Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/Y2lyuNqV2IT1_67hf8txy-S9VyU.roa
File:                     Y2lyuNqV2IT1_67hf8txy-S9VyU.roa (raw, json)
Hash identifier:          DwMzazsiKYvskcCu+zoMwxZyCErDKkg/fzXnGiAR8MU=
Subject key identifier:   63:69:72:B8:DA:95:D8:84:F5:FF:AE:E1:7F:CB:71:CB:E4:BD:57:25
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018CC86F869AC3CE6EBCE7A893DD418EDA81
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/Y2lyuNqV2IT1_67hf8txy-S9VyU.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44989
IP address blocks:        212.163.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:86:9a:c3:ce:6e:bc:e7:a8:93:dd:41:8e:da:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=636972b8da95d884f5ffaee17fcb71cbe4bd5725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:59:46:b4:57:8d:c7:0a:b3:60:04:bf:91:5e:
                    49:3f:05:38:05:a9:65:46:a0:f9:16:75:17:08:80:
                    71:4e:bc:6f:73:64:74:9b:44:15:67:93:96:49:ab:
                    0e:16:b2:be:c2:e4:88:24:41:20:28:5e:1d:d5:23:
                    41:3f:f8:ef:3d:05:52:9f:ab:11:7c:9b:25:56:03:
                    8f:0b:6f:74:c6:d7:ea:13:5c:b9:c2:d5:d7:b3:df:
                    40:75:ff:18:b6:d4:42:56:f2:f0:8e:37:ce:42:d9:
                    d8:33:24:f3:a8:29:af:9b:c7:34:5c:9d:c9:34:cb:
                    a8:c8:6f:3d:0c:a1:af:ef:6a:3f:63:c1:6f:eb:9f:
                    00:51:8a:1d:f3:0b:d8:46:ab:19:e4:13:c1:e7:c9:
                    41:47:6d:56:68:61:b9:62:f6:1c:5a:cf:25:0c:b7:
                    5f:b7:7b:10:95:59:df:c8:2e:98:58:49:57:52:c3:
                    17:f8:cc:0a:a9:84:56:da:41:b2:7d:56:a4:45:e7:
                    80:d4:e1:dd:e5:02:b6:7e:d8:89:2a:7a:61:7d:3e:
                    6b:65:a7:81:e0:d2:8f:c2:a5:f2:4d:52:1c:a1:89:
                    3d:f5:46:35:ef:71:96:b8:0f:43:72:62:68:c8:e6:
                    40:ff:39:41:71:7e:95:6f:6a:c1:50:d7:5b:6c:93:
                    c5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:69:72:B8:DA:95:D8:84:F5:FF:AE:E1:7F:CB:71:CB:E4:BD:57:25
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/Y2lyuNqV2IT1_67hf8txy-S9VyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.163.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:5e:a9:23:a6:30:83:b8:6f:0a:78:94:bc:9b:94:c4:9d:65:
         27:11:81:43:f0:be:35:77:23:ca:98:ed:fc:ec:31:2b:2d:15:
         d1:b9:b5:8a:81:c4:dd:34:08:64:70:6e:c1:6f:96:45:d1:40:
         bf:12:02:24:9d:9d:66:e6:76:cd:f4:d9:f3:b3:59:96:cb:1e:
         3b:99:81:06:43:fb:e4:49:d9:14:b9:48:0c:0f:c3:40:f0:dd:
         40:45:97:e9:2a:28:bb:14:54:7b:be:8d:40:4b:1d:b3:9d:ba:
         25:80:bb:dc:ff:78:7b:40:13:ef:cc:cb:28:b5:c8:37:bb:af:
         ce:59:74:2a:79:2d:ab:03:ae:a0:fd:3d:3b:e3:aa:91:0d:ce:
         80:90:f5:94:7d:0e:5e:aa:09:43:73:78:ec:9a:d1:35:01:ae:
         1c:df:75:cf:70:fd:52:8e:1c:24:57:1c:67:41:0f:a2:83:a9:
         1e:87:a4:02:be:6c:de:a8:cd:d8:40:2a:65:e3:53:64:08:2d:
         b4:6a:e2:2f:72:11:93:dc:d2:e5:83:d3:5f:c8:16:b5:63:14:
         ac:85:e6:11:3f:96:8b:8f:83:e1:f2:81:0f:a7:32:fc:c9:9d:
         14:e2:e2:24:88:f4:fd:10:35:cb:60:86:a6:4a:88:89:08:c4:
         60:be:9c:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4aaw85uvOeok91BjtqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzY5NzJiOGRhOTVkODg0ZjVmZmFlZTE3ZmNiNzFjYmU0YmQ1NzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVlGtFeNxwqzYAS/kV5JPwU4Ball
RqD5FnUXCIBxTrxvc2R0m0QVZ5OWSasOFrK+wuSIJEEgKF4d1SNBP/jvPQVSn6sR
fJslVgOPC290xtfqE1y5wtXXs99Adf8YttRCVvLwjjfOQtnYMyTzqCmvm8c0XJ3J
NMuoyG89DKGv72o/Y8Fv658AUYod8wvYRqsZ5BPB58lBR21WaGG5YvYcWs8lDLdf
t3sQlVnfyC6YWElXUsMX+MwKqYRW2kGyfVakReeA1OHd5QK2ftiJKnphfT5rZaeB
4NKPwqXyTVIcoYk99UY173GWuA9DcmJoyOZA/zlBcX6Vb2rBUNdbbJPFJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNpcrjaldiE9f+u4X/LccvkvVclMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvWTJseXVOcVYySVQxXzY3aGY4dHh5LVM5VnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1KOQMA0G
CSqGSIb3DQEBCwUAA4IBAQBTXqkjpjCDuG8KeJS8m5TEnWUnEYFD8L41dyPKmO38
7DErLRXRubWKgcTdNAhkcG7Bb5ZF0UC/EgIknZ1m5nbN9Nnzs1mWyx47mYEGQ/vk
SdkUuUgMD8NA8N1ARZfpKii7FFR7vo1ASx2znbolgLvc/3h7QBPvzMsotcg3u6/O
WXQqeS2rA66g/T0746qRDc6AkPWUfQ5eqglDc3jsmtE1Aa4c33XPcP1SjhwkVxxn
QQ+ig6keh6QCvmzeqM3YQCpl41NkCC20auIvchGT3NLlg9NfyBa1YxSsheYRP5aL
j4Ph8oEPpzL8yZ0U4uIkiPT9EDXLYIamSoiJCMRgvpyg
-----END CERTIFICATE-----