Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/512795-7ed4-4f31-98a4-4e5988548013/1/ylvipgj8fPAPX5uHBKrOfj94bVM.roa
File:                     ylvipgj8fPAPX5uHBKrOfj94bVM.roa (raw, json)
Hash identifier:          PDOj2qnxWhbEQSgrg0TeMRVMYOuj8uCwPTFBKlZFi0A=
Subject key identifier:   CA:5B:E2:A6:08:FC:7C:F0:0F:5F:9B:87:04:AA:CE:7E:3F:78:6D:53
Certificate issuer:       /CN=47399ddb8c70fe334fe9c287b692694628518c69
Certificate serial:       018CC3B73493A9EE44BA52D0A97EF81E453C
Authority key identifier: 47:39:9D:DB:8C:70:FE:33:4F:E9:C2:87:B6:92:69:46:28:51:8C:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rzmd24xw_jNP6cKHtpJpRihRjGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/512795-7ed4-4f31-98a4-4e5988548013/1/ylvipgj8fPAPX5uHBKrOfj94bVM.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59623
IP address blocks:        195.214.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/512795-7ed4-4f31-98a4-4e5988548013/1/Rzmd24xw_jNP6cKHtpJpRihRjGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/512795-7ed4-4f31-98a4-4e5988548013/1/Rzmd24xw_jNP6cKHtpJpRihRjGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rzmd24xw_jNP6cKHtpJpRihRjGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:34:93:a9:ee:44:ba:52:d0:a9:7e:f8:1e:45:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47399ddb8c70fe334fe9c287b692694628518c69
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca5be2a608fc7cf00f5f9b8704aace7e3f786d53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:66:dd:43:05:2a:55:dc:97:c7:b7:f3:d3:43:
                    78:3a:42:a0:81:37:a9:c7:b7:c1:4a:bf:28:ce:5d:
                    8f:c1:66:e8:5b:ea:e0:34:13:21:cc:2b:18:5e:46:
                    f5:18:43:41:ce:7c:6a:2d:3b:9a:7e:71:fd:67:a0:
                    c8:b0:dd:dc:a6:10:f1:e3:3b:82:6e:0e:20:f6:ac:
                    df:0f:ea:c0:3c:38:09:f1:2a:14:49:49:83:0b:b0:
                    ca:94:ca:98:5c:e3:ed:8e:7a:60:38:e7:b6:63:40:
                    f4:e8:2c:e6:10:43:54:77:69:1f:f0:87:2e:87:42:
                    6e:03:86:47:7d:97:63:10:f5:21:61:6e:81:c6:1d:
                    45:76:14:c6:1b:6b:f0:e2:37:a2:3d:cf:e4:ab:81:
                    8a:b3:5a:59:93:ad:af:ec:fa:57:3f:54:9d:c9:48:
                    2f:cb:d1:1b:93:6b:74:5f:bc:65:11:6f:92:fb:66:
                    0a:11:dc:8e:23:8c:ac:c3:6c:4b:92:27:d7:64:01:
                    1e:63:97:29:09:75:dc:e7:3a:3f:74:7d:32:ef:6e:
                    bf:16:fd:9d:de:ee:57:f0:53:45:d3:90:0a:ae:97:
                    c2:c6:f1:a2:d7:ea:5c:31:6e:62:3b:4f:93:b8:19:
                    18:a5:38:4a:67:8f:2c:3d:85:1e:ed:d3:8c:92:25:
                    68:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:5B:E2:A6:08:FC:7C:F0:0F:5F:9B:87:04:AA:CE:7E:3F:78:6D:53
            X509v3 Authority Key Identifier:
                keyid:47:39:9D:DB:8C:70:FE:33:4F:E9:C2:87:B6:92:69:46:28:51:8C:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rzmd24xw_jNP6cKHtpJpRihRjGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/512795-7ed4-4f31-98a4-4e5988548013/1/ylvipgj8fPAPX5uHBKrOfj94bVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/512795-7ed4-4f31-98a4-4e5988548013/1/Rzmd24xw_jNP6cKHtpJpRihRjGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:78:44:fa:66:2e:8b:d7:0f:e9:f8:d0:a8:0b:bf:d7:39:b3:
         86:61:8d:36:78:b1:61:0c:e3:fd:7c:61:0b:cf:73:63:70:44:
         dd:8f:2f:b9:e8:44:47:89:87:97:7c:66:d3:df:8c:d5:8a:eb:
         65:29:7b:b6:af:6a:1e:48:ed:2c:bc:8c:9f:36:6c:da:82:0a:
         7e:79:51:63:9b:e0:62:d3:42:3f:4b:50:e1:3f:2c:32:29:12:
         62:49:25:cf:18:1d:50:67:2f:8f:88:15:7a:a5:c6:2d:9b:e5:
         c8:60:c6:1e:ce:ef:19:7a:b3:3c:5d:da:02:e2:ba:3a:ac:4d:
         4e:b2:28:77:4c:db:36:73:60:23:8a:86:3c:ca:66:d2:6b:48:
         b1:07:44:50:70:18:f1:97:3c:5d:bb:da:ce:fe:e5:6d:2d:3a:
         ae:c8:b9:53:7d:84:35:c6:0e:04:72:9c:04:8c:7e:50:fc:af:
         89:11:d2:bd:f7:10:a1:b7:8e:61:ed:68:d8:28:c8:89:56:c7:
         a0:fc:dd:4c:5f:b6:fb:60:80:4b:fb:45:05:b6:5a:e6:ae:0d:
         e6:5c:b5:fe:a0:93:94:4d:fa:c6:cf:78:5d:e2:a2:09:a9:c7:
         3f:d8:8d:28:38:1c:e0:70:59:65:ba:ae:8e:c9:73:61:ea:47:
         86:f7:43:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzSTqe5EulLQqX74HkU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Mzk5ZGRiOGM3MGZlMzM0ZmU5YzI4N2I2OTI2OTQ2Mjg1
MThjNjkwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTViZTJhNjA4ZmM3Y2YwMGY1ZjliODcwNGFhY2U3ZTNmNzg2ZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmbdQwUqVdyXx7fz00N4OkKggTep
x7fBSr8ozl2PwWboW+rgNBMhzCsYXkb1GENBznxqLTuafnH9Z6DIsN3cphDx4zuC
bg4g9qzfD+rAPDgJ8SoUSUmDC7DKlMqYXOPtjnpgOOe2Y0D06CzmEENUd2kf8Icu
h0JuA4ZHfZdjEPUhYW6Bxh1FdhTGG2vw4jeiPc/kq4GKs1pZk62v7PpXP1SdyUgv
y9Ebk2t0X7xlEW+S+2YKEdyOI4ysw2xLkifXZAEeY5cpCXXc5zo/dH0y726/Fv2d
3u5X8FNF05AKrpfCxvGi1+pcMW5iO0+TuBkYpThKZ48sPYUe7dOMkiVoGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpb4qYI/HzwD1+bhwSqzn4/eG1TMB8GA1UdIwQY
MBaAFEc5nduMcP4zT+nCh7aSaUYoUYxpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnptZDI0eHdfak5QNmNLSHRwSnBSaWhSakdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni81MTI3OTUtN2VkNC00ZjMxLTk4YTQt
NGU1OTg4NTQ4MDEzLzEveWx2aXBnajhmUEFQWDV1SEJLck9majk0YlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni81MTI3OTUtN2VkNC00ZjMxLTk4YTQtNGU1OTg4NTQ4MDEz
LzEvUnptZDI0eHdfak5QNmNLSHRwSnBSaWhSakdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9brMA0G
CSqGSIb3DQEBCwUAA4IBAQBMeET6Zi6L1w/p+NCoC7/XObOGYY02eLFhDOP9fGEL
z3NjcETdjy+56ERHiYeXfGbT34zViutlKXu2r2oeSO0svIyfNmzaggp+eVFjm+Bi
00I/S1DhPywyKRJiSSXPGB1QZy+PiBV6pcYtm+XIYMYezu8ZerM8XdoC4ro6rE1O
sih3TNs2c2AjioY8ymbSa0ixB0RQcBjxlzxdu9rO/uVtLTquyLlTfYQ1xg4EcpwE
jH5Q/K+JEdK99xCht45h7WjYKMiJVseg/N1MX7b7YIBL+0UFtlrmrg3mXLX+oJOU
TfrGz3hd4qIJqcc/2I0oOBzgcFlluq6OyXNh6keG90N5
-----END CERTIFICATE-----