Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/yO-lTtFGy0wvGfVwPGiON4lJrgk.roa
File:                     yO-lTtFGy0wvGfVwPGiON4lJrgk.roa (raw, json)
Hash identifier:          Xp7x2DGE1wkYPzv83BRwVPJM0Bs2wrE2J3s2zdCfrkg=
Subject key identifier:   C8:EF:A5:4E:D1:46:CB:4C:2F:19:F5:70:3C:68:8E:37:89:49:AE:09
Certificate issuer:       /CN=2e7288982add83642f81a3deba8f856f14e0990a
Certificate serial:       018CC86F5E6F6612926D3F623C6F1A3922A5
Authority key identifier: 2E:72:88:98:2A:DD:83:64:2F:81:A3:DE:BA:8F:85:6F:14:E0:99:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnKImCrdg2QvgaPeuo-FbxTgmQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/yO-lTtFGy0wvGfVwPGiON4lJrgk.roa
Signing time:             Tue 02 Jan 2024 04:29:51 +0000
ROA not before:           Tue 02 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        193.100.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/LnKImCrdg2QvgaPeuo-FbxTgmQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/LnKImCrdg2QvgaPeuo-FbxTgmQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnKImCrdg2QvgaPeuo-FbxTgmQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5e:6f:66:12:92:6d:3f:62:3c:6f:1a:39:22:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e7288982add83642f81a3deba8f856f14e0990a
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8efa54ed146cb4c2f19f5703c688e378949ae09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:88:1d:09:19:97:d8:68:75:cd:5b:13:69:e8:
                    0a:b9:e6:16:6a:ce:84:91:30:02:d1:1e:91:12:68:
                    75:fa:0f:21:ce:5a:96:be:5c:ef:a6:ed:ba:6e:eb:
                    dd:ad:74:17:74:2e:70:45:22:b4:59:6e:5d:10:20:
                    9e:2f:cc:83:46:a4:da:bf:93:8c:1d:1d:02:8c:f1:
                    a1:b5:d4:0c:2c:6d:ec:59:c2:90:4f:f4:c1:57:e6:
                    5f:5e:f1:0f:fb:10:15:2b:a0:80:00:90:1d:ce:40:
                    1d:89:b9:47:f8:b4:ad:99:81:aa:d4:53:11:cb:10:
                    ab:b8:22:d4:3b:13:4c:fe:50:46:84:71:4d:7d:7a:
                    49:ad:5e:b7:ad:b0:f6:12:3a:c0:9b:eb:8f:f7:ef:
                    3c:34:36:5e:cc:65:d1:0a:0a:49:96:25:f1:50:9c:
                    36:b6:5f:b9:03:7b:ac:38:27:52:80:15:a3:f6:35:
                    07:28:82:17:48:fb:b2:73:c2:67:f9:bb:bc:5b:cd:
                    9b:1e:82:58:5e:7c:b1:3e:1a:a0:8f:56:63:8a:0c:
                    76:a7:29:e8:a8:22:8a:c0:0f:25:9a:e3:f6:b1:5d:
                    a1:9b:f5:da:6a:58:2f:95:1f:e4:67:10:13:0f:2f:
                    16:25:7f:f3:27:f7:4f:ed:8e:88:f6:82:02:a6:da:
                    3f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:EF:A5:4E:D1:46:CB:4C:2F:19:F5:70:3C:68:8E:37:89:49:AE:09
            X509v3 Authority Key Identifier:
                keyid:2E:72:88:98:2A:DD:83:64:2F:81:A3:DE:BA:8F:85:6F:14:E0:99:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnKImCrdg2QvgaPeuo-FbxTgmQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/yO-lTtFGy0wvGfVwPGiON4lJrgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/LnKImCrdg2QvgaPeuo-FbxTgmQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:24:79:3b:01:bf:31:52:0a:8c:42:47:98:47:e9:19:34:8e:
         f8:68:ab:c3:a9:de:1b:b0:22:17:a0:67:4a:02:e9:3f:c1:68:
         5e:db:0f:1d:b8:d0:ca:24:b2:02:be:ae:78:12:9d:84:28:2a:
         a1:95:34:dd:a5:1f:e1:05:b5:d3:c3:55:04:5e:a5:ff:03:40:
         d8:67:59:c1:ec:d7:99:9b:15:74:0c:7b:65:01:a1:33:98:f6:
         c9:48:fc:6c:19:e2:66:77:8b:a3:56:76:0d:ec:3f:18:e3:e2:
         75:09:c1:5a:6a:9b:6b:cc:48:77:b3:30:9c:cf:4f:62:bf:46:
         aa:9f:3a:fe:54:6f:62:41:ce:4e:f4:80:34:1d:06:da:f5:71:
         1b:df:e2:34:3d:a1:18:6e:f0:79:ff:e6:40:a9:a4:f1:34:2c:
         36:5a:13:2b:d8:37:64:7f:4d:78:ee:3c:dc:c1:18:f4:af:9c:
         77:61:cf:73:34:60:ac:9b:a4:9f:77:68:d2:91:70:88:04:a1:
         b0:3d:e8:9a:f3:b8:dc:4a:ef:05:59:4e:dc:4a:38:5d:5b:f9:
         91:b3:a0:4d:69:eb:b6:ac:5a:00:01:17:ed:87:06:c3:a0:d9:
         fb:2d:ea:36:77:97:2f:23:f4:50:1f:6a:4c:31:ce:67:83:bb:
         85:e3:94:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb15vZhKSbT9iPG8aOSKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzI4ODk4MmFkZDgzNjQyZjgxYTNkZWJhOGY4NTZmMTRl
MDk5MGEwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGVmYTU0ZWQxNDZjYjRjMmYxOWY1NzAzYzY4OGUzNzg5NDlhZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4gdCRmX2Gh1zVsTaegKueYWas6E
kTAC0R6REmh1+g8hzlqWvlzvpu26buvdrXQXdC5wRSK0WW5dECCeL8yDRqTav5OM
HR0CjPGhtdQMLG3sWcKQT/TBV+ZfXvEP+xAVK6CAAJAdzkAdiblH+LStmYGq1FMR
yxCruCLUOxNM/lBGhHFNfXpJrV63rbD2EjrAm+uP9+88NDZezGXRCgpJliXxUJw2
tl+5A3usOCdSgBWj9jUHKIIXSPuyc8Jn+bu8W82bHoJYXnyxPhqgj1Zjigx2pyno
qCKKwA8lmuP2sV2hm/XaalgvlR/kZxATDy8WJX/zJ/dP7Y6I9oICpto/ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjvpU7RRstMLxn1cDxojjeJSa4JMB8GA1UdIwQY
MBaAFC5yiJgq3YNkL4Gj3rqPhW8U4JkKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5LSW1DcmRnMlF2Z2FQZXVvLUZieFRnbVFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kNWM0NWEtODQ0OC00N2I4LWI1Nzct
YWY5ZDY5NWU5NDBmLzEveU8tbFR0Rkd5MHd2R2ZWd1BHaU9ONGxKcmdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kNWM0NWEtODQ0OC00N2I4LWI1NzctYWY5ZDY5NWU5NDBm
LzEvTG5LSW1DcmRnMlF2Z2FQZXVvLUZieFRnbVFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWTjMA0G
CSqGSIb3DQEBCwUAA4IBAQAtJHk7Ab8xUgqMQkeYR+kZNI74aKvDqd4bsCIXoGdK
Auk/wWhe2w8duNDKJLICvq54Ep2EKCqhlTTdpR/hBbXTw1UEXqX/A0DYZ1nB7NeZ
mxV0DHtlAaEzmPbJSPxsGeJmd4ujVnYN7D8Y4+J1CcFaaptrzEh3szCcz09iv0aq
nzr+VG9iQc5O9IA0HQba9XEb3+I0PaEYbvB5/+ZAqaTxNCw2WhMr2Ddkf0147jzc
wRj0r5x3Yc9zNGCsm6Sfd2jSkXCIBKGwPeia87jcSu8FWU7cSjhdW/mRs6BNaeu2
rFoAARfthwbDoNn7Leo2d5cvI/RQH2pMMc5ng7uF45R1
-----END CERTIFICATE-----