Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/y-0KOgGbP0j2fz3U11uGAgWXFmU.roa
File:                     y-0KOgGbP0j2fz3U11uGAgWXFmU.roa (raw, json)
Hash identifier:          dRVMmtexk8il2yrsivLPYv8xcfhWkbISBOsMpxPGsZA=
Subject key identifier:   CB:ED:0A:3A:01:9B:3F:48:F6:7F:3D:D4:D7:5B:86:02:05:97:16:65
Certificate issuer:       /CN=c7db56cda2e7ddb023168c5d77ec97d9a006baed
Certificate serial:       018CC4245B7C5A12485AC4D0D5803A2EA19C
Authority key identifier: C7:DB:56:CD:A2:E7:DD:B0:23:16:8C:5D:77:EC:97:D9:A0:06:BA:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/y-0KOgGbP0j2fz3U11uGAgWXFmU.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197595
IP address blocks:        193.178.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:7c:5a:12:48:5a:c4:d0:d5:80:3a:2e:a1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7db56cda2e7ddb023168c5d77ec97d9a006baed
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbed0a3a019b3f48f67f3dd4d75b860205971665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:92:4b:93:4c:35:98:bb:72:90:a6:c7:65:14:
                    aa:9a:25:e7:31:c4:9f:15:20:b6:fb:b0:ec:51:41:
                    78:43:05:bd:54:40:d2:65:d4:83:0f:c8:27:ca:35:
                    a0:09:b7:3b:db:fd:3e:d3:8f:87:37:e5:fc:9d:aa:
                    5e:72:ed:b6:52:3e:05:51:d8:a3:af:cb:77:de:ba:
                    85:11:4a:dd:b5:ab:b6:9b:14:ca:7f:3a:0d:87:ca:
                    7b:55:d8:c6:c7:a2:4d:ac:ad:68:21:3d:1f:2d:bb:
                    32:f0:89:4d:1a:57:4d:d0:20:45:2f:46:fa:ca:60:
                    f6:bf:b1:39:4e:a0:bc:c7:a8:f0:65:b0:c6:83:76:
                    e8:7a:68:07:cf:6d:86:c1:3a:21:0a:22:2a:e9:35:
                    18:05:9a:be:27:79:89:f8:04:f6:fb:3c:89:5a:f9:
                    82:5e:51:ff:f5:fd:47:12:c6:ec:f6:c6:fc:49:5e:
                    96:ea:cc:3d:27:0b:2e:c6:31:63:d9:06:64:bf:ac:
                    4c:f4:62:7e:dd:d2:e5:f1:f1:98:8e:fd:95:0e:5a:
                    7c:7d:96:70:99:b9:30:0d:10:06:5e:33:72:61:e6:
                    ad:d4:0f:a1:cf:a4:9f:a1:1f:aa:76:a0:63:22:2a:
                    a5:9e:5e:3d:d8:56:0b:9b:40:0b:b0:95:13:e1:d8:
                    9f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:ED:0A:3A:01:9B:3F:48:F6:7F:3D:D4:D7:5B:86:02:05:97:16:65
            X509v3 Authority Key Identifier:
                keyid:C7:DB:56:CD:A2:E7:DD:B0:23:16:8C:5D:77:EC:97:D9:A0:06:BA:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/y-0KOgGbP0j2fz3U11uGAgWXFmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:cc:11:5b:a6:ec:c4:49:2a:1a:7d:d9:48:9e:9d:73:25:c0:
         75:fe:82:3b:42:d4:33:cc:f6:49:5a:e2:70:4c:e9:53:4a:fe:
         7f:54:29:c5:1b:df:b6:00:15:fa:a7:98:59:04:48:48:e2:74:
         b0:0f:e8:64:37:4c:f0:54:66:be:d9:49:5d:dd:cd:c9:8f:12:
         70:92:ef:40:8a:e8:5b:e2:06:35:aa:e3:1e:82:6b:38:c5:36:
         cf:7d:e0:f3:47:99:19:3e:b1:4b:a0:d4:6a:cf:85:85:bb:6e:
         c7:5f:01:f0:4f:ca:97:13:20:23:66:bf:0a:be:da:09:42:05:
         8a:ce:9b:9e:ba:05:e2:fc:bb:b6:d6:c6:4b:ae:d9:36:d9:47:
         ce:6a:48:3b:51:17:6e:33:46:e9:72:f9:fc:0e:59:74:97:4c:
         91:30:32:7b:8c:df:0e:b0:1c:36:59:4a:7d:d1:10:a7:d7:72:
         84:9a:12:8a:9c:f0:37:19:74:52:78:b3:ac:44:08:6d:24:4c:
         35:28:9d:cf:48:5a:85:c1:91:99:0e:30:be:26:b1:fa:bc:59:
         3a:99:f9:c0:c4:18:6a:5d:7f:ba:1a:54:6a:5c:3c:47:0e:2f:
         7f:bd:e8:02:c9:82:76:1a:dd:06:a1:f0:78:c3:e5:4d:1d:d7:
         9b:cf:8a:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFt8WhJIWsTQ1YA6LqGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZGI1NmNkYTJlN2RkYjAyMzE2OGM1ZDc3ZWM5N2Q5YTAw
NmJhZWQwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmVkMGEzYTAxOWIzZjQ4ZjY3ZjNkZDRkNzViODYwMjA1OTcxNjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpJLk0w1mLtykKbHZRSqmiXnMcSf
FSC2+7DsUUF4QwW9VEDSZdSDD8gnyjWgCbc72/0+04+HN+X8napecu22Uj4FUdij
r8t33rqFEUrdtau2mxTKfzoNh8p7VdjGx6JNrK1oIT0fLbsy8IlNGldN0CBFL0b6
ymD2v7E5TqC8x6jwZbDGg3boemgHz22GwTohCiIq6TUYBZq+J3mJ+AT2+zyJWvmC
XlH/9f1HEsbs9sb8SV6W6sw9JwsuxjFj2QZkv6xM9GJ+3dLl8fGYjv2VDlp8fZZw
mbkwDRAGXjNyYeat1A+hz6SfoR+qdqBjIiqlnl492FYLm0ALsJUT4difawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvtCjoBmz9I9n891NdbhgIFlxZlMB8GA1UdIwQY
MBaAFMfbVs2i592wIxaMXXfsl9mgBrrtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDl0V3phTG4zYkFqRm94ZGQteVgyYUFHdXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hOTc4YWItNDNkNS00MzM1LWFmYTIt
ODJlYjZmZDExZGQ1LzEveS0wS09nR2JQMGoyZnozVTExdUdBZ1dYRm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hOTc4YWItNDNkNS00MzM1LWFmYTItODJlYjZmZDExZGQ1
LzEveDl0V3phTG4zYkFqRm94ZGQteVgyYUFHdXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKBMA0G
CSqGSIb3DQEBCwUAA4IBAQB3zBFbpuzESSoafdlInp1zJcB1/oI7QtQzzPZJWuJw
TOlTSv5/VCnFG9+2ABX6p5hZBEhI4nSwD+hkN0zwVGa+2Uld3c3JjxJwku9Aiuhb
4gY1quMegms4xTbPfeDzR5kZPrFLoNRqz4WFu27HXwHwT8qXEyAjZr8KvtoJQgWK
zpueugXi/Lu21sZLrtk22UfOakg7URduM0bpcvn8Dll0l0yRMDJ7jN8OsBw2WUp9
0RCn13KEmhKKnPA3GXRSeLOsRAhtJEw1KJ3PSFqFwZGZDjC+JrH6vFk6mfnAxBhq
XX+6GlRqXDxHDi9/vegCyYJ2Gt0GofB4w+VNHdebz4oM
-----END CERTIFICATE-----