Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/yuB8xS4ekLnmnd5IS56Mscfzgr4.roa
File:                     yuB8xS4ekLnmnd5IS56Mscfzgr4.roa (raw, json)
Hash identifier:          7scHuUZtMhJK9S6UjW8KPRWJq++juWIqOIx2IRP46Fw=
Subject key identifier:   CA:E0:7C:C5:2E:1E:90:B9:E6:9D:DE:48:4B:9E:8C:B1:C7:F3:82:BE
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC727656F627A2AEEBC08A2C33F829CD6
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/yuB8xS4ekLnmnd5IS56Mscfzgr4.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43153
IP address blocks:        85.219.208.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:65:6f:62:7a:2a:ee:bc:08:a2:c3:3f:82:9c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cae07cc52e1e90b9e69dde484b9e8cb1c7f382be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d8:f5:79:7a:8f:44:a0:57:2c:cd:d6:d9:76:
                    a4:ae:c6:fb:bc:d9:45:83:9e:16:8f:fc:6e:90:0f:
                    28:9b:86:b6:b9:16:a5:58:69:4a:3f:4e:00:b7:ab:
                    6e:7c:13:c3:d7:7d:98:3d:ab:8a:f1:84:80:82:3a:
                    3d:58:47:c2:34:89:9d:c2:38:ce:c9:2d:fa:65:6c:
                    62:ba:8c:b8:f8:a1:aa:cc:5d:f7:1b:d9:f1:3f:64:
                    04:20:1d:92:e2:ed:6f:50:8e:01:07:f2:7f:2a:1a:
                    7e:c4:b0:26:e7:8f:06:56:64:a3:37:5b:be:c0:e3:
                    80:a8:0a:cc:51:17:04:c9:30:8d:fb:43:12:76:8b:
                    0d:c6:0f:07:dc:3b:49:fb:4f:9c:06:eb:5f:c0:f5:
                    d0:0d:c8:f3:6f:3d:f5:e8:88:c3:9a:f3:45:c3:35:
                    b3:87:32:51:c3:1e:f3:bf:9c:96:66:e5:76:95:93:
                    5f:fd:e7:92:4f:b1:4c:2f:8a:43:47:1a:35:80:97:
                    ab:db:9b:00:1a:79:0b:3a:3b:90:31:26:d1:7c:c9:
                    9d:1a:82:b3:f3:1f:5b:fa:0b:65:51:e8:b2:20:8b:
                    d8:8e:ab:42:4e:d0:3f:f9:ef:fc:98:12:94:cf:8d:
                    84:37:46:cc:bc:ca:ca:e9:74:f5:5a:bb:67:a9:1c:
                    73:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E0:7C:C5:2E:1E:90:B9:E6:9D:DE:48:4B:9E:8C:B1:C7:F3:82:BE
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/yuB8xS4ekLnmnd5IS56Mscfzgr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:6b:50:f0:17:68:71:45:40:ba:67:57:b2:26:63:1a:18:56:
         7c:f7:97:d5:85:d0:4a:a3:0e:07:72:23:03:8c:9f:98:92:00:
         28:7b:04:d3:7b:8b:b8:6c:67:7d:a0:4d:d7:5f:74:a1:ff:39:
         20:0c:87:37:de:5e:8d:07:16:ad:fe:af:7c:fc:1c:ab:78:56:
         f7:2f:82:84:2f:9e:38:6e:6a:0d:29:a8:78:58:6f:e2:d2:48:
         54:a9:dd:fa:bd:c7:fd:00:6c:ad:40:20:81:67:6e:7d:48:45:
         a4:ed:b6:a8:c4:41:6b:5b:90:e5:b2:5f:92:64:c8:5f:91:ef:
         cb:2a:eb:3c:eb:01:5d:e7:bc:a9:35:b4:bc:38:94:6d:5e:c8:
         fc:9f:56:c3:52:87:a3:0c:95:7b:91:a6:0c:79:e8:50:90:ba:
         14:2a:4a:3c:f7:c8:ab:41:79:ee:64:1e:59:d1:1a:91:ba:69:
         cf:39:8d:30:0f:7f:5f:00:78:4d:27:94:d0:b6:8b:84:3e:d9:
         c4:7c:6e:26:b6:88:c3:49:f8:8a:1e:c3:e8:34:8b:f3:3d:90:
         92:f4:3a:9a:70:20:db:e2:d0:b2:3b:80:a7:3c:3c:d6:7e:21:
         db:ba:cc:6c:81:94:2a:25:f8:fe:ee:d1:fa:81:04:a4:07:7f:
         37:65:e2:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2VvYnoq7rwIosM/gpzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWUwN2NjNTJlMWU5MGI5ZTY5ZGRlNDg0YjllOGNiMWM3ZjM4MmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydj1eXqPRKBXLM3W2Xakrsb7vNlF
g54Wj/xukA8om4a2uRalWGlKP04At6tufBPD132YPauK8YSAgjo9WEfCNImdwjjO
yS36ZWxiuoy4+KGqzF33G9nxP2QEIB2S4u1vUI4BB/J/Khp+xLAm548GVmSjN1u+
wOOAqArMURcEyTCN+0MSdosNxg8H3DtJ+0+cButfwPXQDcjzbz316IjDmvNFwzWz
hzJRwx7zv5yWZuV2lZNf/eeST7FML4pDRxo1gJer25sAGnkLOjuQMSbRfMmdGoKz
8x9b+gtlUeiyIIvYjqtCTtA/+e/8mBKUz42EN0bMvMrK6XT1WrtnqRxzKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrgfMUuHpC55p3eSEuejLHH84K+MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEveXVCOHhTNGVrTG5tbmQ1SVM1Nk1zY2Z6Z3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVdvQMA0G
CSqGSIb3DQEBCwUAA4IBAQAja1DwF2hxRUC6Z1eyJmMaGFZ895fVhdBKow4HciMD
jJ+YkgAoewTTe4u4bGd9oE3XX3Sh/zkgDIc33l6NBxat/q98/ByreFb3L4KEL544
bmoNKah4WG/i0khUqd36vcf9AGytQCCBZ259SEWk7baoxEFrW5Dlsl+SZMhfke/L
Kus86wFd57ypNbS8OJRtXsj8n1bDUoejDJV7kaYMeehQkLoUKko898irQXnuZB5Z
0RqRumnPOY0wD39fAHhNJ5TQtouEPtnEfG4mtojDSfiKHsPoNIvzPZCS9DqacCDb
4tCyO4CnPDzWfiHbusxsgZQqJfj+7tH6gQSkB383ZeJW
-----END CERTIFICATE-----