Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/YCjIRSrHIhLzNutr9lneKYYqeXo.roa
File:                     YCjIRSrHIhLzNutr9lneKYYqeXo.roa (raw, json)
Hash identifier:          Io2pX8hDNU1+lDfxhmuFpuKGxnZ8YuSQzEy8DUmFDOc=
Subject key identifier:   60:28:C8:45:2A:C7:22:12:F3:36:EB:6B:F6:59:DE:29:86:2A:79:7A
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F3401077FE79CDF3F48ADAF54C4D
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/YCjIRSrHIhLzNutr9lneKYYqeXo.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1647
IP address blocks:        188.172.229.0/24 maxlen: 24
                          2a00:11c0:3a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f3:40:10:77:fe:79:cd:f3:f4:8a:da:f5:4c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6028c8452ac72212f336eb6bf659de29862a797a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:44:ce:a7:4b:22:31:87:d0:4d:6d:f6:a1:9e:
                    90:72:d2:b3:f2:fb:3d:58:ae:91:5e:5e:87:56:52:
                    58:b2:c1:c8:46:92:2c:10:5a:05:91:e4:9c:9c:b6:
                    40:9f:55:72:35:9b:e3:4b:24:f2:bb:94:0c:e5:24:
                    83:3f:4d:16:93:3d:49:c7:5e:52:e3:db:c6:8c:b6:
                    dd:69:c8:db:d1:80:bc:d2:b3:15:01:82:22:f5:aa:
                    d3:ee:26:82:14:55:20:6a:f4:2c:bb:6a:a9:bc:13:
                    da:20:c1:08:94:3b:c7:65:cb:54:3f:72:7a:af:10:
                    56:24:47:15:d6:3f:35:67:80:0b:bb:83:cc:c5:39:
                    09:1a:c2:08:01:85:b1:a8:2a:1e:2d:00:99:6d:5a:
                    19:d0:47:44:0a:12:13:d6:47:82:21:7e:0b:a3:ff:
                    be:5c:93:94:46:2c:38:5a:82:ec:fb:8c:d2:0c:63:
                    b2:72:4e:33:3f:a1:1a:77:67:b3:f6:48:db:e5:4b:
                    32:e4:00:3f:ef:88:f2:59:e7:2f:b9:4e:4f:99:66:
                    92:36:28:6e:92:6c:82:be:b9:de:e2:c9:94:b0:ba:
                    fc:6f:38:56:2f:35:20:83:f2:bf:d8:ec:84:b7:9b:
                    ef:86:07:51:d9:df:3e:5f:90:2a:19:c3:c8:5f:47:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:28:C8:45:2A:C7:22:12:F3:36:EB:6B:F6:59:DE:29:86:2A:79:7A
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/YCjIRSrHIhLzNutr9lneKYYqeXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.172.229.0/24
                IPv6:
                  2a00:11c0:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:4c:0b:2d:72:95:27:4e:ac:f0:20:6f:7f:06:ee:b2:9b:a2:
         95:81:c8:75:a8:82:3b:5b:49:c3:d0:52:3a:13:6f:8f:1a:5d:
         fe:50:e5:e0:1b:73:c0:0f:41:63:fc:61:84:92:5f:8d:71:d1:
         32:e5:3e:bd:cb:65:5e:60:34:7d:16:99:8a:e9:b1:00:da:13:
         8a:09:69:a3:02:d3:e6:ed:90:5d:88:8c:d7:70:82:ff:f0:f2:
         d2:e7:aa:aa:ae:c4:8d:dc:71:55:6d:ea:e2:de:cc:1d:24:62:
         14:89:f3:7b:2a:86:c2:a9:80:aa:54:6d:b5:e8:22:b8:ea:a4:
         0b:69:4c:1e:ec:2b:25:33:38:70:d7:cf:ea:c1:59:45:cb:15:
         50:6b:9e:52:7f:ae:73:4a:81:3d:8f:c7:58:a2:38:8b:b7:28:
         0a:ef:a9:85:0d:8f:ae:3e:27:97:a0:c5:68:57:b1:8f:a8:c4:
         dc:82:e9:cf:0a:d1:94:5d:34:b5:5d:c8:ae:bd:22:a1:21:00:
         c9:23:e8:a9:90:c2:3e:86:18:4d:55:51:c5:66:28:78:c9:fa:
         e2:ad:79:11:f2:48:36:d0:c4:7b:6e:c4:5e:69:3b:4e:9b:ff:
         a9:db:17:03:30:da:58:96:c7:6e:8b:b6:ce:b2:f0:f5:30:c2:
         c0:5d:68:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSPNAEHf+ec3z9Ira9UxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDI4Yzg0NTJhYzcyMjEyZjMzNmViNmJmNjU5ZGUyOTg2MmE3OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUTOp0siMYfQTW32oZ6QctKz8vs9
WK6RXl6HVlJYssHIRpIsEFoFkeScnLZAn1VyNZvjSyTyu5QM5SSDP00Wkz1Jx15S
49vGjLbdacjb0YC80rMVAYIi9arT7iaCFFUgavQsu2qpvBPaIMEIlDvHZctUP3J6
rxBWJEcV1j81Z4ALu4PMxTkJGsIIAYWxqCoeLQCZbVoZ0EdEChIT1keCIX4Lo/++
XJOURiw4WoLs+4zSDGOyck4zP6Ead2ez9kjb5Usy5AA/74jyWecvuU5PmWaSNihu
kmyCvrne4smUsLr8bzhWLzUgg/K/2OyEt5vvhgdR2d8+X5AqGcPIX0cSTQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGAoyEUqxyIS8zbra/ZZ3imGKnl6MB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvWUNqSVJTckhJaEx6TnV0cjlsbmVLWVlxZVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAvKzlMA8E
AgACMAkDBwAqABHAADowDQYJKoZIhvcNAQELBQADggEBAI5MCy1ylSdOrPAgb38G
7rKbopWByHWogjtbScPQUjoTb48aXf5Q5eAbc8APQWP8YYSSX41x0TLlPr3LZV5g
NH0WmYrpsQDaE4oJaaMC0+btkF2IjNdwgv/w8tLnqqquxI3ccVVt6uLezB0kYhSJ
83sqhsKpgKpUbbXoIrjqpAtpTB7sKyUzOHDXz+rBWUXLFVBrnlJ/rnNKgT2Px1ii
OIu3KArvqYUNj64+J5egxWhXsY+oxNyC6c8K0ZRdNLVdyK69IqEhAMkj6KmQwj6G
GE1VUcVmKHjJ+uKteRHySDbQxHtuxF5pO06b/6nbFwMw2liWx26Lts6y8PUwwsBd
aDs=
-----END CERTIFICATE-----