Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/9ec134-f04f-4423-8be5-7f5e1759f84e/1/YkTwnLLBjio1cr_ngfAfzZs1Hh0.roa
File:                     YkTwnLLBjio1cr_ngfAfzZs1Hh0.roa (raw, json)
Hash identifier:          Y9RRPtZapEofyZ5MjGOGJpjlqTcZ/UM1TnoKmtwIB40=
Subject key identifier:   62:44:F0:9C:B2:C1:8E:2A:35:72:BF:E7:81:F0:1F:CD:9B:35:1E:1D
Certificate issuer:       /CN=771072920d8c9a2b40eb3a045f1f2a6e334a4496
Certificate serial:       0194236A438ADEDE01CE76FC2E6394FB7E07
Authority key identifier: 77:10:72:92:0D:8C:9A:2B:40:EB:3A:04:5F:1F:2A:6E:33:4A:44:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dxBykg2MmitA6zoEXx8qbjNKRJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/9ec134-f04f-4423-8be5-7f5e1759f84e/1/YkTwnLLBjio1cr_ngfAfzZs1Hh0.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        193.189.114.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/9ec134-f04f-4423-8be5-7f5e1759f84e/1/dxBykg2MmitA6zoEXx8qbjNKRJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/9ec134-f04f-4423-8be5-7f5e1759f84e/1/dxBykg2MmitA6zoEXx8qbjNKRJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dxBykg2MmitA6zoEXx8qbjNKRJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:43:8a:de:de:01:ce:76:fc:2e:63:94:fb:7e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=771072920d8c9a2b40eb3a045f1f2a6e334a4496
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6244f09cb2c18e2a3572bfe781f01fcd9b351e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:66:35:35:13:87:10:48:f2:a0:22:b0:5e:a3:
                    1e:1b:d5:4f:99:3e:51:a1:ac:6e:18:fc:3d:c5:94:
                    b5:45:8d:db:13:d8:58:6f:e8:5d:28:75:00:0b:bd:
                    91:b5:61:14:d9:ff:a3:f4:e5:9e:10:36:08:41:ab:
                    dd:b4:88:87:34:50:e7:7c:19:99:57:81:22:93:7f:
                    6f:dd:82:ca:6d:7d:1e:b8:75:e8:0f:18:e5:42:0d:
                    78:05:38:fb:ba:58:b8:9d:d7:b5:91:2a:6e:28:ca:
                    d9:5e:ac:2b:1e:03:24:d8:07:db:5e:a1:52:9a:e7:
                    2f:4d:f6:dc:17:f5:19:bd:db:d5:17:cb:1c:de:ab:
                    a8:63:65:55:97:21:24:6e:73:a6:cb:ba:e1:70:a1:
                    73:b8:f9:9b:12:b5:18:b9:44:62:75:3e:a9:32:82:
                    e5:1d:1d:4b:03:e9:fc:7d:37:d1:ef:bc:62:99:17:
                    9a:d9:6e:5c:9c:4f:7c:fb:99:3b:48:bc:01:bd:2a:
                    39:78:b4:04:88:b8:25:a3:6b:32:fb:80:50:63:c0:
                    64:23:c5:60:e2:ca:f4:5f:51:66:18:db:ef:45:c6:
                    d3:67:79:bf:37:de:d5:d1:c4:a6:59:6c:61:58:6d:
                    53:2e:af:f0:8a:81:72:18:6d:e7:7c:34:5d:d5:35:
                    e5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:44:F0:9C:B2:C1:8E:2A:35:72:BF:E7:81:F0:1F:CD:9B:35:1E:1D
            X509v3 Authority Key Identifier:
                keyid:77:10:72:92:0D:8C:9A:2B:40:EB:3A:04:5F:1F:2A:6E:33:4A:44:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dxBykg2MmitA6zoEXx8qbjNKRJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/9ec134-f04f-4423-8be5-7f5e1759f84e/1/YkTwnLLBjio1cr_ngfAfzZs1Hh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/9ec134-f04f-4423-8be5-7f5e1759f84e/1/dxBykg2MmitA6zoEXx8qbjNKRJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:53:3b:88:05:3b:32:ad:70:72:69:2e:96:af:dd:06:1c:78:
         18:1f:66:6b:10:01:56:48:64:47:e2:0c:d0:5d:97:89:8b:ab:
         8a:c9:d9:d2:e3:36:6b:5b:84:6c:f4:15:c4:44:6d:68:e7:69:
         97:00:a5:3f:7d:2b:64:c0:58:95:33:2f:cf:f0:b0:ff:39:2e:
         a5:a1:a8:ed:ff:8f:57:3a:44:dd:ea:a5:25:30:46:65:d7:fb:
         de:5a:01:a2:2d:bb:33:3e:64:e1:1c:f7:d0:09:a2:d1:43:83:
         b7:2f:45:41:58:b8:a9:74:c5:f2:ef:0f:24:6a:a9:6e:bf:e4:
         59:08:8a:85:e9:c3:84:03:45:b7:ce:f4:40:1c:4f:a3:1e:70:
         c0:f9:ee:d6:05:63:49:c8:64:44:e3:19:a9:77:75:9a:a1:45:
         34:d8:58:17:01:4e:e0:8c:f0:76:8e:65:f4:52:5f:9f:bf:61:
         47:d5:99:bb:24:27:8d:6e:80:c9:71:f9:6e:d2:0b:0e:6c:c1:
         fb:d4:33:a5:b4:2e:35:cd:fc:d7:ca:10:16:4a:c6:ab:d0:ce:
         9f:eb:7f:79:3f:d0:a9:b1:a0:17:5e:bb:bd:1d:24:a8:bc:41:
         cc:ae:48:60:19:be:d0:48:a2:5b:9d:1d:57:4d:a6:29:89:3c:
         e2:ba:a1:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakOK3t4Bznb8LmOU+34HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MTA3MjkyMGQ4YzlhMmI0MGViM2EwNDVmMWYyYTZlMzM0
YTQ0OTYwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQ0ZjA5Y2IyYzE4ZTJhMzU3MmJmZTc4MWYwMWZjZDliMzUxZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2Y1NROHEEjyoCKwXqMeG9VPmT5R
oaxuGPw9xZS1RY3bE9hYb+hdKHUAC72RtWEU2f+j9OWeEDYIQavdtIiHNFDnfBmZ
V4Eik39v3YLKbX0euHXoDxjlQg14BTj7uli4nde1kSpuKMrZXqwrHgMk2AfbXqFS
mucvTfbcF/UZvdvVF8sc3quoY2VVlyEkbnOmy7rhcKFzuPmbErUYuURidT6pMoLl
HR1LA+n8fTfR77ximRea2W5cnE98+5k7SLwBvSo5eLQEiLglo2sy+4BQY8BkI8Vg
4sr0X1FmGNvvRcbTZ3m/N97V0cSmWWxhWG1TLq/wioFyGG3nfDRd1TXlzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJE8JyywY4qNXK/54HwH82bNR4dMB8GA1UdIwQY
MBaAFHcQcpINjJorQOs6BF8fKm4zSkSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHhCeWtnMk1taXRBNnpvRVh4OHFiak5LUkpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC85ZWMxMzQtZjA0Zi00NDIzLThiZTUt
N2Y1ZTE3NTlmODRlLzEvWWtUd25MTEJqaW8xY3JfbmdmQWZ6WnMxSGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC85ZWMxMzQtZjA0Zi00NDIzLThiZTUtN2Y1ZTE3NTlmODRl
LzEvZHhCeWtnMk1taXRBNnpvRVh4OHFiak5LUkpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwb1yMA0G
CSqGSIb3DQEBCwUAA4IBAQAfUzuIBTsyrXByaS6Wr90GHHgYH2ZrEAFWSGRH4gzQ
XZeJi6uKydnS4zZrW4Rs9BXERG1o52mXAKU/fStkwFiVMy/P8LD/OS6loajt/49X
OkTd6qUlMEZl1/veWgGiLbszPmThHPfQCaLRQ4O3L0VBWLipdMXy7w8kaqluv+RZ
CIqF6cOEA0W3zvRAHE+jHnDA+e7WBWNJyGRE4xmpd3WaoUU02FgXAU7gjPB2jmX0
Ul+fv2FH1Zm7JCeNboDJcflu0gsObMH71DOltC41zfzXyhAWSsar0M6f6395P9Cp
saAXXru9HSSovEHMrkhgGb7QSKJbnR1XTaYpiTziuqGC
-----END CERTIFICATE-----