Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/YVY9nIlUnxzvYvUHcuswYdgv-5c.roa
File:                     YVY9nIlUnxzvYvUHcuswYdgv-5c.roa (raw, json)
Hash identifier:          de7Nhke3BR4RbsVq7LgDRBaPDz0mhJShPdisp8UZut0=
Subject key identifier:   61:56:3D:9C:89:54:9F:1C:EF:62:F5:07:72:EB:30:61:D8:2F:FB:97
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       0194221F7E249840246F95166ED283A016DE
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/YVY9nIlUnxzvYvUHcuswYdgv-5c.roa
Signing time:             Wed 01 Jan 2025 13:47:56 +0000
ROA not before:           Wed 01 Jan 2025 13:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44431
IP address blocks:        193.220.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7e:24:98:40:24:6f:95:16:6e:d2:83:a0:16:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Jan  1 13:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61563d9c89549f1cef62f50772eb3061d82ffb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0a:ea:af:11:b9:23:b3:4e:99:83:6d:49:c9:
                    eb:41:83:e4:e2:8b:29:87:f9:33:2f:a6:35:9d:e9:
                    31:3e:45:62:5e:51:cf:8f:c9:45:f6:4a:ca:60:02:
                    39:28:5f:3f:1e:51:5f:ed:a2:5f:2c:8e:2b:26:3f:
                    28:9d:0d:20:1c:5e:d0:a5:eb:43:f3:2a:c1:5c:1b:
                    a8:db:50:5f:53:20:e5:40:45:27:ca:73:b7:3b:75:
                    13:12:c1:7f:22:c4:6e:e0:91:7c:09:a7:52:73:d8:
                    fe:d2:dd:9b:f4:56:da:71:d4:b1:a3:f6:0c:9c:ed:
                    27:a4:2a:cf:95:19:af:99:80:bc:34:19:08:fe:2f:
                    c4:b7:f9:a0:e2:88:66:d5:df:c4:d8:7c:fc:de:0d:
                    47:85:54:82:0c:94:44:be:26:35:14:7c:51:4f:b0:
                    b3:03:96:e0:35:34:b9:83:53:3b:fa:54:12:f1:31:
                    ec:c6:30:e3:f5:0c:12:d6:d8:b7:fc:6f:b9:20:3e:
                    bc:1d:2d:52:0a:a5:a6:18:6e:31:34:71:3c:a1:d6:
                    10:0c:bb:91:2d:32:6c:ce:43:54:d3:ae:08:06:dd:
                    f5:ae:da:08:f8:6e:fc:bd:ab:2d:1a:fa:58:e8:02:
                    0c:39:8c:69:f7:02:16:f5:e5:ec:88:d8:6c:01:a4:
                    1c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:56:3D:9C:89:54:9F:1C:EF:62:F5:07:72:EB:30:61:D8:2F:FB:97
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/YVY9nIlUnxzvYvUHcuswYdgv-5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.220.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:cb:0c:49:17:0b:5a:18:10:89:a0:d5:b4:37:f3:df:da:f8:
         6d:93:92:e2:ca:77:bf:a1:1f:90:14:53:91:ec:f4:cd:a0:03:
         20:15:37:27:50:ee:c7:4f:36:08:cb:0a:f6:b1:06:30:da:28:
         75:f3:08:be:bd:b0:f0:6e:cb:9e:91:fe:8a:3d:73:27:78:5b:
         cd:d3:65:db:89:38:9f:09:72:f0:4e:bc:04:ff:54:7d:55:39:
         4c:ac:a6:02:10:63:3e:57:42:41:0e:eb:3c:18:e7:31:2b:2b:
         58:17:4c:09:d4:20:3d:d2:9b:78:8e:19:1d:6d:d1:d4:f5:af:
         4d:ce:92:c1:0b:2f:b9:0e:75:2b:f9:37:9a:2b:cc:9f:87:59:
         6d:b8:09:7e:d9:97:4e:af:c2:01:4e:a8:34:c9:fb:83:f0:67:
         7c:fa:63:31:61:59:7c:91:61:2f:67:7a:e4:27:d4:45:10:a1:
         68:8e:2f:9d:71:09:5f:1f:35:11:c9:d4:68:70:bf:b9:cb:af:
         c9:c2:9e:c3:cb:35:70:a3:92:bc:52:58:81:72:af:17:f8:f1:
         41:a6:a3:27:1c:ec:10:cc:0e:0c:82:2e:3e:e6:1b:ff:48:a1:
         f0:dd:70:4a:8e:d4:70:30:df:23:05:02:4e:99:31:7d:58:40:
         b6:b5:0b:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH34kmEAkb5UWbtKDoBbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjUwMTAxMTM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTU2M2Q5Yzg5NTQ5ZjFjZWY2MmY1MDc3MmViMzA2MWQ4MmZmYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngrqrxG5I7NOmYNtScnrQYPk4osp
h/kzL6Y1nekxPkViXlHPj8lF9krKYAI5KF8/HlFf7aJfLI4rJj8onQ0gHF7QpetD
8yrBXBuo21BfUyDlQEUnynO3O3UTEsF/IsRu4JF8CadSc9j+0t2b9FbacdSxo/YM
nO0npCrPlRmvmYC8NBkI/i/Et/mg4ohm1d/E2Hz83g1HhVSCDJREviY1FHxRT7Cz
A5bgNTS5g1M7+lQS8THsxjDj9QwS1ti3/G+5ID68HS1SCqWmGG4xNHE8odYQDLuR
LTJszkNU064IBt31rtoI+G78vastGvpY6AIMOYxp9wIW9eXsiNhsAaQctwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFWPZyJVJ8c72L1B3LrMGHYL/uXMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvWVZZOW5JbFVueHp2WXZVSGN1c3dZZGd2LTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdygMA0G
CSqGSIb3DQEBCwUAA4IBAQCCywxJFwtaGBCJoNW0N/Pf2vhtk5Liyne/oR+QFFOR
7PTNoAMgFTcnUO7HTzYIywr2sQYw2ih18wi+vbDwbsuekf6KPXMneFvN02XbiTif
CXLwTrwE/1R9VTlMrKYCEGM+V0JBDus8GOcxKytYF0wJ1CA90pt4jhkdbdHU9a9N
zpLBCy+5DnUr+TeaK8yfh1ltuAl+2ZdOr8IBTqg0yfuD8Gd8+mMxYVl8kWEvZ3rk
J9RFEKFoji+dcQlfHzURydRocL+5y6/Jwp7DyzVwo5K8UliBcq8X+PFBpqMnHOwQ
zA4Mgi4+5hv/SKHw3XBKjtRwMN8jBQJOmTF9WEC2tQsu
-----END CERTIFICATE-----