Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/YjQRbGXQNkyJ4u9GsJ4aQwWyHVg.roa
File:                     YjQRbGXQNkyJ4u9GsJ4aQwWyHVg.roa (raw, json)
Hash identifier:          D42BZO2//ShDG4ZBJaUrO0hH4Q+XHzJ6IQV2bvg3Myw=
Subject key identifier:   62:34:11:6C:65:D0:36:4C:89:E2:EF:46:B0:9E:1A:43:05:B2:1D:58
Certificate issuer:       /CN=909ac4b217a08c348fb2dc9fb7422e1de918f517
Certificate serial:       018CC4254436692F41A5C91B55930421A8C3
Authority key identifier: 90:9A:C4:B2:17:A0:8C:34:8F:B2:DC:9F:B7:42:2E:1D:E9:18:F5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJrEshegjDSPstyft0IuHekY9Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/YjQRbGXQNkyJ4u9GsJ4aQwWyHVg.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57317
IP address blocks:        185.134.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/kJrEshegjDSPstyft0IuHekY9Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/kJrEshegjDSPstyft0IuHekY9Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJrEshegjDSPstyft0IuHekY9Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:44:36:69:2f:41:a5:c9:1b:55:93:04:21:a8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=909ac4b217a08c348fb2dc9fb7422e1de918f517
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6234116c65d0364c89e2ef46b09e1a4305b21d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7e:9f:e0:58:93:3d:31:e9:f2:6c:15:26:25:
                    04:b5:b2:35:70:49:d0:40:b7:9b:66:5d:fd:a7:26:
                    2d:f4:74:ec:42:7b:5c:36:8c:b7:c6:e3:ab:7a:a6:
                    27:a2:74:c7:4f:c9:a2:7b:9d:a7:c8:d5:e9:f1:af:
                    57:9e:a4:da:4d:97:d0:e6:7d:25:c6:0d:33:b2:78:
                    b2:92:3c:14:3d:ad:e9:5a:e3:4f:62:84:69:12:9f:
                    1c:72:64:82:be:a9:a6:a7:c6:5c:68:b3:73:76:19:
                    db:3e:51:79:e7:13:1f:0c:d5:51:b0:8b:b9:22:38:
                    80:28:4f:9f:81:38:c8:1a:85:5a:c0:eb:5e:02:f4:
                    eb:3d:16:16:99:8b:d2:dc:f0:58:44:d2:d0:41:fb:
                    59:73:3c:fd:75:74:c0:56:3d:d3:b2:b3:ff:69:6a:
                    34:23:54:cb:e7:b5:fe:e4:96:e7:94:7d:0e:77:44:
                    f1:b2:31:84:67:95:6c:c8:bf:4f:34:26:66:6f:75:
                    d5:87:df:f8:80:77:a7:1a:e1:1d:84:a2:10:5c:15:
                    e3:23:9b:31:be:6d:7a:98:79:a5:1c:9d:35:f9:5f:
                    f5:aa:5c:7d:66:dc:0d:96:3a:ca:1d:d0:9e:f6:b2:
                    c1:fc:66:95:39:b7:7d:f5:55:95:bf:32:02:db:74:
                    ab:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:34:11:6C:65:D0:36:4C:89:E2:EF:46:B0:9E:1A:43:05:B2:1D:58
            X509v3 Authority Key Identifier:
                keyid:90:9A:C4:B2:17:A0:8C:34:8F:B2:DC:9F:B7:42:2E:1D:E9:18:F5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJrEshegjDSPstyft0IuHekY9Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/YjQRbGXQNkyJ4u9GsJ4aQwWyHVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/kJrEshegjDSPstyft0IuHekY9Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:30:e8:7f:e0:23:48:a5:ff:10:25:5e:6d:6e:d5:7e:96:0c:
         b4:40:22:42:8b:31:22:b8:22:82:dd:5b:b9:be:d6:ae:1a:df:
         87:ee:8d:62:52:6d:85:48:83:13:43:91:b7:30:dc:6f:a2:60:
         43:3f:36:f0:15:e0:77:5c:a0:7a:6e:95:fc:94:66:dd:ea:f9:
         ed:3f:9d:3d:df:41:2d:28:b9:ad:d5:4a:27:9f:24:a1:19:ff:
         12:f4:a8:b6:fa:83:66:eb:a4:64:5e:46:71:f9:f5:35:15:fe:
         c4:35:76:71:99:90:b3:c1:34:33:f7:a9:72:35:1d:48:12:04:
         3f:87:44:8b:08:6a:c2:d5:3e:ca:96:99:c7:20:41:55:46:d1:
         71:a8:87:a7:e5:ed:56:d2:eb:06:78:2b:8a:a5:b6:5d:5b:28:
         57:be:0d:99:0e:1d:e9:27:0d:87:1a:e5:3b:5b:12:23:eb:38:
         fc:7a:df:cd:66:72:74:ef:d8:d1:54:b2:48:29:3f:db:3b:45:
         59:06:72:88:4e:3b:75:af:af:d9:dd:a6:b7:b5:24:fd:5b:6f:
         90:7d:a6:62:69:29:6a:93:98:4a:76:d7:ad:7c:6f:3f:68:28:
         fb:d0:eb:00:2b:f8:80:dc:cb:b7:3c:5e:ce:3a:03:22:07:4a:
         f7:1e:21:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUQ2aS9BpckbVZMEIajDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOWFjNGIyMTdhMDhjMzQ4ZmIyZGM5ZmI3NDIyZTFkZTkx
OGY1MTcwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjM0MTE2YzY1ZDAzNjRjODllMmVmNDZiMDllMWE0MzA1YjIxZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl36f4FiTPTHp8mwVJiUEtbI1cEnQ
QLebZl39pyYt9HTsQntcNoy3xuOreqYnonTHT8mie52nyNXp8a9XnqTaTZfQ5n0l
xg0zsniykjwUPa3pWuNPYoRpEp8ccmSCvqmmp8ZcaLNzdhnbPlF55xMfDNVRsIu5
IjiAKE+fgTjIGoVawOteAvTrPRYWmYvS3PBYRNLQQftZczz9dXTAVj3TsrP/aWo0
I1TL57X+5JbnlH0Od0TxsjGEZ5VsyL9PNCZmb3XVh9/4gHenGuEdhKIQXBXjI5sx
vm16mHmlHJ01+V/1qlx9ZtwNljrKHdCe9rLB/GaVObd99VWVvzIC23Sr8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGI0EWxl0DZMieLvRrCeGkMFsh1YMB8GA1UdIwQY
MBaAFJCaxLIXoIw0j7Lcn7dCLh3pGPUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pyRXNoZWdqRFNQc3R5ZnQwSXVIZWtZOVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xNzQzZGYtMDQ2Mi00Y2FjLTgyNTAt
ZGVkYzUyYTJlZDhmLzEvWWpRUmJHWFFOa3lKNHU5R3NKNGFRd1d5SFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xNzQzZGYtMDQ2Mi00Y2FjLTgyNTAtZGVkYzUyYTJlZDhm
LzEva0pyRXNoZWdqRFNQc3R5ZnQwSXVIZWtZOVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYbyMA0G
CSqGSIb3DQEBCwUAA4IBAQCSMOh/4CNIpf8QJV5tbtV+lgy0QCJCizEiuCKC3Vu5
vtauGt+H7o1iUm2FSIMTQ5G3MNxvomBDPzbwFeB3XKB6bpX8lGbd6vntP50930Et
KLmt1UonnyShGf8S9Ki2+oNm66RkXkZx+fU1Ff7ENXZxmZCzwTQz96lyNR1IEgQ/
h0SLCGrC1T7KlpnHIEFVRtFxqIen5e1W0usGeCuKpbZdWyhXvg2ZDh3pJw2HGuU7
WxIj6zj8et/NZnJ079jRVLJIKT/bO0VZBnKITjt1r6/Z3aa3tST9W2+QfaZiaSlq
k5hKdtetfG8/aCj70OsAK/iA3Mu3PF7OOgMiB0r3HiE4
-----END CERTIFICATE-----