Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/YQcjkrgEdwfEUz_MpXOEiL512Vo.roa
File:                     YQcjkrgEdwfEUz_MpXOEiL512Vo.roa (raw, json)
Hash identifier:          JhPwkvrIODgFvuAcAVCot6itLEgaeGQXV8tMr3cOPwo=
Subject key identifier:   61:07:23:92:B8:04:77:07:C4:53:3F:CC:A5:73:84:88:BE:75:D9:5A
Certificate issuer:       /CN=f59d56c52c7733f83be774afa47bbd55d28797ac
Certificate serial:       018F83AC65DFA328CAACE9505734E31ABC2D
Authority key identifier: F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/YQcjkrgEdwfEUz_MpXOEiL512Vo.roa
Signing time:             Thu 16 May 2024 23:11:04 +0000
ROA not before:           Thu 16 May 2024 23:11:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202319
IP address blocks:        194.34.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:83:ac:65:df:a3:28:ca:ac:e9:50:57:34:e3:1a:bc:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f59d56c52c7733f83be774afa47bbd55d28797ac
        Validity
            Not Before: May 16 23:11:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61072392b8047707c4533fcca5738488be75d95a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0c:ac:cf:d9:b3:50:8d:28:67:03:fc:ee:d8:
                    12:42:8b:10:88:77:43:1c:96:bb:3d:da:3d:eb:46:
                    f6:62:e3:47:b4:39:82:73:8d:e5:98:2a:fc:78:cc:
                    f6:65:4e:35:89:78:5f:d8:2b:d7:7a:03:d3:5d:98:
                    5d:e0:9b:06:b5:90:1c:59:f7:c1:51:26:97:8e:54:
                    74:9f:44:25:e9:b3:ea:4b:6a:e6:f5:e2:b3:0f:22:
                    34:99:5c:7b:e9:50:78:71:bc:f7:26:4f:67:94:1b:
                    ef:79:b9:18:d8:70:50:eb:6f:47:29:ae:1b:dd:e2:
                    8a:c0:4e:a6:68:bd:e1:b5:b2:fe:df:e4:ad:3f:07:
                    ee:a7:a3:fb:03:c9:cb:b7:23:39:b9:ae:71:5d:6c:
                    d3:85:5f:fd:b7:5f:0d:95:47:79:e9:29:3c:87:2e:
                    0f:88:5f:be:07:c2:f4:ce:f2:02:60:29:ba:ea:9b:
                    23:da:34:2a:0f:23:7b:31:d6:79:9c:d3:f6:30:cb:
                    47:14:0e:e2:36:7d:60:c0:8a:d9:02:8f:bf:21:ae:
                    1c:5d:20:14:2d:06:aa:45:85:81:e4:65:5f:fb:7d:
                    f5:23:22:cc:5d:72:43:6a:e8:57:6c:aa:ff:d8:4c:
                    9d:a8:a8:21:2a:e2:30:84:fc:75:58:49:c5:90:f4:
                    af:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:07:23:92:B8:04:77:07:C4:53:3F:CC:A5:73:84:88:BE:75:D9:5A
            X509v3 Authority Key Identifier:
                keyid:F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/YQcjkrgEdwfEUz_MpXOEiL512Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f0:66:f4:8b:b5:b5:8d:b2:b8:66:3d:85:3d:6e:58:45:a6:
         35:db:58:31:31:6c:0e:7b:8a:46:0a:c2:07:60:b6:66:45:9f:
         4e:70:b5:8e:61:e5:16:6b:b1:45:61:72:ca:b4:3e:74:ad:88:
         a6:8e:60:27:d8:66:cb:07:d4:7c:e7:c2:9a:39:1b:45:82:92:
         7a:d1:46:fe:16:19:17:4c:70:8a:ab:f3:c8:48:03:90:2c:39:
         7f:21:92:01:e8:11:dc:2a:2f:df:7d:8b:38:02:dc:21:bd:da:
         3b:cc:ba:bd:55:83:77:a3:62:d7:79:a6:75:37:79:d6:7e:89:
         a9:fe:3d:60:9f:bc:6f:7c:db:fa:a3:a3:90:b2:91:83:5b:9d:
         37:b4:a4:3c:95:3f:a9:16:c7:9b:b5:e2:48:30:f3:e2:23:8b:
         9f:fb:a2:5d:52:87:b8:29:6b:f8:5d:0c:6f:74:1c:29:25:b2:
         c6:65:55:e4:1b:55:b8:27:37:aa:ab:64:27:76:c4:20:cd:cd:
         bf:07:6b:30:77:eb:82:a9:f8:55:11:57:e1:69:26:e4:7e:39:
         29:8a:3d:43:f9:0a:6c:e2:f3:b1:0f:e6:5f:03:18:db:15:5e:
         f3:d2:eb:45:9c:11:68:d4:65:0d:00:99:69:80:75:69:54:74:
         9a:35:91:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+DrGXfoyjKrOlQVzTjGrwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OWQ1NmM1MmM3NzMzZjgzYmU3NzRhZmE0N2JiZDU1ZDI4
Nzk3YWMwHhcNMjQwNTE2MjMxMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTA3MjM5MmI4MDQ3NzA3YzQ1MzNmY2NhNTczODQ4OGJlNzVkOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwysz9mzUI0oZwP87tgSQosQiHdD
HJa7Pdo960b2YuNHtDmCc43lmCr8eMz2ZU41iXhf2CvXegPTXZhd4JsGtZAcWffB
USaXjlR0n0Ql6bPqS2rm9eKzDyI0mVx76VB4cbz3Jk9nlBvvebkY2HBQ629HKa4b
3eKKwE6maL3htbL+3+StPwfup6P7A8nLtyM5ua5xXWzThV/9t18NlUd56Sk8hy4P
iF++B8L0zvICYCm66psj2jQqDyN7MdZ5nNP2MMtHFA7iNn1gwIrZAo+/Ia4cXSAU
LQaqRYWB5GVf+331IyLMXXJDauhXbKr/2EydqKghKuIwhPx1WEnFkPSv+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEHI5K4BHcHxFM/zKVzhIi+ddlaMB8GA1UdIwQY
MBaAFPWdVsUsdzP4O+d0r6R7vVXSh5esMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUt
NWMwNjdiOGI5MWE1LzEvWVFjamtyZ0Vkd2ZFVXpfTXBYT0VpTDUxMlZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUtNWMwNjdiOGI5MWE1
LzEvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiKjMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ8Gb0i7W1jbK4Zj2FPW5YRaY121gxMWwOe4pGCsIH
YLZmRZ9OcLWOYeUWa7FFYXLKtD50rYimjmAn2GbLB9R858KaORtFgpJ60Ub+FhkX
THCKq/PISAOQLDl/IZIB6BHcKi/ffYs4Atwhvdo7zLq9VYN3o2LXeaZ1N3nWfomp
/j1gn7xvfNv6o6OQspGDW503tKQ8lT+pFsebteJIMPPiI4uf+6JdUoe4KWv4XQxv
dBwpJbLGZVXkG1W4Jzeqq2QndsQgzc2/B2swd+uCqfhVEVfhaSbkfjkpij1D+Qps
4vOxD+ZfAxjbFV7z0utFnBFo1GUNAJlpgHVpVHSaNZHO
-----END CERTIFICATE-----