Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/1cf9ac-10d4-4a5e-a706-d1c9ba08f559/1/yuLOVDiTHMRGfWiry2L0Zvy2QGg.roa
File:                     yuLOVDiTHMRGfWiry2L0Zvy2QGg.roa (raw, json)
Hash identifier:          skgXqwQJNVvc3+iCn+ooBtQNX1sN/WoDd3vKmGAvabI=
Subject key identifier:   CA:E2:CE:54:38:93:1C:C4:46:7D:68:AB:CB:62:F4:66:FC:B6:40:68
Certificate issuer:       /CN=38227a96fa64ad95240f0aee0bd374646c6bbee2
Certificate serial:       018CC7273972A2BC345EAB93237601592D88
Authority key identifier: 38:22:7A:96:FA:64:AD:95:24:0F:0A:EE:0B:D3:74:64:6C:6B:BE:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCJ6lvpkrZUkDwruC9N0ZGxrvuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/1cf9ac-10d4-4a5e-a706-d1c9ba08f559/1/yuLOVDiTHMRGfWiry2L0Zvy2QGg.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8680
IP address blocks:        5.253.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/1cf9ac-10d4-4a5e-a706-d1c9ba08f559/1/OCJ6lvpkrZUkDwruC9N0ZGxrvuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/1cf9ac-10d4-4a5e-a706-d1c9ba08f559/1/OCJ6lvpkrZUkDwruC9N0ZGxrvuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCJ6lvpkrZUkDwruC9N0ZGxrvuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:39:72:a2:bc:34:5e:ab:93:23:76:01:59:2d:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38227a96fa64ad95240f0aee0bd374646c6bbee2
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cae2ce5438931cc4467d68abcb62f466fcb64068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fa:58:bf:a7:4c:2b:90:63:f2:4b:ec:57:c6:
                    ee:37:62:82:49:3a:c3:f0:c3:ae:55:82:cf:9c:27:
                    b4:6d:ca:e5:b6:08:8d:25:50:9c:23:a8:5d:a7:49:
                    3f:b2:3b:08:e7:44:02:53:a0:d4:3b:db:f2:40:9c:
                    fe:5a:eb:74:3b:c8:39:0f:de:6c:5f:a8:f3:6a:05:
                    e4:a8:7a:fe:7d:84:9b:b1:71:de:fc:57:da:df:2d:
                    f6:b8:06:06:8a:23:69:24:1b:cd:14:b6:f4:6b:5e:
                    0d:10:41:dd:12:40:34:68:11:fb:a2:81:b8:bf:5b:
                    21:fb:7f:ef:35:39:8b:26:80:7e:3c:e4:cf:47:f0:
                    ee:5d:03:f2:e3:11:c3:10:30:bc:44:0c:c7:e1:ae:
                    26:d0:3c:1f:1c:05:2c:09:76:00:19:8f:e5:7d:b8:
                    99:45:7e:c3:4b:95:2d:94:fe:81:2b:f7:2e:3b:2d:
                    ee:92:a1:3a:16:be:20:11:58:b1:10:59:cc:0f:0c:
                    49:9e:4c:6a:95:5e:00:42:72:62:7a:d3:59:84:39:
                    44:4d:b8:be:9b:70:66:62:63:3c:47:3c:4c:45:1c:
                    0e:6b:5e:cd:2d:d6:3a:5a:a4:1b:7a:32:1c:f2:5f:
                    c5:ac:80:f3:8b:b6:67:61:85:cd:56:24:a9:63:67:
                    4e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E2:CE:54:38:93:1C:C4:46:7D:68:AB:CB:62:F4:66:FC:B6:40:68
            X509v3 Authority Key Identifier:
                keyid:38:22:7A:96:FA:64:AD:95:24:0F:0A:EE:0B:D3:74:64:6C:6B:BE:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCJ6lvpkrZUkDwruC9N0ZGxrvuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/1cf9ac-10d4-4a5e-a706-d1c9ba08f559/1/yuLOVDiTHMRGfWiry2L0Zvy2QGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/1cf9ac-10d4-4a5e-a706-d1c9ba08f559/1/OCJ6lvpkrZUkDwruC9N0ZGxrvuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:cd:36:15:b5:a1:47:c9:eb:c9:52:bb:36:b1:ba:af:11:8c:
         66:71:19:e6:0d:74:02:26:06:ae:6f:5b:96:d7:ac:16:86:45:
         f9:e2:e1:5d:d1:96:72:f2:21:53:69:cf:69:d6:34:0a:41:60:
         ca:ee:02:14:ed:e6:cc:c4:2b:c8:2e:f8:cc:bd:fa:97:ad:66:
         83:55:a1:1e:53:3d:ed:de:7c:59:c3:f1:4d:d4:45:2b:06:9d:
         5b:57:c0:5d:e1:2d:9a:00:22:6d:2f:ee:fc:4b:a2:24:b9:fc:
         1e:2b:ac:4f:88:a7:83:62:d3:27:e4:fa:a2:be:62:4b:8b:a5:
         94:62:bc:81:62:e6:24:a9:bb:fb:b6:00:6e:20:0c:16:74:4c:
         24:c8:51:f7:6b:a3:d1:a5:fb:1e:82:c1:e5:b9:32:ce:3d:e3:
         6d:bb:1e:48:13:8a:d8:34:65:8c:f2:f0:44:53:b9:04:96:d6:
         82:cc:a4:bd:9d:aa:3b:0a:34:cf:b5:ed:82:c7:a4:13:c0:ee:
         88:ae:57:5f:e3:f9:7f:11:37:9a:db:cd:57:28:2e:74:bc:41:
         76:20:29:c9:7f:2e:5a:f1:f8:4a:f9:9d:b6:ea:63:25:3f:89:
         56:22:1e:d1:a6:4a:a1:cc:0e:bb:77:16:a1:37:55:19:1f:74:
         45:1a:78:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzlyorw0XquTI3YBWS2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjI3YTk2ZmE2NGFkOTUyNDBmMGFlZTBiZDM3NDY0NmM2
YmJlZTIwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWUyY2U1NDM4OTMxY2M0NDY3ZDY4YWJjYjYyZjQ2NmZjYjY0MDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPpYv6dMK5Bj8kvsV8buN2KCSTrD
8MOuVYLPnCe0bcrltgiNJVCcI6hdp0k/sjsI50QCU6DUO9vyQJz+Wut0O8g5D95s
X6jzagXkqHr+fYSbsXHe/Ffa3y32uAYGiiNpJBvNFLb0a14NEEHdEkA0aBH7ooG4
v1sh+3/vNTmLJoB+POTPR/DuXQPy4xHDEDC8RAzH4a4m0DwfHAUsCXYAGY/lfbiZ
RX7DS5UtlP6BK/cuOy3ukqE6Fr4gEVixEFnMDwxJnkxqlV4AQnJietNZhDlETbi+
m3BmYmM8RzxMRRwOa17NLdY6WqQbejIc8l/FrIDzi7ZnYYXNViSpY2dOuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrizlQ4kxzERn1oq8ti9Gb8tkBoMB8GA1UdIwQY
MBaAFDgiepb6ZK2VJA8K7gvTdGRsa77iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NKNmx2cGtyWlVrRHdydUM5TjBaR3hydnVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xY2Y5YWMtMTBkNC00YTVlLWE3MDYt
ZDFjOWJhMDhmNTU5LzEveXVMT1ZEaVRITVJHZldpcnkyTDBadnkyUUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xY2Y5YWMtMTBkNC00YTVlLWE3MDYtZDFjOWJhMDhmNTU5
LzEvT0NKNmx2cGtyWlVrRHdydUM5TjBaR3hydnVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf1MMA0G
CSqGSIb3DQEBCwUAA4IBAQBSzTYVtaFHyevJUrs2sbqvEYxmcRnmDXQCJgaub1uW
16wWhkX54uFd0ZZy8iFTac9p1jQKQWDK7gIU7ebMxCvILvjMvfqXrWaDVaEeUz3t
3nxZw/FN1EUrBp1bV8Bd4S2aACJtL+78S6IkufweK6xPiKeDYtMn5PqivmJLi6WU
YryBYuYkqbv7tgBuIAwWdEwkyFH3a6PRpfsegsHluTLOPeNtux5IE4rYNGWM8vBE
U7kEltaCzKS9nao7CjTPte2Cx6QTwO6Irldf4/l/ETea281XKC50vEF2ICnJfy5a
8fhK+Z226mMlP4lWIh7RpkqhzA67dxahN1UZH3RFGnjP
-----END CERTIFICATE-----