Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/RYEAi9yX0N1Rfnxw8nMNMvh6wBY.roa
File:                     RYEAi9yX0N1Rfnxw8nMNMvh6wBY.roa (raw, json)
Hash identifier:          HrPV+eRePLA4H3X8CNiCJlNUqhrweTXjnqnhLh9jVsg=
Subject key identifier:   45:81:00:8B:DC:97:D0:DD:51:7E:7C:70:F2:73:0D:32:F8:7A:C0:16
Certificate issuer:       /CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
Certificate serial:       018CC4244EA55E646ADB4BF50C3F65553E7B
Authority key identifier: 5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/RYEAi9yX0N1Rfnxw8nMNMvh6wBY.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        193.9.30.0/23 maxlen: 23
                          2a0f:9a80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4e:a5:5e:64:6a:db:4b:f5:0c:3f:65:55:3e:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4581008bdc97d0dd517e7c70f2730d32f87ac016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:08:7c:65:da:0b:5e:a5:f8:ef:ae:8c:06:dc:
                    44:a8:ea:bc:ee:43:f3:16:71:6a:71:2c:6d:4f:a6:
                    9e:79:9b:42:75:30:79:50:61:cb:4f:18:95:47:4b:
                    5a:73:df:a1:14:3f:e0:29:28:78:aa:07:f1:a7:50:
                    78:d1:af:76:b6:73:4f:0a:a8:c9:3c:40:3d:47:c0:
                    4c:48:0e:c4:2f:a5:c4:ef:49:1c:48:18:42:c0:04:
                    7e:92:a4:fe:36:de:a1:7d:5c:81:ba:77:a6:67:4c:
                    36:b2:65:d3:e4:df:5d:44:fd:d9:e0:80:65:a2:f4:
                    11:7b:cb:52:2c:b3:c7:9c:47:5b:11:07:96:27:04:
                    69:f7:4a:1a:fd:6d:e5:a0:f1:13:e4:c3:1d:60:63:
                    6f:31:e7:2c:b5:2e:e5:67:13:ad:08:19:93:0e:71:
                    49:80:66:a1:a1:87:38:8b:3b:5f:b1:2d:c6:cf:f4:
                    99:69:78:ec:d8:34:08:e0:03:84:a2:c2:e3:a2:80:
                    aa:4b:1e:b6:e2:2b:0b:af:2d:2f:b1:82:9e:69:d6:
                    c8:94:c6:d4:66:0f:55:9d:d2:17:a2:83:bc:e6:8f:
                    0b:dc:a2:9b:67:75:67:4a:79:2c:5b:2b:46:c9:6a:
                    3c:3d:41:f8:b3:3a:9a:da:d6:e7:f2:1c:5a:bf:16:
                    d0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:81:00:8B:DC:97:D0:DD:51:7E:7C:70:F2:73:0D:32:F8:7A:C0:16
            X509v3 Authority Key Identifier:
                keyid:5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/RYEAi9yX0N1Rfnxw8nMNMvh6wBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.30.0/23
                IPv6:
                  2a0f:9a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:73:51:f6:37:58:42:e1:51:96:c2:da:37:ed:fa:ce:0e:26:
         35:15:ac:e1:bc:27:e4:67:46:69:f2:52:0a:ff:9a:b0:7f:d0:
         4e:37:92:69:d7:95:14:18:62:d5:b1:8a:aa:29:32:da:20:3d:
         dc:25:4a:48:d6:cb:f2:54:04:fa:59:96:51:2b:4b:27:ec:95:
         ca:06:47:ac:96:6f:51:b0:f6:1a:33:e4:c9:c2:4f:b6:85:30:
         20:7c:1c:68:25:6d:af:c4:76:a9:01:8a:1b:fc:dd:c4:f6:1c:
         4e:09:b4:b0:52:c2:8b:d1:6b:e5:22:33:2d:e1:f5:5e:2f:94:
         36:32:c0:8d:77:90:28:ac:9c:95:4a:aa:2a:37:4a:58:2b:fe:
         24:e8:78:a0:54:ad:d2:70:39:0b:2a:ca:40:77:4a:2e:ca:b2:
         71:a3:72:8e:90:be:d6:e1:5c:a0:b8:c7:b3:03:26:a9:4c:94:
         b9:0e:e7:18:16:79:cf:25:60:3b:eb:0f:ef:6c:22:0d:c2:d0:
         e8:bc:56:66:ea:ae:30:65:5d:1a:ae:4e:fd:73:41:22:fc:70:
         a0:2b:4c:fa:4b:c6:1f:24:2d:e7:79:74:cd:9a:4a:60:ed:14:
         db:8a:94:c1:4f:38:17:8d:bc:ae:37:fd:c0:87:48:8a:fc:cd:
         00:43:f5:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJE6lXmRq20v1DD9lVT57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWYyMTNiOGM3OTJiN2UwMTNmYTUwNDFmNWI4OTk3MWU2
ZjYyZDYwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTgxMDA4YmRjOTdkMGRkNTE3ZTdjNzBmMjczMGQzMmY4N2FjMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgh8ZdoLXqX4766MBtxEqOq87kPz
FnFqcSxtT6aeeZtCdTB5UGHLTxiVR0tac9+hFD/gKSh4qgfxp1B40a92tnNPCqjJ
PEA9R8BMSA7EL6XE70kcSBhCwAR+kqT+Nt6hfVyBunemZ0w2smXT5N9dRP3Z4IBl
ovQRe8tSLLPHnEdbEQeWJwRp90oa/W3loPET5MMdYGNvMecstS7lZxOtCBmTDnFJ
gGahoYc4iztfsS3Gz/SZaXjs2DQI4AOEosLjooCqSx624isLry0vsYKeadbIlMbU
Zg9VndIXooO85o8L3KKbZ3VnSnksWytGyWo8PUH4szqa2tbn8hxavxbQswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEWBAIvcl9DdUX58cPJzDTL4esAWMB8GA1UdIwQY
MBaAFF8fITuMeSt+AT+lBB9biZceb2LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDct
NDAyMjM4NjM4ZWEzLzEvUllFQWk5eVgwTjFSZm54dzhuTU5Ndmg2d0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDctNDAyMjM4NjM4ZWEz
LzEvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwQkeMA0E
AgACMAcDBQMqD5qAMA0GCSqGSIb3DQEBCwUAA4IBAQA2c1H2N1hC4VGWwto37frO
DiY1FazhvCfkZ0Zp8lIK/5qwf9BON5Jp15UUGGLVsYqqKTLaID3cJUpI1svyVAT6
WZZRK0sn7JXKBkeslm9RsPYaM+TJwk+2hTAgfBxoJW2vxHapAYob/N3E9hxOCbSw
UsKL0WvlIjMt4fVeL5Q2MsCNd5AorJyVSqoqN0pYK/4k6HigVK3ScDkLKspAd0ou
yrJxo3KOkL7W4VyguMezAyapTJS5DucYFnnPJWA76w/vbCINwtDovFZm6q4wZV0a
rk79c0Ei/HCgK0z6S8YfJC3neXTNmkpg7RTbipTBTzgXjbyuN/3Ah0iK/M0AQ/U4
-----END CERTIFICATE-----