Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/yagyGjWa_7j66y4Fuc_r0mqgoI8.roa
File:                     yagyGjWa_7j66y4Fuc_r0mqgoI8.roa (raw, json)
Hash identifier:          uFUzDDzPDHsRATEZYpYad6a2xTCc/3MD6iGbW0PQsyA=
Subject key identifier:   C9:A8:32:1A:35:9A:FF:B8:FA:EB:2E:05:B9:CF:EB:D2:6A:A0:A0:8F
Certificate issuer:       /CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
Certificate serial:       018CCA2993CB25EAA350DE7A42F1509A325A
Authority key identifier: BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/yagyGjWa_7j66y4Fuc_r0mqgoI8.roa
Signing time:             Tue 02 Jan 2024 12:32:51 +0000
ROA not before:           Tue 02 Jan 2024 12:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        193.176.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:93:cb:25:ea:a3:50:de:7a:42:f1:50:9a:32:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
        Validity
            Not Before: Jan  2 12:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a8321a359affb8faeb2e05b9cfebd26aa0a08f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:34:04:92:bb:5c:07:af:47:2a:5d:22:cb:1a:
                    68:e6:5a:a0:38:3d:7f:10:c2:31:a7:b6:03:c1:44:
                    a4:f2:1a:58:4e:26:89:6e:d1:fe:62:59:60:b7:a9:
                    23:6b:ea:07:d8:15:6f:ab:80:5e:31:63:33:33:91:
                    99:fc:7b:cf:89:cd:d9:2e:72:2d:17:65:06:66:79:
                    0d:5c:0d:7c:55:59:ea:ae:82:d6:9c:73:48:d7:dc:
                    63:d3:50:a6:7a:45:60:e6:6f:07:51:d1:b4:75:3d:
                    e6:ed:46:ca:ff:24:d4:e0:82:85:42:9a:58:f6:f7:
                    1a:cc:51:2a:12:26:9d:97:6e:15:20:f0:dd:85:ca:
                    81:dc:a2:3b:20:83:52:04:9c:d2:ba:d0:4c:23:7b:
                    b7:61:c9:bd:01:30:ab:74:b6:63:80:d7:bc:b5:c1:
                    31:84:16:c5:0b:c3:a5:82:d2:3f:74:17:ce:7e:fe:
                    d8:7f:65:e8:b5:3b:46:04:6f:99:07:9e:6e:df:df:
                    a3:39:51:49:a6:67:73:60:00:a4:da:8f:4d:ae:6e:
                    63:36:d8:e9:eb:6e:87:01:54:f0:dc:11:3b:ef:83:
                    d8:a8:87:5f:30:a4:58:2b:3b:46:8e:48:ea:e3:0d:
                    48:12:90:fb:f4:fe:9d:3f:61:4f:91:79:11:fe:66:
                    fd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A8:32:1A:35:9A:FF:B8:FA:EB:2E:05:B9:CF:EB:D2:6A:A0:A0:8F
            X509v3 Authority Key Identifier:
                keyid:BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/yagyGjWa_7j66y4Fuc_r0mqgoI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:8b:6c:2b:47:76:3f:af:f5:db:9d:7e:27:d6:b9:94:87:15:
         7d:f6:08:6e:3d:dc:63:aa:95:e1:0d:76:db:0c:89:8c:48:27:
         62:65:36:06:cc:3b:fd:cb:97:ee:d6:3b:aa:33:a2:57:01:1f:
         ab:0e:b0:2e:f4:fd:05:25:ac:eb:58:20:46:84:6d:0c:07:47:
         d3:ee:23:cb:65:14:b9:95:39:b4:3b:b2:de:ed:ae:e8:8f:6f:
         bb:08:67:1b:05:0f:73:dc:2c:6d:24:a2:d5:7f:77:09:37:f3:
         cc:0f:0c:73:77:3f:29:0f:02:0a:68:2c:08:ff:37:d6:f5:33:
         e7:b3:fc:c7:ca:5b:2c:05:87:f8:34:80:d9:39:f5:da:07:69:
         02:30:dc:d2:98:80:5a:44:d8:df:ac:b8:c0:b8:b3:60:06:56:
         1c:fa:3d:4f:dc:97:b8:e6:95:1e:2e:45:5e:f2:a1:ba:5d:70:
         3e:65:91:22:d6:42:68:09:22:39:2a:3d:6b:df:ce:ed:07:8c:
         0e:9f:3a:b6:3f:6b:f5:04:10:bf:c4:76:a8:2e:ee:ee:1c:fe:
         f2:b2:d2:e3:92:7f:31:fe:ed:7f:35:6e:c4:74:a3:37:2e:20:
         eb:13:dc:59:15:2f:88:38:b6:cb:6c:a2:af:7c:7e:4d:9e:7a:
         8c:34:c4:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKZPLJeqjUN56QvFQmjJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjRlMWZkYjQyNGE5MTIwMjIzYjNhNzVjNmNjYzMxYjZm
NjIyNGEwHhcNMjQwMTAyMTIzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWE4MzIxYTM1OWFmZmI4ZmFlYjJlMDViOWNmZWJkMjZhYTBhMDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTQEkrtcB69HKl0iyxpo5lqgOD1/
EMIxp7YDwUSk8hpYTiaJbtH+Yllgt6kja+oH2BVvq4BeMWMzM5GZ/HvPic3ZLnIt
F2UGZnkNXA18VVnqroLWnHNI19xj01CmekVg5m8HUdG0dT3m7UbK/yTU4IKFQppY
9vcazFEqEiadl24VIPDdhcqB3KI7IINSBJzSutBMI3u3Ycm9ATCrdLZjgNe8tcEx
hBbFC8OlgtI/dBfOfv7Yf2XotTtGBG+ZB55u39+jOVFJpmdzYACk2o9Nrm5jNtjp
626HAVTw3BE774PYqIdfMKRYKztGjkjq4w1IEpD79P6dP2FPkXkR/mb9FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmoMho1mv+4+usuBbnP69JqoKCPMB8GA1UdIwQY
MBaAFLv04f20JKkSAiOzp1xszDG29iJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgt
YmE1MTMyM2RiNGU1LzEveWFneUdqV2FfN2o2Nnk0RnVjX3IwbXFnb0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgtYmE1MTMyM2RiNGU1
LzEvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbABMA0G
CSqGSIb3DQEBCwUAA4IBAQAmi2wrR3Y/r/XbnX4n1rmUhxV99ghuPdxjqpXhDXbb
DImMSCdiZTYGzDv9y5fu1juqM6JXAR+rDrAu9P0FJazrWCBGhG0MB0fT7iPLZRS5
lTm0O7Le7a7oj2+7CGcbBQ9z3CxtJKLVf3cJN/PMDwxzdz8pDwIKaCwI/zfW9TPn
s/zHylssBYf4NIDZOfXaB2kCMNzSmIBaRNjfrLjAuLNgBlYc+j1P3Je45pUeLkVe
8qG6XXA+ZZEi1kJoCSI5Kj1r387tB4wOnzq2P2v1BBC/xHaoLu7uHP7ystLjkn8x
/u1/NW7EdKM3LiDrE9xZFS+IOLbLbKKvfH5NnnqMNMQy
-----END CERTIFICATE-----