Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/YMYvp25JMVMn5OpfjAZsK4kAl3E.roa
File:                     YMYvp25JMVMn5OpfjAZsK4kAl3E.roa (raw, json)
Hash identifier:          ryzcUFqUTr/syS5SvXKVgHsr9tqa+E1jvCo20IDRrZY=
Subject key identifier:   60:C6:2F:A7:6E:49:31:53:27:E4:EA:5F:8C:06:6C:2B:89:00:97:71
Certificate issuer:       /CN=cc46bfff8b90e3748555ba1447fd4edecc340a13
Certificate serial:       018CC2DAE5A077F51C5930835BF050AFE353
Authority key identifier: CC:46:BF:FF:8B:90:E3:74:85:55:BA:14:47:FD:4E:DE:CC:34:0A:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zEa__4uQ43SFVboUR_1O3sw0ChM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/YMYvp25JMVMn5OpfjAZsK4kAl3E.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        195.162.4.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/zEa__4uQ43SFVboUR_1O3sw0ChM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/zEa__4uQ43SFVboUR_1O3sw0ChM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zEa__4uQ43SFVboUR_1O3sw0ChM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:a0:77:f5:1c:59:30:83:5b:f0:50:af:e3:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc46bfff8b90e3748555ba1447fd4edecc340a13
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60c62fa76e49315327e4ea5f8c066c2b89009771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4d:58:8b:ca:ee:02:2a:41:a2:13:67:83:e9:
                    e0:42:86:aa:38:e5:1e:d3:95:ea:b2:1f:9b:a6:a4:
                    87:e0:12:30:54:1e:79:ed:c7:ae:fa:b8:4b:93:3f:
                    a8:a1:49:38:a4:9c:15:f1:a3:4d:8a:62:85:ac:8e:
                    7e:23:3c:95:13:75:c6:78:b6:29:39:06:0b:23:97:
                    24:30:54:d9:0e:47:dd:85:11:76:01:e1:cc:7c:fd:
                    1b:81:1f:67:8e:45:bf:31:23:19:c0:5f:ad:2b:07:
                    24:bd:ff:4a:f4:e5:04:90:78:1f:71:13:81:08:c3:
                    e9:ed:4d:bb:a7:16:4e:df:b0:48:9b:59:62:c3:04:
                    93:f8:d8:da:9a:63:40:5b:2d:9e:df:82:c5:24:fd:
                    c8:70:6e:68:05:2a:da:65:34:65:37:07:c1:76:ab:
                    7f:fd:26:47:a4:98:05:24:72:53:2c:d3:b6:3f:e5:
                    39:13:07:ff:1e:7a:6c:ed:91:a1:09:43:8b:b6:eb:
                    24:29:2a:90:88:ef:2e:ba:ad:a2:76:f8:4c:62:13:
                    3e:76:87:6c:4a:ac:b4:22:f5:c7:88:a8:b6:80:83:
                    1a:6b:dd:f3:4a:92:ad:85:39:d6:92:c1:c0:6d:ea:
                    a3:62:d7:a2:d7:54:54:5f:ab:46:e6:c3:89:cf:67:
                    e3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C6:2F:A7:6E:49:31:53:27:E4:EA:5F:8C:06:6C:2B:89:00:97:71
            X509v3 Authority Key Identifier:
                keyid:CC:46:BF:FF:8B:90:E3:74:85:55:BA:14:47:FD:4E:DE:CC:34:0A:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zEa__4uQ43SFVboUR_1O3sw0ChM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/YMYvp25JMVMn5OpfjAZsK4kAl3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/zEa__4uQ43SFVboUR_1O3sw0ChM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:4e:ad:1e:ce:ab:a9:ed:90:61:69:77:e6:95:bc:a9:b2:07:
         98:ae:9f:ba:da:21:df:02:dc:52:31:8c:ce:bf:27:1a:d8:7e:
         da:d0:a9:81:2e:00:3f:19:67:88:2b:59:25:52:b3:4f:eb:a8:
         63:dc:3e:1f:61:23:b2:eb:24:39:26:d1:8f:3e:ec:d9:0d:60:
         32:db:40:71:ed:22:57:ed:16:8f:8e:37:d4:38:09:7f:c4:c0:
         b8:ba:05:57:97:23:1b:8a:fb:c3:8c:2e:48:80:98:8e:fd:ba:
         24:4c:e5:82:3b:11:66:cc:e1:09:21:8a:5c:43:01:0b:92:e1:
         78:b0:f7:8d:60:5a:3d:41:58:1b:2a:0c:da:d8:e0:38:e4:de:
         ca:4a:0f:60:eb:a4:45:51:1f:09:10:cf:8d:6b:37:b9:49:d8:
         59:92:40:37:34:bb:11:ec:2d:2a:82:54:de:24:3f:f5:cc:d0:
         75:f3:eb:e8:96:dd:4e:34:04:58:cf:16:0c:b5:13:0b:e0:d9:
         1d:03:27:65:c7:50:c9:07:e8:78:99:34:1e:72:51:31:45:6a:
         27:65:d3:c0:74:6f:ec:52:1c:fc:58:04:02:76:5e:eb:2c:93:
         c6:d3:7f:22:78:d0:d8:2d:ae:b9:37:e8:b2:e0:06:3a:92:49:
         6f:5d:54:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uWgd/UcWTCDW/BQr+NTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNDZiZmZmOGI5MGUzNzQ4NTU1YmExNDQ3ZmQ0ZWRlY2Mz
NDBhMTMwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGM2MmZhNzZlNDkzMTUzMjdlNGVhNWY4YzA2NmMyYjg5MDA5NzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp01Yi8ruAipBohNng+ngQoaqOOUe
05Xqsh+bpqSH4BIwVB557ceu+rhLkz+ooUk4pJwV8aNNimKFrI5+IzyVE3XGeLYp
OQYLI5ckMFTZDkfdhRF2AeHMfP0bgR9njkW/MSMZwF+tKwckvf9K9OUEkHgfcROB
CMPp7U27pxZO37BIm1liwwST+NjammNAWy2e34LFJP3IcG5oBSraZTRlNwfBdqt/
/SZHpJgFJHJTLNO2P+U5Ewf/Hnps7ZGhCUOLtuskKSqQiO8uuq2idvhMYhM+dods
Sqy0IvXHiKi2gIMaa93zSpKthTnWksHAbeqjYtei11RUX6tG5sOJz2fj0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDGL6duSTFTJ+TqX4wGbCuJAJdxMB8GA1UdIwQY
MBaAFMxGv/+LkON0hVW6FEf9Tt7MNAoTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekVhX180dVE0M1NGVmJvVVJfMU8zc3cwQ2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS84NGQ0OWMtMGM4NC00NTZhLWI2NDAt
NGRjOWJmNjQyZGQyLzEvWU1ZdnAyNUpNVk1uNU9wZmpBWnNLNGtBbDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS84NGQ0OWMtMGM4NC00NTZhLWI2NDAtNGRjOWJmNjQyZGQy
LzEvekVhX180dVE0M1NGVmJvVVJfMU8zc3cwQ2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6IEMA0G
CSqGSIb3DQEBCwUAA4IBAQBLTq0ezqup7ZBhaXfmlbypsgeYrp+62iHfAtxSMYzO
vyca2H7a0KmBLgA/GWeIK1klUrNP66hj3D4fYSOy6yQ5JtGPPuzZDWAy20Bx7SJX
7RaPjjfUOAl/xMC4ugVXlyMbivvDjC5IgJiO/bokTOWCOxFmzOEJIYpcQwELkuF4
sPeNYFo9QVgbKgza2OA45N7KSg9g66RFUR8JEM+Naze5SdhZkkA3NLsR7C0qglTe
JD/1zNB18+volt1ONARYzxYMtRML4NkdAydlx1DJB+h4mTQeclExRWonZdPAdG/s
Uhz8WAQCdl7rLJPG038ieNDYLa65N+iy4AY6kklvXVSO
-----END CERTIFICATE-----