Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/83647a-44e5-4049-b879-9337f374168e/1/Yw0ll8I6I9zMZzGOXMeUOX2aiPE.roa
File:                     Yw0ll8I6I9zMZzGOXMeUOX2aiPE.roa (raw, json)
Hash identifier:          Gn67wigJsAUcqmoeRnrRNwqGpwW6Jf5DwpIXx3z4nas=
Subject key identifier:   63:0D:25:97:C2:3A:23:DC:CC:67:31:8E:5C:C7:94:39:7D:9A:88:F1
Certificate issuer:       /CN=3f96703f30e2099a3d9006bfa84e5c6c486a8d2e
Certificate serial:       018CC3B738A8E320B1070B10FEF47BA8DC32
Authority key identifier: 3F:96:70:3F:30:E2:09:9A:3D:90:06:BF:A8:4E:5C:6C:48:6A:8D:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P5ZwPzDiCZo9kAa_qE5cbEhqjS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/83647a-44e5-4049-b879-9337f374168e/1/Yw0ll8I6I9zMZzGOXMeUOX2aiPE.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.46.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/83647a-44e5-4049-b879-9337f374168e/1/P5ZwPzDiCZo9kAa_qE5cbEhqjS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/83647a-44e5-4049-b879-9337f374168e/1/P5ZwPzDiCZo9kAa_qE5cbEhqjS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P5ZwPzDiCZo9kAa_qE5cbEhqjS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:a8:e3:20:b1:07:0b:10:fe:f4:7b:a8:dc:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f96703f30e2099a3d9006bfa84e5c6c486a8d2e
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=630d2597c23a23dccc67318e5cc794397d9a88f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0c:47:14:ba:f6:ac:63:55:3f:9c:91:28:50:
                    2b:81:54:62:8f:89:4e:4b:77:cc:4e:97:b7:75:1c:
                    86:c8:2a:c3:82:59:66:4b:9a:6b:61:af:58:c1:8f:
                    f2:3c:67:29:c6:cb:d6:ed:26:a4:19:e0:35:2f:10:
                    27:f1:84:cb:f6:a1:02:14:cb:65:9c:79:33:31:06:
                    db:f3:d2:30:df:13:86:2c:10:03:6e:99:c8:57:99:
                    38:24:38:5c:dc:cd:19:61:0f:0d:8e:d1:af:a6:26:
                    31:36:11:4f:9a:b6:8d:55:21:ec:ca:1b:a5:a6:94:
                    b8:28:1d:18:20:3e:ec:2d:10:7f:b2:e0:cf:7a:aa:
                    ea:a6:d9:53:c1:9f:f7:e0:63:e0:b7:e9:cc:dc:b2:
                    8b:ea:e7:c7:db:d5:dd:a3:27:fa:d7:0e:a8:a2:52:
                    a8:63:82:ba:c1:27:de:68:f8:45:4f:50:56:8f:54:
                    37:1b:e7:57:ed:79:a8:c8:27:f9:51:9d:ca:9e:c6:
                    1b:0f:02:70:19:b6:67:e6:d3:05:75:69:aa:fa:f6:
                    4b:aa:51:0e:2e:0d:48:d4:59:78:cc:51:f4:a8:cf:
                    79:e9:3a:79:2f:4c:97:ac:3d:0e:09:ab:e2:c1:76:
                    36:83:74:10:a4:ec:3b:67:c1:6b:1a:d9:54:20:16:
                    a3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:0D:25:97:C2:3A:23:DC:CC:67:31:8E:5C:C7:94:39:7D:9A:88:F1
            X509v3 Authority Key Identifier:
                keyid:3F:96:70:3F:30:E2:09:9A:3D:90:06:BF:A8:4E:5C:6C:48:6A:8D:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P5ZwPzDiCZo9kAa_qE5cbEhqjS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/83647a-44e5-4049-b879-9337f374168e/1/Yw0ll8I6I9zMZzGOXMeUOX2aiPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/83647a-44e5-4049-b879-9337f374168e/1/P5ZwPzDiCZo9kAa_qE5cbEhqjS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:4a:aa:ba:9c:38:0a:58:6e:66:39:85:b2:75:ac:f8:51:ac:
         fc:67:ec:2c:47:78:b0:5d:56:0f:87:b5:0c:d6:eb:4f:a6:69:
         f5:26:6d:c3:a0:1f:27:55:70:91:f0:47:4a:4e:f1:2d:5b:bd:
         29:d1:3e:63:6a:a0:4b:13:11:62:de:aa:57:83:fe:84:05:6d:
         ff:a5:49:61:0d:fe:0e:e2:d0:e3:e7:06:01:f5:f6:78:2a:c2:
         00:16:c4:fa:a6:70:c6:59:65:b6:02:e5:27:d7:63:5a:82:89:
         a0:4a:79:74:93:dc:d6:8e:08:80:e5:63:0a:68:69:f8:ee:e5:
         df:51:29:ff:7a:4c:a5:5d:00:c3:ca:b0:de:9d:2a:1f:45:a3:
         24:b4:a6:8e:49:63:fb:fc:22:86:c9:cf:65:a3:31:e8:99:35:
         87:40:38:78:24:f5:8b:3c:37:c9:87:4d:86:14:9c:0d:c3:30:
         cd:a9:b4:7d:2d:e9:26:2c:7a:56:25:12:4e:e2:0c:9e:91:d5:
         15:01:64:0f:64:30:1e:87:d7:93:5a:39:44:cd:01:4f:db:1a:
         c3:03:a9:43:b4:3b:bb:37:32:aa:2e:f6:94:48:81:60:74:78:
         fc:4d:80:c6:6b:eb:7f:97:74:7e:0d:eb:6d:99:67:9d:ae:18:
         52:2a:90:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzio4yCxBwsQ/vR7qNwyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmOTY3MDNmMzBlMjA5OWEzZDkwMDZiZmE4NGU1YzZjNDg2
YThkMmUwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzBkMjU5N2MyM2EyM2RjY2M2NzMxOGU1Y2M3OTQzOTdkOWE4OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQxHFLr2rGNVP5yRKFArgVRij4lO
S3fMTpe3dRyGyCrDgllmS5prYa9YwY/yPGcpxsvW7SakGeA1LxAn8YTL9qECFMtl
nHkzMQbb89Iw3xOGLBADbpnIV5k4JDhc3M0ZYQ8NjtGvpiYxNhFPmraNVSHsyhul
ppS4KB0YID7sLRB/suDPeqrqptlTwZ/34GPgt+nM3LKL6ufH29Xdoyf61w6oolKo
Y4K6wSfeaPhFT1BWj1Q3G+dX7XmoyCf5UZ3KnsYbDwJwGbZn5tMFdWmq+vZLqlEO
Lg1I1Fl4zFH0qM956Tp5L0yXrD0OCaviwXY2g3QQpOw7Z8FrGtlUIBajAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMNJZfCOiPczGcxjlzHlDl9mojxMB8GA1UdIwQY
MBaAFD+WcD8w4gmaPZAGv6hOXGxIao0uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDVad1B6RGlDWm85a0FhX3FFNWNiRWhxalM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MzY0N2EtNDRlNS00MDQ5LWI4Nzkt
OTMzN2YzNzQxNjhlLzEvWXcwbGw4STZJOXpNWnpHT1hNZVVPWDJhaVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MzY0N2EtNDRlNS00MDQ5LWI4NzktOTMzN2YzNzQxNjhl
LzEvUDVad1B6RGlDWm85a0FhX3FFNWNiRWhxalM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS4+MA0G
CSqGSIb3DQEBCwUAA4IBAQAISqq6nDgKWG5mOYWydaz4Uaz8Z+wsR3iwXVYPh7UM
1utPpmn1Jm3DoB8nVXCR8EdKTvEtW70p0T5jaqBLExFi3qpXg/6EBW3/pUlhDf4O
4tDj5wYB9fZ4KsIAFsT6pnDGWWW2AuUn12NagomgSnl0k9zWjgiA5WMKaGn47uXf
USn/ekylXQDDyrDenSofRaMktKaOSWP7/CKGyc9lozHomTWHQDh4JPWLPDfJh02G
FJwNwzDNqbR9LekmLHpWJRJO4gyekdUVAWQPZDAeh9eTWjlEzQFP2xrDA6lDtDu7
NzKqLvaUSIFgdHj8TYDGa+t/l3R+DettmWedrhhSKpDx
-----END CERTIFICATE-----