Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/yK51cXviWSApDzYh2uzRu5bjPZg.roa
File:                     yK51cXviWSApDzYh2uzRu5bjPZg.roa (raw, json)
Hash identifier:          uWEXhflreh+5m9Em9Vgj4M5a8UEXVF5SE6JcNwFZEPY=
Subject key identifier:   C8:AE:75:71:7B:E2:59:20:29:0F:36:21:DA:EC:D1:BB:96:E3:3D:98
Certificate issuer:       /CN=99dcbdf0632a101613a8f6c9449b29ed45c1a872
Certificate serial:       018CC8DEFDDE71029D0A80FD2CFD309EB16E
Authority key identifier: 99:DC:BD:F0:63:2A:10:16:13:A8:F6:C9:44:9B:29:ED:45:C1:A8:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdy98GMqEBYTqPbJRJsp7UXBqHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/yK51cXviWSApDzYh2uzRu5bjPZg.roa
Signing time:             Tue 02 Jan 2024 06:31:46 +0000
ROA not before:           Tue 02 Jan 2024 06:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.188.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/mdy98GMqEBYTqPbJRJsp7UXBqHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/mdy98GMqEBYTqPbJRJsp7UXBqHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdy98GMqEBYTqPbJRJsp7UXBqHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:57:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:fd:de:71:02:9d:0a:80:fd:2c:fd:30:9e:b1:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99dcbdf0632a101613a8f6c9449b29ed45c1a872
        Validity
            Not Before: Jan  2 06:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8ae75717be25920290f3621daecd1bb96e33d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:75:93:32:49:fb:6c:ef:dd:15:11:0d:2a:
                    26:80:d9:1d:9b:1e:91:2f:3d:a8:a4:19:97:c4:18:
                    9b:64:31:c6:2d:79:aa:ef:3e:67:dc:f2:a4:57:d8:
                    62:4e:cf:68:73:2a:47:1d:b3:36:c0:c7:67:0c:e1:
                    e4:81:e8:f2:19:76:9b:7e:5a:ec:81:d9:81:b0:5a:
                    bd:4f:77:81:0d:c0:04:d2:47:6c:6e:a6:d7:81:0f:
                    4c:5d:a9:8c:09:5f:9c:b5:da:67:6e:c8:63:a2:1f:
                    e3:7d:e1:2b:1f:66:f0:91:c5:ad:c7:53:3c:17:39:
                    93:8a:de:e5:a8:2b:a1:e1:f8:69:54:aa:17:5f:30:
                    5c:34:e7:c3:77:ed:61:5d:73:4c:9d:46:c1:70:f2:
                    69:3c:db:7b:6c:2b:e3:99:a6:ca:c4:16:c9:05:cd:
                    94:bc:40:12:69:00:9e:9b:a3:cb:16:87:39:3b:0f:
                    8a:64:77:44:6e:7d:dc:5a:b4:39:2d:d6:a7:41:31:
                    df:0a:9e:10:a2:81:f9:a9:60:68:d6:7e:cf:fb:f8:
                    1f:36:3c:53:21:47:50:12:b4:7b:de:c0:77:ed:47:
                    77:e5:00:9f:07:23:b0:29:cb:95:fc:3e:5d:0e:a6:
                    d3:45:3d:4a:4d:db:2c:7a:0a:80:05:e1:b8:ae:52:
                    81:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:AE:75:71:7B:E2:59:20:29:0F:36:21:DA:EC:D1:BB:96:E3:3D:98
            X509v3 Authority Key Identifier:
                keyid:99:DC:BD:F0:63:2A:10:16:13:A8:F6:C9:44:9B:29:ED:45:C1:A8:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdy98GMqEBYTqPbJRJsp7UXBqHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/yK51cXviWSApDzYh2uzRu5bjPZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/mdy98GMqEBYTqPbJRJsp7UXBqHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:80:fd:b8:f8:ca:c4:bc:ee:4c:2b:32:eb:b5:96:f3:e1:63:
         e0:6b:47:f6:7d:20:f9:b8:43:87:a6:85:99:c9:1c:e4:2f:de:
         b5:12:f5:9b:57:37:18:34:34:60:ba:45:32:95:a0:3e:6d:3d:
         5f:f2:8e:ff:8f:81:c0:61:f0:03:86:ef:6b:10:70:39:95:db:
         50:ea:8d:5a:68:48:74:9d:7a:e7:31:5e:01:c0:d1:76:2a:c6:
         13:85:6f:e9:2c:1a:6c:0e:87:ff:4b:ab:31:37:8d:55:d1:75:
         64:a9:a9:0b:be:08:28:94:82:21:f9:c6:a1:9e:93:17:5b:03:
         01:54:4f:3b:b1:a0:55:07:be:5d:17:2e:39:18:bb:c0:5e:f0:
         76:c5:22:fa:a5:ab:0a:f6:bc:b0:c0:dd:92:88:8f:f6:2f:30:
         8c:ca:0d:50:6a:02:52:bf:e0:6a:29:10:fe:19:ab:47:13:99:
         97:bb:5f:76:35:a8:36:17:65:31:6a:5e:df:6d:74:5a:3d:d4:
         59:62:dd:2d:fe:3e:9d:65:82:c8:de:93:05:fc:93:9a:04:de:
         2f:f0:10:7c:81:96:51:76:b4:a3:22:85:5f:1c:00:15:d0:0a:
         90:51:9b:56:6c:bb:8c:1d:93:d7:0d:3a:15:8d:b9:ac:b4:9f:
         29:32:5a:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3v3ecQKdCoD9LP0wnrFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZGNiZGYwNjMyYTEwMTYxM2E4ZjZjOTQ0OWIyOWVkNDVj
MWE4NzIwHhcNMjQwMTAyMDYzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGFlNzU3MTdiZTI1OTIwMjkwZjM2MjFkYWVjZDFiYjk2ZTMzZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQx1kzJJ+2zv3RURDSomgNkdmx6R
Lz2opBmXxBibZDHGLXmq7z5n3PKkV9hiTs9ocypHHbM2wMdnDOHkgejyGXabflrs
gdmBsFq9T3eBDcAE0kdsbqbXgQ9MXamMCV+ctdpnbshjoh/jfeErH2bwkcWtx1M8
FzmTit7lqCuh4fhpVKoXXzBcNOfDd+1hXXNMnUbBcPJpPNt7bCvjmabKxBbJBc2U
vEASaQCem6PLFoc5Ow+KZHdEbn3cWrQ5LdanQTHfCp4QooH5qWBo1n7P+/gfNjxT
IUdQErR73sB37Ud35QCfByOwKcuV/D5dDqbTRT1KTdssegqABeG4rlKBJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiudXF74lkgKQ82Idrs0buW4z2YMB8GA1UdIwQY
MBaAFJncvfBjKhAWE6j2yUSbKe1FwahyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWR5OThHTXFFQllUcVBiSlJKc3A3VVhCcUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80ZjNkMWItODM2MS00MTFlLWExNDgt
ODg1OGE1NTlmMjUxLzEveUs1MWNYdmlXU0FwRHpZaDJ1elJ1NWJqUFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80ZjNkMWItODM2MS00MTFlLWExNDgtODg1OGE1NTlmMjUx
LzEvbWR5OThHTXFFQllUcVBiSlJKc3A3VVhCcUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubz8MA0G
CSqGSIb3DQEBCwUAA4IBAQAPgP24+MrEvO5MKzLrtZbz4WPga0f2fSD5uEOHpoWZ
yRzkL961EvWbVzcYNDRgukUylaA+bT1f8o7/j4HAYfADhu9rEHA5ldtQ6o1aaEh0
nXrnMV4BwNF2KsYThW/pLBpsDof/S6sxN41V0XVkqakLvggolIIh+cahnpMXWwMB
VE87saBVB75dFy45GLvAXvB2xSL6pasK9rywwN2SiI/2LzCMyg1QagJSv+BqKRD+
GatHE5mXu192Nag2F2Uxal7fbXRaPdRZYt0t/j6dZYLI3pMF/JOaBN4v8BB8gZZR
drSjIoVfHAAV0AqQUZtWbLuMHZPXDToVjbmstJ8pMlpG
-----END CERTIFICATE-----