Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/2146ca-e026-402c-a56e-86af52fb4eeb/1/Y86euGQ_SA5ONcNaPLluLQROYxY.roa
File:                     Y86euGQ_SA5ONcNaPLluLQROYxY.roa (raw, json)
Hash identifier:          dnxVNmI9jDRCJpqvfca39nW8CJQJoC7sn9UBZfjph2s=
Subject key identifier:   63:CE:9E:B8:64:3F:48:0E:4E:35:C3:5A:3C:B9:6E:2D:04:4E:63:16
Certificate issuer:       /CN=a2510279be138c42cdef62718f0f6afacae1819e
Certificate serial:       018CC56DDBBB16861E851D01EF3F0C916138
Authority key identifier: A2:51:02:79:BE:13:8C:42:CD:EF:62:71:8F:0F:6A:FA:CA:E1:81:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olECeb4TjELN72Jxjw9q-srhgZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/2146ca-e026-402c-a56e-86af52fb4eeb/1/Y86euGQ_SA5ONcNaPLluLQROYxY.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42700
IP address blocks:        194.110.199.0/24 maxlen: 24
                          2001:678:1ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/2146ca-e026-402c-a56e-86af52fb4eeb/1/olECeb4TjELN72Jxjw9q-srhgZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/2146ca-e026-402c-a56e-86af52fb4eeb/1/olECeb4TjELN72Jxjw9q-srhgZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olECeb4TjELN72Jxjw9q-srhgZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:db:bb:16:86:1e:85:1d:01:ef:3f:0c:91:61:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2510279be138c42cdef62718f0f6afacae1819e
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63ce9eb8643f480e4e35c35a3cb96e2d044e6316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b3:82:66:84:8c:8e:9b:91:a6:ea:0d:eb:b7:
                    ba:81:24:73:e0:10:2c:e6:5f:b7:e9:9e:3f:c9:5e:
                    0f:9a:4f:16:73:d9:48:36:04:f7:10:ee:3a:4f:a6:
                    6e:c0:61:7c:49:81:1e:62:66:43:a5:9f:e1:80:3a:
                    ef:44:44:aa:5c:e7:f1:f8:9c:ae:c5:1d:a0:99:4d:
                    d6:ec:74:a9:15:7e:c5:d5:e9:af:98:99:5f:35:91:
                    60:c2:95:eb:ab:b2:14:b8:b7:5f:14:16:7e:85:81:
                    64:af:98:d1:e8:5c:7d:07:18:8b:e4:e7:74:c4:c3:
                    50:8c:16:b4:56:3e:79:eb:b5:0a:3e:4e:9f:f1:33:
                    9a:d0:94:da:ab:91:26:83:9b:e9:5e:88:69:6e:cb:
                    0d:8f:c7:c0:4d:fd:2a:04:77:f5:b6:c4:c5:29:0f:
                    f2:75:9f:fa:4d:94:74:e9:40:39:d5:62:a7:74:99:
                    e4:7c:fa:b8:93:1b:a5:ce:e0:c1:7a:2e:14:14:87:
                    26:30:d5:5a:ef:5c:5d:ae:ab:d7:ea:21:f8:f1:e6:
                    3a:22:47:94:fa:0f:13:2b:b9:1f:0b:73:73:91:08:
                    dc:e2:81:d6:4c:7e:84:a0:58:06:a0:f0:99:95:be:
                    c6:09:5c:d4:77:10:cd:71:4d:8d:6d:4d:65:19:e0:
                    b5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CE:9E:B8:64:3F:48:0E:4E:35:C3:5A:3C:B9:6E:2D:04:4E:63:16
            X509v3 Authority Key Identifier:
                keyid:A2:51:02:79:BE:13:8C:42:CD:EF:62:71:8F:0F:6A:FA:CA:E1:81:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olECeb4TjELN72Jxjw9q-srhgZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2146ca-e026-402c-a56e-86af52fb4eeb/1/Y86euGQ_SA5ONcNaPLluLQROYxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2146ca-e026-402c-a56e-86af52fb4eeb/1/olECeb4TjELN72Jxjw9q-srhgZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.199.0/24
                IPv6:
                  2001:678:1ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:05:00:cc:26:55:60:dc:bc:2d:1e:46:c8:96:68:fe:e4:8b:
         70:a5:27:98:a5:3d:c0:af:bf:da:33:b7:d1:a1:c8:ff:81:dd:
         d0:63:bf:5a:cb:97:e7:f9:53:6e:80:13:90:84:89:90:d0:ec:
         b9:4d:5c:70:f3:9d:fb:b5:ac:5d:2d:f4:d4:47:8c:89:ba:70:
         65:57:ae:e0:45:86:95:7e:0b:a2:16:9e:5f:ed:3b:11:22:03:
         7d:1e:bb:2e:cf:3d:5b:e9:e1:7a:66:04:72:fa:20:9a:56:de:
         ff:4d:b2:0e:02:98:eb:c5:db:b7:fc:3a:c8:64:78:d9:17:98:
         1f:34:1a:95:c6:17:aa:b2:c5:6b:58:6f:56:eb:8a:44:9c:22:
         b5:6d:95:c7:a0:3d:36:5a:54:8a:32:af:74:d9:e1:cb:ee:32:
         09:03:d5:1d:28:60:ed:7f:28:82:34:78:a1:0d:99:06:47:58:
         6f:be:57:5f:71:af:40:ab:13:87:da:3f:9c:dd:d9:79:95:71:
         4c:a1:97:3b:54:5c:07:65:4d:60:a6:6b:2b:91:21:30:74:01:
         26:79:e7:37:75:1b:47:e3:7c:c5:b6:91:00:a5:d1:9b:2d:f6:
         fd:3b:ed:ce:09:cb:c4:1a:f9:f2:0b:b3:25:a2:a0:f9:1c:74:
         08:6f:14:6e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbdu7FoYehR0B7z8MkWE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTEwMjc5YmUxMzhjNDJjZGVmNjI3MThmMGY2YWZhY2Fl
MTgxOWUwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2NlOWViODY0M2Y0ODBlNGUzNWMzNWEzY2I5NmUyZDA0NGU2MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7OCZoSMjpuRpuoN67e6gSRz4BAs
5l+36Z4/yV4Pmk8Wc9lINgT3EO46T6ZuwGF8SYEeYmZDpZ/hgDrvRESqXOfx+Jyu
xR2gmU3W7HSpFX7F1emvmJlfNZFgwpXrq7IUuLdfFBZ+hYFkr5jR6Fx9BxiL5Od0
xMNQjBa0Vj5567UKPk6f8TOa0JTaq5Emg5vpXohpbssNj8fATf0qBHf1tsTFKQ/y
dZ/6TZR06UA51WKndJnkfPq4kxulzuDBei4UFIcmMNVa71xdrqvX6iH48eY6IkeU
+g8TK7kfC3NzkQjc4oHWTH6EoFgGoPCZlb7GCVzUdxDNcU2NbU1lGeC1wQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGPOnrhkP0gOTjXDWjy5bi0ETmMWMB8GA1UdIwQY
MBaAFKJRAnm+E4xCze9icY8PavrK4YGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xFQ2ViNFRqRUxONzJKeGp3OXEtc3JoZ1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8yMTQ2Y2EtZTAyNi00MDJjLWE1NmUt
ODZhZjUyZmI0ZWViLzEvWTg2ZXVHUV9TQTVPTmNOYVBMbHVMUVJPWXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8yMTQ2Y2EtZTAyNi00MDJjLWE1NmUtODZhZjUyZmI0ZWVi
LzEvb2xFQ2ViNFRqRUxONzJKeGp3OXEtc3JoZ1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwm7HMA8E
AgACMAkDBwAgAQZ4AewwDQYJKoZIhvcNAQELBQADggEBADkFAMwmVWDcvC0eRsiW
aP7ki3ClJ5ilPcCvv9ozt9GhyP+B3dBjv1rLl+f5U26AE5CEiZDQ7LlNXHDznfu1
rF0t9NRHjIm6cGVXruBFhpV+C6IWnl/tOxEiA30euy7PPVvp4XpmBHL6IJpW3v9N
sg4CmOvF27f8OshkeNkXmB80GpXGF6qyxWtYb1brikScIrVtlcegPTZaVIoyr3TZ
4cvuMgkD1R0oYO1/KII0eKENmQZHWG++V19xr0CrE4faP5zd2XmVcUyhlztUXAdl
TWCmayuRITB0ASZ55zd1G0fjfMW2kQCl0Zst9v077c4Jy8Qa+fILsyWioPkcdAhv
FG4=
-----END CERTIFICATE-----