Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/YZYZLivlmcL-vSFt1e8m0ZBepa4.roa
File:                     YZYZLivlmcL-vSFt1e8m0ZBepa4.roa (raw, json)
Hash identifier:          k3f0s8UwFdkY6XgsRysuBGCecHrlsViAPdINVvudADI=
Subject key identifier:   61:96:19:2E:2B:E5:99:C2:FE:BD:21:6D:D5:EF:26:D1:90:5E:A5:AE
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       018CC2DAE501EB2774DFB7ACD9C2035DA32A
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/YZYZLivlmcL-vSFt1e8m0ZBepa4.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211857
IP address blocks:        188.214.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:01:eb:27:74:df:b7:ac:d9:c2:03:5d:a3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6196192e2be599c2febd216dd5ef26d1905ea5ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:1d:a7:a0:a5:a5:7a:4d:cd:3e:1b:fa:4c:2d:
                    a5:3c:ea:24:cb:a2:9a:41:99:18:44:35:7e:22:e9:
                    b0:5f:37:a7:58:be:c9:b7:de:87:ad:6d:d7:14:91:
                    7b:d9:54:12:ae:94:91:98:63:64:4b:c7:eb:38:77:
                    c9:70:71:fe:ff:84:d7:1f:11:4a:7b:7e:88:3f:0b:
                    3c:a6:3c:b4:43:e4:27:3c:26:d9:86:4c:bd:3b:a0:
                    d1:b5:b1:ce:10:12:49:70:0e:97:2d:95:94:4d:56:
                    3f:06:e7:cf:89:56:d0:53:24:7a:e2:46:84:0b:38:
                    32:f0:ca:6c:ea:36:72:d7:4d:d6:cf:95:5b:24:98:
                    12:83:c9:69:55:d8:9f:e6:c9:ca:dd:a8:80:d2:f6:
                    fa:7f:bd:3c:84:64:4d:c0:69:2f:a3:8c:eb:49:51:
                    d2:19:15:c9:40:81:30:88:dd:fb:19:7c:a3:ab:67:
                    6f:1f:9c:ee:c6:78:da:8a:ee:95:f1:df:df:7a:d9:
                    bf:39:56:37:79:57:05:32:5a:98:80:65:99:c3:c3:
                    cf:ca:7f:49:bf:43:43:df:af:23:98:f6:56:a1:3e:
                    1a:f2:ca:57:d3:9a:76:24:ba:47:d4:45:5a:6f:ce:
                    d8:f9:2e:7d:f6:8f:5b:79:34:e1:86:5b:e3:73:e4:
                    b1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:96:19:2E:2B:E5:99:C2:FE:BD:21:6D:D5:EF:26:D1:90:5E:A5:AE
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/YZYZLivlmcL-vSFt1e8m0ZBepa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:af:3a:9b:48:e9:89:62:88:88:02:54:9c:fa:3c:13:ce:2c:
         9b:d6:db:88:a6:79:45:63:24:52:c3:7e:d4:e9:0e:92:a2:2d:
         42:81:36:0b:ab:6b:d3:69:0a:dd:af:42:48:93:1d:c3:5f:ea:
         f4:f3:3d:1c:29:53:20:8c:e5:0f:f3:23:67:c4:79:2e:d7:fd:
         05:e7:36:2e:8b:40:f7:f8:0a:c6:6d:2e:f4:de:c2:9b:26:4f:
         c7:4c:92:50:84:1f:75:a5:24:0a:60:59:48:6e:39:e9:f5:b9:
         45:3d:0f:0c:04:7c:8e:a0:e2:ed:65:14:39:91:c5:1d:82:af:
         1c:27:da:26:39:fd:77:28:7d:17:01:5a:c9:da:db:51:74:a7:
         1e:92:04:6d:21:92:d9:1b:65:ff:69:24:f2:e8:a4:3a:4e:8a:
         04:6f:da:5f:ea:14:e9:6b:e3:7b:99:9d:c9:66:2b:ab:ed:c7:
         3f:75:bd:3a:be:3b:c2:cb:ef:74:ad:d0:1b:14:30:f9:50:1a:
         20:bf:ea:e3:3d:c4:6a:9e:09:48:71:74:c5:df:b7:d7:c8:c3:
         1e:57:ea:ba:1f:bf:4d:14:0d:87:78:4c:9c:42:c3:54:07:98:
         24:43:de:60:92:b0:83:fb:00:02:5a:80:12:94:ac:23:cd:30:
         ee:83:79:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uUB6yd037es2cIDXaMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk2MTkyZTJiZTU5OWMyZmViZDIxNmRkNWVmMjZkMTkwNWVhNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkx2noKWlek3NPhv6TC2lPOoky6Ka
QZkYRDV+IumwXzenWL7Jt96HrW3XFJF72VQSrpSRmGNkS8frOHfJcHH+/4TXHxFK
e36IPws8pjy0Q+QnPCbZhky9O6DRtbHOEBJJcA6XLZWUTVY/BufPiVbQUyR64kaE
Czgy8Mps6jZy103Wz5VbJJgSg8lpVdif5snK3aiA0vb6f708hGRNwGkvo4zrSVHS
GRXJQIEwiN37GXyjq2dvH5zuxnjaiu6V8d/fetm/OVY3eVcFMlqYgGWZw8PPyn9J
v0ND368jmPZWoT4a8spX05p2JLpH1EVab87Y+S599o9beTThhlvjc+SxfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGWGS4r5ZnC/r0hbdXvJtGQXqWuMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvWVpZWkxpdmxtY0wtdlNGdDFlOG0wWkJlcGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNZoMA0G
CSqGSIb3DQEBCwUAA4IBAQCarzqbSOmJYoiIAlSc+jwTziyb1tuIpnlFYyRSw37U
6Q6Soi1CgTYLq2vTaQrdr0JIkx3DX+r08z0cKVMgjOUP8yNnxHku1/0F5zYui0D3
+ArGbS703sKbJk/HTJJQhB91pSQKYFlIbjnp9blFPQ8MBHyOoOLtZRQ5kcUdgq8c
J9omOf13KH0XAVrJ2ttRdKcekgRtIZLZG2X/aSTy6KQ6TooEb9pf6hTpa+N7mZ3J
Ziur7cc/db06vjvCy+90rdAbFDD5UBogv+rjPcRqnglIcXTF37fXyMMeV+q6H79N
FA2HeEycQsNUB5gkQ95gkrCD+wACWoASlKwjzTDug3lg
-----END CERTIFICATE-----