Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/yiuXhwZ69kDUqaHpZTCCt1ghyiI.roa
File:                     yiuXhwZ69kDUqaHpZTCCt1ghyiI.roa (raw, json)
Hash identifier:          XL0ITo62kEmuKh+f5QJhazDe/syA0mtl0h3SuESpm6A=
Subject key identifier:   CA:2B:97:87:06:7A:F6:40:D4:A9:A1:E9:65:30:82:B7:58:21:CA:22
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       018CC8DF0C44DC3D8FE4D53A49779B1E3F3A
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/yiuXhwZ69kDUqaHpZTCCt1ghyiI.roa
Signing time:             Tue 02 Jan 2024 06:31:49 +0000
ROA not before:           Tue 02 Jan 2024 06:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60557
IP address blocks:        176.119.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:0c:44:dc:3d:8f:e4:d5:3a:49:77:9b:1e:3f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Jan  2 06:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca2b9787067af640d4a9a1e9653082b75821ca22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:df:a4:ae:f0:46:a5:5a:cf:b8:b9:58:73:c0:
                    81:fd:08:dc:8d:72:b2:fe:93:6e:e0:86:76:7e:33:
                    31:52:2c:26:c1:14:d9:62:1d:34:e3:f1:52:61:2e:
                    fb:9f:8d:21:f6:4c:72:bc:ad:81:e6:0b:8b:9d:3d:
                    54:93:e5:b6:36:53:42:b7:9f:64:fb:f0:cc:f8:87:
                    85:94:f1:7b:8f:2e:9d:18:c5:18:6d:cf:97:fe:df:
                    b9:8a:d4:8b:94:7e:99:54:3e:70:24:ba:d8:1a:05:
                    75:f2:54:9b:6f:a0:83:5f:04:91:41:77:4c:69:8d:
                    38:eb:05:67:52:b3:5a:f4:48:44:a6:71:e3:d5:30:
                    de:d5:2c:e0:23:2e:aa:7d:96:6d:d6:6e:08:73:1c:
                    f9:25:85:1e:6c:56:8a:dc:1d:39:4d:73:a4:e7:af:
                    07:14:89:32:d6:7e:64:e0:fa:c1:9a:6d:8a:c3:e0:
                    21:85:1c:95:26:38:45:f8:ce:42:0f:46:0c:45:bc:
                    1e:66:50:f6:0d:7e:4c:9e:72:a4:52:02:7f:09:19:
                    ef:70:90:24:c2:e1:24:77:bf:b8:10:73:31:71:bb:
                    ba:78:d0:05:24:ae:0a:0f:57:98:3a:22:c9:3e:ce:
                    6c:b3:f9:f0:b3:da:04:b2:a3:75:15:e0:c7:a1:fa:
                    43:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2B:97:87:06:7A:F6:40:D4:A9:A1:E9:65:30:82:B7:58:21:CA:22
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/yiuXhwZ69kDUqaHpZTCCt1ghyiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:00:45:4e:df:c9:b2:32:cc:c9:29:5b:ce:9c:d6:2e:09:eb:
         25:c0:68:4c:0f:e2:a4:05:da:a3:9c:33:5e:da:cf:93:93:c1:
         fe:b6:74:13:a4:17:11:43:39:46:22:f7:91:2a:03:1e:db:b7:
         e3:9a:2b:5a:7d:77:1c:44:f0:9b:b3:f5:2d:4b:19:14:7e:35:
         09:4f:4f:90:1e:7a:db:db:b8:52:fa:15:54:f1:c0:cd:0a:f6:
         07:8a:c2:1b:b3:f9:2c:f8:e5:b6:89:9d:f4:b4:84:92:6e:ca:
         d6:9a:90:de:51:a1:e2:e0:6e:db:57:cd:1a:73:89:42:61:fd:
         86:f5:3f:10:2d:7a:85:86:81:c5:8e:c0:38:06:85:56:2c:69:
         f2:35:19:9f:f8:5a:f4:3a:1f:e2:2a:32:bf:68:2c:ce:79:56:
         f3:20:45:84:fb:4c:29:36:ab:69:1e:46:67:7d:af:1a:6e:df:
         17:52:15:1a:b0:1f:95:e7:61:6c:38:52:cb:ff:3d:11:19:22:
         68:ec:6a:74:3b:4e:97:31:30:e6:1f:31:84:71:84:0f:7e:68:
         91:90:5d:31:4c:49:44:f0:98:1c:52:a4:55:48:e0:7e:77:2f:
         aa:21:73:08:d4:d0:1a:4b:02:ef:20:3c:3b:6c:77:a7:91:7c:
         0e:cb:1e:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wxE3D2P5NU6SXebHj86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjQwMTAyMDYzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJiOTc4NzA2N2FmNjQwZDRhOWExZTk2NTMwODJiNzU4MjFjYTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd+krvBGpVrPuLlYc8CB/QjcjXKy
/pNu4IZ2fjMxUiwmwRTZYh004/FSYS77n40h9kxyvK2B5guLnT1Uk+W2NlNCt59k
+/DM+IeFlPF7jy6dGMUYbc+X/t+5itSLlH6ZVD5wJLrYGgV18lSbb6CDXwSRQXdM
aY046wVnUrNa9EhEpnHj1TDe1SzgIy6qfZZt1m4Icxz5JYUebFaK3B05TXOk568H
FIky1n5k4PrBmm2Kw+AhhRyVJjhF+M5CD0YMRbweZlD2DX5MnnKkUgJ/CRnvcJAk
wuEkd7+4EHMxcbu6eNAFJK4KD1eYOiLJPs5ss/nws9oEsqN1FeDHofpDKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMorl4cGevZA1Kmh6WUwgrdYIcoiMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEveWl1WGh3WjY5a0RVcWFIcFpUQ0N0MWdoeWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfXMA0G
CSqGSIb3DQEBCwUAA4IBAQBnAEVO38myMszJKVvOnNYuCeslwGhMD+KkBdqjnDNe
2s+Tk8H+tnQTpBcRQzlGIveRKgMe27fjmitafXccRPCbs/UtSxkUfjUJT0+QHnrb
27hS+hVU8cDNCvYHisIbs/ks+OW2iZ30tISSbsrWmpDeUaHi4G7bV80ac4lCYf2G
9T8QLXqFhoHFjsA4BoVWLGnyNRmf+Fr0Oh/iKjK/aCzOeVbzIEWE+0wpNqtpHkZn
fa8abt8XUhUasB+V52FsOFLL/z0RGSJo7Gp0O06XMTDmHzGEcYQPfmiRkF0xTElE
8JgcUqRVSOB+dy+qIXMI1NAaSwLvIDw7bHenkXwOyx7h
-----END CERTIFICATE-----