Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/_ygdJaScwM1ltlnNe1eoz3CL5PQ.roa
File:                     _ygdJaScwM1ltlnNe1eoz3CL5PQ.roa (raw, json)
Hash identifier:          knXFCF5SMPEbfeGGI7kU9NgA6tEKNEKL1NkwrpsvO8Q=
Subject key identifier:   FF:28:1D:25:A4:9C:C0:CD:65:B6:59:CD:7B:57:A8:CF:70:8B:E4:F4
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E1490313AC1331085C9EFEB68F258
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/_ygdJaScwM1ltlnNe1eoz3CL5PQ.roa
Signing time:             Tue 02 Jan 2024 08:33:06 +0000
ROA not before:           Tue 02 Jan 2024 08:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200482
IP address blocks:        43.251.163.0/24 maxlen: 24
                          43.251.162.0/24 maxlen: 24
                          37.114.61.0/24 maxlen: 24
                          37.114.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:14:90:31:3a:c1:33:10:85:c9:ef:eb:68:f2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff281d25a49cc0cd65b659cd7b57a8cf708be4f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:b6:d0:07:3a:ed:b4:70:71:8f:da:8a:47:94:
                    f5:06:27:c3:25:d9:c4:ee:e1:dc:10:e0:f8:24:5f:
                    2a:96:c5:75:e8:fb:75:cb:ec:b5:9a:64:72:62:94:
                    ef:f7:30:77:6a:ca:41:cd:ed:1f:a6:f4:c1:04:d7:
                    53:5c:5b:e5:a0:31:83:8e:e1:b0:f1:f1:a8:c5:03:
                    b3:41:48:76:da:03:65:1b:c4:60:58:50:d6:73:51:
                    36:e4:b7:98:b8:20:0a:66:50:f7:0c:ea:2c:c4:ac:
                    c3:c2:39:81:73:52:1b:c2:c0:5b:9e:fd:1b:89:b7:
                    ee:e2:2b:2c:d9:92:19:8b:a2:37:b1:24:27:af:03:
                    13:93:43:91:09:19:b1:8f:45:60:51:40:e1:39:e4:
                    16:44:58:f6:53:25:97:f6:db:02:d4:30:0e:d9:28:
                    9f:85:55:96:6c:38:62:4d:41:c6:83:33:c2:72:1e:
                    48:3b:35:05:39:f2:40:71:e1:3e:dd:ae:01:25:73:
                    f6:91:14:7e:b8:a0:06:d1:19:6a:c3:2a:5c:13:40:
                    03:1e:84:f3:c7:cc:01:52:d0:2a:7f:89:5c:4f:92:
                    10:2c:b0:38:07:91:b4:31:1d:8a:f1:42:6b:80:e4:
                    d5:bc:86:7b:71:93:18:3a:e3:df:87:97:2c:97:34:
                    dd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:28:1D:25:A4:9C:C0:CD:65:B6:59:CD:7B:57:A8:CF:70:8B:E4:F4
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/_ygdJaScwM1ltlnNe1eoz3CL5PQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.60.0/23
                  43.251.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:57:e1:0b:bc:1c:94:82:6e:40:ac:d7:46:49:71:ac:a1:6b:
         c0:37:eb:9c:4d:ee:85:a4:27:1f:4b:38:f6:0a:61:7a:5b:4f:
         e0:f5:db:6c:f0:7a:bc:5c:70:d6:46:7d:19:d5:22:c1:c9:a1:
         8d:3a:db:77:3d:a6:51:ca:4a:6b:5d:99:0d:58:03:a7:70:b5:
         7b:75:ef:91:67:91:aa:be:60:04:0a:9f:ec:6f:52:74:f6:d8:
         88:8b:52:dc:f2:ef:3d:b0:fc:a2:8f:ff:1b:54:9e:07:df:4c:
         a8:46:43:7c:8b:72:5d:95:d5:a7:1a:bb:2d:1b:d7:82:f9:6d:
         59:19:cb:27:71:d9:91:5b:05:9f:92:0a:84:17:98:ed:60:53:
         a3:e7:fb:42:3a:da:31:30:7b:ee:78:05:4f:87:c7:ca:11:e5:
         de:74:e4:a3:43:c5:af:9d:ee:2f:96:a6:bd:6f:b1:92:7d:7e:
         6a:e1:c2:0e:2e:4f:cb:93:e5:ed:59:fd:25:2d:30:76:33:47:
         1d:37:39:6f:0e:46:f8:30:1e:37:f9:01:da:48:41:f2:58:b6:
         a5:05:e3:27:9f:7f:d8:2d:20:60:98:3d:de:fc:17:d1:1d:99:
         33:ea:10:ac:29:87:b0:14:e6:c9:93:4a:58:ab:16:64:f7:ba:
         00:81:28:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJThSQMTrBMxCFye/raPJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjI4MWQyNWE0OWNjMGNkNjViNjU5Y2Q3YjU3YThjZjcwOGJlNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67bQBzrttHBxj9qKR5T1BifDJdnE
7uHcEOD4JF8qlsV16Pt1y+y1mmRyYpTv9zB3aspBze0fpvTBBNdTXFvloDGDjuGw
8fGoxQOzQUh22gNlG8RgWFDWc1E25LeYuCAKZlD3DOosxKzDwjmBc1IbwsBbnv0b
ibfu4iss2ZIZi6I3sSQnrwMTk0ORCRmxj0VgUUDhOeQWRFj2UyWX9tsC1DAO2Sif
hVWWbDhiTUHGgzPCch5IOzUFOfJAceE+3a4BJXP2kRR+uKAG0RlqwypcE0ADHoTz
x8wBUtAqf4lcT5IQLLA4B5G0MR2K8UJrgOTVvIZ7cZMYOuPfh5cslzTdcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP8oHSWknMDNZbZZzXtXqM9wi+T0MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvX3lnZEphU2N3TTFsdGxuTmUxZW96M0NMNVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJXI8AwQB
K/uiMA0GCSqGSIb3DQEBCwUAA4IBAQC5V+ELvByUgm5ArNdGSXGsoWvAN+ucTe6F
pCcfSzj2CmF6W0/g9dts8Hq8XHDWRn0Z1SLByaGNOtt3PaZRykprXZkNWAOncLV7
de+RZ5GqvmAECp/sb1J09tiIi1Lc8u89sPyij/8bVJ4H30yoRkN8i3JdldWnGrst
G9eC+W1ZGcsncdmRWwWfkgqEF5jtYFOj5/tCOtoxMHvueAVPh8fKEeXedOSjQ8Wv
ne4vlqa9b7GSfX5q4cIOLk/Lk+XtWf0lLTB2M0cdNzlvDkb4MB43+QHaSEHyWLal
BeMnn3/YLSBgmD3e/BfRHZkz6hCsKYewFObJk0pYqxZk97oAgShL
-----END CERTIFICATE-----