Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/Y2zX4rkD8C4SnMm3JZDbC3qKgnQ.roa
File:                     Y2zX4rkD8C4SnMm3JZDbC3qKgnQ.roa (raw, json)
Hash identifier:          VccoTSnvgZFWBuzxfYsSn1mza3Ui+grBQtjBeXqrxbk=
Subject key identifier:   63:6C:D7:E2:B9:03:F0:2E:12:9C:C9:B7:25:90:DB:0B:7A:8A:82:74
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       018DD666A7D448AEBD192ADE19ACA12A1F3A
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/Y2zX4rkD8C4SnMm3JZDbC3qKgnQ.roa
Signing time:             Fri 23 Feb 2024 14:37:48 +0000
ROA not before:           Fri 23 Feb 2024 14:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        188.208.109.0/24 maxlen: 24
                          188.214.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d6:66:a7:d4:48:ae:bd:19:2a:de:19:ac:a1:2a:1f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: Feb 23 14:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=636cd7e2b903f02e129cc9b72590db0b7a8a8274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5d:74:5f:b2:ea:73:7f:67:89:99:df:60:3f:
                    5b:73:27:c2:6d:80:a1:2c:0d:5e:22:b8:5c:05:30:
                    04:e9:37:f3:3c:0b:8c:09:78:4a:e9:a3:7a:16:47:
                    4b:5b:bf:89:b0:9c:1f:ad:48:22:3f:bc:a3:01:cd:
                    e0:4d:ee:b0:ba:cd:26:9f:69:37:27:c6:ef:28:e0:
                    66:54:37:e4:93:98:45:13:de:50:6a:6b:cd:f4:84:
                    0b:72:b2:7b:7f:a1:ca:17:72:57:5f:2e:b9:58:96:
                    2a:7f:b1:da:21:fc:09:ec:58:17:fa:3a:7c:df:d9:
                    a9:ed:86:27:d9:27:ea:18:b6:bf:ef:8a:4c:c4:f5:
                    0b:0d:c3:28:33:e1:c2:32:50:65:a3:d7:58:2c:ac:
                    9f:fa:05:08:e5:be:39:a4:af:5f:4b:1d:aa:bb:72:
                    ac:be:79:56:61:c9:12:e0:07:d5:fa:cb:10:7c:06:
                    38:62:f7:f6:f5:5a:14:30:bb:1d:81:5b:e5:9e:0d:
                    19:21:d5:a1:7a:e2:2e:da:ae:f5:b0:3f:5e:63:26:
                    1e:f1:f1:bb:57:34:db:30:43:39:37:5e:e2:03:52:
                    ed:30:0c:38:b5:0f:be:26:3a:3a:21:1c:4c:9c:b5:
                    76:59:d7:0e:d3:af:98:27:13:6b:c9:58:b3:02:67:
                    be:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:6C:D7:E2:B9:03:F0:2E:12:9C:C9:B7:25:90:DB:0B:7A:8A:82:74
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/Y2zX4rkD8C4SnMm3JZDbC3qKgnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.208.109.0/24
                  188.214.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:11:07:50:4c:ed:25:b4:c0:03:08:cb:9a:8a:71:2d:1f:ba:
         87:b7:1d:64:a1:bd:1e:c9:08:54:82:00:75:9e:52:3a:9a:30:
         e2:16:71:e2:53:b3:1c:0b:71:0a:5e:7b:da:f8:66:84:ec:6c:
         ba:d8:87:46:e5:a0:37:bc:aa:84:4a:ab:d0:28:03:8c:2f:fd:
         7e:3f:08:5b:82:71:09:7f:a1:79:ed:1a:6f:e0:0a:a4:6f:59:
         44:9f:94:78:84:bc:96:70:90:f3:d1:31:ab:bc:95:97:f9:56:
         a4:a9:cf:fc:dc:9d:5a:e4:3a:b4:43:67:48:5c:a9:03:83:d5:
         3c:3a:24:32:06:ef:d0:bc:28:20:b4:de:30:21:e8:e8:7f:35:
         b1:91:96:7b:c6:b1:cb:ff:94:d9:16:28:68:26:86:72:e6:99:
         23:ce:2f:65:78:09:d6:8e:8d:0c:85:5e:c0:b8:f5:ce:ae:e6:
         99:55:53:b4:f9:4f:7e:cd:4c:af:4d:c7:13:8a:be:e3:30:66:
         2f:e8:a6:69:90:a3:fe:4f:47:1f:36:fe:65:25:db:91:36:f5:
         d7:ae:44:40:67:e6:14:8f:27:89:de:ff:3c:40:22:41:e0:16:
         5e:3a:31:27:2a:4a:52:14:af:22:d7:93:b3:70:9f:03:c5:84:
         df:68:28:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3WZqfUSK69GSreGayhKh86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjQwMjIzMTQzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzZjZDdlMmI5MDNmMDJlMTI5Y2M5YjcyNTkwZGIwYjdhOGE4Mjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwl10X7Lqc39niZnfYD9bcyfCbYCh
LA1eIrhcBTAE6TfzPAuMCXhK6aN6FkdLW7+JsJwfrUgiP7yjAc3gTe6wus0mn2k3
J8bvKOBmVDfkk5hFE95QamvN9IQLcrJ7f6HKF3JXXy65WJYqf7HaIfwJ7FgX+jp8
39mp7YYn2SfqGLa/74pMxPULDcMoM+HCMlBlo9dYLKyf+gUI5b45pK9fSx2qu3Ks
vnlWYckS4AfV+ssQfAY4Yvf29VoUMLsdgVvlng0ZIdWheuIu2q71sD9eYyYe8fG7
VzTbMEM5N17iA1LtMAw4tQ++Jjo6IRxMnLV2WdcO06+YJxNryVizAme+iwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGNs1+K5A/AuEpzJtyWQ2wt6ioJ0MB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEvWTJ6WDRya0Q4QzRTbk1tM0paRGJDM3FLZ25RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvNBtAwQA
vNZeMA0GCSqGSIb3DQEBCwUAA4IBAQACEQdQTO0ltMADCMuainEtH7qHtx1kob0e
yQhUggB1nlI6mjDiFnHiU7McC3EKXnva+GaE7Gy62IdG5aA3vKqESqvQKAOML/1+
PwhbgnEJf6F57Rpv4Aqkb1lEn5R4hLyWcJDz0TGrvJWX+Vakqc/83J1a5Dq0Q2dI
XKkDg9U8OiQyBu/QvCggtN4wIejofzWxkZZ7xrHL/5TZFihoJoZy5pkjzi9leAnW
jo0MhV7AuPXOruaZVVO0+U9+zUyvTccTir7jMGYv6KZpkKP+T0cfNv5lJduRNvXX
rkRAZ+YUjyeJ3v88QCJB4BZeOjEnKkpSFK8i15OzcJ8DxYTfaCgW
-----END CERTIFICATE-----