Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/YBwlsV5ZBhG4bv7SWR77pJ9-HYg.roa
File:                     YBwlsV5ZBhG4bv7SWR77pJ9-HYg.roa (raw, json)
Hash identifier:          gV0C+C+R6iNKp4IWQnqFser4xg7NpgSXuoaaop+FNqQ=
Subject key identifier:   60:1C:25:B1:5E:59:06:11:B8:6E:FE:D2:59:1E:FB:A4:9F:7E:1D:88
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79454C968FDD32C63EC6A797B427E2C
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/YBwlsV5ZBhG4bv7SWR77pJ9-HYg.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59912
IP address blocks:        2.189.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:54:c9:68:fd:d3:2c:63:ec:6a:79:7b:42:7e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=601c25b15e590611b86efed2591efba49f7e1d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f3:19:78:6e:f6:fe:d9:53:af:7a:0d:c6:44:
                    fa:aa:a2:7a:61:d1:34:80:fa:14:03:3c:74:e4:f7:
                    e8:90:81:cc:2d:cb:fa:fd:6b:03:cf:54:1f:db:62:
                    61:1c:1d:9c:61:a6:b7:4a:16:b9:cf:6a:01:3b:1e:
                    a3:a8:71:7e:09:e0:34:2e:ac:7a:92:80:fd:60:c6:
                    32:b6:ff:55:b5:6b:60:5e:b8:17:c5:9a:b3:26:f4:
                    9e:d1:63:7e:a6:0e:68:75:4f:77:cb:49:bd:98:9d:
                    2e:8a:37:bb:f0:43:dd:72:2b:20:dc:34:7f:0b:fd:
                    c6:bb:27:fc:c7:9a:51:57:56:d9:4c:27:e8:62:23:
                    1b:91:08:99:b3:4b:72:c5:a5:4e:92:b1:e2:3e:47:
                    88:e3:bc:ba:5c:af:fd:40:e5:06:b6:ed:5f:8f:47:
                    f8:f1:cd:17:39:03:d7:07:c0:cb:42:74:b4:ab:80:
                    d7:01:f9:ee:59:22:ca:d4:4d:6d:90:a1:3f:84:fc:
                    49:ac:e8:65:ab:f0:0a:4f:41:b6:08:3c:46:c1:ae:
                    ec:f1:4b:a4:12:54:1b:d8:5b:d5:b1:b1:ce:59:2e:
                    d2:29:0f:43:73:f0:4d:5c:7a:dd:74:df:bc:6e:89:
                    59:c0:f1:18:94:37:85:e3:a2:a0:3a:ad:17:42:84:
                    c6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:1C:25:B1:5E:59:06:11:B8:6E:FE:D2:59:1E:FB:A4:9F:7E:1D:88
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/YBwlsV5ZBhG4bv7SWR77pJ9-HYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:0a:2f:40:55:c8:93:87:cd:a7:d3:e0:6e:2a:e3:a6:25:6a:
         a3:88:73:46:0b:9e:3d:93:e9:05:ff:88:c4:fc:aa:38:9a:dc:
         1d:94:f0:53:27:f3:02:84:b2:19:55:d8:ae:7b:0b:03:4a:8b:
         06:9b:87:36:00:01:90:ad:b3:e2:82:f0:0c:89:f9:ea:a9:1b:
         c0:d0:53:14:57:b8:ff:b9:d6:8e:6f:68:49:f9:37:fe:0e:0b:
         3c:77:e0:f9:dc:85:43:79:39:2e:a7:ac:6b:27:a9:1a:37:57:
         cb:b1:20:24:3d:ee:8a:ac:d4:b0:ae:13:d8:58:0a:fc:a5:51:
         8a:bb:dd:b2:19:ad:9d:1e:83:75:43:cd:45:ea:13:76:a3:0e:
         be:6d:0b:5f:35:29:e6:c8:6f:a4:6a:4c:27:21:69:d2:11:d5:
         d4:ba:b8:3d:3f:19:53:d3:5b:2d:1d:29:ab:46:e4:04:b6:14:
         52:ce:2b:d8:44:23:20:fb:41:2c:10:95:95:70:31:00:d2:31:
         d1:82:f4:a3:b0:f2:9c:cd:40:33:4b:10:64:e5:75:d1:43:76:
         e9:6f:ed:66:b5:a8:82:45:e9:3c:f8:d3:83:d9:bd:ca:d2:84:
         11:3d:2b:25:61:2d:d6:1b:7d:64:87:0e:e7:15:a3:58:a6:ab:
         c7:ba:c7:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFTJaP3TLGPsanl7Qn4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDFjMjViMTVlNTkwNjExYjg2ZWZlZDI1OTFlZmJhNDlmN2UxZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPMZeG72/tlTr3oNxkT6qqJ6YdE0
gPoUAzx05PfokIHMLcv6/WsDz1Qf22JhHB2cYaa3Sha5z2oBOx6jqHF+CeA0Lqx6
koD9YMYytv9VtWtgXrgXxZqzJvSe0WN+pg5odU93y0m9mJ0uije78EPdcisg3DR/
C/3Guyf8x5pRV1bZTCfoYiMbkQiZs0tyxaVOkrHiPkeI47y6XK/9QOUGtu1fj0f4
8c0XOQPXB8DLQnS0q4DXAfnuWSLK1E1tkKE/hPxJrOhlq/AKT0G2CDxGwa7s8Uuk
ElQb2FvVsbHOWS7SKQ9Dc/BNXHrddN+8bolZwPEYlDeF46KgOq0XQoTG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAcJbFeWQYRuG7+0lke+6Sffh2IMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvWUJ3bHNWNVpCaEc0YnY3U1dSNzdwSjktSFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAr2kMA0G
CSqGSIb3DQEBCwUAA4IBAQANCi9AVciTh82n0+BuKuOmJWqjiHNGC549k+kF/4jE
/Ko4mtwdlPBTJ/MChLIZVdiuewsDSosGm4c2AAGQrbPigvAMifnqqRvA0FMUV7j/
udaOb2hJ+Tf+Dgs8d+D53IVDeTkup6xrJ6kaN1fLsSAkPe6KrNSwrhPYWAr8pVGK
u92yGa2dHoN1Q81F6hN2ow6+bQtfNSnmyG+kakwnIWnSEdXUurg9PxlT01stHSmr
RuQEthRSzivYRCMg+0EsEJWVcDEA0jHRgvSjsPKczUAzSxBk5XXRQ3bpb+1mtaiC
Rek8+NOD2b3K0oQRPSslYS3WG31khw7nFaNYpqvHusdF
-----END CERTIFICATE-----