Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/yMbBlyLCpdMZ5wKK31NOiDm7MHc.roa
File:                     yMbBlyLCpdMZ5wKK31NOiDm7MHc.roa (raw, json)
Hash identifier:          WCKzhFKQuV/7ALjaZZrcmlX9kz4INZCcf0KaL1h/FFQ=
Subject key identifier:   C8:C6:C1:97:22:C2:A5:D3:19:E7:02:8A:DF:53:4E:88:39:BB:30:77
Certificate issuer:       /CN=ca91c42dfa6afbc11e78ee9de2e785f8a20b5043
Certificate serial:       018CC348E5A68F3FEFD3A074FA4001ABFC1C
Authority key identifier: CA:91:C4:2D:FA:6A:FB:C1:1E:78:EE:9D:E2:E7:85:F8:A2:0B:50:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/yMbBlyLCpdMZ5wKK31NOiDm7MHc.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20529
IP address blocks:        217.147.192.0/20 maxlen: 24
                          217.147.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e5:a6:8f:3f:ef:d3:a0:74:fa:40:01:ab:fc:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca91c42dfa6afbc11e78ee9de2e785f8a20b5043
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8c6c19722c2a5d319e7028adf534e8839bb3077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:08:40:12:a9:0e:82:38:5f:de:be:49:e9:c4:
                    f8:5d:e8:8e:91:98:7b:1c:72:be:50:e0:e3:8c:6b:
                    25:ea:23:91:8c:64:d5:2a:c3:b6:4f:a6:cc:a5:4a:
                    13:c5:d4:3c:94:ce:60:24:ae:72:74:87:0c:3f:7f:
                    1c:ab:9a:8d:50:6d:43:e3:90:87:58:e3:5f:02:fb:
                    41:16:5d:dd:af:bf:ed:2c:cd:75:77:e2:8a:d1:b5:
                    8c:be:22:8e:37:6f:ed:79:1e:3a:37:1a:d5:3a:22:
                    8a:f7:94:ec:36:73:2f:10:2a:a5:76:54:e3:7c:8c:
                    96:af:85:78:6a:a1:93:ef:33:72:2e:dc:6a:c5:2e:
                    5e:42:67:52:25:60:d9:77:66:f3:a4:7c:6b:f7:af:
                    f0:14:1b:e2:b4:db:05:08:77:c3:6e:f5:80:1c:6a:
                    d0:7d:2d:68:83:f1:21:d4:8a:87:78:4a:38:45:9f:
                    23:04:01:ab:14:91:70:44:23:3d:af:d9:05:a6:de:
                    5b:84:76:59:5f:db:95:84:29:68:4b:04:74:78:7b:
                    93:8b:af:c4:40:14:be:ab:9e:fd:24:4d:3a:f0:67:
                    44:1f:8c:65:dd:1d:10:aa:a3:5a:46:4a:54:da:62:
                    7c:9a:d8:0f:0d:47:50:ec:53:fb:fe:6b:80:70:6c:
                    35:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C6:C1:97:22:C2:A5:D3:19:E7:02:8A:DF:53:4E:88:39:BB:30:77
            X509v3 Authority Key Identifier:
                keyid:CA:91:C4:2D:FA:6A:FB:C1:1E:78:EE:9D:E2:E7:85:F8:A2:0B:50:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/yMbBlyLCpdMZ5wKK31NOiDm7MHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:de:3a:85:d5:5e:4a:4c:0a:a0:85:16:ff:26:0f:d4:6e:b4:
         88:bd:aa:63:ac:ea:56:1b:ad:26:3b:27:dd:6c:aa:0a:39:89:
         67:69:f4:e8:69:6d:12:2a:14:94:c8:cd:59:4a:eb:69:3d:2e:
         a3:d2:23:7b:cc:07:fd:f0:ec:69:81:0c:4c:c8:18:15:d6:2c:
         6d:33:81:3b:77:ac:47:d0:65:0c:1a:65:77:f3:04:1a:40:f1:
         c9:6c:4e:99:26:44:28:2e:b1:4f:18:22:8e:2a:2a:b7:b1:0b:
         49:7a:2f:95:2c:cc:fa:31:b0:b5:55:1a:e2:8b:ed:3f:a7:34:
         e7:d3:02:23:4e:1f:1d:e8:43:fa:f6:f9:15:32:67:d6:3d:6d:
         6f:7f:82:b9:9a:1b:24:81:db:0f:07:16:7e:fc:fe:6c:4e:1f:
         17:a1:2d:b5:dd:58:34:66:97:d4:ba:b0:77:de:af:b8:93:6a:
         3d:91:8f:b4:c7:12:8e:d0:8c:5f:5f:3a:ce:6b:0b:f7:91:0c:
         60:91:45:94:f1:25:72:e9:ca:a0:28:b8:ca:e3:19:f2:1e:06:
         60:4e:13:2c:51:88:e8:a2:e2:fe:3f:67:46:64:f9:b2:33:ff:
         10:29:1b:f3:0c:67:7f:9f:38:a7:9e:67:77:f6:41:03:83:83:
         2f:f3:10:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOWmjz/v06B0+kABq/wcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTFjNDJkZmE2YWZiYzExZTc4ZWU5ZGUyZTc4NWY4YTIw
YjUwNDMwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGM2YzE5NzIyYzJhNWQzMTllNzAyOGFkZjUzNGU4ODM5YmIzMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6whAEqkOgjhf3r5J6cT4XeiOkZh7
HHK+UODjjGsl6iORjGTVKsO2T6bMpUoTxdQ8lM5gJK5ydIcMP38cq5qNUG1D45CH
WONfAvtBFl3dr7/tLM11d+KK0bWMviKON2/teR46NxrVOiKK95TsNnMvECqldlTj
fIyWr4V4aqGT7zNyLtxqxS5eQmdSJWDZd2bzpHxr96/wFBvitNsFCHfDbvWAHGrQ
fS1og/Eh1IqHeEo4RZ8jBAGrFJFwRCM9r9kFpt5bhHZZX9uVhCloSwR0eHuTi6/E
QBS+q579JE068GdEH4xl3R0QqqNaRkpU2mJ8mtgPDUdQ7FP7/muAcGw1wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjGwZciwqXTGecCit9TTog5uzB3MB8GA1UdIwQY
MBaAFMqRxC36avvBHnjuneLnhfiiC1BDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBIRUxmcHEtOEVlZU82ZDR1ZUYtS0lMVUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NTFlODQtMmYxYS00Yzc3LWIxZjIt
ZDU4NjUwNDFhMTRmLzEveU1iQmx5TENwZE1aNXdLSzMxTk9pRG03TUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NTFlODQtMmYxYS00Yzc3LWIxZjItZDU4NjUwNDFhMTRm
LzEveXBIRUxmcHEtOEVlZU82ZDR1ZUYtS0lMVUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZPAMA0G
CSqGSIb3DQEBCwUAA4IBAQBS3jqF1V5KTAqghRb/Jg/UbrSIvapjrOpWG60mOyfd
bKoKOYlnafToaW0SKhSUyM1ZSutpPS6j0iN7zAf98OxpgQxMyBgV1ixtM4E7d6xH
0GUMGmV38wQaQPHJbE6ZJkQoLrFPGCKOKiq3sQtJei+VLMz6MbC1VRrii+0/pzTn
0wIjTh8d6EP69vkVMmfWPW1vf4K5mhskgdsPBxZ+/P5sTh8XoS213Vg0ZpfUurB3
3q+4k2o9kY+0xxKO0IxfXzrOawv3kQxgkUWU8SVy6cqgKLjK4xnyHgZgThMsUYjo
ouL+P2dGZPmyM/8QKRvzDGd/nzinnmd39kEDg4Mv8xDv
-----END CERTIFICATE-----