Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/yTS4omUImA7JH_aCrNf_3NcsDb8.roa
File:                     yTS4omUImA7JH_aCrNf_3NcsDb8.roa (raw, json)
Hash identifier:          uaFK9p24IJms+WtrudH5Vw/qLH12vdS8MdEMtfdThiA=
Subject key identifier:   C9:34:B8:A2:65:08:98:0E:C9:1F:F6:82:AC:D7:FF:DC:D7:2C:0D:BF
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       018CC801688BC0A64F58EBC356AE716FECCB
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/yTS4omUImA7JH_aCrNf_3NcsDb8.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     286
IP address blocks:        194.151.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:8b:c0:a6:4f:58:eb:c3:56:ae:71:6f:ec:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c934b8a26508980ec91ff682acd7ffdcd72c0dbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fb:90:0b:af:fb:69:d6:12:6d:90:fe:e8:66:
                    9a:d2:7b:0f:ee:2f:6c:ae:de:f9:5b:a7:a5:ff:b5:
                    34:50:0a:8f:5f:22:fb:62:4b:f7:55:18:59:59:30:
                    bd:9d:5d:45:bf:38:3a:66:6b:be:df:93:d7:22:f4:
                    fb:d5:d2:1d:ed:e0:82:55:7a:92:7c:fe:05:98:fc:
                    00:3b:59:80:04:ff:30:96:35:18:ff:5c:12:2e:10:
                    11:15:e2:36:46:c7:d0:21:9b:e5:64:bd:af:9a:b5:
                    d6:91:12:79:af:4e:17:f4:20:49:07:e3:c0:b2:f1:
                    87:3c:c7:ec:c4:db:d0:7c:47:61:cb:9e:1b:8b:84:
                    eb:62:bd:34:6f:3a:8c:92:ba:1d:2f:24:ee:fe:db:
                    75:b1:68:d9:f8:eb:7b:00:06:a9:88:14:98:c2:13:
                    ba:f9:f2:ea:a7:46:9a:2b:65:b0:ec:f9:c5:43:c8:
                    9c:68:81:54:9b:95:74:ff:1c:77:f5:6f:3d:7b:42:
                    96:25:93:77:03:5e:5b:ed:24:8c:d8:e3:72:a1:f5:
                    c5:fc:46:08:a1:5e:85:3e:38:9a:b5:ea:86:3b:8d:
                    6c:92:93:81:5f:2b:1f:27:a2:49:86:b6:ff:fe:aa:
                    95:28:f6:e7:b0:32:85:e4:5f:18:15:cd:a9:de:c8:
                    bf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:34:B8:A2:65:08:98:0E:C9:1F:F6:82:AC:D7:FF:DC:D7:2C:0D:BF
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/yTS4omUImA7JH_aCrNf_3NcsDb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.151.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:65:ab:6a:64:c2:a3:00:71:ef:68:65:0a:18:37:c6:09:01:
         03:d0:e1:4a:eb:78:cc:a7:a8:34:bd:84:91:a1:46:be:be:77:
         22:53:e8:a9:e3:00:6f:34:e1:c0:50:ba:a7:c6:46:75:cc:ee:
         1e:05:33:70:b5:2e:a3:e2:d7:e7:de:4e:b1:2a:f4:9a:45:3e:
         b8:f6:84:9f:40:4a:4d:0a:fe:21:66:61:c8:1c:9a:77:b9:63:
         b8:5c:6d:57:da:a7:33:7f:02:4a:96:92:f3:96:b6:31:72:fb:
         61:1f:2d:44:29:b0:44:c1:1f:e9:d2:81:d5:94:7a:10:57:c3:
         57:00:4c:56:ff:b4:32:38:a7:66:17:cb:cb:c6:0b:bb:33:e2:
         53:fe:e4:ce:5e:e4:48:48:ab:16:9d:5d:9f:32:d7:e0:3e:2a:
         c1:42:9a:df:f0:25:25:ca:19:c4:e2:64:ee:f3:9b:77:60:66:
         3e:ed:b8:93:ff:33:14:58:2a:f5:51:bb:39:2a:81:2d:c5:a0:
         8b:75:f8:49:97:4e:b6:55:d6:df:37:45:af:74:8b:f1:3a:52:
         a1:f8:b2:c3:21:fe:a2:4e:a7:f0:76:3e:10:50:fa:77:c5:8c:
         c2:32:a1:0b:57:8a:8d:ff:8f:52:4b:a4:c7:3a:e4:81:71:73:
         d2:71:c7:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWiLwKZPWOvDVq5xb+zLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTM0YjhhMjY1MDg5ODBlYzkxZmY2ODJhY2Q3ZmZkY2Q3MmMwZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/uQC6/7adYSbZD+6Gaa0nsP7i9s
rt75W6el/7U0UAqPXyL7Ykv3VRhZWTC9nV1Fvzg6Zmu+35PXIvT71dId7eCCVXqS
fP4FmPwAO1mABP8wljUY/1wSLhARFeI2RsfQIZvlZL2vmrXWkRJ5r04X9CBJB+PA
svGHPMfsxNvQfEdhy54bi4TrYr00bzqMkrodLyTu/tt1sWjZ+Ot7AAapiBSYwhO6
+fLqp0aaK2Ww7PnFQ8icaIFUm5V0/xx39W89e0KWJZN3A15b7SSM2ONyofXF/EYI
oV6FPjiateqGO41skpOBXysfJ6JJhrb//qqVKPbnsDKF5F8YFc2p3si/ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk0uKJlCJgOyR/2gqzX/9zXLA2/MB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEveVRTNG9tVUltQTdKSF9hQ3JOZl8zTmNzRGI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpfLMA0G
CSqGSIb3DQEBCwUAA4IBAQBAZatqZMKjAHHvaGUKGDfGCQED0OFK63jMp6g0vYSR
oUa+vnciU+ip4wBvNOHAULqnxkZ1zO4eBTNwtS6j4tfn3k6xKvSaRT649oSfQEpN
Cv4hZmHIHJp3uWO4XG1X2qczfwJKlpLzlrYxcvthHy1EKbBEwR/p0oHVlHoQV8NX
AExW/7QyOKdmF8vLxgu7M+JT/uTOXuRISKsWnV2fMtfgPirBQprf8CUlyhnE4mTu
85t3YGY+7biT/zMUWCr1Ubs5KoEtxaCLdfhJl062VdbfN0WvdIvxOlKh+LLDIf6i
Tqfwdj4QUPp3xYzCMqELV4qN/49SS6THOuSBcXPScccx
-----END CERTIFICATE-----