Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/y4B_pOGgL_I2FDi23eK2UJYAKaQ.roa
File:                     y4B_pOGgL_I2FDi23eK2UJYAKaQ.roa (raw, json)
Hash identifier:          XLDkovrKDvOovCbc3aSdwwNIevTBxcoXqOzghCr9GhM=
Subject key identifier:   CB:80:7F:A4:E1:A0:2F:F2:36:14:38:B6:DD:E2:B6:50:96:00:29:A4
Certificate issuer:       /CN=c63be75374678db3a049f6a3ef2afab70d4f6f27
Certificate serial:       018DD560D0463CE8FC6EED34BE1B0E4AEB07
Authority key identifier: C6:3B:E7:53:74:67:8D:B3:A0:49:F6:A3:EF:2A:FA:B7:0D:4F:6F:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/y4B_pOGgL_I2FDi23eK2UJYAKaQ.roa
Signing time:             Fri 23 Feb 2024 09:51:48 +0000
ROA not before:           Fri 23 Feb 2024 09:51:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197805
IP address blocks:        193.142.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:60:d0:46:3c:e8:fc:6e:ed:34:be:1b:0e:4a:eb:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c63be75374678db3a049f6a3ef2afab70d4f6f27
        Validity
            Not Before: Feb 23 09:51:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb807fa4e1a02ff2361438b6dde2b650960029a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:98:72:e1:96:ad:54:35:4f:a6:60:de:5c:00:
                    2c:cc:15:81:30:3b:f2:a4:bf:1f:c8:33:72:8c:d6:
                    78:2c:ba:22:0f:19:5d:62:88:49:19:b6:70:6c:ab:
                    d9:3f:cb:05:fa:c3:e1:9b:da:81:9f:cc:5c:8e:2f:
                    00:18:8e:76:55:0a:64:02:2b:a6:4c:3b:1d:6d:90:
                    92:42:a8:21:78:d6:48:e8:91:d8:9b:30:5e:3a:9e:
                    37:a8:50:a1:ea:10:a3:3b:d8:70:9e:f6:61:89:6f:
                    03:82:cf:2b:ae:4f:56:ce:5e:7c:88:ad:e5:cf:dd:
                    ae:8e:2f:6b:b7:6e:68:0c:47:29:92:43:d2:9a:26:
                    04:d2:d0:6e:ac:16:e5:db:fc:1d:44:c2:eb:ce:68:
                    d4:15:ea:07:77:25:02:3a:1d:4b:2f:50:4c:43:76:
                    40:cf:52:1b:c0:92:e4:d4:19:1b:44:dd:90:08:c9:
                    53:c5:5b:dc:45:ed:36:f9:c7:5b:34:ff:e8:dc:7b:
                    f9:1a:fe:92:e0:56:9a:5d:ac:b2:a4:2d:8d:b1:19:
                    c2:3e:5e:8a:b6:43:c3:f5:63:e6:ea:c3:4c:13:69:
                    d9:ea:27:e1:92:32:4a:91:74:5d:b2:65:c9:ac:80:
                    8d:75:66:17:f8:f0:ca:88:9d:d1:64:f1:0c:ea:d7:
                    60:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:80:7F:A4:E1:A0:2F:F2:36:14:38:B6:DD:E2:B6:50:96:00:29:A4
            X509v3 Authority Key Identifier:
                keyid:C6:3B:E7:53:74:67:8D:B3:A0:49:F6:A3:EF:2A:FA:B7:0D:4F:6F:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/y4B_pOGgL_I2FDi23eK2UJYAKaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:0a:6e:cc:0f:44:23:aa:3c:9c:f9:f4:72:b2:be:dc:ce:5a:
         43:45:f1:17:29:3d:57:e3:a0:a9:79:7b:9f:1d:bd:91:db:27:
         64:bd:fa:5a:06:c7:e4:06:0a:14:d4:01:b0:c4:99:55:90:e9:
         c8:ce:51:7d:60:cb:cf:47:49:5a:3c:46:bf:1d:d7:12:47:5d:
         f2:5a:ad:c0:ac:e2:d5:cd:56:50:a8:6e:ff:00:21:7d:2c:a5:
         14:50:2e:5d:1c:2b:8d:81:c9:ca:98:6d:21:48:56:bf:a8:2d:
         75:7a:a3:e2:31:de:43:62:d9:d0:09:03:04:56:aa:5e:ba:b6:
         65:10:b8:33:ce:91:78:e6:ed:f5:52:82:55:9b:4d:97:c5:f8:
         31:bf:23:36:0e:ae:1e:ab:79:41:4c:99:cb:c5:dc:cc:93:91:
         2f:d8:74:06:f7:09:ce:63:5a:ce:a0:e8:79:fc:c6:36:49:17:
         0f:26:43:34:c7:da:bd:ea:66:8b:34:e2:3f:44:b8:76:a5:39:
         c1:1c:cd:c4:10:9f:29:a3:b0:2a:39:08:9f:88:84:2c:18:55:
         14:69:87:ad:31:a4:26:b7:8a:93:2c:3f:55:e9:15:c5:2a:9e:
         e5:73:db:1c:50:ca:72:37:f0:d0:0f:69:33:2f:ef:f0:75:70:
         fa:92:90:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3VYNBGPOj8bu00vhsOSusHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2M2JlNzUzNzQ2NzhkYjNhMDQ5ZjZhM2VmMmFmYWI3MGQ0
ZjZmMjcwHhcNMjQwMjIzMDk1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjgwN2ZhNGUxYTAyZmYyMzYxNDM4YjZkZGUyYjY1MDk2MDAyOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZhy4ZatVDVPpmDeXAAszBWBMDvy
pL8fyDNyjNZ4LLoiDxldYohJGbZwbKvZP8sF+sPhm9qBn8xcji8AGI52VQpkAium
TDsdbZCSQqgheNZI6JHYmzBeOp43qFCh6hCjO9hwnvZhiW8Dgs8rrk9Wzl58iK3l
z92uji9rt25oDEcpkkPSmiYE0tBurBbl2/wdRMLrzmjUFeoHdyUCOh1LL1BMQ3ZA
z1IbwJLk1BkbRN2QCMlTxVvcRe02+cdbNP/o3Hv5Gv6S4FaaXayypC2NsRnCPl6K
tkPD9WPm6sNME2nZ6ifhkjJKkXRdsmXJrICNdWYX+PDKiJ3RZPEM6tdgZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuAf6ThoC/yNhQ4tt3itlCWACmkMB8GA1UdIwQY
MBaAFMY751N0Z42zoEn2o+8q+rcNT28nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGp2blUzUm5qYk9nU2Zhajd5cjZ0dzFQYnljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wNTY2NzctMWE0YS00OGE2LWE5MmQt
NmIzYjg2N2JkMjMyLzEveTRCX3BPR2dMX0kyRkRpMjNlSzJVSllBS2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wNTY2NzctMWE0YS00OGE2LWE5MmQtNmIzYjg2N2JkMjMy
LzEveGp2blUzUm5qYk9nU2Zhajd5cjZ0dzFQYnljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY4TMA0G
CSqGSIb3DQEBCwUAA4IBAQB8Cm7MD0Qjqjyc+fRysr7czlpDRfEXKT1X46CpeXuf
Hb2R2ydkvfpaBsfkBgoU1AGwxJlVkOnIzlF9YMvPR0laPEa/HdcSR13yWq3ArOLV
zVZQqG7/ACF9LKUUUC5dHCuNgcnKmG0hSFa/qC11eqPiMd5DYtnQCQMEVqpeurZl
ELgzzpF45u31UoJVm02XxfgxvyM2Dq4eq3lBTJnLxdzMk5Ev2HQG9wnOY1rOoOh5
/MY2SRcPJkM0x9q96maLNOI/RLh2pTnBHM3EEJ8po7AqOQifiIQsGFUUaYetMaQm
t4qTLD9V6RXFKp7lc9scUMpyN/DQD2kzL+/wdXD6kpAS
-----END CERTIFICATE-----