Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/YV7CSV6BAPgnXUOKC5HElQtH4Ww.roa
File:                     YV7CSV6BAPgnXUOKC5HElQtH4Ww.roa (raw, json)
Hash identifier:          g4Mqs1iEqbSjlpWDqfJY6izy0MF/hW0RIP8SoTwMyFY=
Subject key identifier:   61:5E:C2:49:5E:81:00:F8:27:5D:43:8A:0B:91:C4:95:0B:47:E1:6C
Certificate issuer:       /CN=2d58b6be9c6c033b3b126f277d02bc054499fcfb
Certificate serial:       018E3DA6CC14ED5B0C091AF57316AACA77AB
Authority key identifier: 2D:58:B6:BE:9C:6C:03:3B:3B:12:6F:27:7D:02:BC:05:44:99:FC:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/YV7CSV6BAPgnXUOKC5HElQtH4Ww.roa
Signing time:             Thu 14 Mar 2024 15:48:45 +0000
ROA not before:           Thu 14 Mar 2024 15:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12480
IP address blocks:        194.174.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:a6:cc:14:ed:5b:0c:09:1a:f5:73:16:aa:ca:77:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d58b6be9c6c033b3b126f277d02bc054499fcfb
        Validity
            Not Before: Mar 14 15:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=615ec2495e8100f8275d438a0b91c4950b47e16c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8c:c6:5a:b6:34:13:54:33:7c:6d:83:68:12:
                    e5:40:f8:81:d5:d1:b1:32:b4:ba:eb:27:b2:b5:a1:
                    e7:0b:95:de:74:14:a6:3c:36:ff:21:a8:4f:a3:cc:
                    f9:1f:dc:1b:d1:f3:28:ab:0a:61:4c:ad:22:ed:8f:
                    cb:dc:73:06:e5:ae:b2:5e:6a:1d:1a:b6:3e:82:70:
                    53:b2:ef:31:0e:17:88:08:59:9c:91:4d:46:70:70:
                    33:8a:ce:aa:d1:2f:13:86:2c:83:cf:b2:58:9d:73:
                    d8:1a:ed:38:ca:c7:fe:f9:e4:b9:bb:b6:e2:d8:53:
                    41:31:4d:b6:f5:56:10:be:d2:c1:9e:15:32:20:4d:
                    2c:9d:ec:c6:a9:43:7c:26:cd:d1:89:64:2b:f7:a6:
                    06:5a:df:04:55:1f:49:f0:b3:67:b3:5f:a0:db:ca:
                    c1:27:23:50:c6:66:a2:89:b7:de:a4:c6:e5:0a:70:
                    a2:5e:87:27:fc:99:16:51:d1:3c:52:66:06:fe:f9:
                    2a:cf:b3:1b:3f:03:90:70:23:de:3c:db:ce:a9:bf:
                    bb:17:74:2b:d7:31:02:8b:a6:ee:b3:e9:2a:8d:74:
                    cf:6f:5c:a0:3b:b2:b0:cf:d9:86:8f:ab:50:4f:df:
                    2d:34:9d:f4:f2:5b:88:40:17:7e:ba:28:51:d0:81:
                    03:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:5E:C2:49:5E:81:00:F8:27:5D:43:8A:0B:91:C4:95:0B:47:E1:6C
            X509v3 Authority Key Identifier:
                keyid:2D:58:B6:BE:9C:6C:03:3B:3B:12:6F:27:7D:02:BC:05:44:99:FC:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/YV7CSV6BAPgnXUOKC5HElQtH4Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.174.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:cb:32:de:40:6a:c2:55:d9:18:b3:2f:81:88:8f:bc:7d:70:
         2b:71:e5:bf:fa:66:d0:e0:42:73:d1:99:d9:fa:43:80:30:e5:
         27:33:38:9e:74:d4:fd:8e:a6:1f:70:41:59:d5:54:f6:81:85:
         e1:74:61:87:12:9a:a2:36:b4:1d:23:49:4f:de:1f:12:93:25:
         ea:e7:75:f0:57:46:92:40:9d:52:dc:2f:e5:07:ad:07:cf:f8:
         15:1c:b0:8f:7d:a5:6c:70:e6:5f:cb:ab:0e:9e:7b:d9:49:2d:
         c9:cc:9a:59:a0:68:01:61:f1:65:1d:43:74:7e:18:cb:9b:72:
         84:e2:88:92:5a:f1:1e:cc:58:cd:44:84:12:3b:73:c1:95:52:
         19:84:f7:91:87:17:d4:30:84:6d:21:f5:39:8a:e4:2d:2b:ee:
         56:9f:c6:ec:e5:f3:c7:b1:c6:bd:2e:58:b5:25:55:64:d5:19:
         6b:2b:ef:15:f1:14:f7:34:39:ef:5b:28:93:5c:bb:e7:ee:da:
         cb:17:9a:01:a4:54:91:9d:76:8a:43:16:d5:bd:06:c5:81:ec:
         81:8b:10:2f:02:4f:fc:cb:af:19:9b:2f:08:dc:19:65:13:2d:
         02:90:f6:0e:b5:e2:59:2a:9c:5e:d9:88:98:2c:2f:fa:27:11:
         ce:dd:22:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY49pswU7VsMCRr1cxaqynerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNThiNmJlOWM2YzAzM2IzYjEyNmYyNzdkMDJiYzA1NDQ5
OWZjZmIwHhcNMjQwMzE0MTU0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTVlYzI0OTVlODEwMGY4Mjc1ZDQzOGEwYjkxYzQ5NTBiNDdlMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34zGWrY0E1QzfG2DaBLlQPiB1dGx
MrS66yeytaHnC5XedBSmPDb/IahPo8z5H9wb0fMoqwphTK0i7Y/L3HMG5a6yXmod
GrY+gnBTsu8xDheICFmckU1GcHAzis6q0S8ThiyDz7JYnXPYGu04ysf++eS5u7bi
2FNBMU229VYQvtLBnhUyIE0snezGqUN8Js3RiWQr96YGWt8EVR9J8LNns1+g28rB
JyNQxmaiibfepMblCnCiXocn/JkWUdE8UmYG/vkqz7MbPwOQcCPePNvOqb+7F3Qr
1zECi6bus+kqjXTPb1ygO7Kwz9mGj6tQT98tNJ308luIQBd+uihR0IEDNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFewklegQD4J11DiguRxJULR+FsMB8GA1UdIwQY
MBaAFC1Ytr6cbAM7OxJvJ30CvAVEmfz7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZpMnZweHNBenM3RW04bmZRSzhCVVNaX1BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zNzk4ZDItMjhmMi00YjE4LWExN2Mt
Y2I4NmRiMzUwOTMxLzEvWVY3Q1NWNkJBUGduWFVPS0M1SEVsUXRINFd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zNzk4ZDItMjhmMi00YjE4LWExN2MtY2I4NmRiMzUwOTMx
LzEvTFZpMnZweHNBenM3RW04bmZRSzhCVVNaX1BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwq4LMA0G
CSqGSIb3DQEBCwUAA4IBAQB1yzLeQGrCVdkYsy+BiI+8fXArceW/+mbQ4EJz0ZnZ
+kOAMOUnMziedNT9jqYfcEFZ1VT2gYXhdGGHEpqiNrQdI0lP3h8SkyXq53XwV0aS
QJ1S3C/lB60Hz/gVHLCPfaVscOZfy6sOnnvZSS3JzJpZoGgBYfFlHUN0fhjLm3KE
4oiSWvEezFjNRIQSO3PBlVIZhPeRhxfUMIRtIfU5iuQtK+5Wn8bs5fPHsca9Lli1
JVVk1RlrK+8V8RT3NDnvWyiTXLvn7trLF5oBpFSRnXaKQxbVvQbFgeyBixAvAk/8
y68Zmy8I3BllEy0CkPYOteJZKpxe2YiYLC/6JxHO3SLk
-----END CERTIFICATE-----