Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/YDfS21AFW_WoZv3QjP7P0og-Dgs.roa
File:                     YDfS21AFW_WoZv3QjP7P0og-Dgs.roa (raw, json)
Hash identifier:          rOGnowHwHvZRcmYU4CcR/UvUdB4wyvUcrIFfIu8zNvo=
Subject key identifier:   60:37:D2:DB:50:05:5B:F5:A8:66:FD:D0:8C:FE:CF:D2:88:3E:0E:0B
Certificate issuer:       /CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
Certificate serial:       018CC7937AE5A76B875289A1F0C1659C94F8
Authority key identifier: 19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/YDfS21AFW_WoZv3QjP7P0og-Dgs.roa
Signing time:             Tue 02 Jan 2024 00:29:40 +0000
ROA not before:           Tue 02 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47794
IP address blocks:        194.11.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:7a:e5:a7:6b:87:52:89:a1:f0:c1:65:9c:94:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
        Validity
            Not Before: Jan  2 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6037d2db50055bf5a866fdd08cfecfd2883e0e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9a:22:7f:45:61:6e:6c:a7:f9:90:91:15:92:
                    c8:60:33:9c:44:31:d9:8a:f1:cb:02:52:a1:d0:78:
                    7f:5d:ac:05:d5:db:93:b7:2c:a8:cc:d0:ab:94:6b:
                    a2:c6:28:88:8d:e8:6f:c3:33:e7:1e:63:9b:17:57:
                    a3:ab:f7:54:91:23:b3:25:d9:ff:d3:ed:20:49:8a:
                    41:8e:66:aa:d0:ef:59:c1:4c:60:af:4e:50:d6:4d:
                    2a:d7:25:25:af:5f:e9:e4:a6:e7:08:f5:30:05:e3:
                    17:0f:ce:c2:c2:b8:14:dc:5d:d5:4b:0b:a6:b7:b5:
                    b4:6b:4b:92:46:14:1f:98:89:6a:df:de:3a:fa:b6:
                    55:01:08:b8:ed:9f:c9:1b:a2:57:96:20:12:fe:b8:
                    4b:2d:d6:71:e0:2c:7c:82:19:fb:3c:4f:fd:ea:0c:
                    12:a3:a6:67:49:6e:28:64:8b:01:e1:cc:f7:42:8e:
                    61:f5:cc:13:9b:d8:ed:b3:06:b3:88:aa:41:2e:e7:
                    54:db:e7:82:41:5e:80:ef:1c:30:ce:94:47:3a:b6:
                    94:f6:0f:f0:a6:66:b6:77:59:24:2a:6b:6b:33:fe:
                    98:a6:92:71:51:8d:92:6c:12:4e:37:8e:50:33:72:
                    6b:d5:b3:59:7f:07:8a:0d:1d:f4:a6:2a:67:62:40:
                    20:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:37:D2:DB:50:05:5B:F5:A8:66:FD:D0:8C:FE:CF:D2:88:3E:0E:0B
            X509v3 Authority Key Identifier:
                keyid:19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/YDfS21AFW_WoZv3QjP7P0og-Dgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:a0:d8:b1:6a:c9:1f:f3:eb:ad:f0:e8:cf:d4:9a:34:50:50:
         6b:9e:2b:a2:b7:85:b1:52:fe:54:20:3b:07:42:43:fd:de:fb:
         c0:0f:b3:d3:0d:47:28:57:4e:a1:7b:a0:c9:7c:f8:ca:76:f1:
         47:c0:96:45:06:a1:db:a4:0f:b2:7a:18:75:f6:09:33:6f:3f:
         13:d5:b3:50:e6:4b:ff:7d:83:b1:7f:50:e1:8f:64:f9:ef:ec:
         09:d0:11:bd:36:31:ee:7c:ee:fa:e4:2f:f6:b7:90:0d:08:bd:
         fd:58:2d:c8:8b:0b:18:d1:bb:13:03:2d:8d:15:c9:b2:18:ab:
         75:60:74:98:47:44:4f:86:71:86:15:96:2e:68:a8:59:36:ef:
         52:bf:6a:ff:d7:c8:0c:f0:bf:86:b3:99:b7:c6:7e:48:75:f7:
         9f:70:27:a8:4b:cf:ee:1e:18:cb:d5:ef:ac:b0:10:90:67:c9:
         d3:20:a0:57:e1:82:97:1e:79:b5:bc:54:9d:07:c4:1f:38:47:
         6b:2d:9e:75:27:c1:7d:47:e3:5e:86:c3:ed:84:c8:dd:1a:80:
         5b:59:48:17:1b:8c:69:9b:0d:0f:e8:19:ce:2b:44:b8:fe:e6:
         bd:6b:20:25:3f:67:bd:72:52:f6:dd:a2:b4:3c:c9:69:ed:d5:
         4e:20:9c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk3rlp2uHUomh8MFlnJT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODNiMDJlMTBjYTgyMWJmZTFiZTZlNzUxZDkyY2Y3M2Q2
ZDRjMGIwHhcNMjQwMTAyMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDM3ZDJkYjUwMDU1YmY1YTg2NmZkZDA4Y2ZlY2ZkMjg4M2UwZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5oif0Vhbmyn+ZCRFZLIYDOcRDHZ
ivHLAlKh0Hh/XawF1duTtyyozNCrlGuixiiIjehvwzPnHmObF1ejq/dUkSOzJdn/
0+0gSYpBjmaq0O9ZwUxgr05Q1k0q1yUlr1/p5KbnCPUwBeMXD87CwrgU3F3VSwum
t7W0a0uSRhQfmIlq3946+rZVAQi47Z/JG6JXliAS/rhLLdZx4Cx8ghn7PE/96gwS
o6ZnSW4oZIsB4cz3Qo5h9cwTm9jtswaziKpBLudU2+eCQV6A7xwwzpRHOraU9g/w
pma2d1kkKmtrM/6YppJxUY2SbBJON45QM3Jr1bNZfweKDR30pipnYkAg3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGA30ttQBVv1qGb90Iz+z9KIPg4LMB8GA1UdIwQY
MBaAFBmDsC4QyoIb/hvm51HZLPc9bUwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEt
Y2RhMzYyNTYyOTZjLzEvWURmUzIxQUZXX1dvWnYzUWpQN1Awb2ctRGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEtY2RhMzYyNTYyOTZj
LzEvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgv3MA0G
CSqGSIb3DQEBCwUAA4IBAQBkoNixaskf8+ut8OjP1Jo0UFBrniuit4WxUv5UIDsH
QkP93vvAD7PTDUcoV06he6DJfPjKdvFHwJZFBqHbpA+yehh19gkzbz8T1bNQ5kv/
fYOxf1Dhj2T57+wJ0BG9NjHufO765C/2t5ANCL39WC3IiwsY0bsTAy2NFcmyGKt1
YHSYR0RPhnGGFZYuaKhZNu9Sv2r/18gM8L+Gs5m3xn5IdfefcCeoS8/uHhjL1e+s
sBCQZ8nTIKBX4YKXHnm1vFSdB8QfOEdrLZ51J8F9R+NehsPthMjdGoBbWUgXG4xp
mw0P6BnOK0S4/ua9ayAlP2e9clL23aK0PMlp7dVOIJxK
-----END CERTIFICATE-----