Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d82ef6-836a-47c7-a6c1-d6eaafc6b4f5/1/Ydleb3__WwyNJhN8dSb4wjqyv_o.roa
File:                     Ydleb3__WwyNJhN8dSb4wjqyv_o.roa (raw, json)
Hash identifier:          NV6GfDcTjOqvXrLvKA6WA5XXNWeVFaujiXOsFYIJiGY=
Subject key identifier:   61:D9:5E:6F:7F:FF:5B:0C:8D:26:13:7C:75:26:F8:C2:3A:B2:BF:FA
Certificate issuer:       /CN=27a7d1f0d73fe481c2188d28def0e858e715697e
Certificate serial:       018CC7273E8C4BF2B5EAB49F995D1BAE0F5C
Authority key identifier: 27:A7:D1:F0:D7:3F:E4:81:C2:18:8D:28:DE:F0:E8:58:E7:15:69:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6fR8Nc_5IHCGI0o3vDoWOcVaX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d82ef6-836a-47c7-a6c1-d6eaafc6b4f5/1/Ydleb3__WwyNJhN8dSb4wjqyv_o.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        195.34.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/d82ef6-836a-47c7-a6c1-d6eaafc6b4f5/1/J6fR8Nc_5IHCGI0o3vDoWOcVaX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/d82ef6-836a-47c7-a6c1-d6eaafc6b4f5/1/J6fR8Nc_5IHCGI0o3vDoWOcVaX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6fR8Nc_5IHCGI0o3vDoWOcVaX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3e:8c:4b:f2:b5:ea:b4:9f:99:5d:1b:ae:0f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a7d1f0d73fe481c2188d28def0e858e715697e
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61d95e6f7fff5b0c8d26137c7526f8c23ab2bffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ab:1e:6b:ab:e8:24:ec:82:01:a0:ce:a1:f9:
                    93:c5:5b:51:ca:50:da:88:a1:e9:9f:02:61:46:20:
                    91:07:09:04:ae:dc:74:1c:48:31:8b:5d:c5:58:b6:
                    64:e9:f6:52:13:e3:70:d4:7b:ae:f9:2e:06:7b:b1:
                    b2:1d:82:e6:41:d6:c5:49:42:2b:f7:43:fa:a6:a6:
                    00:4e:bb:ea:61:aa:ff:d6:a4:06:48:56:55:12:d1:
                    e5:a1:6e:41:48:c3:db:f8:dc:1b:e9:c1:e9:05:9f:
                    bf:ef:6f:81:54:29:95:c9:9b:96:fe:69:0a:3d:29:
                    91:fa:fb:f6:df:97:a3:a6:3d:65:8b:51:14:53:83:
                    21:64:55:79:3f:8e:ac:93:4f:e4:10:af:90:27:6b:
                    26:e2:eb:01:e5:89:e2:ba:2c:bb:b7:cf:74:e2:0b:
                    e4:a4:70:1f:ea:d7:bd:5f:4c:eb:79:22:ab:04:28:
                    5f:14:e8:c8:ac:b0:46:6c:4a:71:db:7c:65:00:b0:
                    75:af:64:84:17:4d:fd:00:43:42:00:e2:08:a7:80:
                    5a:e4:69:dc:e9:58:89:7c:10:a9:53:86:76:ad:2b:
                    d2:16:2f:e8:d0:ae:39:3c:86:65:4c:eb:c7:98:45:
                    75:3b:a3:c0:21:6e:b3:94:1f:5c:30:c5:78:e8:1a:
                    be:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:D9:5E:6F:7F:FF:5B:0C:8D:26:13:7C:75:26:F8:C2:3A:B2:BF:FA
            X509v3 Authority Key Identifier:
                keyid:27:A7:D1:F0:D7:3F:E4:81:C2:18:8D:28:DE:F0:E8:58:E7:15:69:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6fR8Nc_5IHCGI0o3vDoWOcVaX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d82ef6-836a-47c7-a6c1-d6eaafc6b4f5/1/Ydleb3__WwyNJhN8dSb4wjqyv_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d82ef6-836a-47c7-a6c1-d6eaafc6b4f5/1/J6fR8Nc_5IHCGI0o3vDoWOcVaX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.34.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:04:13:f0:17:8b:75:21:c8:42:99:e6:13:05:34:89:fc:4b:
         1a:f2:ea:58:21:47:80:ac:77:ce:24:a6:65:ad:23:67:92:7b:
         35:be:3b:3c:7a:b2:f0:c3:0a:00:6a:1b:fc:e2:c4:4b:f6:8d:
         12:05:1f:80:26:8b:4b:3f:74:a0:a4:ce:88:ac:bd:72:60:31:
         f4:ad:15:d1:dc:13:49:54:c4:f6:7f:6b:34:d7:b1:14:dd:9f:
         f8:d7:8b:02:8e:d0:3b:de:41:75:20:e9:4f:f7:5b:d0:76:36:
         f2:fc:31:83:02:70:cf:b6:a9:77:94:ed:c8:67:a0:41:63:f3:
         1d:be:80:aa:b9:db:7f:04:21:a4:de:02:eb:bd:ea:21:f0:2e:
         ea:14:d4:5b:40:0d:e6:31:ba:9d:3e:40:f3:d2:2a:58:5e:b4:
         79:77:1e:51:99:e8:2a:a0:46:b7:8b:d8:26:b8:87:d0:7a:f2:
         3e:f4:c1:a3:e0:69:c5:ef:00:13:c3:e3:63:95:bf:4a:c1:d7:
         34:01:21:df:44:bc:05:ab:5e:af:d0:75:5e:75:41:de:0b:05:
         4b:ba:f0:fe:50:3e:d3:55:ce:d2:83:83:e4:2e:42:61:4c:6a:
         78:1a:09:13:41:b8:b2:3e:6c:e7:18:ec:f2:93:19:bb:68:fe:
         9d:78:34:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJz6MS/K16rSfmV0brg9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTdkMWYwZDczZmU0ODFjMjE4OGQyOGRlZjBlODU4ZTcx
NTY5N2UwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWQ5NWU2ZjdmZmY1YjBjOGQyNjEzN2M3NTI2ZjhjMjNhYjJiZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqsea6voJOyCAaDOofmTxVtRylDa
iKHpnwJhRiCRBwkErtx0HEgxi13FWLZk6fZSE+Nw1Huu+S4Ge7GyHYLmQdbFSUIr
90P6pqYATrvqYar/1qQGSFZVEtHloW5BSMPb+Nwb6cHpBZ+/72+BVCmVyZuW/mkK
PSmR+vv235ejpj1li1EUU4MhZFV5P46sk0/kEK+QJ2sm4usB5Yniuiy7t8904gvk
pHAf6te9X0zreSKrBChfFOjIrLBGbEpx23xlALB1r2SEF039AENCAOIIp4Ba5Gnc
6ViJfBCpU4Z2rSvSFi/o0K45PIZlTOvHmEV1O6PAIW6zlB9cMMV46Bq+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHZXm9//1sMjSYTfHUm+MI6sr/6MB8GA1UdIwQY
MBaAFCen0fDXP+SBwhiNKN7w6FjnFWl+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZmUjhOY181SUhDR0kwbzN2RG9XT2NWYVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kODJlZjYtODM2YS00N2M3LWE2YzEt
ZDZlYWFmYzZiNGY1LzEvWWRsZWIzX19Xd3lOSmhOOGRTYjR3anF5dl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kODJlZjYtODM2YS00N2M3LWE2YzEtZDZlYWFmYzZiNGY1
LzEvSjZmUjhOY181SUhDR0kwbzN2RG9XT2NWYVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwyJeMA0G
CSqGSIb3DQEBCwUAA4IBAQC1BBPwF4t1IchCmeYTBTSJ/Esa8upYIUeArHfOJKZl
rSNnkns1vjs8erLwwwoAahv84sRL9o0SBR+AJotLP3SgpM6IrL1yYDH0rRXR3BNJ
VMT2f2s017EU3Z/414sCjtA73kF1IOlP91vQdjby/DGDAnDPtql3lO3IZ6BBY/Md
voCqudt/BCGk3gLrveoh8C7qFNRbQA3mMbqdPkDz0ipYXrR5dx5RmegqoEa3i9gm
uIfQevI+9MGj4GnF7wATw+Njlb9Kwdc0ASHfRLwFq16v0HVedUHeCwVLuvD+UD7T
Vc7Sg4PkLkJhTGp4GgkTQbiyPmznGOzykxm7aP6deDTh
-----END CERTIFICATE-----