Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/ywO3inH8uRbqObf-KXhS8jV4gBs.roa
File:                     ywO3inH8uRbqObf-KXhS8jV4gBs.roa (raw, json)
Hash identifier:          p4RDTBd368w3k9IjoCJ9+5SbvsmClt83TVMbl2FBivw=
Subject key identifier:   CB:03:B7:8A:71:FC:B9:16:EA:39:B7:FE:29:78:52:F2:35:78:80:1B
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       018CC94CDDCDE794CECAF62D97FD4FE64555
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/ywO3inH8uRbqObf-KXhS8jV4gBs.roa
Signing time:             Tue 02 Jan 2024 08:31:47 +0000
ROA not before:           Tue 02 Jan 2024 08:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136620
IP address blocks:        144.48.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:dd:cd:e7:94:ce:ca:f6:2d:97:fd:4f:e6:45:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  2 08:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb03b78a71fcb916ea39b7fe297852f23578801b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:06:35:c9:b7:87:75:e1:7b:75:41:d5:28:36:
                    f8:23:d8:bf:a4:16:d5:76:f0:a0:c5:2c:9f:40:16:
                    36:ee:40:0f:89:48:eb:97:38:86:29:0f:60:ab:55:
                    8d:c1:87:6f:7b:e9:ec:25:b7:8b:fe:84:fa:5b:66:
                    2e:95:ee:8a:5d:be:12:dd:8e:2a:e7:8a:63:e2:21:
                    d6:64:f8:96:16:f6:b8:f5:f6:43:ef:c8:5c:58:e1:
                    1d:ee:a8:e0:f1:9a:1a:76:bf:68:31:3d:29:1b:b4:
                    8a:c0:7a:a8:20:79:cb:ce:75:99:7b:41:72:f2:bd:
                    65:1d:06:2c:44:81:cf:f1:99:55:66:1b:48:d4:64:
                    55:c2:a6:16:8e:31:cb:ba:45:9c:db:f8:4e:8e:9c:
                    3d:bc:15:c0:90:5d:2d:bf:ff:0d:bf:75:8b:e5:4b:
                    1f:ef:52:c8:1a:0b:76:e5:aa:0c:c7:23:a1:da:77:
                    80:85:a4:d5:4a:55:67:f4:82:21:8f:54:67:e0:24:
                    8d:5f:26:78:71:33:c8:8e:8a:0e:d1:2e:c2:f5:47:
                    39:f3:84:9d:1f:33:67:84:1a:7e:db:06:4a:53:69:
                    7f:bd:8d:c8:46:f7:04:67:bb:c0:59:30:43:ac:50:
                    31:ed:00:12:97:f9:c7:99:89:d6:84:7c:c3:31:ce:
                    d6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:03:B7:8A:71:FC:B9:16:EA:39:B7:FE:29:78:52:F2:35:78:80:1B
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/ywO3inH8uRbqObf-KXhS8jV4gBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d7:ef:32:1e:e9:90:bf:51:95:e6:b5:7e:d8:43:65:37:83:
         66:fc:73:ea:d6:4c:64:a7:a6:0a:63:2b:b8:3a:ab:d4:89:66:
         1e:4f:a7:ca:d1:31:84:d6:01:1e:6c:2f:c2:b4:ec:b3:76:c0:
         ca:3f:ce:3f:38:c2:e6:2a:3a:6b:a0:04:68:e2:e5:85:e1:d8:
         95:10:4b:00:6d:23:dd:4a:28:36:6e:4e:f8:47:d0:97:3e:6d:
         cb:81:01:73:b4:a8:fc:49:f6:c3:34:31:6d:f4:88:12:48:0f:
         b2:1c:55:15:3f:cf:ca:f7:9e:27:20:76:ba:df:a6:ae:a4:82:
         ba:84:c1:92:e3:f2:a9:25:40:8b:7c:81:59:c3:6c:fd:2e:71:
         3c:3a:03:17:44:c6:57:a6:6f:12:04:7d:bc:87:d8:72:7d:2d:
         a9:64:ec:b4:45:5b:d3:bf:7c:48:60:be:ec:5f:42:60:76:60:
         c6:bf:9e:2f:dd:e2:da:28:bb:94:b7:a3:fd:7b:68:44:a6:ae:
         3c:dd:d6:4b:6b:2f:0d:3f:da:c4:37:c8:10:6f:27:c1:b0:a0:
         e8:c3:80:17:05:1f:9e:7d:cd:0b:84:15:ab:3e:39:d7:c0:bf:
         ed:b2:b3:47:b6:69:e3:ae:3c:d1:22:f3:d8:98:9b:ff:88:e8:
         04:8a:df:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTN3N55TOyvYtl/1P5kVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjQwMTAyMDgzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjAzYjc4YTcxZmNiOTE2ZWEzOWI3ZmUyOTc4NTJmMjM1Nzg4MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwY1ybeHdeF7dUHVKDb4I9i/pBbV
dvCgxSyfQBY27kAPiUjrlziGKQ9gq1WNwYdve+nsJbeL/oT6W2Yule6KXb4S3Y4q
54pj4iHWZPiWFva49fZD78hcWOEd7qjg8Zoadr9oMT0pG7SKwHqoIHnLznWZe0Fy
8r1lHQYsRIHP8ZlVZhtI1GRVwqYWjjHLukWc2/hOjpw9vBXAkF0tv/8Nv3WL5Usf
71LIGgt25aoMxyOh2neAhaTVSlVn9IIhj1Rn4CSNXyZ4cTPIjooO0S7C9Uc584Sd
HzNnhBp+2wZKU2l/vY3IRvcEZ7vAWTBDrFAx7QASl/nHmYnWhHzDMc7W4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsDt4px/LkW6jm3/il4UvI1eIAbMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEveXdPM2luSDh1UmJxT2JmLUtYaFM4alY0Z0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDA/MA0G
CSqGSIb3DQEBCwUAA4IBAQB71+8yHumQv1GV5rV+2ENlN4Nm/HPq1kxkp6YKYyu4
OqvUiWYeT6fK0TGE1gEebC/CtOyzdsDKP84/OMLmKjproARo4uWF4diVEEsAbSPd
Sig2bk74R9CXPm3LgQFztKj8SfbDNDFt9IgSSA+yHFUVP8/K954nIHa636aupIK6
hMGS4/KpJUCLfIFZw2z9LnE8OgMXRMZXpm8SBH28h9hyfS2pZOy0RVvTv3xIYL7s
X0JgdmDGv54v3eLaKLuUt6P9e2hEpq483dZLay8NP9rEN8gQbyfBsKDow4AXBR+e
fc0LhBWrPjnXwL/tsrNHtmnjrjzRIvPYmJv/iOgEit/T
-----END CERTIFICATE-----