Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/YzbPGgCWAt-6sSbaqPqUR5eAG5U.roa
File:                     YzbPGgCWAt-6sSbaqPqUR5eAG5U.roa (raw, json)
Hash identifier:          sXFmp9TYGezQDI69/XtH/y+fH7Kl2Wub2/toTCDqcng=
Subject key identifier:   63:36:CF:1A:00:96:02:DF:BA:B1:26:DA:A8:FA:94:47:97:80:1B:95
Certificate issuer:       /CN=0ef47d753d25289fd98794974aa0536010567bd9
Certificate serial:       018CC8DF7BBCF53E2470AFC84BD64C9003F1
Authority key identifier: 0E:F4:7D:75:3D:25:28:9F:D9:87:94:97:4A:A0:53:60:10:56:7B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/YzbPGgCWAt-6sSbaqPqUR5eAG5U.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        104.129.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7b:bc:f5:3e:24:70:af:c8:4b:d6:4c:90:03:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef47d753d25289fd98794974aa0536010567bd9
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6336cf1a009602dfbab126daa8fa944797801b95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7c:54:d0:94:2d:59:d3:d6:e7:f5:ab:5e:db:
                    54:c9:ff:5a:4f:9c:d6:92:1f:6d:bc:2c:7b:1f:dd:
                    d5:a4:fe:2d:be:54:40:44:ed:63:26:d5:0a:68:40:
                    db:a6:cb:fd:ff:5a:54:ef:44:74:87:a1:60:44:ec:
                    ef:4d:c6:b4:8d:cc:68:5c:a3:d9:08:8d:08:fe:ae:
                    63:d7:cb:85:f4:e0:69:c4:62:51:53:89:7b:42:e6:
                    b4:a5:5c:78:87:06:e1:d4:79:ff:e9:e8:11:3d:83:
                    f1:68:6b:14:46:92:3b:d3:95:80:5a:7c:7c:58:4b:
                    8a:3d:24:5c:a1:a9:0c:aa:e8:2f:60:cd:25:44:3d:
                    f1:53:dc:b3:ec:af:3b:78:7f:58:c3:cf:1d:a9:9b:
                    fe:f3:f4:8a:5b:99:09:7f:cb:ed:46:96:ff:52:96:
                    2f:6c:01:90:b8:fc:57:09:d2:df:b9:76:4c:7c:a8:
                    e6:73:c0:29:ed:ae:69:3b:b8:b7:31:08:18:d8:18:
                    3a:ea:b3:a2:e1:50:0c:00:bf:b0:9a:4b:7a:ec:65:
                    08:59:87:12:3b:1a:e8:b9:1e:99:5f:50:8f:3e:d6:
                    46:be:34:bd:6b:ed:e4:a8:9b:5c:e6:25:38:7b:8b:
                    1b:fa:0a:f0:8e:4f:94:9c:5a:64:b6:55:f5:82:c3:
                    4e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:36:CF:1A:00:96:02:DF:BA:B1:26:DA:A8:FA:94:47:97:80:1B:95
            X509v3 Authority Key Identifier:
                keyid:0E:F4:7D:75:3D:25:28:9F:D9:87:94:97:4A:A0:53:60:10:56:7B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/YzbPGgCWAt-6sSbaqPqUR5eAG5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.129.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a1:aa:43:a2:32:fc:23:ff:ab:2b:b4:57:33:42:a9:24:e2:
         79:c8:ac:bd:29:f6:3c:0f:c8:aa:05:22:a6:b8:62:03:d5:2e:
         17:e3:1c:a8:ad:f0:f3:9e:16:20:c4:db:8e:49:66:b5:2c:c8:
         37:09:79:7e:3d:da:6b:9b:1f:fe:f2:e2:4f:88:45:7f:fd:63:
         66:d0:da:7e:58:91:6a:89:b8:94:82:25:e7:3f:c4:35:12:e3:
         45:00:e8:03:09:4e:bd:41:e7:da:ea:03:bb:27:14:10:4a:b4:
         e5:d7:7f:fc:0c:1a:b3:0f:60:26:68:54:38:17:66:51:03:a9:
         08:8b:99:87:cd:d6:6e:74:27:71:ca:3b:dc:08:0c:5f:ee:2b:
         cd:89:25:ef:ae:90:10:cc:48:51:46:00:0d:c2:df:7e:72:c5:
         a2:2e:ec:bf:d5:ea:ed:30:c0:9a:3a:b6:67:15:d0:70:65:45:
         2d:19:4b:b1:a0:9d:c5:8a:2e:15:12:85:75:c3:61:97:02:b0:
         31:5b:25:42:94:5b:df:32:d9:72:3e:a5:9e:d0:37:08:ff:14:
         78:db:af:fa:49:58:51:94:e7:70:06:bc:91:b1:ba:72:fc:f5:
         c7:3f:c6:f9:44:14:c8:54:3f:41:11:52:b8:64:4d:a4:79:db:
         fd:2f:78:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33u89T4kcK/IS9ZMkAPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjQ3ZDc1M2QyNTI4OWZkOTg3OTQ5NzRhYTA1MzYwMTA1
NjdiZDkwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM2Y2YxYTAwOTYwMmRmYmFiMTI2ZGFhOGZhOTQ0Nzk3ODAxYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXxU0JQtWdPW5/WrXttUyf9aT5zW
kh9tvCx7H93VpP4tvlRARO1jJtUKaEDbpsv9/1pU70R0h6FgROzvTca0jcxoXKPZ
CI0I/q5j18uF9OBpxGJRU4l7Qua0pVx4hwbh1Hn/6egRPYPxaGsURpI705WAWnx8
WEuKPSRcoakMqugvYM0lRD3xU9yz7K87eH9Yw88dqZv+8/SKW5kJf8vtRpb/UpYv
bAGQuPxXCdLfuXZMfKjmc8Ap7a5pO7i3MQgY2Bg66rOi4VAMAL+wmkt67GUIWYcS
OxrouR6ZX1CPPtZGvjS9a+3kqJtc5iU4e4sb+grwjk+UnFpktlX1gsNONQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGM2zxoAlgLfurEm2qj6lEeXgBuVMB8GA1UdIwQY
MBaAFA70fXU9JSif2YeUl0qgU2AQVnvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZSOWRUMGxLSl9aaDVTWFNxQlRZQkJXZTlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kZDhiYzUtODZlZi00MTM1LWJmMWYt
YTRjOGQ5ODk1YTQzLzEvWXpiUEdnQ1dBdC02c1NiYXFQcVVSNWVBRzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kZDhiYzUtODZlZi00MTM1LWJmMWYtYTRjOGQ5ODk1YTQz
LzEvRHZSOWRUMGxLSl9aaDVTWFNxQlRZQkJXZTlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaIGuMA0G
CSqGSIb3DQEBCwUAA4IBAQAGoapDojL8I/+rK7RXM0KpJOJ5yKy9KfY8D8iqBSKm
uGID1S4X4xyorfDznhYgxNuOSWa1LMg3CXl+Pdprmx/+8uJPiEV//WNm0Np+WJFq
ibiUgiXnP8Q1EuNFAOgDCU69Qefa6gO7JxQQSrTl13/8DBqzD2AmaFQ4F2ZRA6kI
i5mHzdZudCdxyjvcCAxf7ivNiSXvrpAQzEhRRgANwt9+csWiLuy/1ertMMCaOrZn
FdBwZUUtGUuxoJ3Fii4VEoV1w2GXArAxWyVClFvfMtlyPqWe0DcI/xR426/6SVhR
lOdwBryRsbpy/PXHP8b5RBTIVD9BEVK4ZE2kedv9L3hZ
-----END CERTIFICATE-----