Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/YNJKIBf0DrKm27mQmXcEr7c53zs.roa
File:                     YNJKIBf0DrKm27mQmXcEr7c53zs.roa (raw, json)
Hash identifier:          mnPzaYubQwvx/iwDyiogrvUccFUKKOFYG9FRqxCuUTI=
Subject key identifier:   60:D2:4A:20:17:F4:0E:B2:A6:DB:B9:90:99:77:04:AF:B7:39:DF:3B
Certificate issuer:       /CN=1f94d1a29cce26153b934fb47c2ee21674bb85cb
Certificate serial:       018CC425462FF65C11A95599F27253C51E07
Authority key identifier: 1F:94:D1:A2:9C:CE:26:15:3B:93:4F:B4:7C:2E:E2:16:74:BB:85:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5TRopzOJhU7k0-0fC7iFnS7hcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/YNJKIBf0DrKm27mQmXcEr7c53zs.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212636
IP address blocks:        193.23.52.0/24 maxlen: 24
                          2a10:5ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/H5TRopzOJhU7k0-0fC7iFnS7hcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/H5TRopzOJhU7k0-0fC7iFnS7hcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5TRopzOJhU7k0-0fC7iFnS7hcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:46:2f:f6:5c:11:a9:55:99:f2:72:53:c5:1e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f94d1a29cce26153b934fb47c2ee21674bb85cb
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60d24a2017f40eb2a6dbb990997704afb739df3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c2:b5:c6:ae:bd:51:6d:1a:91:cb:df:fe:cc:
                    90:5f:f9:a6:41:55:a5:7e:89:8c:c3:03:6e:c7:79:
                    4d:f1:08:e7:69:c0:22:b9:b7:13:dd:69:1a:3d:c7:
                    63:4a:c7:d0:5b:53:9a:5e:a4:64:de:82:db:2b:47:
                    ca:76:80:35:19:e8:69:65:37:d1:95:87:14:fe:66:
                    f7:73:b2:ab:f9:da:a6:59:66:f9:a6:a4:5f:55:c4:
                    24:9b:f3:84:35:94:0f:41:e1:54:80:31:55:a9:d6:
                    6d:10:8f:65:3d:86:7a:ac:73:bb:c1:27:80:3c:ac:
                    63:e0:89:c5:a0:9c:11:a7:8a:a2:80:9d:86:21:e9:
                    c3:d8:5c:24:b8:12:d0:27:e7:2d:58:11:ae:7c:65:
                    79:ca:01:3c:8c:37:8a:c0:75:e9:53:76:a7:de:53:
                    f5:29:36:7e:f8:42:a5:d7:f3:b1:f4:71:13:0e:b3:
                    34:77:3a:24:af:e9:ba:ba:d8:f5:58:d3:68:d5:3b:
                    ab:14:4e:09:9c:13:fb:2c:1e:86:77:5a:1d:bc:01:
                    b9:d8:ed:1d:d2:2b:17:b2:a5:0c:c7:49:1a:d1:9c:
                    82:2c:96:86:12:ef:d0:12:c0:e7:c8:52:62:29:dc:
                    fb:c5:9f:02:ea:d3:fa:f6:e1:cf:94:2d:59:75:11:
                    1d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D2:4A:20:17:F4:0E:B2:A6:DB:B9:90:99:77:04:AF:B7:39:DF:3B
            X509v3 Authority Key Identifier:
                keyid:1F:94:D1:A2:9C:CE:26:15:3B:93:4F:B4:7C:2E:E2:16:74:BB:85:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5TRopzOJhU7k0-0fC7iFnS7hcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/YNJKIBf0DrKm27mQmXcEr7c53zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/H5TRopzOJhU7k0-0fC7iFnS7hcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.52.0/24
                IPv6:
                  2a10:5ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:83:a2:ba:2c:ca:09:ce:e9:00:67:5b:36:c2:70:7e:d7:6d:
         26:6f:3e:aa:5c:f9:2f:cf:1d:ec:8d:d7:a1:3a:3f:f4:8c:b9:
         b9:bc:4d:45:5b:7e:ee:16:00:9a:7a:39:1c:d1:86:cb:dd:d6:
         f7:0b:95:a8:98:81:ec:22:0c:a8:08:59:60:7f:4e:5f:ef:54:
         7a:f8:20:77:12:82:19:01:1b:57:ee:6d:43:7b:9f:a0:02:73:
         6d:fc:ec:1d:9f:0f:f8:28:df:65:5d:78:a9:d2:f1:2a:10:e6:
         43:93:16:89:8a:a1:56:03:eb:76:8d:da:0e:82:18:c5:62:ea:
         f4:dc:ad:80:b4:ed:b1:79:06:67:7e:83:e8:74:d3:3e:6c:e5:
         70:36:5e:e8:34:b4:ae:d6:1b:a8:d0:b9:3c:55:19:75:25:2f:
         62:37:c7:01:a9:cb:ea:13:e3:0b:46:2c:f1:67:03:ea:89:f2:
         a8:c0:7a:df:65:82:5d:3b:ed:8f:34:22:44:1f:da:d8:5f:a1:
         0d:15:b7:f9:2d:52:5c:11:fe:6f:da:3e:79:cb:d6:39:2b:d1:
         c7:01:f2:95:64:a5:20:3c:8f:1f:31:0b:44:d0:0a:db:14:6c:
         11:f5:20:58:de:cd:e9:ad:56:c0:ae:8d:d1:45:91:58:a8:34:
         f7:01:b6:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJUYv9lwRqVWZ8nJTxR4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOTRkMWEyOWNjZTI2MTUzYjkzNGZiNDdjMmVlMjE2NzRi
Yjg1Y2IwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQyNGEyMDE3ZjQwZWIyYTZkYmI5OTA5OTc3MDRhZmI3MzlkZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8K1xq69UW0akcvf/syQX/mmQVWl
fomMwwNux3lN8QjnacAiubcT3WkaPcdjSsfQW1OaXqRk3oLbK0fKdoA1GehpZTfR
lYcU/mb3c7Kr+dqmWWb5pqRfVcQkm/OENZQPQeFUgDFVqdZtEI9lPYZ6rHO7wSeA
PKxj4InFoJwRp4qigJ2GIenD2FwkuBLQJ+ctWBGufGV5ygE8jDeKwHXpU3an3lP1
KTZ++EKl1/Ox9HETDrM0dzokr+m6utj1WNNo1TurFE4JnBP7LB6Gd1odvAG52O0d
0isXsqUMx0ka0ZyCLJaGEu/QEsDnyFJiKdz7xZ8C6tP69uHPlC1ZdREdMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGDSSiAX9A6yptu5kJl3BK+3Od87MB8GA1UdIwQY
MBaAFB+U0aKcziYVO5NPtHwu4hZ0u4XLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVUUm9wek9KaFU3azAtMGZDN2lGblM3aGNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yY2I2M2YtMTYxMy00NTliLTgxMTUt
NTU0Y2FiYjlhZDA1LzEvWU5KS0lCZjBEckttMjdtUW1YY0VyN2M1M3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yY2I2M2YtMTYxMy00NTliLTgxMTUtNTU0Y2FiYjlhZDA1
LzEvSDVUUm9wek9KaFU3azAtMGZDN2lGblM3aGNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRc0MA0E
AgACMAcDBQMqEFrAMA0GCSqGSIb3DQEBCwUAA4IBAQBgg6K6LMoJzukAZ1s2wnB+
120mbz6qXPkvzx3sjdehOj/0jLm5vE1FW37uFgCaejkc0YbL3db3C5WomIHsIgyo
CFlgf05f71R6+CB3EoIZARtX7m1De5+gAnNt/Owdnw/4KN9lXXip0vEqEOZDkxaJ
iqFWA+t2jdoOghjFYur03K2AtO2xeQZnfoPodNM+bOVwNl7oNLSu1huo0Lk8VRl1
JS9iN8cBqcvqE+MLRizxZwPqifKowHrfZYJdO+2PNCJEH9rYX6ENFbf5LVJcEf5v
2j55y9Y5K9HHAfKVZKUgPI8fMQtE0ArbFGwR9SBY3s3prVbAro3RRZFYqDT3AbZV
-----END CERTIFICATE-----