Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/6YLUjYx-9XLfDdWRRYDkTt_LpTE.roa
File:                     6YLUjYx-9XLfDdWRRYDkTt_LpTE.roa (raw, json)
Hash identifier:          DTuihjFWQtmWAFX8adAOj1dc+5bgIlj5buoR+zBARO4=
Subject key identifier:   E9:82:D4:8D:8C:7E:F5:72:DF:0D:D5:91:45:80:E4:4E:DF:CB:A5:31
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC801367A3CEE55676FADF9693ED71AB7
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/6YLUjYx-9XLfDdWRRYDkTt_LpTE.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21413
IP address blocks:        192.44.4.0/24 maxlen: 24
                          153.96.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:36:7a:3c:ee:55:67:6f:ad:f9:69:3e:d7:1a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e982d48d8c7ef572df0dd5914580e44edfcba531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:63:73:67:65:bf:3a:b7:1a:a2:c2:a6:c6:32:
                    9b:a9:58:0c:77:d4:c3:17:7b:22:8c:ec:ec:01:55:
                    25:c0:59:67:70:10:e6:6f:8b:3c:98:65:6e:9c:69:
                    64:0b:07:da:b8:10:ca:b1:d2:22:b6:b4:96:0a:1c:
                    6d:d7:51:01:1b:ce:80:17:df:69:14:18:7c:ef:54:
                    89:cd:4d:c5:b4:e2:bb:cc:70:7b:40:fe:d2:40:f1:
                    ff:90:40:53:8e:c0:b9:a3:3d:be:25:fb:60:52:ca:
                    38:65:b0:a9:79:32:05:e7:4c:b8:a5:b2:02:1b:3a:
                    ee:09:13:79:d8:47:c0:8b:be:f2:32:9b:60:fc:9f:
                    01:ac:9d:3a:57:99:ac:76:6d:6b:1b:5a:b7:70:4f:
                    d1:43:4f:23:ca:ee:1b:cb:b7:fe:0d:0e:11:6e:31:
                    e4:86:29:20:55:34:a7:0a:a8:a0:d8:eb:90:62:bc:
                    db:dd:6a:9c:f4:26:b8:41:af:f8:9b:10:c1:5f:f2:
                    b1:ac:67:30:17:ce:70:c4:d3:53:09:17:b8:ac:51:
                    08:67:4c:d6:51:a8:cd:62:47:1e:38:ef:a3:78:a0:
                    07:7b:13:68:b1:42:87:ad:ec:d7:bc:60:88:99:99:
                    9b:c5:a4:31:d6:35:da:c9:c5:bc:79:7e:4f:99:fe:
                    70:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:82:D4:8D:8C:7E:F5:72:DF:0D:D5:91:45:80:E4:4E:DF:CB:A5:31
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/6YLUjYx-9XLfDdWRRYDkTt_LpTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.26.0/24
                  192.44.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:7d:52:f9:5c:49:51:ee:45:ec:88:5e:a6:1b:8a:32:85:5e:
         d4:8d:5f:b7:6a:f2:45:ea:17:8b:0a:76:f9:d6:6c:0c:19:45:
         bc:7b:1f:9e:3e:2b:72:54:67:6f:47:0a:d8:30:5b:0d:ab:f1:
         55:ff:ba:9e:42:fd:b6:3a:8b:22:1c:de:61:21:4c:8b:00:ff:
         ff:29:0a:0e:55:eb:66:c0:c4:aa:51:55:37:9c:13:49:e4:a8:
         4b:87:b0:52:b3:9d:be:cf:ca:45:dc:86:d4:04:9b:5c:4d:5e:
         92:02:7b:a4:9a:5f:e6:32:68:09:33:4a:f5:5f:8e:75:52:a1:
         9b:de:8d:a1:4c:19:68:a9:90:d1:c7:c3:cf:79:c2:fe:91:f1:
         bd:cf:d2:c1:6d:93:69:72:b3:19:1a:de:76:59:65:ca:53:12:
         9b:56:d0:3e:9c:ab:4c:77:d2:c1:87:c2:42:27:41:10:19:6c:
         bc:ac:9d:88:fb:65:e9:c6:b0:5e:bb:fe:ad:b0:27:ce:67:c2:
         f8:d9:19:f9:c4:37:87:c2:1f:89:45:1a:d7:76:d4:5e:f1:e1:
         15:39:90:8d:55:0c:7f:6b:ec:1a:4a:a5:d9:8b:85:a8:e9:b6:
         fa:8d:47:4b:8e:f8:14:a9:b9:84:4b:7f:07:f4:b6:4d:fd:59:
         fc:cd:86:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIATZ6PO5VZ2+t+Wk+1xq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTgyZDQ4ZDhjN2VmNTcyZGYwZGQ1OTE0NTgwZTQ0ZWRmY2JhNTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGNzZ2W/OrcaosKmxjKbqVgMd9TD
F3sijOzsAVUlwFlncBDmb4s8mGVunGlkCwfauBDKsdIitrSWChxt11EBG86AF99p
FBh871SJzU3FtOK7zHB7QP7SQPH/kEBTjsC5oz2+JftgUso4ZbCpeTIF50y4pbIC
GzruCRN52EfAi77yMptg/J8BrJ06V5msdm1rG1q3cE/RQ08jyu4by7f+DQ4RbjHk
hikgVTSnCqig2OuQYrzb3Wqc9Ca4Qa/4mxDBX/KxrGcwF85wxNNTCRe4rFEIZ0zW
UajNYkceOO+jeKAHexNosUKHrezXvGCImZmbxaQx1jXaycW8eX5Pmf5wvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOmC1I2MfvVy3w3VkUWA5E7fy6UxMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvNllMVWpZeC05WExmRGRXUlJZRGtUdF9McFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmWAaAwQA
wCwEMA0GCSqGSIb3DQEBCwUAA4IBAQCofVL5XElR7kXsiF6mG4oyhV7UjV+3avJF
6heLCnb51mwMGUW8ex+ePityVGdvRwrYMFsNq/FV/7qeQv22OosiHN5hIUyLAP//
KQoOVetmwMSqUVU3nBNJ5KhLh7BSs52+z8pF3IbUBJtcTV6SAnukml/mMmgJM0r1
X451UqGb3o2hTBloqZDRx8PPecL+kfG9z9LBbZNpcrMZGt52WWXKUxKbVtA+nKtM
d9LBh8JCJ0EQGWy8rJ2I+2XpxrBeu/6tsCfOZ8L42Rn5xDeHwh+JRRrXdtRe8eEV
OZCNVQx/a+waSqXZi4Wo6bb6jUdLjvgUqbmES38H9LZN/Vn8zYaw
-----END CERTIFICATE-----