Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/ylRs-1QtkEZ2C6ZW4VCXk_xDabQ.roa
File:                     ylRs-1QtkEZ2C6ZW4VCXk_xDabQ.roa (raw, json)
Hash identifier:          EAu7PIzYcnDO0ubimfljtvbzeg6vMF5GvYl4y5N5NPo=
Subject key identifier:   CA:54:6C:FB:54:2D:90:46:76:0B:A6:56:E1:50:97:93:FC:43:69:B4
Certificate issuer:       /CN=1da81713853c9b18d410d4ff3099ab668e69b3f5
Certificate serial:       018CC4936615E5BB1FE9A2BD918D0A56938B
Authority key identifier: 1D:A8:17:13:85:3C:9B:18:D4:10:D4:FF:30:99:AB:66:8E:69:B3:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/ylRs-1QtkEZ2C6ZW4VCXk_xDabQ.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.131.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:66:15:e5:bb:1f:e9:a2:bd:91:8d:0a:56:93:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1da81713853c9b18d410d4ff3099ab668e69b3f5
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca546cfb542d9046760ba656e1509793fc4369b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b3:4d:96:9f:2c:a8:c0:e3:fb:e4:27:31:96:
                    8b:81:f8:3f:9d:bb:59:ad:81:35:11:e6:25:c3:c5:
                    e2:e9:8f:07:41:4c:ce:d8:26:7e:3f:c5:a1:e6:f7:
                    81:ec:ed:66:90:10:0f:c1:47:59:33:e6:2b:a9:3b:
                    85:26:83:61:f6:3d:63:4a:ef:c9:5e:47:e0:df:50:
                    9c:7f:f5:3d:9f:38:4d:8e:6b:74:56:a5:b4:9f:ce:
                    a4:fc:97:d7:8a:7c:c5:fb:21:3b:2f:c4:f9:d6:3e:
                    32:84:89:7d:c1:78:47:64:c7:5c:5b:ab:84:01:ca:
                    dd:ac:bb:f2:2c:56:70:6e:26:b0:c8:60:72:14:d5:
                    a1:06:88:05:33:c0:16:f6:ed:d7:87:06:b0:72:6f:
                    06:90:1c:24:ec:2e:62:33:67:0d:70:8a:14:24:93:
                    f2:57:8b:9f:10:74:70:58:80:c8:9e:ec:dd:a8:eb:
                    42:08:08:da:b2:4a:cf:0c:6e:2d:20:f9:5f:4b:53:
                    80:a4:35:67:9c:16:0f:a0:fd:ef:ba:2b:f3:75:58:
                    ce:68:e9:eb:0c:43:d6:5e:78:ab:10:a2:c5:ff:a8:
                    00:07:77:2f:10:d1:b8:c5:00:e2:c1:6c:99:4d:b8:
                    00:f7:c7:bb:d8:41:3f:61:da:6f:b9:3c:b2:00:58:
                    9f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:54:6C:FB:54:2D:90:46:76:0B:A6:56:E1:50:97:93:FC:43:69:B4
            X509v3 Authority Key Identifier:
                keyid:1D:A8:17:13:85:3C:9B:18:D4:10:D4:FF:30:99:AB:66:8E:69:B3:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/ylRs-1QtkEZ2C6ZW4VCXk_xDabQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.131.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:47:db:50:74:c5:e0:2c:63:e9:1d:35:8c:72:1e:9a:e5:eb:
         45:b7:c2:fa:6c:a4:fc:b2:25:f5:cd:4c:11:74:92:b3:46:f1:
         a2:45:8b:d7:66:30:e1:e4:7d:93:50:7a:b7:35:9f:6b:b6:23:
         59:10:87:10:f4:6e:30:e5:2d:84:cc:ca:1f:41:0c:a0:61:e8:
         26:28:0f:53:68:4b:5e:3a:cd:b7:b5:ce:cf:e6:df:08:d9:0c:
         8e:4c:27:54:3c:06:70:11:33:aa:f8:37:de:f4:2d:37:14:32:
         97:00:a6:9d:e6:e3:d8:43:55:42:9a:25:a9:f9:79:8b:12:e1:
         3e:94:bb:ea:8e:7e:12:c9:60:70:e1:b3:d7:73:8a:30:20:c5:
         2f:e3:bf:e0:87:d2:95:12:6b:82:a3:ea:84:58:60:ea:f8:9d:
         33:c2:a1:f0:a2:e5:55:4f:02:ce:59:0b:50:3a:29:01:a2:28:
         7f:77:f4:01:b2:cb:9b:2c:8b:dd:70:68:f7:c3:dd:9b:5e:ef:
         ce:72:4c:61:a4:59:49:13:d8:84:ba:99:53:5c:57:b3:5f:83:
         3c:10:93:64:4f:3a:6a:98:70:19:bb:68:4a:51:8f:7a:90:e9:
         66:9f:2f:ec:c8:49:d8:3f:5d:a9:5d:1a:83:a5:53:da:75:ea:
         f0:05:47:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2YV5bsf6aK9kY0KVpOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYTgxNzEzODUzYzliMThkNDEwZDRmZjMwOTlhYjY2OGU2
OWIzZjUwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTU0NmNmYjU0MmQ5MDQ2NzYwYmE2NTZlMTUwOTc5M2ZjNDM2OWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrNNlp8sqMDj++QnMZaLgfg/nbtZ
rYE1EeYlw8Xi6Y8HQUzO2CZ+P8Wh5veB7O1mkBAPwUdZM+YrqTuFJoNh9j1jSu/J
Xkfg31Ccf/U9nzhNjmt0VqW0n86k/JfXinzF+yE7L8T51j4yhIl9wXhHZMdcW6uE
AcrdrLvyLFZwbiawyGByFNWhBogFM8AW9u3Xhwawcm8GkBwk7C5iM2cNcIoUJJPy
V4ufEHRwWIDInuzdqOtCCAjaskrPDG4tIPlfS1OApDVnnBYPoP3vuivzdVjOaOnr
DEPWXnirEKLF/6gAB3cvENG4xQDiwWyZTbgA98e72EE/YdpvuTyyAFifLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpUbPtULZBGdgumVuFQl5P8Q2m0MB8GA1UdIwQY
MBaAFB2oFxOFPJsY1BDU/zCZq2aOabP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFnWEU0VThteGpVRU5UX01KbXJabzVwc19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9kMjlmZTctOGMyMi00YWFhLWI4ZDYt
NjYwZjM5ZjY0MzE2LzEveWxScy0xUXRrRVoyQzZaVzRWQ1hrX3hEYWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9kMjlmZTctOGMyMi00YWFhLWI4ZDYtNjYwZjM5ZjY0MzE2
LzEvSGFnWEU0VThteGpVRU5UX01KbXJabzVwc19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwYNyMA0G
CSqGSIb3DQEBCwUAA4IBAQA1R9tQdMXgLGPpHTWMch6a5etFt8L6bKT8siX1zUwR
dJKzRvGiRYvXZjDh5H2TUHq3NZ9rtiNZEIcQ9G4w5S2EzMofQQygYegmKA9TaEte
Os23tc7P5t8I2QyOTCdUPAZwETOq+Dfe9C03FDKXAKad5uPYQ1VCmiWp+XmLEuE+
lLvqjn4SyWBw4bPXc4owIMUv47/gh9KVEmuCo+qEWGDq+J0zwqHwouVVTwLOWQtQ
OikBoih/d/QBssubLIvdcGj3w92bXu/OckxhpFlJE9iEuplTXFezX4M8EJNkTzpq
mHAZu2hKUY96kOlmny/syEnYP12pXRqDpVPaderwBUeU
-----END CERTIFICATE-----