Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/yGlAAnzR0Ac36gBYhusymH0yYHs.roa
File:                     yGlAAnzR0Ac36gBYhusymH0yYHs.roa (raw, json)
Hash identifier:          SoMlDV4tNfDmsrOuZ9ODT8s9pKdQ7Kvs7fSidZk4kBI=
Subject key identifier:   C8:69:40:02:7C:D1:D0:07:37:EA:00:58:86:EB:32:98:7D:32:60:7B
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       018CC26D348DD2B7F55829047E32BFAF6E01
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/yGlAAnzR0Ac36gBYhusymH0yYHs.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39263
IP address blocks:        217.150.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:34:8d:d2:b7:f5:58:29:04:7e:32:bf:af:6e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c86940027cd1d00737ea005886eb32987d32607b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ba:35:a6:14:88:09:62:22:9f:aa:bd:e1:90:
                    29:fb:10:dc:53:30:99:ef:07:1b:89:c7:7a:ca:b6:
                    1e:35:b2:b7:45:21:29:9d:d8:c4:cd:fa:00:13:23:
                    7d:b1:5a:66:c7:52:43:52:bb:99:fc:0f:b9:7c:79:
                    81:9b:1d:ae:85:54:ba:4b:13:68:8a:81:a0:41:cb:
                    a8:c9:8a:57:1e:9d:06:d0:fe:a6:78:7b:83:20:3f:
                    e6:6c:42:f0:56:88:57:11:60:03:02:5e:c5:d9:18:
                    15:c5:f6:a7:6a:dc:4f:b2:ca:1f:f2:4d:dc:4a:b6:
                    c3:60:e6:fe:a2:b2:a5:3c:db:87:97:2a:ee:a4:8d:
                    72:ea:51:aa:9b:48:b6:44:5d:16:2f:6d:7d:70:a1:
                    cd:5d:28:31:fd:b7:78:21:b9:e2:39:10:3f:2a:01:
                    e1:2e:a0:56:6e:e4:8c:1b:87:6b:71:ce:b8:ca:27:
                    88:89:aa:38:6a:08:9e:d8:85:b7:a5:91:cf:de:ff:
                    57:7c:a6:f7:78:f8:dd:ba:72:18:31:ac:97:1b:4d:
                    dd:67:f1:c4:61:54:9f:fb:ce:38:c3:44:08:62:6f:
                    ab:2b:2c:74:0a:76:b3:48:7a:65:0e:11:dc:86:09:
                    d8:94:64:c3:39:b6:2d:59:e8:fb:9e:22:ed:39:94:
                    e9:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:69:40:02:7C:D1:D0:07:37:EA:00:58:86:EB:32:98:7D:32:60:7B
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/yGlAAnzR0Ac36gBYhusymH0yYHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.150.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:de:4b:8e:eb:fa:64:d4:fd:48:6e:3a:e6:47:b5:71:00:0d:
         dc:dd:76:3a:73:ac:d6:52:91:68:ce:58:85:be:0f:72:99:6a:
         c0:0c:ff:c5:2a:c8:01:ce:3c:01:c0:ae:f5:0b:5e:97:fe:26:
         df:66:2d:4f:9a:87:67:07:c5:b3:19:21:c7:40:53:84:09:3c:
         ee:2f:b7:f8:28:77:98:85:66:77:d1:bc:ad:eb:8e:09:af:a0:
         62:a5:38:33:cf:3c:7a:2c:c9:ef:51:f1:d4:02:dc:b4:83:58:
         45:6d:e5:16:39:fa:5a:84:79:1a:f9:20:f9:de:e0:6a:ea:15:
         22:47:e5:97:22:c6:3f:57:ea:93:86:61:06:94:88:d6:e9:4d:
         bc:bb:1a:10:0f:4d:ec:a6:22:49:b8:26:94:7d:3c:72:6f:d0:
         76:9a:c4:4f:75:46:19:bf:f0:d0:ff:b8:01:9b:14:d8:0e:4c:
         c2:fa:dd:d7:9d:d7:0a:31:64:31:46:82:4b:63:d8:b2:63:71:
         27:e2:c5:85:16:9a:2a:3a:16:13:2b:65:9b:b5:a7:31:a2:9e:
         d6:7d:f5:29:c1:a2:2c:4f:b2:96:90:e3:f3:76:16:69:63:07:
         8d:ed:f2:a5:b6:92:8e:79:7e:86:d7:04:19:b0:3b:2c:db:92:
         b9:0e:4d:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTSN0rf1WCkEfjK/r24BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODY5NDAwMjdjZDFkMDA3MzdlYTAwNTg4NmViMzI5ODdkMzI2MDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmro1phSICWIin6q94ZAp+xDcUzCZ
7wcbicd6yrYeNbK3RSEpndjEzfoAEyN9sVpmx1JDUruZ/A+5fHmBmx2uhVS6SxNo
ioGgQcuoyYpXHp0G0P6meHuDID/mbELwVohXEWADAl7F2RgVxfanatxPssof8k3c
SrbDYOb+orKlPNuHlyrupI1y6lGqm0i2RF0WL219cKHNXSgx/bd4IbniORA/KgHh
LqBWbuSMG4drcc64yieIiao4agie2IW3pZHP3v9XfKb3ePjdunIYMayXG03dZ/HE
YVSf+844w0QIYm+rKyx0CnazSHplDhHchgnYlGTDObYtWej7niLtOZTptQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhpQAJ80dAHN+oAWIbrMph9MmB7MB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEveUdsQUFuelIwQWMzNmdCWWh1c3ltSDB5WUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZbRMA0G
CSqGSIb3DQEBCwUAA4IBAQAX3kuO6/pk1P1IbjrmR7VxAA3c3XY6c6zWUpFozliF
vg9ymWrADP/FKsgBzjwBwK71C16X/ibfZi1PmodnB8WzGSHHQFOECTzuL7f4KHeY
hWZ30byt644Jr6BipTgzzzx6LMnvUfHUAty0g1hFbeUWOfpahHka+SD53uBq6hUi
R+WXIsY/V+qThmEGlIjW6U28uxoQD03spiJJuCaUfTxyb9B2msRPdUYZv/DQ/7gB
mxTYDkzC+t3XndcKMWQxRoJLY9iyY3En4sWFFpoqOhYTK2Wbtacxop7WffUpwaIs
T7KWkOPzdhZpYweN7fKltpKOeX6G1wQZsDss25K5Dk3h
-----END CERTIFICATE-----