Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/787a96-fb0d-432a-8428-710ef47732b0/1/ytnXUFX0s9FGWQPh4q6-o2ENpxQ.roa
File:                     ytnXUFX0s9FGWQPh4q6-o2ENpxQ.roa (raw, json)
Hash identifier:          a9SwKtsR+O5nBysPdo4bIzezmNCvsBCQmCu+MwvCSCg=
Subject key identifier:   CA:D9:D7:50:55:F4:B3:D1:46:59:03:E1:E2:AE:BE:A3:61:0D:A7:14
Certificate issuer:       /CN=e9052499b0003ea0eeaea2426338c34e0bf8fdcf
Certificate serial:       018D3C5444B73899AC738515BC3E78B8891C
Authority key identifier: E9:05:24:99:B0:00:3E:A0:EE:AE:A2:42:63:38:C3:4E:0B:F8:FD:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QUkmbAAPqDurqJCYzjDTgv4_c8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/787a96-fb0d-432a-8428-710ef47732b0/1/ytnXUFX0s9FGWQPh4q6-o2ENpxQ.roa
Signing time:             Wed 24 Jan 2024 16:36:11 +0000
ROA not before:           Wed 24 Jan 2024 16:36:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207850
IP address blocks:        193.108.20.0/24 maxlen: 24
                          193.108.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/787a96-fb0d-432a-8428-710ef47732b0/1/6QUkmbAAPqDurqJCYzjDTgv4_c8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/787a96-fb0d-432a-8428-710ef47732b0/1/6QUkmbAAPqDurqJCYzjDTgv4_c8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QUkmbAAPqDurqJCYzjDTgv4_c8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:54:44:b7:38:99:ac:73:85:15:bc:3e:78:b8:89:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9052499b0003ea0eeaea2426338c34e0bf8fdcf
        Validity
            Not Before: Jan 24 16:36:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cad9d75055f4b3d1465903e1e2aebea3610da714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:76:e3:66:a7:de:e9:f5:84:2f:7a:cf:7c:5c:
                    ef:af:ba:ad:e3:e6:5b:72:3e:52:fa:43:07:4f:da:
                    59:44:e3:6c:9e:31:3a:4a:30:7c:a0:e3:66:d6:37:
                    13:35:01:f2:a1:3b:51:e1:92:c8:2c:70:10:a9:44:
                    11:8e:90:9e:0a:5a:42:43:f0:67:54:24:a0:32:3f:
                    e0:ce:a1:62:2a:a3:fe:22:b5:0b:20:76:d1:20:ba:
                    8f:4c:18:5b:0d:3e:02:9a:db:38:20:d4:8d:b7:55:
                    a3:15:33:f3:8f:3e:52:4c:61:29:82:a8:8a:4e:71:
                    be:04:7c:bd:85:49:49:ae:23:42:5a:50:5f:02:1d:
                    cf:b9:b2:b0:3f:ee:60:8f:5f:ec:0a:9b:67:b1:79:
                    59:e8:23:50:fa:41:16:de:e3:78:0a:5c:8e:92:bb:
                    2a:ed:1a:22:df:42:65:c3:1c:24:c4:6b:c0:0e:dd:
                    29:d2:ef:10:de:a6:fa:83:0c:58:72:71:cf:4a:36:
                    95:33:db:44:f0:7e:a0:62:bd:f0:0c:51:e0:e9:45:
                    59:2d:9f:ba:4d:02:0f:9e:48:e2:21:22:ae:e4:44:
                    64:51:52:2a:d8:8c:a6:38:9c:8e:56:f4:fd:ae:28:
                    b9:8f:29:f6:5f:24:3e:66:f9:a3:f6:70:d9:e0:65:
                    06:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D9:D7:50:55:F4:B3:D1:46:59:03:E1:E2:AE:BE:A3:61:0D:A7:14
            X509v3 Authority Key Identifier:
                keyid:E9:05:24:99:B0:00:3E:A0:EE:AE:A2:42:63:38:C3:4E:0B:F8:FD:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QUkmbAAPqDurqJCYzjDTgv4_c8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/787a96-fb0d-432a-8428-710ef47732b0/1/ytnXUFX0s9FGWQPh4q6-o2ENpxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/787a96-fb0d-432a-8428-710ef47732b0/1/6QUkmbAAPqDurqJCYzjDTgv4_c8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.20.0/24
                  193.108.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:eb:f6:93:dd:5a:ca:62:c6:4e:cc:9b:ae:09:05:4b:7e:0a:
         7e:70:b1:6b:d0:ae:c2:69:f6:15:fe:68:f5:4c:6a:35:e0:93:
         a5:13:f0:8f:38:2f:e6:6e:20:7c:c0:91:21:17:1d:c9:d3:c1:
         87:79:55:98:7b:7a:ed:93:d6:f5:d9:1e:cd:ef:5a:73:3e:b9:
         e2:88:03:59:bb:06:a7:16:65:03:64:db:42:18:1c:42:56:e4:
         8e:49:4f:3a:b2:3d:d4:cb:70:6c:c1:af:7c:d1:7c:11:d4:d5:
         03:f4:06:e5:a7:48:ed:e5:9e:7b:a9:56:6b:17:fe:d7:a8:f8:
         40:23:9f:f5:79:6c:5e:76:4c:c2:f5:88:6c:38:d7:1f:4f:34:
         35:5b:a9:4e:c9:10:4f:79:78:19:01:c2:22:5f:23:30:34:50:
         30:2e:f8:15:f5:89:26:7d:de:95:b5:21:79:e8:6c:76:1b:e5:
         89:90:2a:c2:9e:7e:95:d7:49:b6:ec:47:40:5c:c9:ba:ae:6c:
         69:5b:06:c1:bc:a8:52:9f:42:f1:c0:ef:e4:bf:d4:41:c0:45:
         f0:79:d3:87:75:a2:ed:08:10:cb:f6:f7:ba:b9:78:53:9f:0b:
         06:32:8f:66:d9:b3:d8:93:49:d6:80:bb:7a:b9:67:d6:49:8c:
         ff:44:aa:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY08VES3OJmsc4UVvD54uIkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDUyNDk5YjAwMDNlYTBlZWFlYTI0MjYzMzhjMzRlMGJm
OGZkY2YwHhcNMjQwMTI0MTYzNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQ5ZDc1MDU1ZjRiM2QxNDY1OTAzZTFlMmFlYmVhMzYxMGRhNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnbjZqfe6fWEL3rPfFzvr7qt4+Zb
cj5S+kMHT9pZRONsnjE6SjB8oONm1jcTNQHyoTtR4ZLILHAQqUQRjpCeClpCQ/Bn
VCSgMj/gzqFiKqP+IrULIHbRILqPTBhbDT4Cmts4INSNt1WjFTPzjz5STGEpgqiK
TnG+BHy9hUlJriNCWlBfAh3PubKwP+5gj1/sCptnsXlZ6CNQ+kEW3uN4ClyOkrsq
7Roi30JlwxwkxGvADt0p0u8Q3qb6gwxYcnHPSjaVM9tE8H6gYr3wDFHg6UVZLZ+6
TQIPnkjiISKu5ERkUVIq2IymOJyOVvT9rii5jyn2XyQ+Zvmj9nDZ4GUG9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMrZ11BV9LPRRlkD4eKuvqNhDacUMB8GA1UdIwQY
MBaAFOkFJJmwAD6g7q6iQmM4w04L+P3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFVa21iQUFQcUR1cnFKQ1l6akRUZ3Y0X2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My83ODdhOTYtZmIwZC00MzJhLTg0Mjgt
NzEwZWY0NzczMmIwLzEveXRuWFVGWDBzOUZHV1FQaDRxNi1vMkVOcHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My83ODdhOTYtZmIwZC00MzJhLTg0MjgtNzEwZWY0NzczMmIw
LzEvNlFVa21iQUFQcUR1cnFKQ1l6akRUZ3Y0X2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWwUAwQA
wWyyMA0GCSqGSIb3DQEBCwUAA4IBAQBU6/aT3VrKYsZOzJuuCQVLfgp+cLFr0K7C
afYV/mj1TGo14JOlE/CPOC/mbiB8wJEhFx3J08GHeVWYe3rtk9b12R7N71pzPrni
iANZuwanFmUDZNtCGBxCVuSOSU86sj3Uy3Bswa980XwR1NUD9Ablp0jt5Z57qVZr
F/7XqPhAI5/1eWxedkzC9YhsONcfTzQ1W6lOyRBPeXgZAcIiXyMwNFAwLvgV9Ykm
fd6VtSF56Gx2G+WJkCrCnn6V10m27EdAXMm6rmxpWwbBvKhSn0LxwO/kv9RBwEXw
edOHdaLtCBDL9ve6uXhTnwsGMo9m2bPYk0nWgLt6uWfWSYz/RKr9
-----END CERTIFICATE-----