Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/_yuoAy9njLKeb5tPlGNLxrAXaUI.roa
File:                     _yuoAy9njLKeb5tPlGNLxrAXaUI.roa (raw, json)
Hash identifier:          rlzbWujbZ5/BRDanfhgMJKZatlxB0Zi99gvognK0Nng=
Subject key identifier:   FF:2B:A8:03:2F:67:8C:B2:9E:6F:9B:4F:94:63:4B:C6:B0:17:69:42
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01924413011BC305CE9DC83188592E893B65
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/_yuoAy9njLKeb5tPlGNLxrAXaUI.roa
Signing time:             Mon 30 Sep 2024 17:55:49 +0000
ROA not before:           Mon 30 Sep 2024 17:55:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        185.176.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:44:13:01:1b:c3:05:ce:9d:c8:31:88:59:2e:89:3b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Sep 30 17:55:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff2ba8032f678cb29e6f9b4f94634bc6b0176942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c1:80:4d:76:b7:f5:cc:c5:a1:7d:f9:4e:01:
                    68:77:10:53:91:36:10:37:2b:d6:bd:f5:94:af:f5:
                    25:a9:3d:7d:93:d6:0a:42:4a:31:a3:e1:8a:a7:c1:
                    f4:06:1b:03:7a:a1:61:ad:03:a1:c0:16:ec:c2:0e:
                    66:b1:7d:ee:7f:31:c6:7d:3f:d6:8e:a6:13:d5:43:
                    ab:61:a1:27:00:bf:95:1e:ee:3d:f9:31:36:0b:93:
                    28:84:92:cb:16:fe:1c:f4:80:f0:ec:f9:f0:6a:e5:
                    a6:2f:65:5c:c5:0d:5d:e1:6c:98:43:97:8e:48:08:
                    9d:f7:df:aa:b9:13:12:06:ae:b9:73:29:d1:5c:3f:
                    09:46:dc:6c:d0:62:dd:d6:5b:62:c2:7d:66:2d:83:
                    75:bf:f7:10:74:cc:c0:f1:00:18:f6:60:3c:5c:cb:
                    4a:de:2c:eb:64:4d:54:a2:ce:ed:3e:5b:31:8b:fd:
                    d9:0c:8f:b5:f2:13:ab:cb:d5:88:f7:31:1d:d1:82:
                    86:b7:fb:16:72:8d:8f:b8:53:f3:5b:81:11:eb:80:
                    30:5f:7f:fb:22:66:9a:44:96:00:bf:d3:7c:f2:87:
                    73:a8:d9:b0:26:3c:50:14:8e:c1:59:82:3a:fa:c3:
                    81:1e:9e:0e:bc:5d:71:49:1a:e0:31:77:3e:d2:6d:
                    2c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:2B:A8:03:2F:67:8C:B2:9E:6F:9B:4F:94:63:4B:C6:B0:17:69:42
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/_yuoAy9njLKeb5tPlGNLxrAXaUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7f:2b:e8:3f:88:d4:95:02:2c:4c:dc:22:bb:a6:e5:5e:90:
         a0:cf:88:26:94:c2:aa:33:86:37:26:df:9e:77:d2:60:fe:55:
         84:53:04:aa:ee:8c:da:ed:ff:7a:af:ab:e3:fc:88:87:cf:d2:
         1f:f6:20:ee:ea:dd:c5:fe:16:37:aa:dc:e7:19:78:be:ec:d7:
         43:c4:4a:f7:22:cf:83:f9:25:3e:8a:d6:1c:71:cd:29:40:cc:
         00:77:86:14:dd:f8:ed:65:ec:30:07:08:bc:e0:da:85:1f:4e:
         c1:a2:48:db:9f:24:6b:4d:61:7f:63:23:8d:66:b6:54:73:7f:
         5e:ed:4b:9b:a0:ea:d8:ad:36:59:88:d5:0e:c3:72:10:7b:d4:
         c7:c3:03:c1:f5:17:74:4e:13:e8:7c:14:0f:2f:7a:d2:9e:1c:
         15:1b:cb:a6:20:36:87:72:fa:9f:5b:7a:13:ee:ab:ee:3d:ef:
         0e:2a:67:81:65:b3:19:ee:22:25:d9:6e:77:bd:f6:58:bc:1d:
         e6:92:1f:75:14:9d:01:b4:bb:bd:38:bb:7b:90:97:fd:a6:14:
         35:1c:a3:8c:6e:3a:dd:04:7f:19:ee:f0:d2:1b:3f:52:76:80:
         5a:ba:8c:bb:52:22:03:79:44:61:3d:f5:96:ef:f5:5f:d2:8a:
         0d:ec:02:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJEEwEbwwXOncgxiFkuiTtlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjQwOTMwMTc1NTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjJiYTgwMzJmNjc4Y2IyOWU2ZjliNGY5NDYzNGJjNmIwMTc2OTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcGATXa39czFoX35TgFodxBTkTYQ
NyvWvfWUr/UlqT19k9YKQkoxo+GKp8H0BhsDeqFhrQOhwBbswg5msX3ufzHGfT/W
jqYT1UOrYaEnAL+VHu49+TE2C5MohJLLFv4c9IDw7PnwauWmL2VcxQ1d4WyYQ5eO
SAid99+quRMSBq65cynRXD8JRtxs0GLd1ltiwn1mLYN1v/cQdMzA8QAY9mA8XMtK
3izrZE1Uos7tPlsxi/3ZDI+18hOry9WI9zEd0YKGt/sWco2PuFPzW4ER64AwX3/7
ImaaRJYAv9N88odzqNmwJjxQFI7BWYI6+sOBHp4OvF1xSRrgMXc+0m0sawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8rqAMvZ4yynm+bT5RjS8awF2lCMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvX3l1b0F5OW5qTEtlYjV0UGxHTkx4ckFYYVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBeMA0G
CSqGSIb3DQEBCwUAA4IBAQA+fyvoP4jUlQIsTNwiu6blXpCgz4gmlMKqM4Y3Jt+e
d9Jg/lWEUwSq7oza7f96r6vj/IiHz9If9iDu6t3F/hY3qtznGXi+7NdDxEr3Is+D
+SU+itYccc0pQMwAd4YU3fjtZewwBwi84NqFH07BokjbnyRrTWF/YyONZrZUc39e
7UuboOrYrTZZiNUOw3IQe9THwwPB9Rd0ThPofBQPL3rSnhwVG8umIDaHcvqfW3oT
7qvuPe8OKmeBZbMZ7iIl2W53vfZYvB3mkh91FJ0BtLu9OLt7kJf9phQ1HKOMbjrd
BH8Z7vDSGz9SdoBauoy7UiIDeURhPfWW7/Vf0ooN7AJK
-----END CERTIFICATE-----