Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/yCFViF0NC-jTQPPi_4P7mjQ5P0w.roa
File:                     yCFViF0NC-jTQPPi_4P7mjQ5P0w.roa (raw, json)
Hash identifier:          u4oIX6ww4rUM6NZ3L4t6ouz6pVyhCHxZ4U+AW8C0Sqc=
Subject key identifier:   C8:21:55:88:5D:0D:0B:E8:D3:40:F3:E2:FF:83:FB:9A:34:39:3F:4C
Certificate issuer:       /CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
Certificate serial:       018CC801140F178EC0549F10EEDFA514E0EE
Authority key identifier: B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/yCFViF0NC-jTQPPi_4P7mjQ5P0w.roa
Signing time:             Tue 02 Jan 2024 02:29:22 +0000
ROA not before:           Tue 02 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        87.198.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:14:0f:17:8e:c0:54:9f:10:ee:df:a5:14:e0:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
        Validity
            Not Before: Jan  2 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c82155885d0d0be8d340f3e2ff83fb9a34393f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:00:35:6a:83:0a:55:1b:e3:ce:31:a6:7c:68:
                    8c:8e:11:d7:7e:f3:06:46:b7:44:3d:bd:f9:9a:5f:
                    a1:6e:f1:df:2d:86:22:dd:f2:2c:65:4a:97:0c:4f:
                    60:2c:ed:ed:ab:fa:e3:1f:b3:d8:3f:b1:5f:fb:2f:
                    11:52:17:db:bb:bb:d2:3b:38:6f:f3:96:95:e4:9a:
                    87:e7:a0:b7:52:8a:2d:8f:67:05:ec:d7:5f:5c:f4:
                    0a:90:bd:9b:c6:94:53:5e:1c:f6:e4:c5:3a:7c:15:
                    e3:7d:0e:29:e1:64:49:9d:e7:aa:d3:0f:a1:6c:cd:
                    59:e0:15:40:c1:ea:e5:62:e6:b0:7b:d7:38:a9:8b:
                    0e:93:25:de:8b:18:2a:29:90:a1:c0:43:91:c9:9e:
                    99:5b:06:1e:5d:cf:1c:8e:a2:26:ac:1b:0e:c9:0d:
                    c5:34:7d:fe:13:28:b4:f4:02:d0:30:db:a1:e7:c0:
                    31:dc:da:e8:32:a2:0b:25:13:17:97:08:e7:d8:43:
                    5b:84:84:41:1a:21:62:cb:06:18:34:57:42:39:ea:
                    dc:8e:8b:23:84:8c:58:3e:37:d3:3f:91:9d:5c:cd:
                    18:49:41:25:6f:eb:7c:9b:0c:3c:78:4e:a8:40:ac:
                    46:08:e1:5f:eb:32:4d:28:8d:83:69:20:cd:19:b9:
                    2a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:21:55:88:5D:0D:0B:E8:D3:40:F3:E2:FF:83:FB:9A:34:39:3F:4C
            X509v3 Authority Key Identifier:
                keyid:B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/yCFViF0NC-jTQPPi_4P7mjQ5P0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.198.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:79:29:1d:d0:dc:d6:64:37:98:fb:20:40:cd:ca:1e:d7:c3:
         4a:30:eb:2e:b7:18:66:4f:dc:eb:c5:40:c4:f6:d9:30:bc:03:
         c3:97:04:56:a0:e8:3d:a2:60:8b:ab:4e:3b:cf:57:3c:77:64:
         24:27:86:a0:8d:14:8d:e1:2b:f8:87:d8:b0:21:ac:fc:80:fb:
         1b:48:a8:21:4c:f8:61:a0:19:bb:82:24:cb:ca:7a:91:34:b3:
         01:47:a7:97:bb:05:3b:63:9e:21:fb:bf:3e:24:21:2b:61:29:
         18:e6:f7:de:6c:81:f6:11:45:c0:64:ca:d2:7e:3b:32:d1:62:
         14:91:1a:1a:d9:9a:0a:e5:4b:6e:76:35:e7:38:ed:61:5f:a7:
         0a:e6:b4:a7:f7:18:89:9e:ed:6a:31:64:0f:82:63:a5:ec:71:
         27:7b:35:69:ea:e9:bd:2c:40:7c:b1:d8:52:95:32:62:26:8f:
         0d:33:12:32:13:fe:63:a0:da:78:cc:19:4f:2d:65:63:e3:2e:
         c4:2b:3c:94:ee:8e:01:75:f0:cf:ce:0a:50:fe:2e:6a:d5:c0:
         f9:89:46:bf:0f:96:87:9b:da:f6:4a:bc:f9:4e:44:65:1b:c4:
         02:08:16:cb:71:89:2d:1e:a9:bd:3d:c8:8a:5a:27:c8:11:db:
         2d:53:21:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARQPF47AVJ8Q7t+lFODuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOGJiNjJhNDdiMWEyYWVkYjcwZjMyZjU4Yzk3OWJhMGM3
NzdmMDYwHhcNMjQwMTAyMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODIxNTU4ODVkMGQwYmU4ZDM0MGYzZTJmZjgzZmI5YTM0MzkzZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQA1aoMKVRvjzjGmfGiMjhHXfvMG
RrdEPb35ml+hbvHfLYYi3fIsZUqXDE9gLO3tq/rjH7PYP7Ff+y8RUhfbu7vSOzhv
85aV5JqH56C3Uootj2cF7NdfXPQKkL2bxpRTXhz25MU6fBXjfQ4p4WRJneeq0w+h
bM1Z4BVAwerlYuawe9c4qYsOkyXeixgqKZChwEORyZ6ZWwYeXc8cjqImrBsOyQ3F
NH3+Eyi09ALQMNuh58Ax3NroMqILJRMXlwjn2ENbhIRBGiFiywYYNFdCOercjosj
hIxYPjfTP5GdXM0YSUElb+t8mww8eE6oQKxGCOFf6zJNKI2DaSDNGbkq3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMghVYhdDQvo00Dz4v+D+5o0OT9MMB8GA1UdIwQY
MBaAFLOLtipHsaKu23DzL1jJeboMd38GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgt
MDYwNWMwODlmYzM4LzEveUNGVmlGME5DLWpUUVBQaV80UDdtalE1UDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgtMDYwNWMwODlmYzM4
LzEvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV8bUMA0G
CSqGSIb3DQEBCwUAA4IBAQBKeSkd0NzWZDeY+yBAzcoe18NKMOsutxhmT9zrxUDE
9tkwvAPDlwRWoOg9omCLq047z1c8d2QkJ4agjRSN4Sv4h9iwIaz8gPsbSKghTPhh
oBm7giTLynqRNLMBR6eXuwU7Y54h+78+JCErYSkY5vfebIH2EUXAZMrSfjsy0WIU
kRoa2ZoK5UtudjXnOO1hX6cK5rSn9xiJnu1qMWQPgmOl7HEnezVp6um9LEB8sdhS
lTJiJo8NMxIyE/5joNp4zBlPLWVj4y7EKzyU7o4BdfDPzgpQ/i5q1cD5iUa/D5aH
m9r2Srz5TkRlG8QCCBbLcYktHqm9PciKWifIEdstUyEw
-----END CERTIFICATE-----