Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/y6k6VJ3fp2z-itTYA5T4-IMmwrg.roa
File:                     y6k6VJ3fp2z-itTYA5T4-IMmwrg.roa (raw, json)
Hash identifier:          HriV6Da8ya5aLrCcKMjh06YnUO/KwMahXWLlxIk8Pwo=
Subject key identifier:   CB:A9:3A:54:9D:DF:A7:6C:FE:8A:D4:D8:03:94:F8:F8:83:26:C2:B8
Certificate issuer:       /CN=b4112bb59b0627da23af90c0f0584b71b50f778f
Certificate serial:       018CC6B93DAEE263D67B2A4F6339334B7E30
Authority key identifier: B4:11:2B:B5:9B:06:27:DA:23:AF:90:C0:F0:58:4B:71:B5:0F:77:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/y6k6VJ3fp2z-itTYA5T4-IMmwrg.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49537
IP address blocks:        194.169.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3d:ae:e2:63:d6:7b:2a:4f:63:39:33:4b:7e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4112bb59b0627da23af90c0f0584b71b50f778f
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba93a549ddfa76cfe8ad4d80394f8f88326c2b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d9:09:a5:c1:e3:dd:24:6d:29:02:50:01:66:
                    b3:a5:fd:33:bf:f3:b7:fd:a5:21:ca:a9:c2:d3:8d:
                    86:d3:a7:01:db:51:76:d6:02:d4:c2:9a:f1:1a:2d:
                    07:9d:7c:6a:90:1b:33:81:f5:08:8a:1f:f0:a3:ad:
                    6c:fe:fe:a7:b0:c5:e9:6e:12:31:26:52:79:88:fc:
                    2b:15:31:2e:b1:c8:a5:cf:a5:ac:7d:61:80:89:bc:
                    fb:fe:06:97:e0:bb:0c:47:84:b9:5e:d8:eb:81:ff:
                    e3:35:35:be:a5:50:95:fe:87:69:b4:3e:c6:0c:bc:
                    e0:83:a4:a2:71:9d:ab:ab:bf:11:35:c0:5b:d5:5b:
                    56:78:81:d2:d2:57:d4:f9:6f:cc:2a:07:d2:8f:98:
                    e5:e5:dc:b4:0b:52:7a:d4:4b:f3:63:a5:b2:6d:38:
                    d9:6b:61:c7:84:6d:cc:c8:f1:65:7b:2a:59:2c:b2:
                    c4:51:0c:66:0f:74:90:f3:5c:ed:76:61:24:e2:76:
                    d1:7e:33:32:91:2f:35:e3:d2:9d:df:13:b6:28:fc:
                    f4:e2:16:4a:95:c7:68:78:bc:e0:15:9f:e1:01:81:
                    0d:51:9d:66:c9:10:d6:49:2a:fe:bf:2c:0c:07:c6:
                    e6:18:1c:a9:82:97:ba:af:76:d3:69:f3:81:fd:ce:
                    3e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A9:3A:54:9D:DF:A7:6C:FE:8A:D4:D8:03:94:F8:F8:83:26:C2:B8
            X509v3 Authority Key Identifier:
                keyid:B4:11:2B:B5:9B:06:27:DA:23:AF:90:C0:F0:58:4B:71:B5:0F:77:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/y6k6VJ3fp2z-itTYA5T4-IMmwrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:f5:12:6a:91:99:b2:1e:80:fc:1b:af:08:fa:ff:69:6c:3e:
         00:03:51:77:9c:5c:3a:f5:8e:3d:55:e8:23:50:fc:8c:c5:df:
         53:bf:ee:0d:ac:d2:e3:d1:3b:b7:6d:bb:d2:4d:73:e4:06:b1:
         9a:6f:02:37:64:ad:17:ef:30:e5:d2:cf:ef:fe:39:b0:10:99:
         cd:19:24:c6:90:65:2e:c6:c1:bc:38:31:d4:32:73:2c:12:e0:
         92:be:46:9d:54:e5:9e:d0:17:7b:9e:54:3e:06:fe:4a:d6:2a:
         59:7a:7b:43:f6:01:95:e8:4a:10:b7:39:ac:3b:6f:a8:cd:f9:
         b3:59:fe:d0:91:b5:26:68:eb:c0:53:c9:e4:6f:78:82:7d:8f:
         dd:43:ff:5a:f1:30:f3:be:f1:e0:84:b6:30:e7:68:7e:32:75:
         14:5b:08:29:08:c8:c2:e5:c2:b2:fd:9d:26:89:4f:2d:f8:93:
         46:9c:08:2f:70:c8:4f:6f:7a:0b:14:42:ad:b3:31:af:02:16:
         31:02:91:f0:9b:96:67:0c:39:9a:ac:b1:c2:dc:62:fb:85:c2:
         1f:b5:5a:03:f2:9d:d2:65:42:f8:7e:7e:bd:d9:31:8b:27:df:
         ca:fb:b0:00:05:ad:23:75:36:ea:af:c4:04:74:e9:e2:f7:e4:
         a2:9f:5d:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT2u4mPWeypPYzkzS34wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTEyYmI1OWIwNjI3ZGEyM2FmOTBjMGYwNTg0YjcxYjUw
Zjc3OGYwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE5M2E1NDlkZGZhNzZjZmU4YWQ0ZDgwMzk0ZjhmODgzMjZjMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9kJpcHj3SRtKQJQAWazpf0zv/O3
/aUhyqnC042G06cB21F21gLUwprxGi0HnXxqkBszgfUIih/wo61s/v6nsMXpbhIx
JlJ5iPwrFTEuscilz6WsfWGAibz7/gaX4LsMR4S5Xtjrgf/jNTW+pVCV/odptD7G
DLzgg6SicZ2rq78RNcBb1VtWeIHS0lfU+W/MKgfSj5jl5dy0C1J61EvzY6WybTjZ
a2HHhG3MyPFleypZLLLEUQxmD3SQ81ztdmEk4nbRfjMykS8149Kd3xO2KPz04hZK
lcdoeLzgFZ/hAYENUZ1myRDWSSr+vywMB8bmGBypgpe6r3bTafOB/c4+cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMupOlSd36ds/orU2AOU+PiDJsK4MB8GA1UdIwQY
MBaAFLQRK7WbBifaI6+QwPBYS3G1D3ePMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJFcnRac0dKOW9qcjVEQThGaExjYlVQZDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82N2Q1N2UtZjNkZS00ZDEwLWJkOWQt
ODdhMTBiYzY4YTM3LzEveTZrNlZKM2ZwMnotaXRUWUE1VDQtSU1td3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82N2Q1N2UtZjNkZS00ZDEwLWJkOWQtODdhMTBiYzY4YTM3
LzEvdEJFcnRac0dKOW9qcjVEQThGaExjYlVQZDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnWMA0G
CSqGSIb3DQEBCwUAA4IBAQCK9RJqkZmyHoD8G68I+v9pbD4AA1F3nFw69Y49Vegj
UPyMxd9Tv+4NrNLj0Tu3bbvSTXPkBrGabwI3ZK0X7zDl0s/v/jmwEJnNGSTGkGUu
xsG8ODHUMnMsEuCSvkadVOWe0Bd7nlQ+Bv5K1ipZentD9gGV6EoQtzmsO2+ozfmz
Wf7QkbUmaOvAU8nkb3iCfY/dQ/9a8TDzvvHghLYw52h+MnUUWwgpCMjC5cKy/Z0m
iU8t+JNGnAgvcMhPb3oLFEKtszGvAhYxApHwm5ZnDDmarLHC3GL7hcIftVoD8p3S
ZUL4fn692TGLJ9/K+7AABa0jdTbqr8QEdOni9+Sin118
-----END CERTIFICATE-----