Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/yLbFcXmNVD0W5bvdCadiFI9_w3A.roa
File:                     yLbFcXmNVD0W5bvdCadiFI9_w3A.roa (raw, json)
Hash identifier:          g6+BFrdsU8/kLIGvBYRDM5yap604q/Bt56uSks+olcY=
Subject key identifier:   C8:B6:C5:71:79:8D:54:3D:16:E5:BB:DD:09:A7:62:14:8F:7F:C3:70
Certificate issuer:       /CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Certificate serial:       018CC94AB7E6E4A0203C8975A4C891B76E3F
Authority key identifier: 5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/yLbFcXmNVD0W5bvdCadiFI9_w3A.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28851
IP address blocks:        213.250.192.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b7:e6:e4:a0:20:3c:89:75:a4:c8:91:b7:6e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8b6c571798d543d16e5bbdd09a762148f7fc370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f7:42:fd:9b:cd:92:79:23:c0:b0:03:e2:2c:
                    1b:02:ed:99:cc:26:d6:7e:e7:6f:65:66:c5:3c:15:
                    0e:29:51:42:00:a2:fb:b1:f8:a0:1d:2e:ce:e8:f6:
                    cb:34:d0:64:ff:67:40:65:b3:fe:bd:93:ef:bd:ba:
                    ec:ce:8d:9b:36:9d:8b:d8:36:f9:5d:0e:47:6e:6d:
                    e1:aa:2b:ee:07:40:70:f9:da:d5:6b:c8:77:e1:e8:
                    17:e7:76:b1:73:2f:08:79:6c:ff:4c:d0:07:b8:dd:
                    e3:8a:a5:8b:8f:e1:ac:df:87:99:b9:86:9a:f1:10:
                    77:13:c0:54:c7:ae:1c:93:f3:22:2d:9d:17:43:3a:
                    ec:19:79:1c:2a:f7:5c:06:91:a5:55:33:ff:5e:c0:
                    49:21:dd:c3:ec:a7:fc:d3:b7:55:ba:e2:ab:42:71:
                    c8:63:79:53:78:a8:8c:40:5b:3f:e3:0d:f6:c1:56:
                    61:c3:c8:aa:4e:40:a8:79:04:17:41:d9:a1:25:b2:
                    eb:39:d3:55:f0:38:aa:c9:64:74:3d:b1:4e:e4:83:
                    35:98:96:7f:14:3d:1d:a1:3a:76:e1:99:7f:dc:92:
                    28:2f:29:31:f5:c6:23:34:31:5a:ea:dc:a7:52:1c:
                    ce:ab:87:6d:77:e4:6e:30:60:7f:3e:28:a8:c0:b1:
                    ab:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B6:C5:71:79:8D:54:3D:16:E5:BB:DD:09:A7:62:14:8F:7F:C3:70
            X509v3 Authority Key Identifier:
                keyid:5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/yLbFcXmNVD0W5bvdCadiFI9_w3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.250.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6e:90:84:28:5d:7e:ab:d4:ba:12:90:ae:f7:35:99:95:d4:0a:
         9f:6c:1b:6e:dc:1d:84:58:ca:21:11:cd:64:fe:ce:85:00:32:
         29:74:4e:3a:03:62:84:0d:22:44:2d:dd:18:65:fa:0a:fd:b4:
         79:36:3a:58:fc:f4:1d:f5:6c:c5:2a:ea:bc:60:25:35:94:fa:
         30:6b:e3:cf:f4:6c:de:35:f1:35:50:c0:c4:91:fd:a9:ba:4a:
         df:20:bd:90:11:4f:5e:6b:c8:44:8f:8c:f0:30:93:33:e1:c0:
         a7:fb:0e:68:3b:bf:cb:58:71:05:5f:1c:a2:3e:fc:a8:1c:54:
         7f:34:21:ec:6d:ab:c1:1e:3f:6d:14:13:26:7c:e2:4d:67:18:
         0b:fd:8c:eb:bd:8f:2d:6e:51:5b:c0:52:9e:bb:ee:84:6c:81:
         7b:bf:58:b4:e7:bb:18:2f:75:0f:46:9a:58:8b:c0:0a:32:6d:
         ee:00:89:53:75:f2:62:84:9c:87:4a:b3:90:bf:a8:60:fd:c8:
         64:14:fb:14:18:1b:cd:31:c8:6f:c6:4f:38:c2:74:19:d3:34:
         81:60:1f:9a:2e:e1:ea:9d:b7:af:03:26:c3:3c:41:d3:6f:6c:
         22:41:e7:c6:6b:53:b0:f3:b5:3f:5a:f1:76:47:3f:a2:28:6e:
         02:e8:48:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrfm5KAgPIl1pMiRt24/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzlkMTViZDJmY2M4NDc3MWJhNmFhMjlhYTU0NDI4YjIx
Y2VmNjAwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI2YzU3MTc5OGQ1NDNkMTZlNWJiZGQwOWE3NjIxNDhmN2ZjMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPdC/ZvNknkjwLAD4iwbAu2ZzCbW
fudvZWbFPBUOKVFCAKL7sfigHS7O6PbLNNBk/2dAZbP+vZPvvbrszo2bNp2L2Db5
XQ5Hbm3hqivuB0Bw+drVa8h34egX53axcy8IeWz/TNAHuN3jiqWLj+Gs34eZuYaa
8RB3E8BUx64ck/MiLZ0XQzrsGXkcKvdcBpGlVTP/XsBJId3D7Kf807dVuuKrQnHI
Y3lTeKiMQFs/4w32wVZhw8iqTkCoeQQXQdmhJbLrOdNV8DiqyWR0PbFO5IM1mJZ/
FD0doTp24Zl/3JIoLykx9cYjNDFa6tynUhzOq4dtd+RuMGB/PiiowLGr4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi2xXF5jVQ9FuW73QmnYhSPf8NwMB8GA1UdIwQY
MBaAFF050VvS/MhHcbpqopqlRCiyHO9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAt
YzI5YjQ0ZGU1M2E4LzEveUxiRmNYbU5WRDBXNWJ2ZENhZGlGSTlfdzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAtYzI5YjQ0ZGU1M2E4
LzEvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQG1frAMA0G
CSqGSIb3DQEBCwUAA4IBAQBukIQoXX6r1LoSkK73NZmV1AqfbBtu3B2EWMohEc1k
/s6FADIpdE46A2KEDSJELd0YZfoK/bR5NjpY/PQd9WzFKuq8YCU1lPowa+PP9Gze
NfE1UMDEkf2pukrfIL2QEU9ea8hEj4zwMJMz4cCn+w5oO7/LWHEFXxyiPvyoHFR/
NCHsbavBHj9tFBMmfOJNZxgL/YzrvY8tblFbwFKeu+6EbIF7v1i057sYL3UPRppY
i8AKMm3uAIlTdfJihJyHSrOQv6hg/chkFPsUGBvNMchvxk84wnQZ0zSBYB+aLuHq
nbevAybDPEHTb2wiQefGa1Ow87U/WvF2Rz+iKG4C6EhW
-----END CERTIFICATE-----