Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/cccac7-4660-4e52-951f-ba0d3b2d36e0/1/Yp7K2ZPpBa57sy538Fx_5qWJZDM.roa
File:                     Yp7K2ZPpBa57sy538Fx_5qWJZDM.roa (raw, json)
Hash identifier:          U+lJnsLPcmU8sqvTntpt/96BPqtIbv1dbRZj7qMXLkE=
Subject key identifier:   62:9E:CA:D9:93:E9:05:AE:7B:B3:2E:77:F0:5C:7F:E6:A5:89:64:33
Certificate issuer:       /CN=93f3fc9678ce5b0273538c78b0b96a13eb0862d9
Certificate serial:       018CC80165CE3671CCA6A33D7FB4E0940342
Authority key identifier: 93:F3:FC:96:78:CE:5B:02:73:53:8C:78:B0:B9:6A:13:EB:08:62:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k_P8lnjOWwJzU4x4sLlqE-sIYtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/cccac7-4660-4e52-951f-ba0d3b2d36e0/1/Yp7K2ZPpBa57sy538Fx_5qWJZDM.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.73.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/cccac7-4660-4e52-951f-ba0d3b2d36e0/1/k_P8lnjOWwJzU4x4sLlqE-sIYtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/cccac7-4660-4e52-951f-ba0d3b2d36e0/1/k_P8lnjOWwJzU4x4sLlqE-sIYtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k_P8lnjOWwJzU4x4sLlqE-sIYtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:ce:36:71:cc:a6:a3:3d:7f:b4:e0:94:03:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93f3fc9678ce5b0273538c78b0b96a13eb0862d9
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=629ecad993e905ae7bb32e77f05c7fe6a5896433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:03:eb:16:5a:f8:e6:23:c8:c2:ca:a4:68:ee:
                    1c:eb:5c:71:92:6c:bd:db:3d:80:5b:d3:40:b0:92:
                    a1:cb:66:43:36:87:4d:70:c3:1d:8e:cb:a3:98:c3:
                    5e:10:2f:48:7d:6f:9b:27:01:bc:da:c4:58:c7:34:
                    8a:36:b1:03:d1:14:6e:e8:88:cf:4a:b5:93:6a:96:
                    b6:4e:9c:08:5b:d1:3b:ca:24:0d:ae:bb:f7:29:7e:
                    33:d9:34:0d:6b:df:6e:61:53:e7:40:74:38:20:fb:
                    db:67:84:3f:83:db:11:35:ea:e0:68:8f:9a:3f:43:
                    fe:5e:d8:ba:62:ce:86:3f:7f:ff:b4:bb:db:f6:bc:
                    a4:52:96:27:43:0a:8b:60:a2:51:ec:c9:0a:69:e3:
                    df:d5:5b:1c:88:98:27:16:9f:02:0e:22:07:4a:27:
                    8e:f1:e4:e0:d0:1f:a2:6e:d7:cb:34:61:ad:5d:ce:
                    e0:52:d3:db:1b:3e:18:67:3c:e3:4f:bd:6d:46:c5:
                    03:cc:e5:0d:83:08:25:7d:43:27:15:01:b7:be:68:
                    ba:41:31:de:0e:22:f4:0d:29:47:64:00:b8:c6:db:
                    9d:c6:31:bf:c1:29:b6:ea:a5:5d:e8:11:38:06:64:
                    81:e3:81:ae:e8:d9:ad:2c:2f:7b:0c:01:53:10:2a:
                    22:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:9E:CA:D9:93:E9:05:AE:7B:B3:2E:77:F0:5C:7F:E6:A5:89:64:33
            X509v3 Authority Key Identifier:
                keyid:93:F3:FC:96:78:CE:5B:02:73:53:8C:78:B0:B9:6A:13:EB:08:62:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k_P8lnjOWwJzU4x4sLlqE-sIYtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/cccac7-4660-4e52-951f-ba0d3b2d36e0/1/Yp7K2ZPpBa57sy538Fx_5qWJZDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/cccac7-4660-4e52-951f-ba0d3b2d36e0/1/k_P8lnjOWwJzU4x4sLlqE-sIYtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.73.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:62:fa:8c:bc:6b:bf:1f:70:23:d1:c9:c6:eb:59:1b:58:dc:
         9c:d9:c6:cd:75:b1:1e:03:48:e5:6d:73:6d:53:a8:13:34:77:
         e1:0e:4e:fb:18:57:07:c0:1e:10:50:bd:24:1d:e1:ea:d9:0d:
         1c:49:4d:da:7e:65:30:41:9b:a4:a7:25:b5:42:c4:55:94:aa:
         48:cd:af:8a:d1:48:7b:83:28:d1:c7:30:9a:17:ca:d3:e7:5f:
         53:ec:52:e7:0c:b1:6e:84:7e:71:64:ed:e9:20:07:cf:7d:0e:
         a9:c8:42:af:7e:d0:34:4f:9a:36:8b:90:24:ed:66:d6:70:62:
         1a:24:a5:da:bf:0f:0c:b6:2a:f9:5b:07:c3:8b:37:d0:23:ed:
         7c:76:0c:01:cc:73:79:6a:5b:ba:4d:88:86:b4:07:52:10:8a:
         cb:55:cc:d7:09:2f:fc:ba:b2:21:70:f9:d1:ac:af:62:8c:0e:
         6a:f9:06:09:58:9d:8e:b9:9a:62:cf:64:dc:38:b0:f1:b2:00:
         b9:1a:59:f3:7a:a7:d6:fb:d9:1f:1d:b8:c7:6c:76:5b:4c:1d:
         a3:49:59:69:d4:4e:8f:56:35:c0:d2:65:06:e9:9b:48:6e:06:
         28:85:51:cb:d3:37:5a:55:41:71:e7:ad:ea:4f:58:87:50:6b:
         39:59:b8:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWXONnHMpqM9f7TglANCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZjNmYzk2NzhjZTViMDI3MzUzOGM3OGIwYjk2YTEzZWIw
ODYyZDkwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjllY2FkOTkzZTkwNWFlN2JiMzJlNzdmMDVjN2ZlNmE1ODk2NDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswPrFlr45iPIwsqkaO4c61xxkmy9
2z2AW9NAsJKhy2ZDNodNcMMdjsujmMNeEC9IfW+bJwG82sRYxzSKNrED0RRu6IjP
SrWTapa2TpwIW9E7yiQNrrv3KX4z2TQNa99uYVPnQHQ4IPvbZ4Q/g9sRNergaI+a
P0P+Xti6Ys6GP3//tLvb9rykUpYnQwqLYKJR7MkKaePf1VsciJgnFp8CDiIHSieO
8eTg0B+ibtfLNGGtXc7gUtPbGz4YZzzjT71tRsUDzOUNgwglfUMnFQG3vmi6QTHe
DiL0DSlHZAC4xtudxjG/wSm26qVd6BE4BmSB44Gu6NmtLC97DAFTECoitwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKeytmT6QWue7Mud/Bcf+aliWQzMB8GA1UdIwQY
MBaAFJPz/JZ4zlsCc1OMeLC5ahPrCGLZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva19QOGxuak9Xd0p6VTR4NHNMbHFFLXNJWXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9jY2NhYzctNDY2MC00ZTUyLTk1MWYt
YmEwZDNiMmQzNmUwLzEvWXA3SzJaUHBCYTU3c3k1MzhGeF81cVdKWkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9jY2NhYzctNDY2MC00ZTUyLTk1MWYtYmEwZDNiMmQzNmUw
LzEva19QOGxuak9Xd0p6VTR4NHNMbHFFLXNJWXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwUn7MA0G
CSqGSIb3DQEBCwUAA4IBAQAkYvqMvGu/H3Aj0cnG61kbWNyc2cbNdbEeA0jlbXNt
U6gTNHfhDk77GFcHwB4QUL0kHeHq2Q0cSU3afmUwQZukpyW1QsRVlKpIza+K0Uh7
gyjRxzCaF8rT519T7FLnDLFuhH5xZO3pIAfPfQ6pyEKvftA0T5o2i5Ak7WbWcGIa
JKXavw8Mtir5WwfDizfQI+18dgwBzHN5alu6TYiGtAdSEIrLVczXCS/8urIhcPnR
rK9ijA5q+QYJWJ2OuZpiz2TcOLDxsgC5GlnzeqfW+9kfHbjHbHZbTB2jSVlp1E6P
VjXA0mUG6ZtIbgYohVHL0zdaVUFx563qT1iHUGs5Wbi3
-----END CERTIFICATE-----