Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/380c3c-f308-4dfe-a3a3-e21c6d0f8f04/1/Y-n387oQLQnhIWbb_ctxkkd4U5s.roa
File:                     Y-n387oQLQnhIWbb_ctxkkd4U5s.roa (raw, json)
Hash identifier:          DMj3/IANauNQNka8tc6DrXA5IyGj/jwf9ppZs//Tcu0=
Subject key identifier:   63:E9:F7:F3:BA:10:2D:09:E1:21:66:DB:FD:CB:71:92:47:78:53:9B
Certificate issuer:       /CN=5189db2e5f574dda0e3c17e395d5f05b66254ec5
Certificate serial:       018CC9BBBB8FADB94CC8E4857F53E4FAF6FD
Authority key identifier: 51:89:DB:2E:5F:57:4D:DA:0E:3C:17:E3:95:D5:F0:5B:66:25:4E:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UYnbLl9XTdoOPBfjldXwW2YlTsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/380c3c-f308-4dfe-a3a3-e21c6d0f8f04/1/Y-n387oQLQnhIWbb_ctxkkd4U5s.roa
Signing time:             Tue 02 Jan 2024 10:32:52 +0000
ROA not before:           Tue 02 Jan 2024 10:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        195.47.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/380c3c-f308-4dfe-a3a3-e21c6d0f8f04/1/UYnbLl9XTdoOPBfjldXwW2YlTsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/380c3c-f308-4dfe-a3a3-e21c6d0f8f04/1/UYnbLl9XTdoOPBfjldXwW2YlTsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UYnbLl9XTdoOPBfjldXwW2YlTsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:bb:8f:ad:b9:4c:c8:e4:85:7f:53:e4:fa:f6:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5189db2e5f574dda0e3c17e395d5f05b66254ec5
        Validity
            Not Before: Jan  2 10:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63e9f7f3ba102d09e12166dbfdcb71924778539b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:78:d2:11:92:0f:8a:bb:d3:e0:a9:a9:50:50:
                    64:2e:ca:99:9b:59:b7:13:c6:b7:a3:3c:64:2d:21:
                    a3:8f:6a:34:57:2f:60:8d:52:32:e3:fa:04:ec:75:
                    8d:da:7b:6f:34:32:0d:b8:a8:d1:fd:79:d2:7b:92:
                    29:bb:b2:5d:3d:08:74:1a:91:a0:37:71:12:61:96:
                    1c:a6:7c:20:2e:c1:d7:17:42:12:0c:ee:0f:d6:da:
                    8c:d7:9b:1e:49:95:94:14:da:57:8b:7f:81:25:a2:
                    f9:cd:aa:29:66:eb:93:da:af:53:b2:e8:20:84:1c:
                    a7:c5:51:79:c6:49:fd:4b:fa:83:d2:d6:33:ca:54:
                    3b:7c:94:3f:47:c4:ee:9a:0f:f2:aa:4a:93:aa:35:
                    a6:3c:64:3c:9c:70:93:d2:00:13:f4:33:8a:48:04:
                    2f:b6:ad:a0:c1:bb:36:2e:be:92:bb:a8:25:97:4b:
                    e0:db:9d:9e:a5:55:71:5a:55:bc:49:8b:2b:cc:e6:
                    38:c2:39:9a:94:05:66:af:86:81:af:01:70:74:88:
                    86:fa:e8:c4:41:73:69:2c:a3:ce:99:9e:16:a9:af:
                    33:42:2a:60:c7:3f:2f:5a:40:37:25:b4:59:51:69:
                    b0:38:7e:5d:6e:7e:50:6c:ad:cc:ea:13:70:88:c5:
                    f8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E9:F7:F3:BA:10:2D:09:E1:21:66:DB:FD:CB:71:92:47:78:53:9B
            X509v3 Authority Key Identifier:
                keyid:51:89:DB:2E:5F:57:4D:DA:0E:3C:17:E3:95:D5:F0:5B:66:25:4E:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UYnbLl9XTdoOPBfjldXwW2YlTsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/380c3c-f308-4dfe-a3a3-e21c6d0f8f04/1/Y-n387oQLQnhIWbb_ctxkkd4U5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/380c3c-f308-4dfe-a3a3-e21c6d0f8f04/1/UYnbLl9XTdoOPBfjldXwW2YlTsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:00:3b:e2:cb:6b:bf:d4:a4:f0:18:42:45:59:36:d5:c4:19:
         ad:ec:2c:d2:42:81:aa:d3:c6:b0:24:19:25:b7:30:1b:57:2e:
         54:1b:2e:fe:65:7a:10:bc:5a:51:c8:78:f0:eb:8a:05:2e:88:
         b5:57:36:d5:55:45:55:d2:1d:b2:35:51:18:c4:df:5e:68:90:
         46:52:e6:31:72:21:df:b1:25:22:f4:50:01:f1:8a:12:89:e9:
         2b:e7:27:af:dd:6e:e8:3c:ba:91:5b:ac:de:aa:9d:45:c0:39:
         ef:55:1b:67:ce:4c:19:c6:0d:ca:d7:b8:a8:92:e3:74:a2:2e:
         31:63:97:e2:40:06:8e:c3:c6:08:7b:a9:e4:0b:14:f9:bf:03:
         f8:43:52:aa:ca:ab:11:dd:e5:2e:75:1c:26:07:98:f0:c1:9b:
         d0:f2:4d:3d:ee:a9:9d:38:a8:71:8b:f3:1f:86:e7:be:9c:ff:
         2e:23:77:dd:84:93:26:15:d6:be:56:cf:a0:4f:e1:c0:7c:1b:
         40:20:0d:3c:35:41:3b:b3:c0:7f:1c:2d:2d:4a:6c:ca:42:54:
         2c:eb:b0:96:d4:38:61:b6:2b:f5:05:80:44:39:38:91:ff:56:
         0e:5f:c4:db:9d:da:75:74:8b:cf:ea:be:96:b7:ee:53:3b:41:
         42:ed:26:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7uPrblMyOSFf1Pk+vb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxODlkYjJlNWY1NzRkZGEwZTNjMTdlMzk1ZDVmMDViNjYy
NTRlYzUwHhcNMjQwMTAyMTAzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2U5ZjdmM2JhMTAyZDA5ZTEyMTY2ZGJmZGNiNzE5MjQ3Nzg1MzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHjSEZIPirvT4KmpUFBkLsqZm1m3
E8a3ozxkLSGjj2o0Vy9gjVIy4/oE7HWN2ntvNDINuKjR/XnSe5Ipu7JdPQh0GpGg
N3ESYZYcpnwgLsHXF0ISDO4P1tqM15seSZWUFNpXi3+BJaL5zaopZuuT2q9Tsugg
hBynxVF5xkn9S/qD0tYzylQ7fJQ/R8Tumg/yqkqTqjWmPGQ8nHCT0gAT9DOKSAQv
tq2gwbs2Lr6Su6gll0vg252epVVxWlW8SYsrzOY4wjmalAVmr4aBrwFwdIiG+ujE
QXNpLKPOmZ4Wqa8zQipgxz8vWkA3JbRZUWmwOH5dbn5QbK3M6hNwiMX4zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPp9/O6EC0J4SFm2/3LcZJHeFObMB8GA1UdIwQY
MBaAFFGJ2y5fV03aDjwX45XV8FtmJU7FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVluYkxsOVhUZG9PUEJmamxkWHdXMllsVHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zODBjM2MtZjMwOC00ZGZlLWEzYTMt
ZTIxYzZkMGY4ZjA0LzEvWS1uMzg3b1FMUW5oSVdiYl9jdHhra2Q0VTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zODBjM2MtZjMwOC00ZGZlLWEzYTMtZTIxYzZkMGY4ZjA0
LzEvVVluYkxsOVhUZG9PUEJmamxkWHdXMllsVHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/nMA0G
CSqGSIb3DQEBCwUAA4IBAQCDADviy2u/1KTwGEJFWTbVxBmt7CzSQoGq08awJBkl
tzAbVy5UGy7+ZXoQvFpRyHjw64oFLoi1VzbVVUVV0h2yNVEYxN9eaJBGUuYxciHf
sSUi9FAB8YoSiekr5yev3W7oPLqRW6zeqp1FwDnvVRtnzkwZxg3K17iokuN0oi4x
Y5fiQAaOw8YIe6nkCxT5vwP4Q1KqyqsR3eUudRwmB5jwwZvQ8k097qmdOKhxi/Mf
hue+nP8uI3fdhJMmFda+Vs+gT+HAfBtAIA08NUE7s8B/HC0tSmzKQlQs67CW1Dhh
tiv1BYBEOTiR/1YOX8Tbndp1dIvP6r6Wt+5TO0FC7Sa4
-----END CERTIFICATE-----