Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/cdbfeb-7ac1-4da1-8d40-f935fc0f20d5/1/y9oShw6wUl9OSkcDhfF7AuTaQ7M.roa
File:                     y9oShw6wUl9OSkcDhfF7AuTaQ7M.roa (raw, json)
Hash identifier:          BRLq52Mx/OV+P3rmExqW7vx373kav2Hz/4yvXNRCVkM=
Subject key identifier:   CB:DA:12:87:0E:B0:52:5F:4E:4A:47:03:85:F1:7B:02:E4:DA:43:B3
Certificate issuer:       /CN=db9af91e9eb15b676a96f0af654cc03288154a1a
Certificate serial:       018CC726E448CB37F3625CC3EA1530E1A1DC
Authority key identifier: DB:9A:F9:1E:9E:B1:5B:67:6A:96:F0:AF:65:4C:C0:32:88:15:4A:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/25r5Hp6xW2dqlvCvZUzAMogVSho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/cdbfeb-7ac1-4da1-8d40-f935fc0f20d5/1/y9oShw6wUl9OSkcDhfF7AuTaQ7M.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198917
IP address blocks:        193.242.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/cdbfeb-7ac1-4da1-8d40-f935fc0f20d5/1/25r5Hp6xW2dqlvCvZUzAMogVSho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/cdbfeb-7ac1-4da1-8d40-f935fc0f20d5/1/25r5Hp6xW2dqlvCvZUzAMogVSho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/25r5Hp6xW2dqlvCvZUzAMogVSho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e4:48:cb:37:f3:62:5c:c3:ea:15:30:e1:a1:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9af91e9eb15b676a96f0af654cc03288154a1a
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbda12870eb0525f4e4a470385f17b02e4da43b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e2:46:56:3c:25:7f:95:d6:5a:a5:c3:a4:fa:
                    19:bb:f7:35:1c:ad:97:d8:2e:6c:a4:da:6c:a7:40:
                    62:23:21:2a:47:20:49:7d:85:77:ee:f1:00:58:5a:
                    c6:54:a3:ee:e4:78:1d:df:34:ba:3a:01:3a:47:1a:
                    43:d6:66:50:90:87:b3:aa:43:90:d1:04:5f:5d:fe:
                    fa:c7:07:25:0b:08:e4:fe:ba:7f:ef:db:ce:33:5c:
                    39:55:f4:66:65:bf:19:8d:66:66:df:b8:d8:96:2d:
                    03:2a:67:d4:b5:47:96:ca:ec:29:4b:90:a8:6f:9f:
                    4f:5a:2c:5c:95:03:75:ee:26:4a:ca:03:ea:cd:58:
                    c1:e1:7c:76:d3:74:f1:d1:5c:64:18:d1:6e:51:ea:
                    76:1e:02:7c:d4:0a:a5:73:0b:72:ed:fd:d1:8c:80:
                    c0:d9:80:c6:00:7f:9e:77:54:72:ad:23:b8:2c:13:
                    33:8d:84:be:8f:69:fe:04:33:f5:da:c6:05:97:83:
                    8d:5b:90:35:c7:29:a7:80:e0:53:bf:f8:e3:fc:77:
                    69:82:2a:6c:a5:f8:23:c3:db:85:1c:0a:f9:e3:43:
                    bf:b5:1e:cc:b9:38:b9:74:4e:e9:75:f7:07:8f:d3:
                    0c:52:6e:fe:38:4b:29:58:1a:22:71:59:f0:f3:fd:
                    64:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:DA:12:87:0E:B0:52:5F:4E:4A:47:03:85:F1:7B:02:E4:DA:43:B3
            X509v3 Authority Key Identifier:
                keyid:DB:9A:F9:1E:9E:B1:5B:67:6A:96:F0:AF:65:4C:C0:32:88:15:4A:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/25r5Hp6xW2dqlvCvZUzAMogVSho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/cdbfeb-7ac1-4da1-8d40-f935fc0f20d5/1/y9oShw6wUl9OSkcDhfF7AuTaQ7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/cdbfeb-7ac1-4da1-8d40-f935fc0f20d5/1/25r5Hp6xW2dqlvCvZUzAMogVSho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:0f:a7:7e:02:cd:4a:61:cf:a9:19:9c:6c:3c:f0:c5:45:e7:
         f2:41:38:6e:b1:a0:f2:b6:ca:db:df:43:5c:be:68:09:d3:0a:
         e0:04:e2:0d:32:2e:1b:a6:7b:59:a1:27:de:d3:47:13:f3:b9:
         e7:4c:00:b7:b4:2b:9f:28:3f:e0:b2:9d:37:11:39:07:8a:17:
         af:d5:ba:a6:39:cc:96:e8:c3:e4:bc:4b:fc:82:b2:5f:d3:95:
         bc:49:18:ed:76:b9:f9:0c:e2:07:6d:be:67:f4:90:7d:a0:cf:
         b0:97:a9:09:a4:2e:5b:81:d9:d3:1d:3f:a1:9f:b6:9a:5f:cf:
         a7:02:59:7b:53:99:3f:0e:72:ee:1e:7e:c3:c4:af:eb:ea:82:
         05:ac:bc:06:20:c5:15:59:b8:aa:56:0f:b6:7b:45:4b:5c:db:
         52:f6:5e:58:d0:fa:7b:78:b3:b4:01:ec:7c:f2:94:11:8c:a7:
         29:59:08:c8:77:00:30:cd:a3:a2:a4:d0:ba:94:59:bd:83:af:
         d5:c9:09:1e:b4:78:f2:cd:3f:1b:64:94:c5:a9:9f:6a:3f:78:
         94:de:aa:61:e7:1e:73:3b:0c:50:36:94:a8:88:a3:af:25:df:
         dd:39:21:ee:9f:5e:98:47:fc:8d:f9:a3:f1:9c:7d:36:98:7a:
         60:92:70:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuRIyzfzYlzD6hUw4aHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWFmOTFlOWViMTViNjc2YTk2ZjBhZjY1NGNjMDMyODgx
NTRhMWEwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmRhMTI4NzBlYjA1MjVmNGU0YTQ3MDM4NWYxN2IwMmU0ZGE0M2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuJGVjwlf5XWWqXDpPoZu/c1HK2X
2C5spNpsp0BiIyEqRyBJfYV37vEAWFrGVKPu5Hgd3zS6OgE6RxpD1mZQkIezqkOQ
0QRfXf76xwclCwjk/rp/79vOM1w5VfRmZb8ZjWZm37jYli0DKmfUtUeWyuwpS5Co
b59PWixclQN17iZKygPqzVjB4Xx203Tx0VxkGNFuUep2HgJ81Aqlcwty7f3RjIDA
2YDGAH+ed1RyrSO4LBMzjYS+j2n+BDP12sYFl4ONW5A1xymngOBTv/jj/Hdpgips
pfgjw9uFHAr540O/tR7MuTi5dE7pdfcHj9MMUm7+OEspWBoicVnw8/1kVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvaEocOsFJfTkpHA4XxewLk2kOzMB8GA1UdIwQY
MBaAFNua+R6esVtnapbwr2VMwDKIFUoaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjVyNUhwNnhXMmRxbHZDdlpVekFNb2dWU2hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jZGJmZWItN2FjMS00ZGExLThkNDAt
ZjkzNWZjMGYyMGQ1LzEveTlvU2h3NndVbDlPU2tjRGhmRjdBdVRhUTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jZGJmZWItN2FjMS00ZGExLThkNDAtZjkzNWZjMGYyMGQ1
LzEvMjVyNUhwNnhXMmRxbHZDdlpVekFNb2dWU2hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfKGMA0G
CSqGSIb3DQEBCwUAA4IBAQAYD6d+As1KYc+pGZxsPPDFRefyQThusaDytsrb30Nc
vmgJ0wrgBOINMi4bpntZoSfe00cT87nnTAC3tCufKD/gsp03ETkHihev1bqmOcyW
6MPkvEv8grJf05W8SRjtdrn5DOIHbb5n9JB9oM+wl6kJpC5bgdnTHT+hn7aaX8+n
All7U5k/DnLuHn7DxK/r6oIFrLwGIMUVWbiqVg+2e0VLXNtS9l5Y0Pp7eLO0Aex8
8pQRjKcpWQjIdwAwzaOipNC6lFm9g6/VyQketHjyzT8bZJTFqZ9qP3iU3qph5x5z
OwxQNpSoiKOvJd/dOSHun16YR/yN+aPxnH02mHpgknAB
-----END CERTIFICATE-----