Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/YeJzi5nn0zxRv-RtC7VBTv4Hb9g.roa
File:                     YeJzi5nn0zxRv-RtC7VBTv4Hb9g.roa (raw, json)
Hash identifier:          eeS/MNHYJC4aCTlwj+wD+Wbc4bJy0djzdmu/G6SukYI=
Subject key identifier:   61:E2:73:8B:99:E7:D3:3C:51:BF:E4:6D:0B:B5:41:4E:FE:07:6F:D8
Certificate issuer:       /CN=19ac1498860e2bb0958173854bd04c869a369017
Certificate serial:       018CC7272E28DA20C93F30F8BA27932FDE29
Authority key identifier: 19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/YeJzi5nn0zxRv-RtC7VBTv4Hb9g.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        37.143.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2e:28:da:20:c9:3f:30:f8:ba:27:93:2f:de:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ac1498860e2bb0958173854bd04c869a369017
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61e2738b99e7d33c51bfe46d0bb5414efe076fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:26:3d:59:63:3f:86:fb:98:1c:f4:30:e3:93:
                    3d:34:34:5c:a7:08:45:82:65:26:8a:a7:2f:2a:bd:
                    43:7b:cb:d8:91:10:cc:43:1d:85:45:0d:b3:d8:78:
                    8c:d7:cc:bc:8b:67:ce:b0:da:45:de:90:21:ef:e1:
                    ec:a4:e1:17:ed:4b:96:8a:33:18:16:43:9e:52:34:
                    e8:3c:78:b9:50:f3:b5:9a:a1:4f:83:d0:79:d2:45:
                    f0:21:ef:cc:53:34:d2:f7:e4:2a:31:a0:52:29:8f:
                    81:ed:2f:81:d9:33:a4:7a:78:69:20:ea:79:eb:0f:
                    5e:50:a6:9b:00:58:23:e8:c9:38:93:27:ca:ae:5b:
                    dd:41:54:37:a5:d0:f2:04:b3:db:80:3c:db:28:9c:
                    14:bf:41:a7:c1:18:4a:d9:78:10:0b:c3:a2:c0:1c:
                    13:56:3b:87:0d:81:76:a5:e1:fb:2c:3d:ec:6a:d9:
                    43:ac:84:0d:86:4e:37:50:53:4e:78:25:35:68:14:
                    bf:f2:b3:6a:f6:57:3c:79:93:2c:51:c8:b7:81:d4:
                    f1:32:e5:c1:b6:f2:bd:0c:f5:74:94:a6:c9:ab:34:
                    0c:ae:cd:1c:74:42:5e:6d:5e:2f:d5:fb:cb:ff:39:
                    45:7d:e4:77:7f:0c:72:ca:ac:14:79:29:ef:59:a2:
                    0e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:E2:73:8B:99:E7:D3:3C:51:BF:E4:6D:0B:B5:41:4E:FE:07:6F:D8
            X509v3 Authority Key Identifier:
                keyid:19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/YeJzi5nn0zxRv-RtC7VBTv4Hb9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:65:f9:d4:72:fe:4a:01:28:78:42:a6:92:c7:1d:81:e0:fa:
         1f:c0:51:e7:c5:65:cf:6a:79:87:5c:d9:99:ce:c3:74:cf:75:
         26:08:e0:db:ea:2d:16:45:22:fc:d1:fd:01:f7:21:ec:02:2d:
         d8:d2:b1:7e:ee:b6:f0:1b:c3:60:1a:93:6a:1f:5b:49:40:3f:
         fb:31:bf:e0:cc:6a:a6:d5:00:48:f8:34:b8:85:f3:2a:dd:2f:
         04:26:89:1a:6e:02:77:e5:c3:29:19:b4:6d:7f:7e:5a:db:3c:
         f5:a7:1d:0f:2a:47:94:a6:9a:f9:2b:bb:65:d0:e5:a0:cc:f6:
         10:8d:b9:c2:00:75:84:ef:22:e6:46:36:45:5a:fc:e9:77:05:
         f4:8c:db:b4:75:db:90:d4:19:56:ea:98:57:78:8d:5e:fd:ad:
         b3:85:44:f7:b6:a6:64:49:58:73:3b:b1:c3:c8:28:26:e0:25:
         74:f8:7b:24:81:97:d0:99:ce:cb:fd:d0:ce:82:58:66:5c:c1:
         0a:fb:45:d1:e4:34:f5:7c:63:e3:a1:0b:61:24:fe:03:d8:d6:
         97:a5:ce:30:56:2a:1f:42:c4:cf:db:e1:d1:d7:22:78:09:89:
         2e:22:28:6f:e9:a6:25:e1:d9:4f:6b:cc:a2:8c:66:e7:56:f8:
         6e:82:4e:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy4o2iDJPzD4uieTL94pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YWMxNDk4ODYwZTJiYjA5NTgxNzM4NTRiZDA0Yzg2OWEz
NjkwMTcwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWUyNzM4Yjk5ZTdkMzNjNTFiZmU0NmQwYmI1NDE0ZWZlMDc2ZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyY9WWM/hvuYHPQw45M9NDRcpwhF
gmUmiqcvKr1De8vYkRDMQx2FRQ2z2HiM18y8i2fOsNpF3pAh7+HspOEX7UuWijMY
FkOeUjToPHi5UPO1mqFPg9B50kXwIe/MUzTS9+QqMaBSKY+B7S+B2TOkenhpIOp5
6w9eUKabAFgj6Mk4kyfKrlvdQVQ3pdDyBLPbgDzbKJwUv0GnwRhK2XgQC8OiwBwT
VjuHDYF2peH7LD3satlDrIQNhk43UFNOeCU1aBS/8rNq9lc8eZMsUci3gdTxMuXB
tvK9DPV0lKbJqzQMrs0cdEJebV4v1fvL/zlFfeR3fwxyyqwUeSnvWaIOowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHic4uZ59M8Ub/kbQu1QU7+B2/YMB8GA1UdIwQY
MBaAFBmsFJiGDiuwlYFzhUvQTIaaNpAXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2F3VW1JWU9LN0NWZ1hPRlM5Qk1ocG8ya0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82OWMzODktMTdjOS00NDYxLWEzOTAt
N2FhMjkwZTg1N2U5LzEvWWVKemk1bm4wenhSdi1SdEM3VkJUdjRIYjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82OWMzODktMTdjOS00NDYxLWEzOTAtN2FhMjkwZTg1N2U5
LzEvR2F3VW1JWU9LN0NWZ1hPRlM5Qk1ocG8ya0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJY+BMA0G
CSqGSIb3DQEBCwUAA4IBAQA/ZfnUcv5KASh4QqaSxx2B4PofwFHnxWXPanmHXNmZ
zsN0z3UmCODb6i0WRSL80f0B9yHsAi3Y0rF+7rbwG8NgGpNqH1tJQD/7Mb/gzGqm
1QBI+DS4hfMq3S8EJokabgJ35cMpGbRtf35a2zz1px0PKkeUppr5K7tl0OWgzPYQ
jbnCAHWE7yLmRjZFWvzpdwX0jNu0dduQ1BlW6phXeI1e/a2zhUT3tqZkSVhzO7HD
yCgm4CV0+HskgZfQmc7L/dDOglhmXMEK+0XR5DT1fGPjoQthJP4D2NaXpc4wViof
QsTP2+HR1yJ4CYkuIihv6aYl4dlPa8yijGbnVvhugk6H
-----END CERTIFICATE-----