Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/7e500d-5552-4b82-a3bd-aa0071b7bf84/1/YhRzSYyb-uF-PYPWbOQ6DSfXjjs.roa
File:                     YhRzSYyb-uF-PYPWbOQ6DSfXjjs.roa (raw, json)
Hash identifier:          Zq7J8qLnXXHih/GQVt4F+Gs0lFMd/XrEJAT7dW3pNzg=
Subject key identifier:   62:14:73:49:8C:9B:FA:E1:7E:3D:83:D6:6C:E4:3A:0D:27:D7:8E:3B
Certificate issuer:       /CN=339cbb1e439a3a71eb8796692f622bf838f8488c
Certificate serial:       018CC2DAF3A52F52BF8D97971C2AF7478D0A
Authority key identifier: 33:9C:BB:1E:43:9A:3A:71:EB:87:96:69:2F:62:2B:F8:38:F8:48:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M5y7HkOaOnHrh5ZpL2Ir-Dj4SIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/7e500d-5552-4b82-a3bd-aa0071b7bf84/1/YhRzSYyb-uF-PYPWbOQ6DSfXjjs.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204534
IP address blocks:        193.151.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/7e500d-5552-4b82-a3bd-aa0071b7bf84/1/M5y7HkOaOnHrh5ZpL2Ir-Dj4SIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/7e500d-5552-4b82-a3bd-aa0071b7bf84/1/M5y7HkOaOnHrh5ZpL2Ir-Dj4SIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M5y7HkOaOnHrh5ZpL2Ir-Dj4SIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f3:a5:2f:52:bf:8d:97:97:1c:2a:f7:47:8d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=339cbb1e439a3a71eb8796692f622bf838f8488c
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=621473498c9bfae17e3d83d66ce43a0d27d78e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cb:a3:d1:90:6c:53:a2:d5:6b:b9:fd:b9:2f:
                    8b:a6:79:49:d6:27:86:ed:d2:62:77:a9:39:a9:6b:
                    c9:50:fc:dc:16:cc:e8:ac:60:76:5f:79:7c:e0:92:
                    6c:66:10:e1:72:52:20:46:1e:5a:e0:a0:7b:94:41:
                    9f:c2:bf:0b:71:22:c1:bd:f1:74:85:0b:40:9d:f7:
                    8b:f4:74:e0:7a:aa:a8:11:0e:6a:f2:78:90:b7:20:
                    56:ad:58:3e:a3:94:ff:e0:6e:a8:44:c8:bd:e7:89:
                    94:ba:29:c7:2c:01:0f:1a:fc:6a:0d:7c:67:10:e9:
                    af:1a:ad:bc:f0:a7:1b:25:6e:e3:6a:0f:78:a8:4e:
                    03:61:f4:41:76:c1:98:6f:2c:be:da:bc:0f:6d:80:
                    50:9c:e5:12:d7:05:6e:0c:e1:4d:6b:b6:a7:a6:3b:
                    be:a1:b5:6c:e5:7f:f0:22:22:87:70:0d:8d:46:86:
                    51:46:d2:b0:99:0a:7c:33:a0:bd:16:53:c1:26:42:
                    ed:0a:eb:ef:59:65:a3:bc:d3:ed:78:6e:c6:7e:f1:
                    e6:fb:b4:50:4c:c5:60:42:fd:ac:d8:6b:3a:0a:63:
                    c7:a2:be:77:e7:b9:24:20:a8:46:d8:28:29:14:45:
                    77:3a:1d:54:04:c3:79:09:82:25:e2:00:24:48:6a:
                    1b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:14:73:49:8C:9B:FA:E1:7E:3D:83:D6:6C:E4:3A:0D:27:D7:8E:3B
            X509v3 Authority Key Identifier:
                keyid:33:9C:BB:1E:43:9A:3A:71:EB:87:96:69:2F:62:2B:F8:38:F8:48:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M5y7HkOaOnHrh5ZpL2Ir-Dj4SIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/7e500d-5552-4b82-a3bd-aa0071b7bf84/1/YhRzSYyb-uF-PYPWbOQ6DSfXjjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/7e500d-5552-4b82-a3bd-aa0071b7bf84/1/M5y7HkOaOnHrh5ZpL2Ir-Dj4SIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:ef:45:c6:1d:9b:bb:22:a7:fe:6e:67:84:e7:a3:8a:2b:b6:
         65:75:76:bb:ab:cd:ca:83:04:40:85:cb:82:86:58:c8:85:98:
         b3:59:62:73:58:35:bd:4b:b0:c7:e2:c5:40:1b:90:44:04:f4:
         b5:86:87:94:4d:f6:32:78:70:79:dc:45:ca:cf:bc:88:a7:7c:
         10:e1:5b:d6:da:c1:66:16:51:6b:eb:45:b3:45:9a:73:43:a0:
         97:34:7a:cf:46:3e:30:f4:70:36:0f:cd:77:36:ec:36:18:44:
         da:08:9d:7e:8f:ec:16:86:04:ae:69:bd:74:fd:e1:15:8d:8e:
         bb:90:81:d3:fd:a2:1a:5b:05:e8:11:d9:2b:fc:6f:e5:4c:ef:
         ca:9e:1d:34:b1:67:18:1d:36:b4:27:c7:f9:24:16:c2:35:d7:
         c1:3f:ac:4c:c4:41:c8:a2:5a:68:22:cc:df:f6:46:31:21:f8:
         4e:8a:d7:41:0c:2f:c0:63:af:32:53:bb:58:81:53:32:0d:14:
         94:dd:c2:42:11:ab:81:6f:c8:d1:51:64:93:41:c0:e6:4a:74:
         f1:0c:9d:11:91:95:d3:8f:b4:2d:b7:78:5d:0b:37:b3:cf:37:
         be:50:87:1a:89:bc:0a:2d:58:d7:78:72:e6:7f:38:fe:62:02:
         13:c8:47:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vOlL1K/jZeXHCr3R40KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOWNiYjFlNDM5YTNhNzFlYjg3OTY2OTJmNjIyYmY4Mzhm
ODQ4OGMwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjE0NzM0OThjOWJmYWUxN2UzZDgzZDY2Y2U0M2EwZDI3ZDc4ZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsuj0ZBsU6LVa7n9uS+LpnlJ1ieG
7dJid6k5qWvJUPzcFszorGB2X3l84JJsZhDhclIgRh5a4KB7lEGfwr8LcSLBvfF0
hQtAnfeL9HTgeqqoEQ5q8niQtyBWrVg+o5T/4G6oRMi954mUuinHLAEPGvxqDXxn
EOmvGq288KcbJW7jag94qE4DYfRBdsGYbyy+2rwPbYBQnOUS1wVuDOFNa7anpju+
obVs5X/wIiKHcA2NRoZRRtKwmQp8M6C9FlPBJkLtCuvvWWWjvNPteG7GfvHm+7RQ
TMVgQv2s2Gs6CmPHor5357kkIKhG2CgpFEV3Oh1UBMN5CYIl4gAkSGobNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIUc0mMm/rhfj2D1mzkOg0n1447MB8GA1UdIwQY
MBaAFDOcux5Dmjpx64eWaS9iK/g4+EiMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTV5N0hrT2FPbkhyaDVacEwySXItRGo0U0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS83ZTUwMGQtNTU1Mi00YjgyLWEzYmQt
YWEwMDcxYjdiZjg0LzEvWWhSelNZeWItdUYtUFlQV2JPUTZEU2ZYampzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS83ZTUwMGQtNTU1Mi00YjgyLWEzYmQtYWEwMDcxYjdiZjg0
LzEvTTV5N0hrT2FPbkhyaDVacEwySXItRGo0U0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZcnMA0G
CSqGSIb3DQEBCwUAA4IBAQCT70XGHZu7Iqf+bmeE56OKK7ZldXa7q83KgwRAhcuC
hljIhZizWWJzWDW9S7DH4sVAG5BEBPS1hoeUTfYyeHB53EXKz7yIp3wQ4VvW2sFm
FlFr60WzRZpzQ6CXNHrPRj4w9HA2D813Nuw2GETaCJ1+j+wWhgSuab10/eEVjY67
kIHT/aIaWwXoEdkr/G/lTO/Knh00sWcYHTa0J8f5JBbCNdfBP6xMxEHIolpoIszf
9kYxIfhOitdBDC/AY68yU7tYgVMyDRSU3cJCEauBb8jRUWSTQcDmSnTxDJ0RkZXT
j7Qtt3hdCzezzze+UIcaibwKLVjXeHLmfzj+YgITyEeU
-----END CERTIFICATE-----