Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/b4f6d3-a4c0-437c-b4c6-0d3814ea73c7/1/y1EZ0gLUpohbXauKZZRqZk45SvU.roa
File:                     y1EZ0gLUpohbXauKZZRqZk45SvU.roa (raw, json)
Hash identifier:          8zKmffBb8aKQbSpV6+4is+iMe8hZQmIHxz3u428CVK0=
Subject key identifier:   CB:51:19:D2:02:D4:A6:88:5B:5D:AB:8A:65:94:6A:66:4E:39:4A:F5
Certificate issuer:       /CN=9bad10f972e6789e2a4377a2c29ee08bc3a367ca
Certificate serial:       018CC3494DCA5BFD75FB0DD54329EC636BE4
Authority key identifier: 9B:AD:10:F9:72:E6:78:9E:2A:43:77:A2:C2:9E:E0:8B:C3:A3:67:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m60Q-XLmeJ4qQ3eiwp7gi8OjZ8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/b4f6d3-a4c0-437c-b4c6-0d3814ea73c7/1/y1EZ0gLUpohbXauKZZRqZk45SvU.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        23.252.72.0/24 maxlen: 24
                          185.179.245.0/24 maxlen: 24
                          2a10:4cc0::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/b4f6d3-a4c0-437c-b4c6-0d3814ea73c7/1/m60Q-XLmeJ4qQ3eiwp7gi8OjZ8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/b4f6d3-a4c0-437c-b4c6-0d3814ea73c7/1/m60Q-XLmeJ4qQ3eiwp7gi8OjZ8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m60Q-XLmeJ4qQ3eiwp7gi8OjZ8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4d:ca:5b:fd:75:fb:0d:d5:43:29:ec:63:6b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bad10f972e6789e2a4377a2c29ee08bc3a367ca
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb5119d202d4a6885b5dab8a65946a664e394af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:cf:e5:f1:5b:9b:93:bb:46:19:97:d5:cc:72:
                    13:f8:51:be:98:bd:ab:bc:a0:47:65:7c:77:46:29:
                    f1:d3:6c:95:b3:34:e3:a1:5f:ee:f7:43:5e:32:36:
                    74:66:b7:4c:9b:47:b9:12:fc:8c:f2:b7:c9:f1:27:
                    48:e5:d4:28:00:41:f8:7b:bc:f1:7c:b7:3a:14:92:
                    b3:f7:58:86:f5:3f:f4:55:26:53:2b:bd:f3:a4:ab:
                    ee:77:9f:36:04:85:14:e5:2d:39:fa:5a:48:0b:1f:
                    77:af:ad:c2:39:b0:c5:33:67:eb:bc:92:93:de:bd:
                    85:a4:8d:22:31:a9:8d:d8:af:df:c0:2c:1e:b4:19:
                    93:f6:66:8b:0b:c8:f3:09:2f:8b:3e:83:9f:79:bf:
                    a6:4b:8a:73:ee:11:9a:03:df:20:bf:c6:a7:74:e1:
                    8f:d4:66:95:e0:66:f1:18:42:3c:d4:b1:c2:92:a6:
                    5d:48:3d:66:a2:db:f1:dd:50:2f:f6:a2:b0:10:c1:
                    6f:2b:0a:ce:c7:1d:d4:94:4f:10:ce:7b:e7:a0:79:
                    cc:83:1e:02:84:32:ba:0b:aa:58:29:a8:a8:4e:47:
                    d0:40:f9:41:be:76:c8:39:5a:f2:44:58:ce:36:47:
                    4b:42:10:55:84:19:85:2a:98:eb:b2:b0:36:67:99:
                    b9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:51:19:D2:02:D4:A6:88:5B:5D:AB:8A:65:94:6A:66:4E:39:4A:F5
            X509v3 Authority Key Identifier:
                keyid:9B:AD:10:F9:72:E6:78:9E:2A:43:77:A2:C2:9E:E0:8B:C3:A3:67:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m60Q-XLmeJ4qQ3eiwp7gi8OjZ8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b4f6d3-a4c0-437c-b4c6-0d3814ea73c7/1/y1EZ0gLUpohbXauKZZRqZk45SvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b4f6d3-a4c0-437c-b4c6-0d3814ea73c7/1/m60Q-XLmeJ4qQ3eiwp7gi8OjZ8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.252.72.0/24
                  185.179.245.0/24
                IPv6:
                  2a10:4cc0::/40

    Signature Algorithm: sha256WithRSAEncryption
         6f:af:a9:18:1e:46:6f:3f:9f:d9:15:22:63:df:ea:bf:6b:77:
         3d:7c:c7:a6:0f:ba:ce:f1:88:a0:5d:41:d0:2c:d1:67:43:5b:
         5a:73:fe:86:e0:32:49:42:37:e6:92:c0:18:25:20:37:5c:aa:
         09:21:b5:ef:a6:1d:a6:86:84:38:12:14:e2:8b:fe:39:e8:7a:
         24:90:fb:7c:34:02:3d:9a:cf:5c:a6:cc:0c:ad:dd:e3:d6:1d:
         e0:7f:34:df:4f:70:02:9f:13:bc:45:23:b5:6c:62:b0:9a:e6:
         4e:f9:2f:95:bd:73:3b:6f:52:d9:7a:19:c8:e7:74:6a:9f:c3:
         73:df:1c:71:c6:b3:dd:df:0d:25:a0:f4:e3:f3:3d:1c:df:86:
         13:77:a2:b7:2d:49:17:7c:d7:c6:f9:9f:e2:cf:38:2d:40:fe:
         33:ed:d5:42:06:af:d0:63:2b:69:8d:9a:1d:ad:5e:76:cf:cb:
         9b:34:1e:f9:78:d2:58:5e:da:39:c5:c2:56:59:f6:89:e0:6a:
         cf:66:9d:68:da:d7:5c:5d:e8:86:6d:2a:79:42:d8:bc:f4:39:
         8c:37:ab:37:d0:13:77:09:13:0c:a6:6e:28:82:d4:7b:31:ac:
         13:c7:84:0d:f6:e3:72:3a:6f:95:a0:3b:50:d9:88:7c:81:fe:
         43:1c:bf:44
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzDSU3KW/11+w3VQynsY2vkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYWQxMGY5NzJlNjc4OWUyYTQzNzdhMmMyOWVlMDhiYzNh
MzY3Y2EwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUxMTlkMjAyZDRhNjg4NWI1ZGFiOGE2NTk0NmE2NjRlMzk0YWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiM/l8Vubk7tGGZfVzHIT+FG+mL2r
vKBHZXx3Rinx02yVszTjoV/u90NeMjZ0ZrdMm0e5EvyM8rfJ8SdI5dQoAEH4e7zx
fLc6FJKz91iG9T/0VSZTK73zpKvud582BIUU5S05+lpICx93r63CObDFM2frvJKT
3r2FpI0iMamN2K/fwCwetBmT9maLC8jzCS+LPoOfeb+mS4pz7hGaA98gv8andOGP
1GaV4GbxGEI81LHCkqZdSD1motvx3VAv9qKwEMFvKwrOxx3UlE8QznvnoHnMgx4C
hDK6C6pYKaioTkfQQPlBvnbIOVryRFjONkdLQhBVhBmFKpjrsrA2Z5m5FwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFMtRGdIC1KaIW12rimWUamZOOUr1MB8GA1UdIwQY
MBaAFJutEPly5nieKkN3osKe4IvDo2fKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTYwUS1YTG1lSjRxUTNlaXdwN2dpOE9qWjhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iNGY2ZDMtYTRjMC00MzdjLWI0YzYt
MGQzODE0ZWE3M2M3LzEveTFFWjBnTFVwb2hiWGF1S1paUnFaazQ1U3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iNGY2ZDMtYTRjMC00MzdjLWI0YzYtMGQzODE0ZWE3M2M3
LzEvbTYwUS1YTG1lSjRxUTNlaXdwN2dpOE9qWjhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAF/xIAwQA
ubP1MA4EAgACMAgDBgAqEEzAADANBgkqhkiG9w0BAQsFAAOCAQEAb6+pGB5Gbz+f
2RUiY9/qv2t3PXzHpg+6zvGIoF1B0CzRZ0NbWnP+huAySUI35pLAGCUgN1yqCSG1
76YdpoaEOBIU4ov+Oeh6JJD7fDQCPZrPXKbMDK3d49Yd4H80309wAp8TvEUjtWxi
sJrmTvkvlb1zO29S2XoZyOd0ap/Dc98cccaz3d8NJaD04/M9HN+GE3eity1JF3zX
xvmf4s84LUD+M+3VQgav0GMraY2aHa1eds/LmzQe+XjSWF7aOcXCVln2ieBqz2ad
aNrXXF3ohm0qeULYvPQ5jDerN9ATdwkTDKZuKILUezGsE8eEDfbjcjpvlaA7UNmI
fIH+Qxy/RA==
-----END CERTIFICATE-----