Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/yV-H-r5h1RaE-v9tN7THyTRnRUI.roa
File:                     yV-H-r5h1RaE-v9tN7THyTRnRUI.roa (raw, json)
Hash identifier:          HjnTfGzkO4PwUSKkLRD4gkXk6PmEWxsBGsEI2S4vEBI=
Subject key identifier:   C9:5F:87:FA:BE:61:D5:16:84:FA:FF:6D:37:B4:C7:C9:34:67:45:42
Certificate issuer:       /CN=74267f3ecfcc61668e0501bca60ced6dd75d347c
Certificate serial:       018CC9BC55F0BE8B24654A977DFCE0709E0F
Authority key identifier: 74:26:7F:3E:CF:CC:61:66:8E:05:01:BC:A6:0C:ED:6D:D7:5D:34:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dCZ_Ps_MYWaOBQG8pgztbdddNHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/yV-H-r5h1RaE-v9tN7THyTRnRUI.roa
Signing time:             Tue 02 Jan 2024 10:33:32 +0000
ROA not before:           Tue 02 Jan 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        192.44.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/dCZ_Ps_MYWaOBQG8pgztbdddNHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/dCZ_Ps_MYWaOBQG8pgztbdddNHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dCZ_Ps_MYWaOBQG8pgztbdddNHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:55:f0:be:8b:24:65:4a:97:7d:fc:e0:70:9e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74267f3ecfcc61668e0501bca60ced6dd75d347c
        Validity
            Not Before: Jan  2 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c95f87fabe61d51684faff6d37b4c7c934674542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:15:f7:bc:a8:6a:dc:f4:f9:f2:27:3b:a3:b9:
                    a4:8c:7c:df:76:64:e5:35:b1:0b:0b:60:76:7c:74:
                    68:80:63:b3:ce:4e:61:c2:ef:92:0a:03:da:c0:fc:
                    8b:d6:58:9e:b4:e1:ac:9b:90:a6:6a:93:36:54:cb:
                    35:95:2a:5a:49:f6:51:f8:0d:6b:1a:9b:b2:ba:7c:
                    26:e7:68:db:8b:34:48:e2:15:45:0d:8d:30:63:1a:
                    10:90:34:24:3e:34:84:4a:1b:85:6a:3a:41:d8:82:
                    69:43:cd:e8:d7:ca:30:93:4a:e9:d1:48:a5:43:a0:
                    8d:04:12:21:c3:50:81:7f:e4:fa:e5:02:bf:d8:70:
                    27:99:fb:49:4b:f4:9f:69:db:7f:95:90:6e:dc:5b:
                    91:af:1e:68:8c:9f:19:1d:9a:e0:44:1f:1f:94:92:
                    6a:c3:62:ad:b5:97:c9:05:22:5a:27:68:85:08:6f:
                    f8:79:af:46:80:f7:b7:ed:b0:87:35:45:c4:45:65:
                    89:a8:f4:35:c5:9f:bf:0b:d5:12:df:7f:f2:30:8d:
                    32:07:3d:81:e2:0d:7d:e7:3d:66:85:bb:ce:87:4d:
                    74:70:1c:f1:10:e1:e3:49:be:ac:73:94:49:47:89:
                    bf:2f:1e:85:6d:c1:9a:88:e4:55:8e:14:07:da:1a:
                    6b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5F:87:FA:BE:61:D5:16:84:FA:FF:6D:37:B4:C7:C9:34:67:45:42
            X509v3 Authority Key Identifier:
                keyid:74:26:7F:3E:CF:CC:61:66:8E:05:01:BC:A6:0C:ED:6D:D7:5D:34:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dCZ_Ps_MYWaOBQG8pgztbdddNHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/yV-H-r5h1RaE-v9tN7THyTRnRUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/dCZ_Ps_MYWaOBQG8pgztbdddNHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.44.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:18:32:a1:92:96:54:4d:23:1a:ad:1f:3a:f9:6c:d4:e8:53:
         84:21:3f:62:42:4c:48:b4:58:fe:7c:2b:53:32:17:cb:5d:d7:
         e2:88:a8:1b:01:3b:0c:1e:03:94:aa:dd:cb:bd:aa:7a:90:ec:
         b1:54:e6:96:58:a5:81:2e:44:e8:a9:74:20:ba:08:bf:ff:89:
         e2:df:56:40:9f:6b:8a:1a:e3:80:19:91:cd:c9:db:42:a9:3b:
         e7:77:4e:ad:b1:6d:6a:62:d6:cf:c0:6a:00:dd:1c:9a:48:c3:
         3f:ea:7a:69:26:71:28:78:d0:0e:20:8e:b4:0b:b6:6e:8f:96:
         70:e0:48:35:d1:d0:21:08:51:90:f8:d1:32:9c:41:4d:6c:5d:
         27:43:86:fb:81:72:9f:1a:f6:3f:7a:e4:68:f8:4d:8f:54:36:
         04:0b:da:32:67:d9:89:4d:a5:d0:80:a8:60:ca:1a:66:b0:c9:
         e4:6f:4f:ca:cd:1c:51:4c:b8:64:f9:58:fb:c6:7a:8e:26:d4:
         49:c0:58:75:0d:9f:d1:11:0f:0f:c0:e9:92:6f:e0:11:93:1e:
         33:48:65:9e:91:2f:fd:72:8e:2c:bc:16:35:24:3c:82:ec:24:
         fe:c4:cb:92:9b:5a:ca:25:4e:fc:ef:5a:01:a2:98:3d:ea:f8:
         62:53:58:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFXwvoskZUqXffzgcJ4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MjY3ZjNlY2ZjYzYxNjY4ZTA1MDFiY2E2MGNlZDZkZDc1
ZDM0N2MwHhcNMjQwMTAyMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVmODdmYWJlNjFkNTE2ODRmYWZmNmQzN2I0YzdjOTM0Njc0NTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxX3vKhq3PT58ic7o7mkjHzfdmTl
NbELC2B2fHRogGOzzk5hwu+SCgPawPyL1lietOGsm5CmapM2VMs1lSpaSfZR+A1r
Gpuyunwm52jbizRI4hVFDY0wYxoQkDQkPjSEShuFajpB2IJpQ83o18owk0rp0Uil
Q6CNBBIhw1CBf+T65QK/2HAnmftJS/Sfadt/lZBu3FuRrx5ojJ8ZHZrgRB8flJJq
w2KttZfJBSJaJ2iFCG/4ea9GgPe37bCHNUXERWWJqPQ1xZ+/C9US33/yMI0yBz2B
4g195z1mhbvOh010cBzxEOHjSb6sc5RJR4m/Lx6FbcGaiORVjhQH2hprtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlfh/q+YdUWhPr/bTe0x8k0Z0VCMB8GA1UdIwQY
MBaAFHQmfz7PzGFmjgUBvKYM7W3XXTR8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZENaX1BzX01ZV2FPQlFHOHBnenRiZGRkTkh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNiODAtNGU2ZC00NmE1LWIxYjQt
NGUzZjRkNjhmNjgyLzEveVYtSC1yNWgxUmFFLXY5dE43VEh5VFJuUlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNiODAtNGU2ZC00NmE1LWIxYjQtNGUzZjRkNjhmNjgy
LzEvZENaX1BzX01ZV2FPQlFHOHBnenRiZGRkTkh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCxMMA0G
CSqGSIb3DQEBCwUAA4IBAQByGDKhkpZUTSMarR86+WzU6FOEIT9iQkxItFj+fCtT
MhfLXdfiiKgbATsMHgOUqt3Lvap6kOyxVOaWWKWBLkToqXQgugi//4ni31ZAn2uK
GuOAGZHNydtCqTvnd06tsW1qYtbPwGoA3RyaSMM/6nppJnEoeNAOII60C7Zuj5Zw
4Eg10dAhCFGQ+NEynEFNbF0nQ4b7gXKfGvY/euRo+E2PVDYEC9oyZ9mJTaXQgKhg
yhpmsMnkb0/KzRxRTLhk+Vj7xnqOJtRJwFh1DZ/REQ8PwOmSb+ARkx4zSGWekS/9
co4svBY1JDyC7CT+xMuSm1rKJU7871oBopg96vhiU1jn
-----END CERTIFICATE-----