Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/YrQ8FPtm2EVg0VJlCLOYkJt53Bo.roa
File:                     YrQ8FPtm2EVg0VJlCLOYkJt53Bo.roa (raw, json)
Hash identifier:          /q3OIUfb/DtpaEWsmAw4dc7g05s7hPIrxPQFlPnk2EU=
Subject key identifier:   62:B4:3C:14:FB:66:D8:45:60:D1:52:65:08:B3:98:90:9B:79:DC:1A
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018CC801A801D98A55F227C13E13BEB19B33
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/YrQ8FPtm2EVg0VJlCLOYkJt53Bo.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198976
IP address blocks:        213.135.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a8:01:d9:8a:55:f2:27:c1:3e:13:be:b1:9b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62b43c14fb66d84560d1526508b398909b79dc1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f3:3f:80:74:87:85:02:13:68:75:97:5c:49:
                    06:80:1c:6b:eb:a4:2c:fb:cd:cf:69:8f:0c:7d:39:
                    73:dc:32:e1:28:c7:f8:f9:3c:c9:6d:b3:ec:8a:6b:
                    af:72:74:bb:8c:f9:dd:87:6e:8f:47:ee:71:41:f1:
                    8b:23:07:11:9a:8a:eb:d3:33:a5:41:eb:d3:c7:8a:
                    0c:6c:09:47:88:7b:aa:7b:c1:bb:a4:fe:5c:e3:38:
                    e8:56:b2:0e:2b:32:11:62:68:4e:74:7d:1b:7a:a8:
                    af:a6:01:6e:47:53:f8:d7:67:a8:5a:65:f9:a6:db:
                    2b:7d:5a:91:b0:a9:6d:cf:68:ac:4a:b5:ca:f4:9f:
                    55:42:34:73:33:dd:56:31:6d:40:a9:88:cd:48:f4:
                    d2:ab:24:f3:fc:60:a6:06:97:4c:44:7e:e8:71:b9:
                    aa:30:1d:ed:e2:56:b2:bf:12:11:40:1f:dd:de:b3:
                    e4:a1:ed:23:5e:c7:91:37:03:76:72:53:63:e6:1b:
                    87:5c:67:a1:80:da:8a:15:4d:7a:ca:a8:c9:2e:e3:
                    7b:bd:4f:6c:f2:19:4a:60:3d:82:28:c1:d6:aa:d2:
                    94:89:30:54:26:5c:59:e1:f4:82:5e:e9:b0:ba:44:
                    3d:31:37:d8:a8:d9:e5:f5:02:bc:27:d5:07:25:c1:
                    b8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B4:3C:14:FB:66:D8:45:60:D1:52:65:08:B3:98:90:9B:79:DC:1A
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/YrQ8FPtm2EVg0VJlCLOYkJt53Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.135.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:76:60:6c:60:be:68:9f:cc:83:cd:db:ae:40:a5:42:ff:b7:
         4a:65:a2:a1:6f:3b:d4:bf:10:f9:43:b6:a5:62:3e:56:fd:82:
         e1:3c:54:77:86:01:e2:e0:09:e7:42:f6:3e:07:98:16:01:0f:
         73:be:f3:aa:5c:b7:48:51:0c:51:a8:5d:7f:fb:fe:02:d4:3c:
         ff:16:90:95:02:ef:5e:b8:55:40:1d:c6:35:45:ef:17:fb:c4:
         3b:e2:b2:ab:2d:75:f5:6a:8b:cd:c0:d3:1c:9f:8a:ad:9a:0d:
         19:4f:0f:80:82:df:1e:fa:47:23:f2:a4:be:3d:da:45:3f:86:
         14:46:a7:4e:45:cf:a8:a2:11:d8:44:41:e6:95:76:01:24:e9:
         18:02:ed:a6:11:ea:f7:3c:89:ab:89:2d:c6:ce:cc:1e:68:27:
         d8:53:59:9c:4a:ce:f8:60:a4:90:e4:62:f5:9f:49:ea:bd:24:
         8b:66:4a:48:e3:cd:f9:d2:49:d1:7d:23:f2:00:40:a6:bd:e5:
         2a:02:ff:ec:59:e6:d7:21:47:8d:b4:15:20:9f:25:ed:6e:f0:
         5b:b4:47:17:d9:c7:c7:03:91:8c:eb:57:50:26:c1:02:7f:e6:
         5c:fc:0e:97:c5:9a:e3:8f:02:31:3d:39:7f:27:ef:a1:40:fa:
         0d:f9:24:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAagB2YpV8ifBPhO+sZszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmI0M2MxNGZiNjZkODQ1NjBkMTUyNjUwOGIzOTg5MDliNzlkYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvM/gHSHhQITaHWXXEkGgBxr66Qs
+83PaY8MfTlz3DLhKMf4+TzJbbPsimuvcnS7jPndh26PR+5xQfGLIwcRmorr0zOl
QevTx4oMbAlHiHuqe8G7pP5c4zjoVrIOKzIRYmhOdH0beqivpgFuR1P412eoWmX5
ptsrfVqRsKltz2isSrXK9J9VQjRzM91WMW1AqYjNSPTSqyTz/GCmBpdMRH7ocbmq
MB3t4layvxIRQB/d3rPkoe0jXseRNwN2clNj5huHXGehgNqKFU16yqjJLuN7vU9s
8hlKYD2CKMHWqtKUiTBUJlxZ4fSCXumwukQ9MTfYqNnl9QK8J9UHJcG4bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGK0PBT7ZthFYNFSZQizmJCbedwaMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvWXJROEZQdG0yRVZnMFZKbENMT1lrSnQ1M0JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YdHMA0G
CSqGSIb3DQEBCwUAA4IBAQCxdmBsYL5on8yDzduuQKVC/7dKZaKhbzvUvxD5Q7al
Yj5W/YLhPFR3hgHi4AnnQvY+B5gWAQ9zvvOqXLdIUQxRqF1/+/4C1Dz/FpCVAu9e
uFVAHcY1Re8X+8Q74rKrLXX1aovNwNMcn4qtmg0ZTw+Agt8e+kcj8qS+PdpFP4YU
RqdORc+oohHYREHmlXYBJOkYAu2mEer3PImriS3GzsweaCfYU1mcSs74YKSQ5GL1
n0nqvSSLZkpI48350knRfSPyAECmveUqAv/sWebXIUeNtBUgnyXtbvBbtEcX2cfH
A5GM61dQJsECf+Zc/A6XxZrjjwIxPTl/J++hQPoN+SRC
-----END CERTIFICATE-----