Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/yX5XyDfwrMipISeXGBrRBs1zFHI.roa
File:                     yX5XyDfwrMipISeXGBrRBs1zFHI.roa (raw, json)
Hash identifier:          xDJv8YAIlZ29xBo6GingMJ1YxTOZ24uIskZ6h1b6LPQ=
Subject key identifier:   C9:7E:57:C8:37:F0:AC:C8:A9:21:27:97:18:1A:D1:06:CD:73:14:72
Certificate issuer:       /CN=ffd3c1742fc05a80a2dc6bb0ebe1030a9bbc8c94
Certificate serial:       018CC9BC7A5472C2E72CB0B808F57822E702
Authority key identifier: FF:D3:C1:74:2F:C0:5A:80:A2:DC:6B:B0:EB:E1:03:0A:9B:BC:8C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/yX5XyDfwrMipISeXGBrRBs1zFHI.roa
Signing time:             Tue 02 Jan 2024 10:33:41 +0000
ROA not before:           Tue 02 Jan 2024 10:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        193.36.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7a:54:72:c2:e7:2c:b0:b8:08:f5:78:22:e7:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffd3c1742fc05a80a2dc6bb0ebe1030a9bbc8c94
        Validity
            Not Before: Jan  2 10:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c97e57c837f0acc8a9212797181ad106cd731472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:78:70:19:29:cc:80:bd:55:1d:f2:ca:9d:d4:
                    fb:3e:c8:68:fb:a7:a4:f4:14:5e:50:1e:a1:85:06:
                    44:76:97:69:72:09:c3:a8:98:69:ea:4c:1e:d7:f2:
                    92:c8:c1:cb:76:8f:95:d4:41:16:e1:17:ab:81:21:
                    16:d9:7f:35:28:0b:ea:c5:c2:5c:7a:3f:ff:b2:54:
                    ef:9b:6a:1c:26:ec:64:90:dd:10:2d:b4:be:62:8f:
                    c9:e4:b7:d9:47:41:ce:75:45:4f:e4:03:f6:2f:54:
                    8a:d4:4b:7a:a4:56:95:64:b2:3b:30:55:c2:ee:6b:
                    c8:2a:56:b2:6d:00:44:f4:84:55:dd:3e:30:a5:d9:
                    6f:c6:3d:97:1b:dc:e5:3e:b6:17:91:f6:09:e2:36:
                    90:48:3f:87:04:fe:6d:6a:76:cd:95:29:ac:bb:9d:
                    2e:db:b9:ed:82:3f:71:2b:99:99:0c:53:17:a1:d7:
                    40:d5:29:39:d3:b1:f3:de:b6:f7:0f:6b:69:fc:69:
                    65:2a:5b:ba:f7:fd:29:b0:ca:f2:dc:25:6d:de:8c:
                    96:29:a1:1c:9a:79:8f:27:27:34:c7:66:84:6c:a6:
                    07:8b:45:ae:db:19:bb:7d:9b:e9:7c:3d:8d:8b:5e:
                    14:de:c6:21:6b:60:95:9f:20:56:de:6f:c9:92:b6:
                    6f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:7E:57:C8:37:F0:AC:C8:A9:21:27:97:18:1A:D1:06:CD:73:14:72
            X509v3 Authority Key Identifier:
                keyid:FF:D3:C1:74:2F:C0:5A:80:A2:DC:6B:B0:EB:E1:03:0A:9B:BC:8C:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/yX5XyDfwrMipISeXGBrRBs1zFHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:15:06:e7:6f:19:64:34:89:04:f9:de:9e:fa:f8:64:11:fb:
         b6:30:d6:36:0b:1f:2d:57:0b:3f:3d:8e:41:ed:f2:52:52:ee:
         8e:75:97:13:31:d0:11:38:a0:ef:ef:b0:c5:81:c1:f3:82:8c:
         5f:03:98:d7:e3:9a:b6:8e:94:da:72:eb:95:f9:dc:4f:95:39:
         38:5b:e6:a3:21:92:ef:4e:5c:fa:af:7a:a1:e1:ad:28:fc:e0:
         a5:3d:59:d6:1a:61:9d:3d:e6:4b:81:de:7c:93:d1:77:1b:56:
         93:0c:71:11:25:c3:19:f5:2b:85:53:7c:44:9e:bc:fc:ae:a7:
         41:39:59:9c:6b:23:90:a7:64:33:e4:eb:fd:81:06:c4:b2:b6:
         e5:17:8d:8b:77:6b:56:f8:02:ce:64:4d:ab:8c:1d:a6:dc:41:
         c7:c7:72:76:1a:17:12:8a:30:ed:6b:7d:01:c0:d2:4d:c1:26:
         3c:cc:30:43:07:6a:da:1a:e4:60:9b:cf:db:e9:a9:9a:f9:11:
         49:29:ee:ec:c9:da:61:4b:5d:18:24:72:c1:fa:ad:6a:bd:5a:
         fa:cd:4e:b9:b7:45:14:10:e7:e4:82:5f:74:b4:03:fd:0c:a8:
         6b:b8:c1:f8:d2:33:f9:09:8d:08:cd:1b:35:56:7f:df:ca:1d:
         7b:5b:af:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHpUcsLnLLC4CPV4IucCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZDNjMTc0MmZjMDVhODBhMmRjNmJiMGViZTEwMzBhOWJi
YzhjOTQwHhcNMjQwMTAyMTAzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTdlNTdjODM3ZjBhY2M4YTkyMTI3OTcxODFhZDEwNmNkNzMxNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHhwGSnMgL1VHfLKndT7Psho+6ek
9BReUB6hhQZEdpdpcgnDqJhp6kwe1/KSyMHLdo+V1EEW4RergSEW2X81KAvqxcJc
ej//slTvm2ocJuxkkN0QLbS+Yo/J5LfZR0HOdUVP5AP2L1SK1Et6pFaVZLI7MFXC
7mvIKlaybQBE9IRV3T4wpdlvxj2XG9zlPrYXkfYJ4jaQSD+HBP5tanbNlSmsu50u
27ntgj9xK5mZDFMXoddA1Sk507Hz3rb3D2tp/GllKlu69/0psMry3CVt3oyWKaEc
mnmPJyc0x2aEbKYHi0Wu2xm7fZvpfD2Ni14U3sYha2CVnyBW3m/JkrZveQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl+V8g38KzIqSEnlxga0QbNcxRyMB8GA1UdIwQY
MBaAFP/TwXQvwFqAotxrsOvhAwqbvIyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzlQQmRDX0FXb0NpM0d1dzYtRURDcHU4akpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9jMzNkZjktZWRkNS00NjNiLWIwNTIt
MGYwYmM0MDFlMWUxLzEveVg1WHlEZndyTWlwSVNlWEdCclJCczF6RkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9jMzNkZjktZWRkNS00NjNiLWIwNTItMGYwYmM0MDFlMWUx
LzEvXzlQQmRDX0FXb0NpM0d1dzYtRURDcHU4akpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSSxMA0G
CSqGSIb3DQEBCwUAA4IBAQBpFQbnbxlkNIkE+d6e+vhkEfu2MNY2Cx8tVws/PY5B
7fJSUu6OdZcTMdAROKDv77DFgcHzgoxfA5jX45q2jpTacuuV+dxPlTk4W+ajIZLv
Tlz6r3qh4a0o/OClPVnWGmGdPeZLgd58k9F3G1aTDHERJcMZ9SuFU3xEnrz8rqdB
OVmcayOQp2Qz5Ov9gQbEsrblF42Ld2tW+ALOZE2rjB2m3EHHx3J2GhcSijDta30B
wNJNwSY8zDBDB2raGuRgm8/b6ama+RFJKe7sydphS10YJHLB+q1qvVr6zU65t0UU
EOfkgl90tAP9DKhruMH40jP5CY0IzRs1Vn/fyh17W6/b
-----END CERTIFICATE-----