Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/YveZ-RhuAtNzmPQjob_Nrtt17n8.roa
File:                     YveZ-RhuAtNzmPQjob_Nrtt17n8.roa (raw, json)
Hash identifier:          LgN8vB4iddrvQtRnMutlS61UmEw4qglDMWCuLZUvQUs=
Subject key identifier:   62:F7:99:F9:18:6E:02:D3:73:98:F4:23:A1:BF:CD:AE:DB:75:EE:7F
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCB9E0D76B56241D283B9BCC6B5A2B
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/YveZ-RhuAtNzmPQjob_Nrtt17n8.roa
Signing time:             Tue 02 Jan 2024 10:33:57 +0000
ROA not before:           Tue 02 Jan 2024 10:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31627
IP address blocks:        195.76.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b9:e0:d7:6b:56:24:1d:28:3b:9b:cc:6b:5a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62f799f9186e02d37398f423a1bfcdaedb75ee7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f0:0b:14:2d:ae:95:9d:aa:63:1d:12:45:f3:
                    39:8b:24:85:2e:97:86:a6:ea:85:bf:da:0e:78:ad:
                    68:59:0a:18:0b:d0:0c:92:5f:a0:85:e2:02:d7:de:
                    d9:0d:63:7e:a5:66:62:3c:25:11:76:c2:70:ce:7a:
                    4d:35:c1:0a:65:af:8b:46:ec:7d:be:df:af:df:7c:
                    06:49:b9:50:b0:80:12:ae:87:74:fb:34:2a:00:63:
                    a9:2b:b8:30:d9:94:f7:af:32:e3:67:ad:b3:73:5e:
                    70:9e:fb:2a:b3:ff:0f:2d:64:a5:b0:02:b4:40:13:
                    3d:5e:da:b4:e1:dd:9a:1e:bc:48:87:a6:89:d8:a6:
                    2b:f7:32:3f:e8:82:11:f9:4b:e4:88:a8:27:50:b6:
                    67:e6:2a:ab:eb:a5:fc:d8:5e:60:12:d7:e4:36:e5:
                    2a:87:28:a2:d2:d4:30:c1:30:15:4c:80:bb:64:b0:
                    e3:7f:91:55:4f:08:05:5c:8c:af:6c:8b:c7:ab:2b:
                    6a:a5:0e:d3:53:30:9a:c3:f9:e5:58:f5:82:57:ad:
                    2c:0c:21:08:f0:83:9c:86:95:34:cb:4e:2c:96:65:
                    df:67:65:8a:97:40:6a:ba:b7:3c:e7:33:59:19:1c:
                    31:0f:e3:db:2a:9c:f9:b5:36:f5:8d:2f:c1:f7:3d:
                    25:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F7:99:F9:18:6E:02:D3:73:98:F4:23:A1:BF:CD:AE:DB:75:EE:7F
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/YveZ-RhuAtNzmPQjob_Nrtt17n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.76.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:a8:a5:96:16:eb:fe:c7:1a:ee:e3:9b:5b:78:52:ec:bd:2a:
         46:f0:fd:69:6d:cd:77:c1:76:12:86:39:1c:89:e0:8c:a4:2f:
         3c:41:ef:90:a5:59:23:a3:1e:f9:d8:55:91:78:aa:bd:90:fb:
         e3:7a:28:20:0a:a2:e2:2b:d5:1f:52:0f:e6:a2:26:ce:87:4e:
         a8:f0:0c:29:d2:46:d4:85:d9:ab:0a:a2:30:66:fa:48:b7:2e:
         87:52:64:ec:a0:1e:79:ae:e0:13:0b:99:69:f8:16:e6:39:e2:
         d5:e5:7f:b3:48:8d:51:0e:4f:3e:29:65:65:fc:75:3a:47:ea:
         70:a2:a3:7d:a5:86:61:48:f3:07:c2:71:71:4f:01:1e:12:d8:
         93:3f:d4:ff:ee:d6:90:09:15:94:18:74:d5:41:f8:04:0c:e6:
         49:21:6f:9a:47:0f:87:2e:0b:b1:c0:70:1a:c1:1a:ef:49:a0:
         f2:09:09:e9:a3:c6:01:af:1f:97:d8:6d:b0:07:23:54:ee:29:
         aa:41:f8:86:33:e0:f1:c5:80:0d:45:42:d8:41:13:fe:3a:15:
         30:3e:08:30:61:84:a8:1e:1d:6c:f5:d1:ce:af:e8:c1:b6:09:
         18:8b:29:20:4e:00:18:ac:e2:86:ae:64:40:42:e0:74:47:5f:
         28:dc:3c:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLng12tWJB0oO5vMa1orMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmY3OTlmOTE4NmUwMmQzNzM5OGY0MjNhMWJmY2RhZWRiNzVlZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPALFC2ulZ2qYx0SRfM5iySFLpeG
puqFv9oOeK1oWQoYC9AMkl+gheIC197ZDWN+pWZiPCURdsJwznpNNcEKZa+LRux9
vt+v33wGSblQsIASrod0+zQqAGOpK7gw2ZT3rzLjZ62zc15wnvsqs/8PLWSlsAK0
QBM9Xtq04d2aHrxIh6aJ2KYr9zI/6IIR+UvkiKgnULZn5iqr66X82F5gEtfkNuUq
hyii0tQwwTAVTIC7ZLDjf5FVTwgFXIyvbIvHqytqpQ7TUzCaw/nlWPWCV60sDCEI
8IOchpU0y04slmXfZ2WKl0Bqurc85zNZGRwxD+PbKpz5tTb1jS/B9z0ldwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGL3mfkYbgLTc5j0I6G/za7bde5/MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvWXZlWi1SaHVBdE56bVBRam9iX05ydHQxN244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0wJMA0G
CSqGSIb3DQEBCwUAA4IBAQDCqKWWFuv+xxru45tbeFLsvSpG8P1pbc13wXYShjkc
ieCMpC88Qe+QpVkjox752FWReKq9kPvjeiggCqLiK9UfUg/moibOh06o8Awp0kbU
hdmrCqIwZvpIty6HUmTsoB55ruATC5lp+BbmOeLV5X+zSI1RDk8+KWVl/HU6R+pw
oqN9pYZhSPMHwnFxTwEeEtiTP9T/7taQCRWUGHTVQfgEDOZJIW+aRw+HLguxwHAa
wRrvSaDyCQnpo8YBrx+X2G2wByNU7imqQfiGM+DxxYANRULYQRP+OhUwPggwYYSo
Hh1s9dHOr+jBtgkYiykgTgAYrOKGrmRAQuB0R18o3DwM
-----END CERTIFICATE-----