Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/yKDce5_ZNzkEQNRDCdTC3CL48z4.roa
File:                     yKDce5_ZNzkEQNRDCdTC3CL48z4.roa (raw, json)
Hash identifier:          MuhX3JfYFxbw+ytoczPgteUROe87NgC8FgsqM9UoCaY=
Subject key identifier:   C8:A0:DC:7B:9F:D9:37:39:04:40:D4:43:09:D4:C2:DC:22:F8:F3:3E
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       018CC2DAD151C580F8568A1170F5E4A21D90
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/yKDce5_ZNzkEQNRDCdTC3CL48z4.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        194.6.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d1:51:c5:80:f8:56:8a:11:70:f5:e4:a2:1d:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8a0dc7b9fd937390440d44309d4c2dc22f8f33e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f5:e1:6a:a6:27:65:3b:48:3a:3b:8b:79:b7:
                    b6:fb:e9:42:72:cf:79:4b:c6:c6:66:d8:cc:27:70:
                    a0:72:65:23:b6:ac:57:d4:a0:ee:0f:d8:8e:02:3f:
                    b6:94:1b:7c:94:36:64:56:ec:89:39:07:68:92:47:
                    60:c0:9f:93:a8:4d:a3:cd:7a:ca:08:14:58:eb:65:
                    a5:91:01:08:26:36:88:e7:73:93:3d:bd:34:a1:c4:
                    11:5c:00:ab:63:43:ca:65:d4:e3:82:ed:ab:66:bf:
                    dd:f2:22:3c:67:c0:72:cb:0e:7b:51:71:a6:6f:65:
                    75:e4:c3:49:96:2c:ee:4d:16:43:ad:82:41:3d:b6:
                    fe:eb:7e:53:a9:16:c6:9e:ab:10:fb:d9:be:41:12:
                    46:42:69:3a:ea:19:a9:ea:ed:53:90:2b:95:54:ac:
                    85:65:2b:71:a5:ac:66:44:5e:82:46:57:54:c2:f1:
                    88:a6:cf:9f:c8:aa:52:7e:20:4d:2d:26:f6:59:68:
                    13:7a:19:19:49:08:c4:4d:d4:1d:0f:00:b2:bd:b5:
                    07:19:e1:c8:90:07:34:50:2b:85:e8:47:d9:1c:4c:
                    0f:f8:ca:f0:be:25:75:0f:8b:96:df:ec:65:fa:c9:
                    d3:b0:45:a5:3a:20:30:54:e3:02:03:71:05:b0:dc:
                    9a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A0:DC:7B:9F:D9:37:39:04:40:D4:43:09:D4:C2:DC:22:F8:F3:3E
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/yKDce5_ZNzkEQNRDCdTC3CL48z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:8c:9d:fe:c6:03:f9:17:12:96:a2:03:7c:37:4c:47:cb:d2:
         9d:d9:9b:59:c2:e9:58:27:5e:cc:49:54:b1:e6:0b:72:bb:71:
         5c:b6:75:1b:b0:6e:54:ec:af:f8:02:1d:4a:8d:37:9c:17:11:
         76:43:20:23:23:da:67:e4:f6:d3:2d:c7:f9:54:06:f2:0d:cd:
         9d:4c:72:97:6d:de:02:97:22:3c:61:b4:60:ae:4a:b5:93:f7:
         1a:b3:e9:64:c4:57:ce:4f:86:37:aa:be:c1:25:84:40:dd:4a:
         e4:3c:d4:00:24:1b:bd:a2:8a:07:c4:56:dd:e0:f0:66:a4:fc:
         4a:d0:2f:3b:db:20:7f:c9:b7:b1:7f:5e:b1:97:bd:22:c9:73:
         c0:e5:5f:1e:a5:ba:b9:04:c3:1a:67:65:e1:0e:de:a2:66:97:
         f8:f6:fa:ff:ba:9e:09:ce:d5:c2:ec:a9:b0:da:cf:c6:7d:67:
         bf:90:dd:e4:b1:06:dd:5d:a4:ef:76:36:6b:d3:c6:8f:40:f3:
         54:24:a7:4c:ec:eb:a0:dd:4c:67:0c:18:01:b4:bd:a8:e9:1a:
         52:5f:0c:6b:a1:0b:72:5d:fc:03:f3:f7:f8:17:89:d2:e0:3c:
         7a:10:01:a9:d7:83:e3:5d:47:1d:3a:50:bb:3a:d3:5b:7f:08:
         ca:69:04:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tFRxYD4VooRcPXkoh2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGEwZGM3YjlmZDkzNzM5MDQ0MGQ0NDMwOWQ0YzJkYzIyZjhmMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPXhaqYnZTtIOjuLebe2++lCcs95
S8bGZtjMJ3CgcmUjtqxX1KDuD9iOAj+2lBt8lDZkVuyJOQdokkdgwJ+TqE2jzXrK
CBRY62WlkQEIJjaI53OTPb00ocQRXACrY0PKZdTjgu2rZr/d8iI8Z8Byyw57UXGm
b2V15MNJlizuTRZDrYJBPbb+635TqRbGnqsQ+9m+QRJGQmk66hmp6u1TkCuVVKyF
ZStxpaxmRF6CRldUwvGIps+fyKpSfiBNLSb2WWgTehkZSQjETdQdDwCyvbUHGeHI
kAc0UCuF6EfZHEwP+MrwviV1D4uW3+xl+snTsEWlOiAwVOMCA3EFsNyabQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMig3Huf2Tc5BEDUQwnUwtwi+PM+MB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEveUtEY2U1X1pOemtFUU5SRENkVEMzQ0w0OHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgbvMA0G
CSqGSIb3DQEBCwUAA4IBAQBfjJ3+xgP5FxKWogN8N0xHy9Kd2ZtZwulYJ17MSVSx
5gtyu3FctnUbsG5U7K/4Ah1KjTecFxF2QyAjI9pn5PbTLcf5VAbyDc2dTHKXbd4C
lyI8YbRgrkq1k/cas+lkxFfOT4Y3qr7BJYRA3UrkPNQAJBu9oooHxFbd4PBmpPxK
0C872yB/ybexf16xl70iyXPA5V8epbq5BMMaZ2XhDt6iZpf49vr/up4JztXC7Kmw
2s/GfWe/kN3ksQbdXaTvdjZr08aPQPNUJKdM7Oug3UxnDBgBtL2o6RpSXwxroQty
XfwD8/f4F4nS4Dx6EAGp14PjXUcdOlC7OtNbfwjKaQQ/
-----END CERTIFICATE-----