Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/Y7__psEgVJ-5U2CvWaPegschMUo.roa
File:                     Y7__psEgVJ-5U2CvWaPegschMUo.roa (raw, json)
Hash identifier:          SgilgulaxRZWs69BuXZaOR+J493/d2wuoQiMvuh5oGk=
Subject key identifier:   63:BF:FF:A6:C1:20:54:9F:B9:53:60:AF:59:A3:DE:82:C7:21:31:4A
Certificate issuer:       /CN=c0ddd2d4f030fa3638c04be636ef93d289271652
Certificate serial:       0191E5596CED6945732B777E445636497230
Authority key identifier: C0:DD:D2:D4:F0:30:FA:36:38:C0:4B:E6:36:EF:93:D2:89:27:16:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wN3S1PAw-jY4wEvmNu-T0oknFlI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/Y7__psEgVJ-5U2CvWaPegschMUo.roa
Signing time:             Thu 12 Sep 2024 08:28:48 +0000
ROA not before:           Thu 12 Sep 2024 08:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214232
IP address blocks:        193.93.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/wN3S1PAw-jY4wEvmNu-T0oknFlI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/wN3S1PAw-jY4wEvmNu-T0oknFlI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wN3S1PAw-jY4wEvmNu-T0oknFlI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:59:6c:ed:69:45:73:2b:77:7e:44:56:36:49:72:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0ddd2d4f030fa3638c04be636ef93d289271652
        Validity
            Not Before: Sep 12 08:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63bfffa6c120549fb95360af59a3de82c721314a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d8:13:32:2a:df:2f:5a:83:f2:60:32:5a:06:
                    f1:a5:12:ef:f8:de:33:5f:f8:77:4e:5e:78:eb:a3:
                    af:ea:86:e2:e6:74:83:f6:0c:f9:02:03:01:17:b2:
                    a8:30:79:6d:25:bb:3d:8c:3b:c2:30:bc:39:75:6a:
                    e1:df:25:6f:35:97:e2:c1:ad:95:b4:7b:d7:65:7c:
                    6e:35:cb:77:c3:5c:e5:49:85:7c:b6:e3:eb:da:12:
                    28:83:75:57:3a:04:d6:0b:4d:95:54:64:2b:43:4c:
                    ed:52:d3:8d:15:5e:aa:1b:36:75:fd:9e:02:27:a5:
                    0e:52:d9:b3:8b:36:fd:cf:e1:92:60:0c:11:78:65:
                    fd:26:63:de:ab:02:f2:97:f3:3c:87:f5:3b:1a:60:
                    69:ac:b1:c6:ae:eb:a2:c7:a2:d1:43:ec:e1:e8:6e:
                    f3:d3:04:88:76:07:53:67:7a:69:11:76:e3:9a:c5:
                    82:34:70:7b:0c:d4:a3:7b:77:08:5b:94:b1:7c:18:
                    b5:bf:68:2e:0d:2d:6b:37:f7:55:c2:62:dd:3b:92:
                    6c:5c:11:b4:27:bc:9d:cf:e3:a9:55:7e:34:f9:73:
                    b0:75:1f:81:a0:31:66:79:89:f8:f4:df:26:ae:dd:
                    1a:81:5e:e9:4c:77:02:00:f8:41:7b:77:50:9f:af:
                    29:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BF:FF:A6:C1:20:54:9F:B9:53:60:AF:59:A3:DE:82:C7:21:31:4A
            X509v3 Authority Key Identifier:
                keyid:C0:DD:D2:D4:F0:30:FA:36:38:C0:4B:E6:36:EF:93:D2:89:27:16:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wN3S1PAw-jY4wEvmNu-T0oknFlI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/Y7__psEgVJ-5U2CvWaPegschMUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/wN3S1PAw-jY4wEvmNu-T0oknFlI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:7c:6b:5a:31:eb:89:ff:2b:48:f3:0c:79:e1:f0:15:c2:ad:
         91:e6:92:63:91:54:7c:39:b5:8c:b4:ca:40:f8:3d:b3:dc:71:
         33:58:da:d3:cf:68:a8:78:dc:b0:a3:ae:02:65:ca:36:0e:6c:
         42:d2:ff:6e:10:b9:f5:b0:2f:db:f2:4c:a2:7b:eb:2a:a9:02:
         80:46:3d:a7:ae:69:5c:b6:28:04:6a:f7:38:11:f8:d0:80:62:
         bd:49:34:3d:fe:cd:33:e0:22:aa:37:d4:12:10:d3:cd:ee:df:
         f9:59:06:94:7b:7c:21:ea:c3:e4:b5:b2:8a:3e:42:9d:71:47:
         1c:b2:ce:74:b5:1e:3c:29:f4:47:4f:f8:dc:72:8c:82:e6:ba:
         0e:be:ff:01:5a:11:6e:e0:37:46:23:ca:3b:a2:fb:6f:ae:41:
         64:6f:12:c2:75:ec:7b:5f:5e:66:c1:b3:e1:76:3c:13:d3:c5:
         8f:bc:b3:9c:13:3a:a7:3f:a2:ec:89:f3:40:18:3a:1f:96:d7:
         32:5d:3e:55:dd:0e:28:3c:28:3b:24:03:9d:35:d6:4b:15:f2:
         33:06:60:02:f5:48:3f:a8:f6:48:7b:dc:3d:0b:2d:d6:ca:db:
         e0:83:ad:5b:8c:b4:c5:29:4e:b6:f5:e8:71:84:3f:21:f0:d9:
         c6:f4:86:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHlWWztaUVzK3d+RFY2SXIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZGRkMmQ0ZjAzMGZhMzYzOGMwNGJlNjM2ZWY5M2QyODky
NzE2NTIwHhcNMjQwOTEyMDgyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JmZmZhNmMxMjA1NDlmYjk1MzYwYWY1OWEzZGU4MmM3MjEzMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntgTMirfL1qD8mAyWgbxpRLv+N4z
X/h3Tl5466Ov6obi5nSD9gz5AgMBF7KoMHltJbs9jDvCMLw5dWrh3yVvNZfiwa2V
tHvXZXxuNct3w1zlSYV8tuPr2hIog3VXOgTWC02VVGQrQ0ztUtONFV6qGzZ1/Z4C
J6UOUtmzizb9z+GSYAwReGX9JmPeqwLyl/M8h/U7GmBprLHGruuix6LRQ+zh6G7z
0wSIdgdTZ3ppEXbjmsWCNHB7DNSje3cIW5SxfBi1v2guDS1rN/dVwmLdO5JsXBG0
J7ydz+OpVX40+XOwdR+BoDFmeYn49N8mrt0agV7pTHcCAPhBe3dQn68p/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO//6bBIFSfuVNgr1mj3oLHITFKMB8GA1UdIwQY
MBaAFMDd0tTwMPo2OMBL5jbvk9KJJxZSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd04zUzFQQXctalk0d0V2bU51LVQwb2tuRmxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84NjgwMmUtM2Y0My00YmNhLTljYzIt
NGZiNDA0ODVmZjdiLzEvWTdfX3BzRWdWSi01VTJDdldhUGVnc2NoTVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84NjgwMmUtM2Y0My00YmNhLTljYzItNGZiNDA0ODVmZjdi
LzEvd04zUzFQQXctalk0d0V2bU51LVQwb2tuRmxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwV0oMA0G
CSqGSIb3DQEBCwUAA4IBAQCNfGtaMeuJ/ytI8wx54fAVwq2R5pJjkVR8ObWMtMpA
+D2z3HEzWNrTz2ioeNywo64CZco2DmxC0v9uELn1sC/b8kyie+sqqQKARj2nrmlc
tigEavc4EfjQgGK9STQ9/s0z4CKqN9QSENPN7t/5WQaUe3wh6sPktbKKPkKdcUcc
ss50tR48KfRHT/jccoyC5roOvv8BWhFu4DdGI8o7ovtvrkFkbxLCdex7X15mwbPh
djwT08WPvLOcEzqnP6LsifNAGDofltcyXT5V3Q4oPCg7JAOdNdZLFfIzBmAC9Ug/
qPZIe9w9Cy3Wytvgg61bjLTFKU629ehxhD8h8NnG9IYB
-----END CERTIFICATE-----