Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e50c70-0a70-45ac-9ad4-326764a68cfb/1/CyPPbBbvJZMI7toNLlEpCBzqEo0.roa
File:                     CyPPbBbvJZMI7toNLlEpCBzqEo0.roa (raw, json)
Hash identifier:          9fuLmuuKEFStHEZHtEymT6/CklZhm7FGMKGfnlY4J0c=
Subject key identifier:   0B:23:CF:6C:16:EF:25:93:08:EE:DA:0D:2E:51:29:08:1C:EA:12:8D
Certificate issuer:       /CN=db83f54f45131d9207c215a098a2a6bcd6ff050b
Certificate serial:       018CC6B92D9998486A756105CEAE32F2B2D9
Authority key identifier: DB:83:F5:4F:45:13:1D:92:07:C2:15:A0:98:A2:A6:BC:D6:FF:05:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/24P1T0UTHZIHwhWgmKKmvNb_BQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e50c70-0a70-45ac-9ad4-326764a68cfb/1/CyPPbBbvJZMI7toNLlEpCBzqEo0.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6461
IP address blocks:        193.34.72.0/23 maxlen: 23
                          193.34.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e50c70-0a70-45ac-9ad4-326764a68cfb/1/24P1T0UTHZIHwhWgmKKmvNb_BQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e50c70-0a70-45ac-9ad4-326764a68cfb/1/24P1T0UTHZIHwhWgmKKmvNb_BQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/24P1T0UTHZIHwhWgmKKmvNb_BQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2d:99:98:48:6a:75:61:05:ce:ae:32:f2:b2:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db83f54f45131d9207c215a098a2a6bcd6ff050b
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b23cf6c16ef259308eeda0d2e5129081cea128d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b2:f2:42:1a:5c:da:2f:55:67:89:e0:54:32:
                    41:f5:6f:53:9c:fe:9f:53:dd:da:77:b6:52:e1:2b:
                    d4:49:63:88:31:99:6c:cc:c7:e5:da:2e:92:af:ea:
                    5e:c8:35:52:b1:e8:d8:ab:d2:d2:60:2c:21:ec:e2:
                    54:b4:c3:83:80:b8:e3:a3:01:44:ae:d0:8f:3c:e6:
                    09:9f:31:4b:8a:e7:a3:2a:90:d6:9d:1b:b0:7f:17:
                    d0:8b:f5:f8:3d:86:a4:c5:38:85:67:da:c2:ea:19:
                    89:e2:4e:fc:b0:dd:41:a5:ff:14:38:26:6d:c1:9e:
                    9f:9a:22:7c:6a:4b:6d:a1:66:f8:fb:4b:9c:5f:e3:
                    a9:bc:4a:5c:01:e4:30:d6:2e:4c:96:8c:a3:f0:73:
                    e9:17:d2:ac:0a:22:3d:39:8d:c6:a4:71:99:80:7f:
                    aa:c2:f2:f4:5b:9b:6d:76:ac:4a:e7:ce:1d:d6:f2:
                    20:e5:83:2e:57:dd:46:53:aa:a0:3e:2f:4c:b1:f5:
                    51:ef:00:b1:c0:a2:42:17:5f:50:ac:6b:45:88:f4:
                    f6:3d:d7:c6:5d:8e:3a:1b:28:e3:fd:95:a0:f9:71:
                    bf:de:c0:79:86:e4:66:3e:98:a0:22:b1:85:ac:aa:
                    f6:06:99:73:32:65:da:52:8a:c3:e4:40:b7:ff:0c:
                    01:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:23:CF:6C:16:EF:25:93:08:EE:DA:0D:2E:51:29:08:1C:EA:12:8D
            X509v3 Authority Key Identifier:
                keyid:DB:83:F5:4F:45:13:1D:92:07:C2:15:A0:98:A2:A6:BC:D6:FF:05:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/24P1T0UTHZIHwhWgmKKmvNb_BQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e50c70-0a70-45ac-9ad4-326764a68cfb/1/CyPPbBbvJZMI7toNLlEpCBzqEo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e50c70-0a70-45ac-9ad4-326764a68cfb/1/24P1T0UTHZIHwhWgmKKmvNb_BQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:34:80:1c:f5:d9:e0:f3:71:76:2b:a6:10:16:5d:93:35:22:
         24:dc:08:7f:d0:b1:0e:5b:c6:95:61:da:31:fb:12:ce:1a:f5:
         2e:bd:e4:c9:06:e9:ba:91:e3:dc:c6:65:b2:45:15:28:39:ff:
         33:c9:8e:91:53:52:bd:d1:e4:98:f4:35:2c:4f:e0:52:bc:6a:
         45:00:26:fe:6b:52:60:49:29:0f:8a:a3:20:cf:21:7f:f7:6c:
         0e:f8:cc:d3:04:cf:78:59:22:fe:50:20:b7:1a:be:23:1c:72:
         85:8f:a4:fe:d3:55:ee:d3:ca:b5:94:d0:06:bd:42:15:88:fc:
         a4:65:d1:1c:34:3c:f7:ff:56:38:4a:a5:fd:89:58:ff:e3:d1:
         51:5c:b8:14:37:b5:d8:99:ce:3c:a7:d1:9a:1c:a9:f5:db:77:
         fb:d6:0c:61:18:ea:81:25:63:27:bd:97:42:4e:9e:6a:1e:40:
         d7:7d:b4:fb:11:b6:ad:0f:93:f1:09:ea:f6:34:e5:9a:85:0a:
         1a:78:d0:f1:87:72:58:0f:fc:86:85:24:38:f6:82:fd:0c:96:
         8f:97:34:dc:c1:aa:50:23:9c:0d:f5:50:5f:dc:25:a5:9d:28:
         28:bb:ca:53:b9:dc:fb:ff:85:3d:a6:b4:20:e9:db:5c:ab:db:
         a2:e3:18:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS2ZmEhqdWEFzq4y8rLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiODNmNTRmNDUxMzFkOTIwN2MyMTVhMDk4YTJhNmJjZDZm
ZjA1MGIwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjIzY2Y2YzE2ZWYyNTkzMDhlZWRhMGQyZTUxMjkwODFjZWExMjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbLyQhpc2i9VZ4ngVDJB9W9TnP6f
U93ad7ZS4SvUSWOIMZlszMfl2i6Sr+peyDVSsejYq9LSYCwh7OJUtMODgLjjowFE
rtCPPOYJnzFLiuejKpDWnRuwfxfQi/X4PYakxTiFZ9rC6hmJ4k78sN1Bpf8UOCZt
wZ6fmiJ8akttoWb4+0ucX+OpvEpcAeQw1i5Mloyj8HPpF9KsCiI9OY3GpHGZgH+q
wvL0W5ttdqxK584d1vIg5YMuV91GU6qgPi9MsfVR7wCxwKJCF19QrGtFiPT2PdfG
XY46Gyjj/ZWg+XG/3sB5huRmPpigIrGFrKr2BplzMmXaUorD5EC3/wwBaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsjz2wW7yWTCO7aDS5RKQgc6hKNMB8GA1UdIwQY
MBaAFNuD9U9FEx2SB8IVoJiiprzW/wULMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjRQMVQwVVRIWklId2hXZ21LS212TmJfQlFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lNTBjNzAtMGE3MC00NWFjLTlhZDQt
MzI2NzY0YTY4Y2ZiLzEvQ3lQUGJCYnZKWk1JN3RvTkxsRXBDQnpxRW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lNTBjNzAtMGE3MC00NWFjLTlhZDQtMzI2NzY0YTY4Y2Zi
LzEvMjRQMVQwVVRIWklId2hXZ21LS212TmJfQlFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSJIMA0G
CSqGSIb3DQEBCwUAA4IBAQBnNIAc9dng83F2K6YQFl2TNSIk3Ah/0LEOW8aVYdox
+xLOGvUuveTJBum6kePcxmWyRRUoOf8zyY6RU1K90eSY9DUsT+BSvGpFACb+a1Jg
SSkPiqMgzyF/92wO+MzTBM94WSL+UCC3Gr4jHHKFj6T+01Xu08q1lNAGvUIViPyk
ZdEcNDz3/1Y4SqX9iVj/49FRXLgUN7XYmc48p9GaHKn123f71gxhGOqBJWMnvZdC
Tp5qHkDXfbT7EbatD5PxCer2NOWahQoaeNDxh3JYD/yGhSQ49oL9DJaPlzTcwapQ
I5wN9VBf3CWlnSgou8pTudz7/4U9prQg6dtcq9ui4xg5
-----END CERTIFICATE-----