Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/1YB4CsH2FoEIVghr5hqJqpvcGDM.roa
File:                     1YB4CsH2FoEIVghr5hqJqpvcGDM.roa (raw, json)
Hash identifier:          FnWDC+48GRyfeLhZjNE/m8ZDsZW18WeNPglkgG4yKLQ=
Subject key identifier:   D5:80:78:0A:C1:F6:16:81:08:56:08:6B:E6:1A:89:AA:9B:DC:18:33
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8FD24F3E8B92BDCCC8DC40A61E5A
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/1YB4CsH2FoEIVghr5hqJqpvcGDM.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216082
IP address blocks:        212.68.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8f:d2:4f:3e:8b:92:bd:cc:c8:dc:40:a6:1e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d580780ac1f616810856086be61a89aa9bdc1833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ce:49:70:4d:fa:ec:87:23:14:1a:07:ac:a0:
                    c4:e7:44:4e:5f:97:27:bf:c3:5f:65:2b:35:57:8d:
                    f3:6c:24:52:9d:55:b2:79:19:da:dd:51:45:09:3b:
                    d5:6a:fb:78:66:1d:4e:e8:55:08:37:9b:9f:e6:68:
                    77:00:16:d9:2e:b5:ce:62:fd:f1:2d:4b:d2:47:7e:
                    ad:cf:3e:43:5a:b0:0a:a0:69:e6:e9:7c:99:fb:32:
                    35:ee:e6:79:05:a6:c9:ce:93:d1:5f:f9:02:ea:36:
                    3d:1f:d4:a5:f0:c4:7c:5a:79:6b:21:dc:e0:00:af:
                    4b:02:81:59:8f:c7:3b:e2:38:59:93:a0:9e:71:c2:
                    7b:07:89:45:6f:11:27:98:61:03:71:91:d4:9f:e5:
                    d9:12:98:59:47:60:6e:b0:0a:7e:b2:b8:07:e3:71:
                    e7:ed:6b:f4:b3:24:87:3e:73:38:be:f5:e1:67:e3:
                    31:e0:c7:c4:67:58:4b:c6:8e:5c:4c:a0:af:9c:9d:
                    0d:81:e3:90:3d:25:58:e7:63:3e:4b:d3:01:87:dd:
                    c3:cd:ea:31:07:f5:9f:f6:ba:6c:48:ca:74:53:a3:
                    09:dd:86:f1:95:67:86:82:2a:70:f1:5f:ca:08:88:
                    39:b1:43:59:a4:01:0d:35:e1:48:49:87:f0:0e:41:
                    0d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:80:78:0A:C1:F6:16:81:08:56:08:6B:E6:1A:89:AA:9B:DC:18:33
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/1YB4CsH2FoEIVghr5hqJqpvcGDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.68.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:ac:d9:c3:28:4a:bd:b5:58:69:c0:21:5d:5e:c7:1e:34:ee:
         78:73:cc:9b:b3:c7:ef:1c:d4:46:1c:42:65:4e:33:73:4a:64:
         10:37:4b:33:be:34:95:a0:98:16:40:2a:48:d8:05:06:41:02:
         89:70:75:43:7d:7d:dc:d4:5a:0e:45:b2:4b:4c:b7:50:80:12:
         bf:f7:a8:db:1a:4e:21:fc:aa:c1:b0:a9:97:ac:c1:67:1c:cb:
         92:04:b1:b8:d4:a7:a2:16:87:08:2f:02:09:fe:e7:03:b7:67:
         21:0d:ee:72:2c:70:53:4f:96:10:e9:38:90:7c:14:4b:bd:60:
         1e:5a:70:5d:08:81:f6:b5:d4:50:b1:d7:34:a0:f3:67:22:42:
         b4:51:5b:79:5e:af:3d:0b:a9:7c:ac:c2:46:43:6c:a9:fb:5b:
         32:22:4d:8f:bf:99:83:91:aa:f4:dd:7d:f7:c8:2c:87:71:e3:
         2c:0c:fa:18:73:16:cc:09:e5:b6:30:0d:4e:b5:f3:73:eb:d2:
         db:4c:ca:55:9d:09:86:8d:e3:f1:e2:8f:44:41:6c:e6:74:10:
         2a:ee:b9:d1:1e:78:39:d8:0c:32:35:9b:e5:f5:ec:47:4b:66:
         28:b9:0c:0c:f3:9d:cd:c0:e6:78:b2:c6:83:e6:09:46:79:b3:
         e4:61:04:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34/STz6Lkr3MyNxAph5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTgwNzgwYWMxZjYxNjgxMDg1NjA4NmJlNjFhODlhYTliZGMxODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM5JcE367IcjFBoHrKDE50ROX5cn
v8NfZSs1V43zbCRSnVWyeRna3VFFCTvVavt4Zh1O6FUIN5uf5mh3ABbZLrXOYv3x
LUvSR36tzz5DWrAKoGnm6XyZ+zI17uZ5BabJzpPRX/kC6jY9H9Sl8MR8WnlrIdzg
AK9LAoFZj8c74jhZk6CeccJ7B4lFbxEnmGEDcZHUn+XZEphZR2BusAp+srgH43Hn
7Wv0sySHPnM4vvXhZ+Mx4MfEZ1hLxo5cTKCvnJ0NgeOQPSVY52M+S9MBh93Dzeox
B/Wf9rpsSMp0U6MJ3YbxlWeGgipw8V/KCIg5sUNZpAENNeFISYfwDkENpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWAeArB9haBCFYIa+Yaiaqb3BgzMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvMVlCNENzSDJGb0VJVmdocjVocUpxcHZjR0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EQnMA0G
CSqGSIb3DQEBCwUAA4IBAQCGrNnDKEq9tVhpwCFdXsceNO54c8ybs8fvHNRGHEJl
TjNzSmQQN0szvjSVoJgWQCpI2AUGQQKJcHVDfX3c1FoORbJLTLdQgBK/96jbGk4h
/KrBsKmXrMFnHMuSBLG41KeiFocILwIJ/ucDt2chDe5yLHBTT5YQ6TiQfBRLvWAe
WnBdCIH2tdRQsdc0oPNnIkK0UVt5Xq89C6l8rMJGQ2yp+1syIk2Pv5mDkar03X33
yCyHceMsDPoYcxbMCeW2MA1OtfNz69LbTMpVnQmGjePx4o9EQWzmdBAq7rnRHng5
2AwyNZvl9exHS2YouQwM853NwOZ4ssaD5glGebPkYQRF
-----END CERTIFICATE-----