Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/y48BmpPn-uediPM2QUNtJ4MMv7o.roa
File:                     y48BmpPn-uediPM2QUNtJ4MMv7o.roa (raw, json)
Hash identifier:          fP5QGv9EYXOEtamMr8m+mnT68kN0x1MkhkO+6W3Ztto=
Subject key identifier:   CB:8F:01:9A:93:E7:FA:E7:9D:88:F3:36:41:43:6D:27:83:0C:BF:BA
Certificate issuer:       /CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Certificate serial:       01928DB1857661AE2600B6B6D8BC1867ED79
Authority key identifier: DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/y48BmpPn-uediPM2QUNtJ4MMv7o.roa
Signing time:             Tue 15 Oct 2024 01:01:14 +0000
ROA not before:           Tue 15 Oct 2024 01:01:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204057
IP address blocks:        178.23.189.0/24 maxlen: 24
                          185.255.96.0/23 maxlen: 23
                          2a0d:6240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8d:b1:85:76:61:ae:26:00:b6:b6:d8:bc:18:67:ed:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
        Validity
            Not Before: Oct 15 01:01:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb8f019a93e7fae79d88f33641436d27830cbfba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:05:a7:3a:15:12:71:18:b8:7a:12:2f:f9:5c:
                    64:b0:75:11:0c:f9:38:b2:ca:1d:c4:f3:10:0f:b7:
                    eb:e6:06:c4:7e:80:42:f5:29:23:0c:c0:d0:26:6a:
                    a6:ca:5a:38:41:67:6f:ac:d9:e7:b0:d7:be:4e:f2:
                    1e:cd:37:99:1b:41:5f:29:1e:c1:1a:58:5f:f9:bf:
                    a2:93:71:f5:8d:24:8a:85:22:6a:6f:42:57:74:43:
                    15:18:56:e2:d7:64:c4:1e:dc:1f:85:b3:b6:73:60:
                    93:7d:c3:db:d0:bc:d5:fb:18:6f:da:e9:a1:e0:71:
                    03:a5:ae:eb:81:8c:8c:bc:76:20:df:1c:85:74:6b:
                    23:39:29:2d:25:3e:51:fc:64:5f:e2:09:4d:1a:90:
                    c6:f6:90:49:e0:5f:97:e7:48:fb:9d:11:14:e6:fd:
                    39:e5:1c:f1:b5:ad:b3:f3:ed:5a:5c:92:73:e6:1c:
                    57:67:b2:14:89:79:6d:17:85:49:eb:d4:59:18:72:
                    69:71:fb:81:1b:b1:6b:0d:e3:97:ff:1c:7e:7f:04:
                    80:92:e8:a0:21:55:d0:19:fe:a2:d1:15:76:8f:d9:
                    d6:ed:84:62:b9:d3:33:b7:00:73:db:ec:89:08:ba:
                    03:8a:83:13:17:8a:70:cf:60:b4:2d:8c:48:ba:12:
                    18:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:8F:01:9A:93:E7:FA:E7:9D:88:F3:36:41:43:6D:27:83:0C:BF:BA
            X509v3 Authority Key Identifier:
                keyid:DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/y48BmpPn-uediPM2QUNtJ4MMv7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.23.189.0/24
                  185.255.96.0/23
                IPv6:
                  2a0d:6240::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:b6:11:14:62:5c:87:8b:82:e0:7c:1f:b6:20:f5:b1:0d:7b:
         f3:65:62:41:9c:81:55:77:25:a1:5f:94:f7:55:56:8f:fe:f7:
         c2:24:3b:7d:04:9e:13:ac:9a:e2:1a:4a:e0:ef:1b:8a:0a:4c:
         5c:cb:6f:09:6d:92:7e:cb:af:93:99:21:92:f4:e1:b7:25:c6:
         15:5d:17:e1:16:2d:aa:6f:38:cd:9d:53:8a:b3:73:e9:1f:10:
         b0:ef:f5:55:3e:3c:d7:72:f3:87:19:eb:c1:2d:59:0c:6f:52:
         36:4c:db:18:6b:9b:52:a0:96:95:c1:2d:21:cb:c5:f7:64:9c:
         ba:71:8f:2b:f7:a9:04:b5:e6:3a:04:88:01:09:1b:74:9f:0d:
         aa:57:b0:55:13:ca:81:6b:09:3d:1a:b1:54:37:d1:15:02:d0:
         14:68:81:6c:5a:5b:86:ce:e1:5e:e1:31:01:6d:95:90:7e:53:
         2b:39:12:c4:d7:a8:63:be:70:a4:bf:29:4b:bc:22:01:78:e3:
         6b:78:99:b1:5c:66:7e:a5:fc:ed:dc:28:7b:3f:48:55:43:11:
         a4:28:a7:bd:1e:34:a0:3f:08:3c:08:2a:af:04:b4:cc:5e:89:
         0d:1a:ec:24:1a:9d:af:26:5c:5b:79:3c:3d:fa:3a:a3:db:d7:
         87:1e:15:9e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZKNsYV2Ya4mALa22LwYZ+15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjFmNmUwMDE1M2E0OTE4NjExYjE0YjZiMDNmNjgxMmVk
ODhhNDMwHhcNMjQxMDE1MDEwMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjhmMDE5YTkzZTdmYWU3OWQ4OGYzMzY0MTQzNmQyNzgzMGNiZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gWnOhUScRi4ehIv+VxksHURDPk4
ssodxPMQD7fr5gbEfoBC9SkjDMDQJmqmylo4QWdvrNnnsNe+TvIezTeZG0FfKR7B
Glhf+b+ik3H1jSSKhSJqb0JXdEMVGFbi12TEHtwfhbO2c2CTfcPb0LzV+xhv2umh
4HEDpa7rgYyMvHYg3xyFdGsjOSktJT5R/GRf4glNGpDG9pBJ4F+X50j7nREU5v05
5Rzxta2z8+1aXJJz5hxXZ7IUiXltF4VJ69RZGHJpcfuBG7FrDeOX/xx+fwSAkuig
IVXQGf6i0RV2j9nW7YRiudMztwBz2+yJCLoDioMTF4pwz2C0LYxIuhIYWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMuPAZqT5/rnnYjzNkFDbSeDDL+6MB8GA1UdIwQY
MBaAFN+x9uABU6SRhhGxS2sD9oEu2IpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEt
ODEwNjI3ZmIyNjcxLzEveTQ4Qm1wUG4tdWVkaVBNMlFVTnRKNE1NdjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEtODEwNjI3ZmIyNjcx
LzEvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAshe9AwQB
uf9gMA0EAgACMAcDBQAqDWJAMA0GCSqGSIb3DQEBCwUAA4IBAQARthEUYlyHi4Lg
fB+2IPWxDXvzZWJBnIFVdyWhX5T3VVaP/vfCJDt9BJ4TrJriGkrg7xuKCkxcy28J
bZJ+y6+TmSGS9OG3JcYVXRfhFi2qbzjNnVOKs3PpHxCw7/VVPjzXcvOHGevBLVkM
b1I2TNsYa5tSoJaVwS0hy8X3ZJy6cY8r96kEteY6BIgBCRt0nw2qV7BVE8qBawk9
GrFUN9EVAtAUaIFsWluGzuFe4TEBbZWQflMrORLE16hjvnCkvylLvCIBeONreJmx
XGZ+pfzt3Ch7P0hVQxGkKKe9HjSgPwg8CCqvBLTMXokNGuwkGp2vJlxbeTw9+jqj
29eHHhWe
-----END CERTIFICATE-----