Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/c47b46-ccdc-4b5e-862e-bddff197c29d/1/Y4tSRVyScqX9DQYxjb_3vAqB2eI.roa
File:                     Y4tSRVyScqX9DQYxjb_3vAqB2eI.roa (raw, json)
Hash identifier:          Bxm4VqLQY2X8NZaDed7Tq7KMW2LjfQP0AFsk0Fn62J0=
Subject key identifier:   63:8B:52:45:5C:92:72:A5:FD:0D:06:31:8D:BF:F7:BC:0A:81:D9:E2
Certificate issuer:       /CN=96b8acfa17af93bedbefc6feb4688f98604b8aae
Certificate serial:       018CC9BCCE1482079896005D4F30255D06CE
Authority key identifier: 96:B8:AC:FA:17:AF:93:BE:DB:EF:C6:FE:B4:68:8F:98:60:4B:8A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lris-hevk77b78b-tGiPmGBLiq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/c47b46-ccdc-4b5e-862e-bddff197c29d/1/Y4tSRVyScqX9DQYxjb_3vAqB2eI.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21217
IP address blocks:        194.88.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/c47b46-ccdc-4b5e-862e-bddff197c29d/1/lris-hevk77b78b-tGiPmGBLiq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/c47b46-ccdc-4b5e-862e-bddff197c29d/1/lris-hevk77b78b-tGiPmGBLiq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lris-hevk77b78b-tGiPmGBLiq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ce:14:82:07:98:96:00:5d:4f:30:25:5d:06:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96b8acfa17af93bedbefc6feb4688f98604b8aae
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=638b52455c9272a5fd0d06318dbff7bc0a81d9e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:90:59:61:c2:60:06:6e:9e:b4:87:ee:12:65:
                    9a:69:36:fd:d0:ab:40:28:b6:c1:b2:ba:05:19:f4:
                    3f:13:1a:1e:7e:36:ac:e2:c9:b9:26:58:76:56:51:
                    09:1e:5a:5a:3e:1b:07:3b:34:b5:66:27:45:2d:ff:
                    7e:45:75:c1:11:7b:99:59:fc:97:f5:93:de:f6:d7:
                    ba:0c:fb:76:90:0f:01:38:7b:bd:88:55:77:7f:72:
                    d8:f2:ff:df:fb:50:4d:eb:77:ee:e1:cc:d7:0b:b9:
                    03:ae:09:6b:55:ab:95:9c:39:d8:1d:fd:9d:ac:06:
                    b8:27:fc:c0:32:2c:17:1e:97:57:70:95:0c:7d:af:
                    75:ee:7e:c4:6c:56:97:4a:3f:8b:02:aa:e0:c4:ac:
                    46:6d:f5:a4:84:df:fc:10:fb:74:c3:68:66:1c:27:
                    01:e0:4b:4f:ef:2b:34:08:24:75:f4:cc:45:45:27:
                    e4:ce:d1:34:05:cd:ab:7d:5b:86:6c:c1:e5:6b:ef:
                    2e:6d:46:7e:2f:5d:c3:51:69:b0:42:11:ac:9b:be:
                    c5:c7:0c:8f:ce:70:db:0c:8a:44:94:74:12:59:8e:
                    5e:7f:d1:1b:28:95:9c:83:b4:1f:ed:47:7e:0c:48:
                    95:01:0d:e6:77:b5:ed:f9:b5:34:4e:57:ec:28:b8:
                    7e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:8B:52:45:5C:92:72:A5:FD:0D:06:31:8D:BF:F7:BC:0A:81:D9:E2
            X509v3 Authority Key Identifier:
                keyid:96:B8:AC:FA:17:AF:93:BE:DB:EF:C6:FE:B4:68:8F:98:60:4B:8A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lris-hevk77b78b-tGiPmGBLiq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/c47b46-ccdc-4b5e-862e-bddff197c29d/1/Y4tSRVyScqX9DQYxjb_3vAqB2eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/c47b46-ccdc-4b5e-862e-bddff197c29d/1/lris-hevk77b78b-tGiPmGBLiq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:42:72:0c:3e:7c:c7:e6:e9:93:48:05:d1:38:33:1d:e8:c9:
         71:dd:40:d4:e8:59:2b:ad:74:f8:e4:17:b0:d2:41:c0:bf:37:
         c1:4b:f4:df:a8:aa:f5:44:cc:9b:6f:72:e4:f6:08:53:6e:05:
         22:b6:d2:55:d3:88:64:7d:0c:12:b9:a0:18:78:89:a7:f3:9b:
         6c:1b:81:92:b4:84:9e:6d:c2:9d:77:d7:8c:44:3f:12:50:77:
         3f:f8:07:55:c5:f1:0e:6c:eb:d1:84:b6:43:55:88:5f:69:9c:
         48:d6:59:29:e0:09:17:f8:07:b4:14:37:cf:0b:f1:b7:1d:c2:
         fe:bf:86:b8:64:c3:4d:36:a0:79:b6:71:d3:13:17:73:6c:3a:
         d9:ac:ec:7e:9c:ff:89:44:e4:81:24:30:8c:ba:59:2e:0e:1d:
         cb:57:e2:b0:05:4f:1f:15:da:af:5f:18:5a:83:b0:fe:6c:f5:
         37:b7:aa:74:c1:37:3b:3d:f2:90:0f:7b:d8:df:4d:70:69:11:
         c8:35:ce:5a:18:62:ea:a5:10:f0:0b:b0:9a:36:25:be:bf:d9:
         67:d3:22:83:14:9c:84:9d:27:3d:97:58:f8:3c:37:06:01:82:
         2a:3f:03:55:cf:21:bd:a9:b2:c3:b4:aa:92:c7:89:4f:34:00:
         0d:09:2b:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvM4UggeYlgBdTzAlXQbOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YjhhY2ZhMTdhZjkzYmVkYmVmYzZmZWI0Njg4Zjk4NjA0
YjhhYWUwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzhiNTI0NTVjOTI3MmE1ZmQwZDA2MzE4ZGJmZjdiYzBhODFkOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZBZYcJgBm6etIfuEmWaaTb90KtA
KLbBsroFGfQ/Exoefjas4sm5Jlh2VlEJHlpaPhsHOzS1ZidFLf9+RXXBEXuZWfyX
9ZPe9te6DPt2kA8BOHu9iFV3f3LY8v/f+1BN63fu4czXC7kDrglrVauVnDnYHf2d
rAa4J/zAMiwXHpdXcJUMfa917n7EbFaXSj+LAqrgxKxGbfWkhN/8EPt0w2hmHCcB
4EtP7ys0CCR19MxFRSfkztE0Bc2rfVuGbMHla+8ubUZ+L13DUWmwQhGsm77FxwyP
znDbDIpElHQSWY5ef9EbKJWcg7Qf7Ud+DEiVAQ3md7Xt+bU0TlfsKLh+oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOLUkVcknKl/Q0GMY2/97wKgdniMB8GA1UdIwQY
MBaAFJa4rPoXr5O+2+/G/rRoj5hgS4quMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJpcy1oZXZrNzdiNzhiLXRHaVBtR0JMaXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9jNDdiNDYtY2NkYy00YjVlLTg2MmUt
YmRkZmYxOTdjMjlkLzEvWTR0U1JWeVNjcVg5RFFZeGpiXzN2QXFCMmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9jNDdiNDYtY2NkYy00YjVlLTg2MmUtYmRkZmYxOTdjMjlk
LzEvbHJpcy1oZXZrNzdiNzhiLXRHaVBtR0JMaXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlgJMA0G
CSqGSIb3DQEBCwUAA4IBAQAUQnIMPnzH5umTSAXRODMd6Mlx3UDU6FkrrXT45Bew
0kHAvzfBS/TfqKr1RMybb3Lk9ghTbgUittJV04hkfQwSuaAYeImn85tsG4GStISe
bcKdd9eMRD8SUHc/+AdVxfEObOvRhLZDVYhfaZxI1lkp4AkX+Ae0FDfPC/G3HcL+
v4a4ZMNNNqB5tnHTExdzbDrZrOx+nP+JROSBJDCMulkuDh3LV+KwBU8fFdqvXxha
g7D+bPU3t6p0wTc7PfKQD3vY301waRHINc5aGGLqpRDwC7CaNiW+v9ln0yKDFJyE
nSc9l1j4PDcGAYIqPwNVzyG9qbLDtKqSx4lPNAANCStR
-----END CERTIFICATE-----