Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/JYGXULfvbcui9pHXWUg9Q7ZSr68.roa
File:                     JYGXULfvbcui9pHXWUg9Q7ZSr68.roa (raw, json)
Hash identifier:          aK8ykfzhntBWZ6jsQK5N8rKXOe9HETpguVmArlvmrhU=
Subject key identifier:   25:81:97:50:B7:EF:6D:CB:A2:F6:91:D7:59:48:3D:43:B6:52:AF:AF
Certificate issuer:       /CN=0c86662b752c8a3be72e8544394ff926f68fbf7e
Certificate serial:       018CC4250A3608F847BE15C6FA4D4CBF47C7
Authority key identifier: 0C:86:66:2B:75:2C:8A:3B:E7:2E:85:44:39:4F:F9:26:F6:8F:BF:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/JYGXULfvbcui9pHXWUg9Q7ZSr68.roa
Signing time:             Mon 01 Jan 2024 08:30:10 +0000
ROA not before:           Mon 01 Jan 2024 08:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.9.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0a:36:08:f8:47:be:15:c6:fa:4d:4c:bf:47:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c86662b752c8a3be72e8544394ff926f68fbf7e
        Validity
            Not Before: Jan  1 08:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25819750b7ef6dcba2f691d759483d43b652afaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:91:15:f2:29:5a:c2:5d:0d:3d:99:a7:cc:60:
                    06:2d:8c:35:41:e1:14:2e:c8:9c:3f:4b:40:23:e4:
                    85:b2:5a:9c:da:2c:2b:6a:6d:a5:29:04:a5:a3:a6:
                    87:2d:f7:2d:a2:d8:38:ca:00:83:34:44:5b:3d:f4:
                    ce:78:14:4c:bf:fa:11:e7:1c:4a:e9:a5:56:4d:d3:
                    eb:50:20:68:be:ae:94:cf:83:6c:8a:0e:85:33:66:
                    a1:4c:71:90:ca:48:51:4b:bc:76:ef:54:7c:b9:23:
                    65:e4:c0:41:23:19:c8:ae:96:0d:ad:0a:1d:b4:2a:
                    01:6c:b4:84:74:ff:33:e1:2d:6b:c0:27:82:3f:33:
                    04:49:c5:be:0a:77:80:36:27:40:8f:b8:9c:d0:b6:
                    0d:36:0d:48:6e:8f:a7:c9:e0:ee:d0:66:5b:e2:72:
                    76:36:21:ad:3f:a7:e3:c8:3b:99:9c:c9:05:d4:54:
                    5a:76:00:5c:7f:2e:65:fd:61:f9:9f:a0:c0:95:44:
                    a4:93:27:7c:3a:36:99:88:07:4c:f7:7e:4f:a3:8c:
                    ab:4f:20:e2:e1:62:2b:a3:06:8a:f8:ca:52:39:ae:
                    70:24:a0:d3:e5:de:f6:cf:c9:a7:80:13:47:e1:fe:
                    2f:d2:cb:91:5e:f2:2f:bc:3c:8e:11:e3:5b:01:35:
                    11:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:81:97:50:B7:EF:6D:CB:A2:F6:91:D7:59:48:3D:43:B6:52:AF:AF
            X509v3 Authority Key Identifier:
                keyid:0C:86:66:2B:75:2C:8A:3B:E7:2E:85:44:39:4F:F9:26:F6:8F:BF:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/JYGXULfvbcui9pHXWUg9Q7ZSr68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:9f:48:80:3f:e4:a5:c0:17:b8:c9:7d:c9:2f:80:6c:57:1e:
         d9:31:3a:68:95:43:06:bd:8d:99:bd:c2:47:ba:c8:e8:5a:48:
         d2:63:be:a0:81:90:7a:cb:cf:18:f0:78:66:94:6a:d1:c1:6b:
         5c:45:f7:26:47:45:73:0a:04:c3:2e:db:b8:6e:a6:6d:7f:53:
         00:e8:13:39:8f:ce:5f:2f:9e:50:4f:50:c3:fd:f2:cd:fe:b6:
         bc:6f:21:f9:97:0c:96:b0:d0:fb:18:c9:6c:f3:25:ca:28:ae:
         80:0b:24:1a:e4:f4:24:91:51:c8:7d:88:00:21:7a:49:bf:f8:
         0e:2e:f9:8d:fe:e6:06:b1:fd:7f:5f:ed:11:c5:eb:d6:51:37:
         8e:cd:1b:2c:07:75:af:d3:8b:7c:9d:cd:5c:61:a4:b0:fc:82:
         62:00:52:fd:76:55:04:30:1b:a2:d2:f9:13:ef:a6:e9:04:03:
         9c:88:6d:4b:bc:97:32:b5:9a:a9:b4:5f:5b:71:ab:52:35:19:
         02:68:bc:5f:21:6d:a2:97:da:c5:4e:e5:5c:a9:dd:66:48:24:
         80:c4:80:af:0b:9b:26:90:88:84:67:cf:f8:e8:5b:ce:a1:55:
         58:bb:be:d3:f5:5f:37:54:2f:ca:78:8b:1a:e0:cc:63:a7:de:
         25:7d:25:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQo2CPhHvhXG+k1Mv0fHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjODY2NjJiNzUyYzhhM2JlNzJlODU0NDM5NGZmOTI2ZjY4
ZmJmN2UwHhcNMjQwMTAxMDgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTgxOTc1MGI3ZWY2ZGNiYTJmNjkxZDc1OTQ4M2Q0M2I2NTJhZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpEV8ilawl0NPZmnzGAGLYw1QeEU
LsicP0tAI+SFslqc2iwram2lKQSlo6aHLfctotg4ygCDNERbPfTOeBRMv/oR5xxK
6aVWTdPrUCBovq6Uz4Nsig6FM2ahTHGQykhRS7x271R8uSNl5MBBIxnIrpYNrQod
tCoBbLSEdP8z4S1rwCeCPzMEScW+CneANidAj7ic0LYNNg1Ibo+nyeDu0GZb4nJ2
NiGtP6fjyDuZnMkF1FRadgBcfy5l/WH5n6DAlUSkkyd8OjaZiAdM935Po4yrTyDi
4WIrowaK+MpSOa5wJKDT5d72z8mngBNH4f4v0suRXvIvvDyOEeNbATURqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWBl1C3723LovaR11lIPUO2Uq+vMB8GA1UdIwQY
MBaAFAyGZit1LIo75y6FRDlP+Sb2j79+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRElabUszVXNpanZuTG9WRU9VXzVKdmFQdjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8wOWM0YjItNDZhOS00Zjg4LTk5Yjgt
MWNjYzljMjk1ZThlLzEvSllHWFVMZnZiY3VpOXBIWFdVZzlRN1pTcjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8wOWM0YjItNDZhOS00Zjg4LTk5YjgtMWNjYzljMjk1ZThl
LzEvRElabUszVXNpanZuTG9WRU9VXzVKdmFQdjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQl6MA0G
CSqGSIb3DQEBCwUAA4IBAQBDn0iAP+SlwBe4yX3JL4BsVx7ZMTpolUMGvY2ZvcJH
usjoWkjSY76ggZB6y88Y8HhmlGrRwWtcRfcmR0VzCgTDLtu4bqZtf1MA6BM5j85f
L55QT1DD/fLN/ra8byH5lwyWsND7GMls8yXKKK6ACyQa5PQkkVHIfYgAIXpJv/gO
LvmN/uYGsf1/X+0RxevWUTeOzRssB3Wv04t8nc1cYaSw/IJiAFL9dlUEMBui0vkT
76bpBAOciG1LvJcytZqptF9bcatSNRkCaLxfIW2il9rFTuVcqd1mSCSAxICvC5sm
kIiEZ8/46FvOoVVYu77T9V83VC/KeIsa4Mxjp94lfSUu
-----END CERTIFICATE-----