Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/028937-8903-495d-bc6c-f3e915ad3802/1/Y5UiTjGzVytfk4zg-vIn63O-CKY.roa
File:                     Y5UiTjGzVytfk4zg-vIn63O-CKY.roa (raw, json)
Hash identifier:          m72izn6jAHlZZoMbkEM3o9VNVMwsGBzj0vtIoMDtsGI=
Subject key identifier:   63:95:22:4E:31:B3:57:2B:5F:93:8C:E0:FA:F2:27:EB:73:BE:08:A6
Certificate issuer:       /CN=5df27221c18fcafe74892bc0e97bf5ee7c344fa7
Certificate serial:       018CC3B6FC81284E3E094809F42AB0555A89
Authority key identifier: 5D:F2:72:21:C1:8F:CA:FE:74:89:2B:C0:E9:7B:F5:EE:7C:34:4F:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XfJyIcGPyv50iSvA6Xv17nw0T6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/028937-8903-495d-bc6c-f3e915ad3802/1/Y5UiTjGzVytfk4zg-vIn63O-CKY.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211394
IP address blocks:        193.56.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/028937-8903-495d-bc6c-f3e915ad3802/1/XfJyIcGPyv50iSvA6Xv17nw0T6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/028937-8903-495d-bc6c-f3e915ad3802/1/XfJyIcGPyv50iSvA6Xv17nw0T6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XfJyIcGPyv50iSvA6Xv17nw0T6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fc:81:28:4e:3e:09:48:09:f4:2a:b0:55:5a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5df27221c18fcafe74892bc0e97bf5ee7c344fa7
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6395224e31b3572b5f938ce0faf227eb73be08a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9d:43:af:38:93:dc:c6:84:74:f2:2b:b9:a8:
                    b6:b0:d6:21:18:93:7a:22:e1:8e:dc:c6:30:42:cf:
                    fc:c6:a8:39:76:db:c6:9b:9a:32:1e:1b:e3:fe:d5:
                    0f:01:eb:92:85:19:91:b4:dd:ef:34:07:43:1e:90:
                    ff:77:13:31:28:86:40:92:a3:23:bb:37:32:f8:93:
                    42:6e:c9:b5:78:f8:06:c1:86:08:b8:12:74:e3:6e:
                    98:0e:df:68:fb:93:5a:85:16:2f:0f:25:30:fb:08:
                    45:44:19:09:c7:3e:6f:40:23:b7:f6:21:54:78:c1:
                    af:94:3f:86:f5:ca:37:3d:f8:f6:b8:e7:25:f7:f2:
                    99:13:0b:50:17:bc:88:5c:53:29:3e:4e:46:b8:03:
                    fd:01:35:ff:36:82:6b:d2:c5:cc:ce:ef:98:38:c6:
                    25:0d:c7:49:1f:50:95:5c:09:ce:c0:ec:e7:42:93:
                    69:b5:61:ff:a1:4d:66:03:e6:8f:10:d3:77:7a:79:
                    cf:15:e7:a7:ce:e6:c2:90:ec:b9:60:61:ef:2f:18:
                    b2:4f:44:64:52:1a:e5:39:f3:cc:a7:87:9b:ff:c5:
                    aa:e9:1a:9f:c3:82:20:3e:a5:ff:38:6c:9e:bb:1d:
                    d9:9b:10:9a:3d:b2:1a:9f:6a:e1:7a:7f:20:b1:d3:
                    e6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:95:22:4E:31:B3:57:2B:5F:93:8C:E0:FA:F2:27:EB:73:BE:08:A6
            X509v3 Authority Key Identifier:
                keyid:5D:F2:72:21:C1:8F:CA:FE:74:89:2B:C0:E9:7B:F5:EE:7C:34:4F:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XfJyIcGPyv50iSvA6Xv17nw0T6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/028937-8903-495d-bc6c-f3e915ad3802/1/Y5UiTjGzVytfk4zg-vIn63O-CKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/028937-8903-495d-bc6c-f3e915ad3802/1/XfJyIcGPyv50iSvA6Xv17nw0T6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:8b:25:7d:92:62:6d:0a:11:c1:6d:3d:1d:24:e9:c3:b7:77:
         a6:c4:c8:52:17:4c:50:62:21:d5:31:77:70:0b:94:db:62:35:
         c4:4e:07:cd:3f:0a:47:4e:ca:d6:a8:a1:5a:78:8f:9c:36:a4:
         6c:7c:a5:fd:79:e8:2b:2e:0b:de:2b:5a:44:01:55:7c:d7:93:
         e2:fd:67:77:64:f8:aa:49:81:66:86:b7:91:24:e7:d2:95:68:
         38:63:f5:a1:6a:b5:64:dd:6a:cb:ec:3b:43:f9:09:70:62:22:
         b9:ed:54:f4:72:f1:bb:6a:27:6a:75:3b:fe:b2:12:1b:ce:32:
         81:7d:c8:bc:ac:4c:9a:a8:79:b6:30:8f:fc:b7:11:5f:b6:0a:
         03:a7:ad:2b:50:08:09:17:25:f4:1b:f3:07:9e:ee:35:2d:21:
         ff:7e:4b:c2:9d:0d:c5:41:e3:eb:94:33:91:67:c7:01:f6:d4:
         3a:ce:38:03:ed:fc:a1:f3:75:d5:60:c6:1d:ff:b6:5d:f3:0b:
         91:b7:3c:4b:10:1b:cf:05:cc:c7:a4:bd:2d:2f:84:c9:b5:b8:
         5e:ea:00:c2:d2:50:64:10:00:18:c6:84:e5:3a:e4:a9:94:cb:
         96:7f:3f:2e:3a:c9:83:fe:95:96:b6:3d:7d:36:06:74:12:85:
         92:60:f0:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvyBKE4+CUgJ9CqwVVqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZjI3MjIxYzE4ZmNhZmU3NDg5MmJjMGU5N2JmNWVlN2Mz
NDRmYTcwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzk1MjI0ZTMxYjM1NzJiNWY5MzhjZTBmYWYyMjdlYjczYmUwOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp51DrziT3MaEdPIruai2sNYhGJN6
IuGO3MYwQs/8xqg5dtvGm5oyHhvj/tUPAeuShRmRtN3vNAdDHpD/dxMxKIZAkqMj
uzcy+JNCbsm1ePgGwYYIuBJ0426YDt9o+5NahRYvDyUw+whFRBkJxz5vQCO39iFU
eMGvlD+G9co3Pfj2uOcl9/KZEwtQF7yIXFMpPk5GuAP9ATX/NoJr0sXMzu+YOMYl
DcdJH1CVXAnOwOznQpNptWH/oU1mA+aPENN3ennPFeenzubCkOy5YGHvLxiyT0Rk
UhrlOfPMp4eb/8Wq6Rqfw4IgPqX/OGyeux3ZmxCaPbIan2rhen8gsdPm7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOVIk4xs1crX5OM4PryJ+tzvgimMB8GA1UdIwQY
MBaAFF3yciHBj8r+dIkrwOl79e58NE+nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGZKeUljR1B5djUwaVN2QTZYdjE3bncwVDZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wMjg5MzctODkwMy00OTVkLWJjNmMt
ZjNlOTE1YWQzODAyLzEvWTVVaVRqR3pWeXRmazR6Zy12SW42M08tQ0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wMjg5MzctODkwMy00OTVkLWJjNmMtZjNlOTE1YWQzODAy
LzEvWGZKeUljR1B5djUwaVN2QTZYdjE3bncwVDZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTgJMA0G
CSqGSIb3DQEBCwUAA4IBAQAjiyV9kmJtChHBbT0dJOnDt3emxMhSF0xQYiHVMXdw
C5TbYjXETgfNPwpHTsrWqKFaeI+cNqRsfKX9eegrLgveK1pEAVV815Pi/Wd3ZPiq
SYFmhreRJOfSlWg4Y/WharVk3WrL7DtD+QlwYiK57VT0cvG7aidqdTv+shIbzjKB
fci8rEyaqHm2MI/8txFftgoDp60rUAgJFyX0G/MHnu41LSH/fkvCnQ3FQePrlDOR
Z8cB9tQ6zjgD7fyh83XVYMYd/7Zd8wuRtzxLEBvPBczHpL0tL4TJtbhe6gDC0lBk
EAAYxoTlOuSplMuWfz8uOsmD/pWWtj19NgZ0EoWSYPCs
-----END CERTIFICATE-----