:49:42:c2:b6:e3:21:25:c3:b2:
         5a:d1:7c:e8:37:9f:ca:d4:b8:78:a4:28:3d:bd:ed:1a:de:bb:
         25:f9:56:1c:d1:0f:a0:56:e9:88:c2:90:e7:62:ba:02:82:75:
         fc:5b:2b:94:a1:43:e9:fe:06:f6:28:1e:d2:5a:21:b1:84:ed:
         cf:12:84:a7:41:a1:b2:7f:a0:e4:8d:33:83:a8:20:96:79:f5:
         9f:c3:13:dc:4c:89:e0:d0:72:ae:22:5d:cd:91:d1:44:23:cf:
         b6:28:a4:8c:71:14:a1:4e:69:71:61:65:c3:67:1a:b1:c3:12:
         ca:00:e1:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlKCe87C3GogAyhnDvEPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWJlZmIwYTVhMjVhNThiNTAyY2NmYWI1ODI2YjQ0NTkyOTcwMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4YstgBI/7phhEaFUMuRyhdXQuwY
FWVLzypmT1UT1FsdPmrbBcptAMQIbJxFGoJab5fDMlbr43riAHYFfobCs2X4+svb
UeZU6+YZTny2uxU7lB7yJmC/57nO5ifBbZmXgvmT8Th9HBcVD7l8drJag1/LXlmT
0MVFbKWIpXYaafx1sL459HJNd+903SLEPu0KFt7o25rnOWzHPpk40SjtEsUXK3/G
M/QG2cz1NsQUcck9pyY0rz+/jkKeFxrw4IRaZajSJz5jfab49udJTdcXRqeV+XPt
IzFvsh+fTUYiC6FVkcWwEJ9SXtR+pv2x3jJmf7nhppR2jiN+Fv7ZYpuFyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGG++wpaJaWLUCzPq1gmtEWSlwFPMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvWWI3N0Nsb2xwWXRRTE0tcldDYTBSWktYQVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDPnoQAwQB
wtVkMA0GCSqGSIb3DQEBCwUAA4IBAQAEmkTAisV6gpWVE45pbE/pNNRXjRZm5OSR
78OEY4xrmu8iSP7jkmuQH/ZJJeTA1MOOPkfh28+GPyTEl2vP7r1KNJa8Tf07bFjI
ieAbluujYFBFE+UVOj+WyVzdhqDUsP+EvIU/jIl7efDMfD0IliTpWC8gd6qvL/NM
0dphF/Y36NTNvm07r9dJQsK24yElw7Ja0XzoN5/K1Lh4pCg9ve0a3rsl+VYc0Q+g
VumIwpDnYroCgnX8WyuUoUPp/gb2KB7SWiGxhO3PEoSnQaGyf6DkjTODqCCWefWf
wxPcTIng0HKuIl3NkdFEI8+2KKSMcRShTmlxYWXDZxqxwxLKAOHj
-----END CERTIFICATE-----