Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/YTYvpKY9ylRuCRuWa30oU5kcY2M.roa
File:                     YTYvpKY9ylRuCRuWa30oU5kcY2M.roa (raw, json)
Hash identifier:          SWxfa/EAmlCcA71KSV1HmYLm0DgtvVuFsZX+LXJaFZE=
Subject key identifier:   61:36:2F:A4:A6:3D:CA:54:6E:09:1B:96:6B:7D:28:53:99:1C:63:63
Certificate issuer:       /CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
Certificate serial:       018E3D9EC1A368BEE8A3BDBE20E4DE6E4161
Authority key identifier: D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/YTYvpKY9ylRuCRuWa30oU5kcY2M.roa
Signing time:             Thu 14 Mar 2024 15:39:58 +0000
ROA not before:           Thu 14 Mar 2024 15:39:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34701
IP address blocks:        194.143.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:9e:c1:a3:68:be:e8:a3:bd:be:20:e4:de:6e:41:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
        Validity
            Not Before: Mar 14 15:39:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61362fa4a63dca546e091b966b7d2853991c6363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:58:f7:15:0a:67:8e:f1:8f:bf:2e:03:12:db:
                    70:4a:c3:35:d2:71:8a:86:4b:67:c6:94:70:32:01:
                    47:64:1a:68:74:86:ed:b8:90:71:d3:a9:1b:2f:19:
                    34:c5:84:d4:44:73:61:9d:c5:e5:f9:22:e9:2e:aa:
                    8a:42:89:a2:2f:8f:38:73:56:e9:07:b0:78:79:c1:
                    df:0f:ed:7b:e4:74:1f:66:63:b9:af:24:c0:6b:3b:
                    c5:60:e9:e8:f1:a3:d3:7a:28:f5:f0:1f:09:1a:be:
                    95:b0:60:27:f4:ac:47:93:6a:68:6c:83:26:f8:d3:
                    08:95:f0:01:df:e8:1d:ca:da:4a:36:3e:22:40:4e:
                    76:14:8b:1d:44:7b:aa:36:a8:72:98:65:2a:df:84:
                    53:b2:fa:9f:9d:41:87:bd:aa:d4:fe:89:0b:30:7d:
                    86:0b:b1:c6:9f:a9:7f:94:99:ff:99:ca:51:23:cd:
                    25:55:b1:73:9c:65:2a:05:0b:20:63:bf:cc:f8:53:
                    48:5a:f5:5d:44:59:3e:71:5d:52:be:d6:3a:83:31:
                    dc:49:b0:99:55:15:e4:03:ef:51:c5:14:52:08:c4:
                    e9:46:a7:c1:40:0a:bc:80:85:36:d3:8a:1f:65:90:
                    e7:f2:c9:37:d3:8d:92:f1:22:28:9e:04:b3:89:66:
                    a7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:36:2F:A4:A6:3D:CA:54:6E:09:1B:96:6B:7D:28:53:99:1C:63:63
            X509v3 Authority Key Identifier:
                keyid:D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/YTYvpKY9ylRuCRuWa30oU5kcY2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:ae:ff:24:c0:b1:bd:1c:f6:e6:6d:b7:49:d0:83:51:34:c8:
         7f:23:b2:91:e0:2a:ed:15:33:89:4c:72:60:74:c5:b4:64:33:
         32:dd:f6:c4:fd:bf:3b:90:57:1b:58:f0:b6:26:96:12:4a:19:
         7c:d6:04:68:69:e5:08:52:41:80:ff:61:b2:53:b4:10:71:fe:
         56:48:72:f5:d2:92:29:72:85:6a:28:07:f3:1f:55:85:5f:09:
         2f:7c:a6:09:ed:a2:84:f2:e9:09:e2:19:cf:77:79:ce:70:74:
         a0:86:87:46:1b:f3:d6:fe:2c:f3:a8:0d:a7:79:d3:1e:22:9b:
         ec:d8:00:90:21:f3:0c:29:81:25:cc:3c:a4:88:6d:8d:c5:09:
         9e:4c:9b:4d:61:c4:2b:c6:e6:c3:43:0e:67:52:98:8d:a1:1f:
         69:34:3e:69:98:9d:91:ba:4e:18:a8:e3:18:15:c8:7a:22:14:
         de:90:c6:b1:87:26:58:63:3d:ce:15:dd:e3:c4:83:dd:aa:29:
         fa:12:c0:a8:97:a9:fb:68:7b:64:5f:40:68:26:5b:80:d4:81:
         c1:f3:b1:0a:1c:f3:a6:ae:bf:83:a1:2e:fd:f8:26:ed:20:35:
         8c:3b:6a:a1:48:14:c9:15:9d:75:31:7d:4e:65:d7:bd:04:ad:
         f0:8b:39:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY49nsGjaL7oo72+IOTebkFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOGMzODg2YzZlZjUyMjdjMjQ2MjI0Y2M4OTRhODRhNTNi
Y2Y1MWEwHhcNMjQwMzE0MTUzOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTM2MmZhNGE2M2RjYTU0NmUwOTFiOTY2YjdkMjg1Mzk5MWM2MzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlj3FQpnjvGPvy4DEttwSsM10nGK
hktnxpRwMgFHZBpodIbtuJBx06kbLxk0xYTURHNhncXl+SLpLqqKQomiL484c1bp
B7B4ecHfD+175HQfZmO5ryTAazvFYOno8aPTeij18B8JGr6VsGAn9KxHk2pobIMm
+NMIlfAB3+gdytpKNj4iQE52FIsdRHuqNqhymGUq34RTsvqfnUGHvarU/okLMH2G
C7HGn6l/lJn/mcpRI80lVbFznGUqBQsgY7/M+FNIWvVdRFk+cV1SvtY6gzHcSbCZ
VRXkA+9RxRRSCMTpRqfBQAq8gIU204ofZZDn8sk3042S8SIongSziWan6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGE2L6SmPcpUbgkblmt9KFOZHGNjMB8GA1UdIwQY
MBaAFNKMOIbG71InwkYiTMiUqEpTvPUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgt
ZmM0MjE2MjFmZTA4LzEvWVRZdnBLWTl5bFJ1Q1J1V2EzMG9VNWtjWTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgtZmM0MjE2MjFmZTA4
LzEvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwo+cMA0G
CSqGSIb3DQEBCwUAA4IBAQBmrv8kwLG9HPbmbbdJ0INRNMh/I7KR4CrtFTOJTHJg
dMW0ZDMy3fbE/b87kFcbWPC2JpYSShl81gRoaeUIUkGA/2GyU7QQcf5WSHL10pIp
coVqKAfzH1WFXwkvfKYJ7aKE8ukJ4hnPd3nOcHSghodGG/PW/izzqA2nedMeIpvs
2ACQIfMMKYElzDykiG2NxQmeTJtNYcQrxubDQw5nUpiNoR9pND5pmJ2Ruk4YqOMY
Fch6IhTekMaxhyZYYz3OFd3jxIPdqin6EsCol6n7aHtkX0BoJluA1IHB87EKHPOm
rr+DoS79+CbtIDWMO2qhSBTJFZ11MX1OZde9BK3wizkl
-----END CERTIFICATE-----