Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/ynJOzKhZqPgLO_94rsKMqHNrknE.roa
File:                     ynJOzKhZqPgLO_94rsKMqHNrknE.roa (raw, json)
Hash identifier:          +QB32yQ/kr3/CNhwqd/3RIlPeZwGXmco98nCOBC57rE=
Subject key identifier:   CA:72:4E:CC:A8:59:A8:F8:0B:3B:FF:78:AE:C2:8C:A8:73:6B:92:71
Certificate issuer:       /CN=63703ca50c432acd7f1cbba7c07da2202299ca63
Certificate serial:       018CC9BBBFE73980E9E3294996B0AA246AEC
Authority key identifier: 63:70:3C:A5:0C:43:2A:CD:7F:1C:BB:A7:C0:7D:A2:20:22:99:CA:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3A8pQxDKs1_HLunwH2iICKZymM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/ynJOzKhZqPgLO_94rsKMqHNrknE.roa
Signing time:             Tue 02 Jan 2024 10:32:53 +0000
ROA not before:           Tue 02 Jan 2024 10:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9158
IP address blocks:        193.3.233.0/24 maxlen: 24
                          2a10:e200::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/Y3A8pQxDKs1_HLunwH2iICKZymM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/Y3A8pQxDKs1_HLunwH2iICKZymM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y3A8pQxDKs1_HLunwH2iICKZymM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:bf:e7:39:80:e9:e3:29:49:96:b0:aa:24:6a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63703ca50c432acd7f1cbba7c07da2202299ca63
        Validity
            Not Before: Jan  2 10:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca724ecca859a8f80b3bff78aec28ca8736b9271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c6:2b:a1:1f:41:e0:38:44:3c:9a:48:3f:dd:
                    02:4d:83:c0:cc:9a:47:6c:0d:bd:fd:e9:ea:97:f8:
                    8b:04:5e:02:60:76:43:aa:1a:cf:18:b3:3d:31:73:
                    04:66:7d:bf:ca:7a:a1:9c:c8:75:de:bd:8c:6a:48:
                    66:3f:04:12:54:69:57:6e:7c:77:56:4a:1d:10:ab:
                    0c:dd:de:01:8b:27:f6:5c:a4:be:46:13:6f:33:10:
                    eb:3f:f8:02:cb:a6:a5:21:67:f5:c7:b0:3d:90:80:
                    f7:9a:96:a9:03:3b:61:b0:d5:a7:10:4b:5a:49:6a:
                    cb:d6:cb:21:3e:17:2b:72:e2:83:a6:0d:b7:5b:db:
                    46:d8:46:c2:90:29:1e:65:44:41:f3:56:75:99:14:
                    35:34:85:1d:50:4c:71:ea:cc:d3:55:f7:c1:c4:54:
                    1f:56:c3:d5:7c:f4:c8:db:4b:44:a7:5e:2a:59:24:
                    78:b7:9e:cf:4d:07:05:e4:41:2b:25:cd:c3:d9:4e:
                    e3:d9:72:8c:97:d5:8c:34:ac:cf:d6:86:4b:d5:d2:
                    bb:df:ce:c1:a0:85:51:91:94:f8:07:9f:ee:c4:9d:
                    fe:fa:69:5c:fa:db:89:39:df:2c:b6:dc:d5:40:7d:
                    39:b1:b7:27:21:bd:17:b3:a7:ae:fc:6f:73:0a:93:
                    98:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:72:4E:CC:A8:59:A8:F8:0B:3B:FF:78:AE:C2:8C:A8:73:6B:92:71
            X509v3 Authority Key Identifier:
                keyid:63:70:3C:A5:0C:43:2A:CD:7F:1C:BB:A7:C0:7D:A2:20:22:99:CA:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3A8pQxDKs1_HLunwH2iICKZymM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/ynJOzKhZqPgLO_94rsKMqHNrknE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/Y3A8pQxDKs1_HLunwH2iICKZymM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.233.0/24
                IPv6:
                  2a10:e200::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:a4:7f:63:d6:92:89:97:98:4c:75:4f:83:d5:f7:b8:de:69:
         20:76:ac:56:77:89:31:f3:ba:2f:44:b5:cc:c7:27:4c:b1:df:
         51:ed:d4:46:8b:1f:93:05:aa:c5:6d:70:c7:cb:30:3b:c5:5e:
         3b:4a:01:d2:ab:47:ec:d9:9d:2c:98:fc:73:39:2b:bd:bd:cf:
         e5:a5:07:81:e1:f7:4c:6e:c6:57:87:d8:09:f3:c1:24:db:ef:
         fb:ea:42:07:53:f7:93:40:39:cb:07:82:93:e7:a1:87:55:7f:
         8b:da:6e:18:ed:2c:bb:f4:9d:36:0e:f1:35:24:f6:0b:a9:8b:
         7d:3c:6d:0d:2a:d9:a7:99:8e:5c:98:79:9a:f6:94:98:86:37:
         8f:9a:46:a6:77:a0:da:9b:19:be:fe:6f:81:3b:80:bf:d2:8f:
         2d:1c:97:c7:0e:5f:3b:d1:ac:35:52:c8:bf:d0:48:31:a1:c6:
         9a:d0:d5:d8:5f:7b:84:97:6f:ab:07:42:59:ab:e1:9f:4c:78:
         0a:01:12:c1:d9:14:ce:9d:a9:e7:56:c5:50:b5:bf:1c:cb:40:
         e5:a5:8e:bc:b4:d7:4f:cd:ef:04:87:f5:ea:cd:0e:5d:ab:31:
         35:c2:5f:f8:52:51:cb:f6:d1:a4:71:c9:e7:10:c9:be:da:c7:
         44:a4:74:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu7/nOYDp4ylJlrCqJGrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNzAzY2E1MGM0MzJhY2Q3ZjFjYmJhN2MwN2RhMjIwMjI5
OWNhNjMwHhcNMjQwMTAyMTAzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcyNGVjY2E4NTlhOGY4MGIzYmZmNzhhZWMyOGNhODczNmI5MjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMYroR9B4DhEPJpIP90CTYPAzJpH
bA29/enql/iLBF4CYHZDqhrPGLM9MXMEZn2/ynqhnMh13r2MakhmPwQSVGlXbnx3
VkodEKsM3d4Biyf2XKS+RhNvMxDrP/gCy6alIWf1x7A9kID3mpapAzthsNWnEEta
SWrL1sshPhcrcuKDpg23W9tG2EbCkCkeZURB81Z1mRQ1NIUdUExx6szTVffBxFQf
VsPVfPTI20tEp14qWSR4t57PTQcF5EErJc3D2U7j2XKMl9WMNKzP1oZL1dK7387B
oIVRkZT4B5/uxJ3++mlc+tuJOd8sttzVQH05sbcnIb0Xs6eu/G9zCpOYGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMpyTsyoWaj4Czv/eK7CjKhza5JxMB8GA1UdIwQY
MBaAFGNwPKUMQyrNfxy7p8B9oiAimcpjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTNBOHBReERLczFfSEx1bndIMmlJQ0taeW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9hZjMzNGEtZjliMy00MTlkLWI1OTAt
ZmIwZmIxYzA2Yzc0LzEveW5KT3pLaFpxUGdMT185NHJzS01xSE5ya25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9hZjMzNGEtZjliMy00MTlkLWI1OTAtZmIwZmIxYzA2Yzc0
LzEvWTNBOHBReERLczFfSEx1bndIMmlJQ0taeW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwQPpMA0E
AgACMAcDBQAqEOIAMA0GCSqGSIb3DQEBCwUAA4IBAQABpH9j1pKJl5hMdU+D1fe4
3mkgdqxWd4kx87ovRLXMxydMsd9R7dRGix+TBarFbXDHyzA7xV47SgHSq0fs2Z0s
mPxzOSu9vc/lpQeB4fdMbsZXh9gJ88Ek2+/76kIHU/eTQDnLB4KT56GHVX+L2m4Y
7Sy79J02DvE1JPYLqYt9PG0NKtmnmY5cmHma9pSYhjePmkamd6Damxm+/m+BO4C/
0o8tHJfHDl870aw1Usi/0Egxocaa0NXYX3uEl2+rB0JZq+GfTHgKARLB2RTOnann
VsVQtb8cy0DlpY68tNdPze8Eh/XqzQ5dqzE1wl/4UlHL9tGkccnnEMm+2sdEpHSw
-----END CERTIFICATE-----