Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/yvsLrEzSUKVV9YqeU0Lftt1DVd0.roa
File:                     yvsLrEzSUKVV9YqeU0Lftt1DVd0.roa (raw, json)
Hash identifier:          ophJHKsMbBEv9Ysh5GeC94WH9SrnyEu7YP10uM6VTG0=
Subject key identifier:   CA:FB:0B:AC:4C:D2:50:A5:55:F5:8A:9E:53:42:DF:B6:DD:43:55:DD
Certificate issuer:       /CN=4c61d118479b5222ef0f864167cac5b4c07cc219
Certificate serial:       018CC8DE304E0D266FC3BCA2E615ADC48A45
Authority key identifier: 4C:61:D1:18:47:9B:52:22:EF:0F:86:41:67:CA:C5:B4:C0:7C:C2:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TGHRGEebUiLvD4ZBZ8rFtMB8whk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/yvsLrEzSUKVV9YqeU0Lftt1DVd0.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196858
IP address blocks:        213.5.200.0/21 maxlen: 21
                          2001:67c:188c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/TGHRGEebUiLvD4ZBZ8rFtMB8whk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/TGHRGEebUiLvD4ZBZ8rFtMB8whk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TGHRGEebUiLvD4ZBZ8rFtMB8whk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:30:4e:0d:26:6f:c3:bc:a2:e6:15:ad:c4:8a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c61d118479b5222ef0f864167cac5b4c07cc219
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cafb0bac4cd250a555f58a9e5342dfb6dd4355dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:93:86:83:f8:61:71:94:f9:f1:77:19:e5:
                    69:a3:4a:b4:1c:1e:de:fa:33:20:55:1c:f1:4c:ca:
                    33:f0:b3:42:a5:b0:0e:bd:78:b7:dc:1d:70:d9:79:
                    71:1c:ff:66:01:7c:c6:e5:c9:0c:d7:6d:d8:26:ea:
                    44:88:03:64:40:dd:71:a9:42:06:60:cd:cb:5f:93:
                    f9:1f:a3:4a:04:55:e6:0c:f7:59:6d:63:e8:02:ca:
                    4f:ad:1a:bf:1b:92:bc:4f:c0:c3:0e:7e:c8:9b:d8:
                    82:b1:91:87:2d:c0:bc:00:11:dd:40:a1:01:33:f1:
                    71:68:55:1c:69:38:ab:d9:69:b9:1b:18:23:dd:d6:
                    b9:de:39:10:9e:b1:b9:5f:eb:08:fd:64:e2:b2:06:
                    43:0a:e4:64:9a:ba:85:08:e9:03:ff:82:ac:6b:70:
                    8f:3e:26:fa:2f:a1:02:be:eb:04:9f:b2:72:e6:a7:
                    c6:7c:30:ce:5d:66:41:09:1d:32:33:4d:a8:e6:8f:
                    5d:52:02:be:a1:ab:0b:39:f2:a6:cf:51:60:82:b0:
                    2e:c9:28:ae:e5:82:59:ff:1d:69:c9:1a:d1:53:b9:
                    c0:d8:6a:ac:48:f7:d0:ec:b1:ca:bf:81:fa:f6:e6:
                    3d:69:89:9c:aa:08:4f:8b:a5:a9:8b:21:be:db:f4:
                    61:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FB:0B:AC:4C:D2:50:A5:55:F5:8A:9E:53:42:DF:B6:DD:43:55:DD
            X509v3 Authority Key Identifier:
                keyid:4C:61:D1:18:47:9B:52:22:EF:0F:86:41:67:CA:C5:B4:C0:7C:C2:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TGHRGEebUiLvD4ZBZ8rFtMB8whk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/yvsLrEzSUKVV9YqeU0Lftt1DVd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/TGHRGEebUiLvD4ZBZ8rFtMB8whk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.200.0/21
                IPv6:
                  2001:67c:188c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:92:6f:a0:4e:42:82:f6:2f:6c:8c:bd:1a:b5:24:4c:4d:da:
         43:cb:ea:f7:fe:87:7b:22:d3:9b:29:0c:b2:01:c9:f4:9a:fc:
         ed:1e:db:12:49:19:e5:67:3c:94:72:42:e4:b7:0f:fc:d0:51:
         fc:a3:9c:9c:2b:f7:07:7a:9f:af:47:d9:93:42:0e:25:29:f7:
         a5:a9:3f:4f:79:ad:89:bc:6b:4d:e0:c7:98:6d:7f:f5:3d:46:
         d1:d0:cd:a7:00:68:49:3e:46:1d:07:6d:8a:6b:1d:4d:1b:0b:
         cf:fb:6c:c1:59:6c:c6:bb:7c:9b:da:ea:4a:36:0a:8d:bd:40:
         c5:cd:ed:55:9f:c7:56:3b:43:96:54:bd:c2:8a:d2:b4:c0:7c:
         75:2e:e7:14:ba:53:17:a5:2c:b3:ec:25:ad:b3:ff:0f:25:4f:
         7e:fb:0a:1a:db:25:2d:95:5d:71:91:35:a2:97:59:f5:d6:0e:
         84:a5:0e:b8:27:42:54:9b:30:a0:bb:6b:33:63:ba:8f:1e:cf:
         79:97:39:d1:bf:0e:86:a1:ba:55:a8:98:1b:52:60:01:8f:16:
         a5:11:5d:bc:1c:98:a8:34:55:fc:98:b4:35:c9:73:88:0f:0e:
         23:05:2c:0f:00:a0:0c:ec:9e:c3:ec:5c:68:e9:79:a5:ed:61:
         59:72:cf:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3jBODSZvw7yi5hWtxIpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNjFkMTE4NDc5YjUyMjJlZjBmODY0MTY3Y2FjNWI0YzA3
Y2MyMTkwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZiMGJhYzRjZDI1MGE1NTVmNThhOWU1MzQyZGZiNmRkNDM1NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/WThoP4YXGU+fF3GeVpo0q0HB7e
+jMgVRzxTMoz8LNCpbAOvXi33B1w2XlxHP9mAXzG5ckM123YJupEiANkQN1xqUIG
YM3LX5P5H6NKBFXmDPdZbWPoAspPrRq/G5K8T8DDDn7Im9iCsZGHLcC8ABHdQKEB
M/FxaFUcaTir2Wm5Gxgj3da53jkQnrG5X+sI/WTisgZDCuRkmrqFCOkD/4Ksa3CP
Pib6L6ECvusEn7Jy5qfGfDDOXWZBCR0yM02o5o9dUgK+oasLOfKmz1FggrAuySiu
5YJZ/x1pyRrRU7nA2GqsSPfQ7LHKv4H69uY9aYmcqghPi6WpiyG+2/RhbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMr7C6xM0lClVfWKnlNC37bdQ1XdMB8GA1UdIwQY
MBaAFExh0RhHm1Ii7w+GQWfKxbTAfMIZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEdIUkdFZWJVaUx2RDRaQlo4ckZ0TUI4d2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC82ZTlkZmQtY2U0Ny00ZTYxLWEzMTUt
ZTVhYTc0NzAwZjlkLzEveXZzTHJFelNVS1ZWOVlxZVUwTGZ0dDFEVmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC82ZTlkZmQtY2U0Ny00ZTYxLWEzMTUtZTVhYTc0NzAwZjlk
LzEvVEdIUkdFZWJVaUx2RDRaQlo4ckZ0TUI4d2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQD1QXIMA8E
AgACMAkDBwAgAQZ8GIwwDQYJKoZIhvcNAQELBQADggEBAG+Sb6BOQoL2L2yMvRq1
JExN2kPL6vf+h3si05spDLIByfSa/O0e2xJJGeVnPJRyQuS3D/zQUfyjnJwr9wd6
n69H2ZNCDiUp96WpP095rYm8a03gx5htf/U9RtHQzacAaEk+Rh0HbYprHU0bC8/7
bMFZbMa7fJva6ko2Co29QMXN7VWfx1Y7Q5ZUvcKK0rTAfHUu5xS6UxelLLPsJa2z
/w8lT377ChrbJS2VXXGRNaKXWfXWDoSlDrgnQlSbMKC7azNjuo8ez3mXOdG/Doah
ulWomBtSYAGPFqURXbwcmKg0VfyYtDXJc4gPDiMFLA8AoAzsnsPsXGjpeaXtYVly
zzo=
-----END CERTIFICATE-----