Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/yurkFy014D6W7ziEq0QdZLSv9Rg.roa
File:                     yurkFy014D6W7ziEq0QdZLSv9Rg.roa (raw, json)
Hash identifier:          DDqQ3LFI+1A0OW1QmMMIUroJuO4qF3YrI4Oa6yJ8n0s=
Subject key identifier:   CA:EA:E4:17:2D:35:E0:3E:96:EF:38:84:AB:44:1D:64:B4:AF:F5:18
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794EAB7775D76CDDAC3B9BA970F222F
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/yurkFy014D6W7ziEq0QdZLSv9Rg.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23033
IP address blocks:        194.62.166.0/24 maxlen: 24
                          193.42.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ea:b7:77:5d:76:cd:da:c3:b9:ba:97:0f:22:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caeae4172d35e03e96ef3884ab441d64b4aff518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:8a:46:cc:e3:de:df:71:a0:d3:2a:80:6b:17:
                    74:c3:88:cf:31:a0:2f:23:27:81:0f:b1:d1:f1:29:
                    49:7d:7d:cc:c9:c7:b3:42:ed:fc:be:36:ec:df:47:
                    c8:ec:be:b0:6d:e9:7e:74:bd:f4:c2:34:2f:3c:e7:
                    a9:8b:5e:03:82:f9:97:31:f8:f4:ff:e2:2c:30:e9:
                    78:da:ed:d3:b9:2b:8b:77:6f:4c:b2:bf:4f:72:6d:
                    90:cf:7e:65:a2:50:3d:f5:83:90:79:9f:87:2d:d2:
                    dd:29:00:5c:a5:10:40:13:f3:29:87:ba:4f:1b:f4:
                    3f:33:23:c1:c7:23:60:4d:21:74:dd:e0:74:35:c7:
                    57:99:5e:72:12:bf:38:91:de:28:09:e6:f3:ef:47:
                    6a:e0:68:5b:b4:70:d9:db:2d:cd:f7:0d:c4:bc:da:
                    d1:e8:c4:77:2f:36:4b:12:fa:e4:e8:c3:66:a0:e4:
                    86:6c:35:55:d9:70:3f:fe:9d:93:2a:ae:19:19:e4:
                    31:88:29:22:31:3f:58:85:c5:d2:a5:e0:75:d4:43:
                    62:3b:02:54:22:e7:9c:00:2c:25:89:80:73:7b:3e:
                    55:48:73:92:dd:9e:ba:04:91:25:af:3d:1f:a0:b8:
                    61:37:cd:0d:aa:72:58:75:cb:44:6a:f2:26:70:3b:
                    38:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EA:E4:17:2D:35:E0:3E:96:EF:38:84:AB:44:1D:64:B4:AF:F5:18
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/yurkFy014D6W7ziEq0QdZLSv9Rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.244.0/24
                  194.62.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:2a:77:24:cc:6d:f7:26:00:64:22:12:8e:fc:db:33:01:8e:
         9b:43:63:62:cc:af:c3:c3:3e:d9:d0:6f:b8:9e:1c:92:83:af:
         34:8d:24:a3:ac:32:3d:60:15:20:fe:38:b8:a4:2d:54:e2:85:
         76:a6:60:5f:07:71:b3:03:af:c7:3f:40:71:1a:12:56:a1:cb:
         b5:ae:cf:85:94:57:8d:3c:d7:66:0a:3f:c0:15:a2:9e:65:5b:
         7f:8b:e2:c2:02:cb:ca:71:fe:41:2b:60:e9:88:fe:73:ca:6f:
         ed:d0:04:3b:a7:a4:44:7b:2a:c1:56:c2:97:78:ad:fb:f1:7a:
         a9:11:e3:d1:65:a6:1d:2a:dc:e2:04:0a:eb:86:64:db:8b:79:
         4a:e6:e6:ec:ef:f5:8c:f1:7a:4f:ea:8e:bb:20:c3:69:13:38:
         8f:02:f4:df:12:27:dc:3d:8b:72:c3:57:eb:e3:cc:44:b3:fa:
         d8:5d:42:e2:93:ec:16:27:b2:45:48:bb:80:0e:b2:ee:f3:f5:
         5b:23:77:eb:47:ef:63:86:14:42:36:46:50:71:59:29:e5:79:
         42:9c:0c:21:b0:df:df:61:68:95:0a:69:f5:8b:fb:41:7e:6d:
         a9:64:39:d5:2b:98:a0:c6:0a:15:09:a4:a6:79:9e:eb:9b:40:
         b9:6b:f2:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlOq3d112zdrDubqXDyIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVhZTQxNzJkMzVlMDNlOTZlZjM4ODRhYjQ0MWQ2NGI0YWZmNTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54pGzOPe33Gg0yqAaxd0w4jPMaAv
IyeBD7HR8SlJfX3MycezQu38vjbs30fI7L6wbel+dL30wjQvPOepi14DgvmXMfj0
/+IsMOl42u3TuSuLd29Msr9Pcm2Qz35lolA99YOQeZ+HLdLdKQBcpRBAE/Mph7pP
G/Q/MyPBxyNgTSF03eB0NcdXmV5yEr84kd4oCebz70dq4GhbtHDZ2y3N9w3EvNrR
6MR3LzZLEvrk6MNmoOSGbDVV2XA//p2TKq4ZGeQxiCkiMT9YhcXSpeB11ENiOwJU
IuecACwliYBzez5VSHOS3Z66BJElrz0foLhhN80NqnJYdctEavImcDs4wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMrq5BctNeA+lu84hKtEHWS0r/UYMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEveXVya0Z5MDE0RDZXN3ppRXEwUWRaTFN2OVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSr0AwQA
wj6mMA0GCSqGSIb3DQEBCwUAA4IBAQBwKnckzG33JgBkIhKO/NszAY6bQ2NizK/D
wz7Z0G+4nhySg680jSSjrDI9YBUg/ji4pC1U4oV2pmBfB3GzA6/HP0BxGhJWocu1
rs+FlFeNPNdmCj/AFaKeZVt/i+LCAsvKcf5BK2DpiP5zym/t0AQ7p6REeyrBVsKX
eK378XqpEePRZaYdKtziBArrhmTbi3lK5ubs7/WM8XpP6o67IMNpEziPAvTfEifc
PYtyw1fr48xEs/rYXULik+wWJ7JFSLuADrLu8/VbI3frR+9jhhRCNkZQcVkp5XlC
nAwhsN/fYWiVCmn1i/tBfm2pZDnVK5igxgoVCaSmeZ7rm0C5a/LN
-----END CERTIFICATE-----