Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/YMOeGTxELBYX3EPDnuVLiLt1msI.roa
File:                     YMOeGTxELBYX3EPDnuVLiLt1msI.roa (raw, json)
Hash identifier:          bJ0DQ1crKau5wEwAZDpCPJm9kZXDaSID6cKFGJn6vr8=
Subject key identifier:   60:C3:9E:19:3C:44:2C:16:17:DC:43:C3:9E:E5:4B:88:BB:75:9A:C2
Certificate issuer:       /CN=bafd79b6dd85290fef6169a44e426107d274651a
Certificate serial:       018EC3295EC3D9C9413C5B5EDC7DB5553F05
Authority key identifier: BA:FD:79:B6:DD:85:29:0F:EF:61:69:A4:4E:42:61:07:D2:74:65:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/YMOeGTxELBYX3EPDnuVLiLt1msI.roa
Signing time:             Tue 09 Apr 2024 14:00:52 +0000
ROA not before:           Tue 09 Apr 2024 14:00:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202302
IP address blocks:        176.117.76.0/24 maxlen: 24
                          176.117.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:29:5e:c3:d9:c9:41:3c:5b:5e:dc:7d:b5:55:3f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bafd79b6dd85290fef6169a44e426107d274651a
        Validity
            Not Before: Apr  9 14:00:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60c39e193c442c1617dc43c39ee54b88bb759ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:64:87:52:d1:99:68:18:b4:8c:7e:91:6d:3c:
                    a9:51:86:ca:9d:f2:a0:06:d2:c9:86:f2:14:3e:21:
                    cd:ee:01:2d:bd:3f:92:11:4f:0b:51:5d:84:a2:ff:
                    d7:dd:54:a9:74:e8:16:ca:74:d2:fa:6a:85:e6:f3:
                    63:96:e7:b4:2f:86:c3:b8:ae:53:e1:ac:1a:8a:07:
                    41:22:ca:8d:ee:8b:ba:6b:66:d9:79:0e:8b:32:a2:
                    47:4a:08:aa:4a:3c:0b:0b:3b:33:36:20:8c:b3:eb:
                    96:22:32:39:16:60:fa:49:b6:13:13:4b:3a:4e:2d:
                    c6:1b:27:86:21:40:18:5b:b6:f1:d0:90:e8:37:29:
                    96:04:ec:25:7b:d2:7c:d3:06:ad:ce:87:f6:20:b1:
                    31:42:8b:cc:27:d7:00:6a:bb:c8:27:25:b8:40:1a:
                    47:6f:97:bb:40:4e:1b:23:10:ec:d4:86:1a:27:64:
                    04:d9:e5:d2:b6:40:34:4a:3a:b9:20:3b:ed:e6:48:
                    d6:56:c6:89:81:73:fb:94:53:2b:b1:9b:6b:92:71:
                    db:79:4d:d5:33:72:d9:f8:0b:8a:43:9d:39:41:a3:
                    81:19:c0:ec:09:53:c6:a0:7f:fb:b4:ea:e9:22:86:
                    3b:ca:61:4a:e5:38:97:a0:7b:f9:47:6d:50:2e:83:
                    7f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C3:9E:19:3C:44:2C:16:17:DC:43:C3:9E:E5:4B:88:BB:75:9A:C2
            X509v3 Authority Key Identifier:
                keyid:BA:FD:79:B6:DD:85:29:0F:EF:61:69:A4:4E:42:61:07:D2:74:65:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/YMOeGTxELBYX3EPDnuVLiLt1msI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:dd:6b:97:56:58:f4:e6:d4:24:81:36:72:49:7a:51:69:1f:
         b6:c1:de:c3:cf:16:ab:ea:84:f1:36:5d:bc:81:fa:2d:ea:b2:
         04:4f:65:d6:85:3b:59:a8:40:64:71:72:86:aa:2e:db:7d:42:
         9b:56:96:6a:c4:ca:f2:12:cc:57:0c:8b:e5:85:7f:3a:3d:c7:
         a3:12:2f:3d:31:5f:e2:66:35:c1:bb:de:19:fc:29:b7:7a:ed:
         a9:1d:0e:b1:4c:53:a6:b6:3e:6d:04:cf:5f:6e:8e:b2:b6:2d:
         6c:8f:41:00:01:d8:01:c7:e8:95:51:5d:83:88:f9:e7:c5:47:
         63:87:42:b6:33:bb:04:a3:27:47:d8:57:6f:83:b0:2a:9f:cb:
         55:43:3a:ec:8a:92:1c:b4:7e:42:45:a3:a6:e2:1b:b0:b2:a6:
         21:7d:ff:bb:4a:6f:5f:33:81:6e:a0:1f:be:5a:d7:58:81:f6:
         8e:95:cb:ab:62:18:ed:45:48:ac:f6:a6:f5:4b:aa:75:0e:dd:
         82:fe:ae:5d:d7:5d:9f:0a:ae:83:a3:81:17:78:a1:9d:04:63:
         f0:20:d4:e6:18:ed:9f:f3:7a:9f:3a:54:58:24:ad:a9:a0:86:
         6f:74:3f:db:b4:86:e1:c9:20:d4:a3:ce:f2:81:f1:84:0e:c9:
         bf:60:ed:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7DKV7D2clBPFte3H21VT8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZmQ3OWI2ZGQ4NTI5MGZlZjYxNjlhNDRlNDI2MTA3ZDI3
NDY1MWEwHhcNMjQwNDA5MTQwMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGMzOWUxOTNjNDQyYzE2MTdkYzQzYzM5ZWU1NGI4OGJiNzU5YWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2SHUtGZaBi0jH6RbTypUYbKnfKg
BtLJhvIUPiHN7gEtvT+SEU8LUV2Eov/X3VSpdOgWynTS+mqF5vNjlue0L4bDuK5T
4awaigdBIsqN7ou6a2bZeQ6LMqJHSgiqSjwLCzszNiCMs+uWIjI5FmD6SbYTE0s6
Ti3GGyeGIUAYW7bx0JDoNymWBOwle9J80watzof2ILExQovMJ9cAarvIJyW4QBpH
b5e7QE4bIxDs1IYaJ2QE2eXStkA0Sjq5IDvt5kjWVsaJgXP7lFMrsZtrknHbeU3V
M3LZ+AuKQ505QaOBGcDsCVPGoH/7tOrpIoY7ymFK5TiXoHv5R21QLoN/UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDDnhk8RCwWF9xDw57lS4i7dZrCMB8GA1UdIwQY
MBaAFLr9ebbdhSkP72FppE5CYQfSdGUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXYxNXR0MkZLUV92WVdta1RrSmhCOUowWlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8xNjlhMjEtZjNjMS00M2I5LWFkZTUt
ODY5NmE5NjA0NGYyLzEvWU1PZUdUeEVMQllYM0VQRG51VkxpTHQxbXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8xNjlhMjEtZjNjMS00M2I5LWFkZTUtODY5NmE5NjA0NGYy
LzEvdXYxNXR0MkZLUV92WVdta1RrSmhCOUowWlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHVMMA0G
CSqGSIb3DQEBCwUAA4IBAQCX3WuXVlj05tQkgTZySXpRaR+2wd7Dzxar6oTxNl28
gfot6rIET2XWhTtZqEBkcXKGqi7bfUKbVpZqxMryEsxXDIvlhX86PcejEi89MV/i
ZjXBu94Z/Cm3eu2pHQ6xTFOmtj5tBM9fbo6yti1sj0EAAdgBx+iVUV2DiPnnxUdj
h0K2M7sEoydH2Fdvg7Aqn8tVQzrsipIctH5CRaOm4huwsqYhff+7Sm9fM4FuoB++
WtdYgfaOlcurYhjtRUis9qb1S6p1Dt2C/q5d112fCq6Do4EXeKGdBGPwINTmGO2f
83qfOlRYJK2poIZvdD/btIbhySDUo87ygfGEDsm/YO1X
-----END CERTIFICATE-----