Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/1-YkingjFzU8Fh2UJS_Xc8MgGDc4.roa
File:                     1-YkingjFzU8Fh2UJS_Xc8MgGDc4.roa (raw, json)
Hash identifier:          b1GnzjoSOtbHfujUHkUPt9BXi7RuhW+uYEOk8oVvMNk=
Subject key identifier:   F9:89:22:9E:08:C5:CD:4F:05:87:65:09:4B:F5:DC:F0:C8:06:0D:CE
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       018CC3B671384A2C09F50E4665A99DAEE680
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/1-YkingjFzU8Fh2UJS_Xc8MgGDc4.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.10.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:38:4a:2c:09:f5:0e:46:65:a9:9d:ae:e6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f989229e08c5cd4f058765094bf5dcf0c8060dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:51:ec:b3:77:6b:31:a8:0c:b3:89:a9:32:c0:
                    b5:28:9e:5e:56:b7:8c:cf:c1:79:05:11:08:a9:d9:
                    a8:33:1e:34:1a:41:cc:bd:d5:e1:4d:57:1e:59:ea:
                    55:60:c4:f9:3d:3e:fd:95:e1:0e:53:2b:e4:68:f7:
                    a9:ad:f3:30:34:90:ba:b1:83:51:6f:ff:82:56:44:
                    f6:f6:2f:ef:5d:3d:41:7f:40:9f:aa:0e:09:e4:29:
                    43:4f:b2:ef:fb:3c:48:c6:13:2d:5e:3b:9e:a8:45:
                    43:a5:cd:ef:91:b9:3c:42:20:74:8c:ad:ff:00:db:
                    c1:cc:f0:7a:d6:3f:94:71:ea:02:8f:77:e2:c3:49:
                    c9:73:c4:78:cc:17:9c:ba:7a:9f:fe:d4:83:52:9e:
                    b7:9b:03:05:28:3c:9f:28:59:df:04:e2:d1:ec:2e:
                    4b:6f:e6:dc:18:ea:7f:c8:23:32:fd:df:e7:57:d4:
                    6d:43:d4:e3:8f:40:22:00:6b:f9:ee:ac:be:fe:a4:
                    5d:c3:f9:25:a2:7f:28:12:6b:b1:71:2e:3d:12:4a:
                    db:6e:d8:04:37:40:5f:75:ea:0d:a2:e1:d5:0a:4e:
                    9a:d4:ec:12:1c:53:f0:c6:65:05:35:0e:72:70:5a:
                    96:b6:75:8a:fd:90:dc:65:6a:61:b1:20:db:30:d8:
                    44:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:89:22:9E:08:C5:CD:4F:05:87:65:09:4B:F5:DC:F0:C8:06:0D:CE
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/1-YkingjFzU8Fh2UJS_Xc8MgGDc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:0e:1e:a5:e9:e2:ee:50:71:f5:54:bf:a0:39:bc:0f:9b:a0:
         6f:a9:78:f1:ee:3f:85:80:f9:76:9a:28:50:d6:27:de:07:02:
         1d:ab:3a:5d:72:2f:f1:6a:14:06:a7:3b:59:0f:14:11:f1:f3:
         c8:68:4f:00:5a:da:45:4b:47:27:f2:4b:64:7d:75:30:5e:b5:
         34:0c:42:37:0b:22:3a:c4:68:91:8d:92:f9:0f:6e:72:e3:64:
         5a:cf:2d:2c:9f:db:ca:0c:b2:5a:df:3f:a1:68:22:90:84:23:
         92:10:b9:a0:92:95:a3:95:33:22:32:88:73:4c:6e:82:1b:7f:
         87:0b:49:c6:c0:21:1f:a5:fa:e7:f9:23:71:71:35:c1:38:97:
         2d:4f:3e:ae:1a:d8:7a:62:dc:77:0b:74:fd:75:eb:00:9e:b9:
         42:b0:1a:af:77:07:2a:4a:c4:73:ab:ed:61:23:f8:1b:f9:07:
         42:be:dd:29:cc:cb:e7:30:df:7b:50:68:1f:74:52:29:05:13:
         cf:2a:d2:44:3f:da:4a:7d:b8:20:5e:61:d0:77:75:4a:a1:40:
         61:00:67:78:b4:61:df:d4:88:15:03:27:64:ae:b1:1b:ee:cf:
         71:14:6c:fd:98:1d:06:bd:cc:87:d1:44:95:17:c6:3c:38:74:
         ff:40:6b:8d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtnE4SiwJ9Q5GZamdruaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTg5MjI5ZTA4YzVjZDRmMDU4NzY1MDk0YmY1ZGNmMGM4MDYwZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1Hss3drMagMs4mpMsC1KJ5eVreM
z8F5BREIqdmoMx40GkHMvdXhTVceWepVYMT5PT79leEOUyvkaPeprfMwNJC6sYNR
b/+CVkT29i/vXT1Bf0Cfqg4J5ClDT7Lv+zxIxhMtXjueqEVDpc3vkbk8QiB0jK3/
ANvBzPB61j+UceoCj3fiw0nJc8R4zBecunqf/tSDUp63mwMFKDyfKFnfBOLR7C5L
b+bcGOp/yCMy/d/nV9RtQ9Tjj0AiAGv57qy+/qRdw/klon8oEmuxcS49EkrbbtgE
N0BfdeoNouHVCk6a1OwSHFPwxmUFNQ5ycFqWtnWK/ZDcZWphsSDbMNhE+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmJIp4Ixc1PBYdlCUv13PDIBg3OMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvMS1Za2luZ2pGelU4RmgyVUpTX1hjOE1nR0RjNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDAvZjI3NzBiLWRhMTktNDc5MC1hNDk0LWM1OGU5NWNkNDI3
Ny8xL1lESmNJZEw2X25Rem1Od2VWWFJETW9BUkJHay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMK2TAN
BgkqhkiG9w0BAQsFAAOCAQEALA4epeni7lBx9VS/oDm8D5ugb6l48e4/hYD5dpoo
UNYn3gcCHas6XXIv8WoUBqc7WQ8UEfHzyGhPAFraRUtHJ/JLZH11MF61NAxCNwsi
OsRokY2S+Q9ucuNkWs8tLJ/bygyyWt8/oWgikIQjkhC5oJKVo5UzIjKIc0xught/
hwtJxsAhH6X65/kjcXE1wTiXLU8+rhrYemLcdwt0/XXrAJ65QrAar3cHKkrEc6vt
YSP4G/kHQr7dKczL5zDfe1BoH3RSKQUTzyrSRD/aSn24IF5h0Hd1SqFAYQBneLRh
39SIFQMnZK6xG+7PcRRs/ZgdBr3Mh9FElRfGPDh0/0BrjQ==
-----END CERTIFICATE-----