Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/40fe20-6ceb-45d6-aa11-ce59b0c54eea/1/ykjsNlVorr8f0AA6JQhr53I2nvs.roa
File:                     ykjsNlVorr8f0AA6JQhr53I2nvs.roa (raw, json)
Hash identifier:          RrpGZnLEiynY5+1iY50wS0LMgJ/owv0HMMZSXTfMet0=
Subject key identifier:   CA:48:EC:36:55:68:AE:BF:1F:D0:00:3A:25:08:6B:E7:72:36:9E:FB
Certificate issuer:       /CN=136c4831597fe16e9ee2882d7b5a0df8a76e4f7f
Certificate serial:       018CC56EDC7C9318BF42CB73EE2EF047D79B
Authority key identifier: 13:6C:48:31:59:7F:E1:6E:9E:E2:88:2D:7B:5A:0D:F8:A7:6E:4F:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E2xIMVl_4W6e4ogte1oN-KduT38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/40fe20-6ceb-45d6-aa11-ce59b0c54eea/1/ykjsNlVorr8f0AA6JQhr53I2nvs.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50270
IP address blocks:        109.233.0.0/21 maxlen: 24
                          2a02:2368::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/40fe20-6ceb-45d6-aa11-ce59b0c54eea/1/E2xIMVl_4W6e4ogte1oN-KduT38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/40fe20-6ceb-45d6-aa11-ce59b0c54eea/1/E2xIMVl_4W6e4ogte1oN-KduT38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E2xIMVl_4W6e4ogte1oN-KduT38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:dc:7c:93:18:bf:42:cb:73:ee:2e:f0:47:d7:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=136c4831597fe16e9ee2882d7b5a0df8a76e4f7f
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca48ec365568aebf1fd0003a25086be772369efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:44:ca:a7:72:b5:dd:36:89:7a:6b:7a:40:76:
                    d8:99:92:83:80:f3:77:b1:29:7e:10:13:a0:39:40:
                    4f:53:b3:37:44:b2:99:13:fe:1a:a2:08:b7:e6:f2:
                    6d:e9:94:be:6d:c1:64:10:17:6d:a4:f6:b5:73:8a:
                    1c:8c:f0:88:57:03:e6:49:ce:ac:85:62:59:9b:f3:
                    b1:68:31:84:84:08:ec:96:28:29:8d:63:4e:86:db:
                    d2:fb:bc:53:0b:36:22:d8:e4:b3:06:1a:da:32:e5:
                    b5:61:f8:96:a3:51:f5:ca:fd:a4:e5:73:81:1d:4a:
                    c7:4e:72:e6:34:31:6f:5f:5a:64:cc:25:de:10:e9:
                    9a:eb:a2:50:93:5b:b8:a9:3b:d3:36:92:98:7d:d0:
                    03:c2:d8:25:ec:cb:c9:92:47:2a:e6:d0:f1:7f:8d:
                    30:97:cb:6a:cf:2f:22:ad:18:96:12:8c:63:7f:81:
                    0a:5f:b7:04:da:e0:7a:b7:17:29:ac:e0:56:1d:03:
                    da:d5:75:d7:e3:ef:c6:f1:47:e5:bc:57:e9:fe:6b:
                    b4:b2:9a:ee:b8:32:8c:d3:d4:c5:9b:4a:06:9a:89:
                    2f:07:3c:0d:5d:73:d1:a5:4b:ba:11:3d:ab:d3:ec:
                    1e:91:0a:bf:d7:c8:83:db:e9:e6:93:de:a4:4c:ae:
                    d9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:48:EC:36:55:68:AE:BF:1F:D0:00:3A:25:08:6B:E7:72:36:9E:FB
            X509v3 Authority Key Identifier:
                keyid:13:6C:48:31:59:7F:E1:6E:9E:E2:88:2D:7B:5A:0D:F8:A7:6E:4F:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E2xIMVl_4W6e4ogte1oN-KduT38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/40fe20-6ceb-45d6-aa11-ce59b0c54eea/1/ykjsNlVorr8f0AA6JQhr53I2nvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/40fe20-6ceb-45d6-aa11-ce59b0c54eea/1/E2xIMVl_4W6e4ogte1oN-KduT38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.0.0/21
                IPv6:
                  2a02:2368::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:9e:55:77:ba:5c:af:99:60:b2:28:35:1e:4c:1a:d1:c8:56:
         41:e3:e2:1e:56:25:f3:cf:69:03:03:5b:13:0f:de:6d:a8:1e:
         62:b0:67:c7:ca:e2:3d:93:2a:ce:07:3c:b9:53:c0:51:71:27:
         64:97:6b:d0:4e:04:82:99:e8:9a:97:dd:6a:f5:a3:a6:3e:17:
         71:db:5e:83:87:16:ba:26:51:65:5d:88:34:3f:95:8d:a7:3e:
         8a:eb:77:a6:41:06:22:8b:ff:1f:d4:aa:d1:9f:33:34:0f:6a:
         d2:16:61:45:5d:ae:13:1b:6f:69:ff:0c:da:fa:8f:2b:38:f5:
         d5:84:41:6c:6f:62:ad:70:45:67:ce:37:64:a6:05:21:f7:46:
         08:16:c7:96:66:6a:f6:fa:ed:b1:4e:55:1e:76:86:7f:05:40:
         19:25:50:98:87:5a:ef:7e:f8:3e:65:3a:97:d8:e5:7a:b5:a1:
         c9:a0:c1:3e:9f:48:6a:65:48:08:62:a1:0e:9c:06:6a:b2:a2:
         d5:c0:87:71:2a:e3:96:80:c8:85:b9:46:85:47:3c:bd:46:dd:
         67:a0:43:d0:0d:87:ea:15:ae:dd:7a:f5:a8:d9:1f:de:1b:72:
         29:b2:e6:86:88:33:e0:1d:cf:77:25:e7:f5:a8:dd:6b:54:bd:
         09:54:bd:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtx8kxi/Qstz7i7wR9ebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNmM0ODMxNTk3ZmUxNmU5ZWUyODgyZDdiNWEwZGY4YTc2
ZTRmN2YwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ4ZWMzNjU1NjhhZWJmMWZkMDAwM2EyNTA4NmJlNzcyMzY5ZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskTKp3K13TaJemt6QHbYmZKDgPN3
sSl+EBOgOUBPU7M3RLKZE/4aogi35vJt6ZS+bcFkEBdtpPa1c4ocjPCIVwPmSc6s
hWJZm/OxaDGEhAjsligpjWNOhtvS+7xTCzYi2OSzBhraMuW1YfiWo1H1yv2k5XOB
HUrHTnLmNDFvX1pkzCXeEOma66JQk1u4qTvTNpKYfdADwtgl7MvJkkcq5tDxf40w
l8tqzy8irRiWEoxjf4EKX7cE2uB6txcprOBWHQPa1XXX4+/G8UflvFfp/mu0spru
uDKM09TFm0oGmokvBzwNXXPRpUu6ET2r0+wekQq/18iD2+nmk96kTK7ZQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMpI7DZVaK6/H9AAOiUIa+dyNp77MB8GA1UdIwQY
MBaAFBNsSDFZf+FunuKILXtaDfinbk9/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTJ4SU1WbF80VzZlNG9ndGUxb04tS2R1VDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80MGZlMjAtNmNlYi00NWQ2LWFhMTEt
Y2U1OWIwYzU0ZWVhLzEveWtqc05sVm9ycjhmMEFBNkpRaHI1M0kybnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80MGZlMjAtNmNlYi00NWQ2LWFhMTEtY2U1OWIwYzU0ZWVh
LzEvRTJ4SU1WbF80VzZlNG9ndGUxb04tS2R1VDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbekAMA0E
AgACMAcDBQAqAiNoMA0GCSqGSIb3DQEBCwUAA4IBAQAonlV3ulyvmWCyKDUeTBrR
yFZB4+IeViXzz2kDA1sTD95tqB5isGfHyuI9kyrOBzy5U8BRcSdkl2vQTgSCmeia
l91q9aOmPhdx216Dhxa6JlFlXYg0P5WNpz6K63emQQYii/8f1KrRnzM0D2rSFmFF
Xa4TG29p/wza+o8rOPXVhEFsb2KtcEVnzjdkpgUh90YIFseWZmr2+u2xTlUedoZ/
BUAZJVCYh1rvfvg+ZTqX2OV6taHJoME+n0hqZUgIYqEOnAZqsqLVwIdxKuOWgMiF
uUaFRzy9Rt1noEPQDYfqFa7devWo2R/eG3IpsuaGiDPgHc93Jef1qN1rVL0JVL3U
-----END CERTIFICATE-----