Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/328eb3-5603-4955-aa92-2252bccfdbf9/1/cYd7s9cXFoXhubRv_UQVAVYSQ24.roa
File:                     cYd7s9cXFoXhubRv_UQVAVYSQ24.roa (raw, json)
Hash identifier:          XG5KcON/wReMaspjgfScZx4VUUI+BrFPM41DX5LxBEw=
Subject key identifier:   71:87:7B:B3:D7:17:16:85:E1:B9:B4:6F:FD:44:15:01:56:12:43:6E
Certificate issuer:       /CN=69b01927a1a177d4261221d94628514a525a96e0
Certificate serial:       018CC802FA1C19417B2DDAC8132BEB2DF3DC
Authority key identifier: 69:B0:19:27:A1:A1:77:D4:26:12:21:D9:46:28:51:4A:52:5A:96:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/abAZJ6Ghd9QmEiHZRihRSlJaluA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/328eb3-5603-4955-aa92-2252bccfdbf9/1/cYd7s9cXFoXhubRv_UQVAVYSQ24.roa
Signing time:             Tue 02 Jan 2024 02:31:27 +0000
ROA not before:           Tue 02 Jan 2024 02:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        213.146.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/328eb3-5603-4955-aa92-2252bccfdbf9/1/abAZJ6Ghd9QmEiHZRihRSlJaluA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/328eb3-5603-4955-aa92-2252bccfdbf9/1/abAZJ6Ghd9QmEiHZRihRSlJaluA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/abAZJ6Ghd9QmEiHZRihRSlJaluA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:fa:1c:19:41:7b:2d:da:c8:13:2b:eb:2d:f3:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69b01927a1a177d4261221d94628514a525a96e0
        Validity
            Not Before: Jan  2 02:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71877bb3d7171685e1b9b46ffd4415015612436e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8d:f6:0b:9f:89:49:1e:9c:13:51:e0:7c:6e:
                    40:01:bc:5d:cc:7d:51:7b:a6:db:ab:32:d7:8b:31:
                    ef:0f:57:b8:b7:e0:47:e8:17:3d:90:cc:84:fa:a9:
                    74:c9:ab:5b:ba:ae:67:df:36:b0:e5:9d:1c:f1:b2:
                    a9:a7:f3:fa:25:6a:1c:44:61:01:ab:f2:24:30:48:
                    99:7d:1f:7b:28:7c:c7:99:6d:9c:b8:d5:86:65:96:
                    76:50:59:7f:3e:48:fd:54:95:f1:96:3c:1c:46:bd:
                    cc:0e:d2:fd:c8:ac:fa:29:f8:83:45:63:75:0a:67:
                    cd:66:ec:a2:50:dd:8a:cb:4d:ef:20:8e:5f:b5:aa:
                    9a:42:0c:27:80:e1:93:0c:ea:2b:3e:85:ca:86:c0:
                    b4:08:8a:35:15:9b:87:71:82:4d:f1:99:24:91:4d:
                    67:cd:83:22:db:0b:bc:b7:37:6e:2e:4e:2b:be:45:
                    41:5c:b4:ab:5e:e1:bb:c8:79:54:6e:4a:ee:72:95:
                    82:38:80:87:e2:3b:a7:7d:55:e0:a5:4d:3b:4e:57:
                    78:21:57:f3:5c:46:c4:4e:4b:5e:81:05:10:58:f7:
                    f0:2a:75:9b:80:b8:f2:a5:10:c0:5a:b9:73:75:c3:
                    9a:8c:19:5c:d3:a7:7f:26:d3:ba:9b:6a:b1:12:03:
                    e5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:87:7B:B3:D7:17:16:85:E1:B9:B4:6F:FD:44:15:01:56:12:43:6E
            X509v3 Authority Key Identifier:
                keyid:69:B0:19:27:A1:A1:77:D4:26:12:21:D9:46:28:51:4A:52:5A:96:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/abAZJ6Ghd9QmEiHZRihRSlJaluA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/328eb3-5603-4955-aa92-2252bccfdbf9/1/cYd7s9cXFoXhubRv_UQVAVYSQ24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/328eb3-5603-4955-aa92-2252bccfdbf9/1/abAZJ6Ghd9QmEiHZRihRSlJaluA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.146.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:e2:a3:28:36:cb:5e:9c:a4:47:37:e7:9c:a8:40:cb:40:3c:
         2b:1f:5a:b7:fd:51:32:6e:60:e2:19:e9:f0:10:ca:c6:42:34:
         7b:06:6f:5d:eb:ff:e8:e4:6e:60:4b:53:aa:db:71:73:9c:67:
         b3:09:43:d5:ab:b5:8b:01:eb:e4:9e:9d:1a:7e:51:2e:1b:37:
         66:2c:02:1d:27:56:7f:f7:7a:65:d6:b4:43:ce:d1:da:e3:01:
         8d:a0:72:71:e1:39:4e:37:27:dc:ec:f8:8e:a6:1d:da:29:04:
         b8:ec:e9:4f:b0:9a:d0:10:40:0b:1d:52:c1:56:8b:44:94:88:
         71:f1:66:4c:06:f8:7a:75:eb:d5:17:5f:d7:bb:54:9a:90:2d:
         6d:84:25:39:db:6a:e0:9b:ba:19:81:aa:6e:d6:6e:d4:24:c9:
         c5:ff:11:4c:bb:b5:2c:a0:8c:c2:80:ea:f3:d2:40:f6:e5:04:
         54:bf:9a:d2:12:31:de:bd:fd:f5:47:ea:d9:f2:01:24:35:79:
         49:f1:d1:89:0e:c1:c4:98:eb:2f:7c:81:76:ee:52:a9:4f:a2:
         26:d2:62:a2:40:b6:93:10:36:ba:37:d9:d4:e6:85:3a:76:19:
         44:ef:e3:0c:92:f3:08:6b:87:59:e0:4a:7f:af:42:18:08:82:
         8d:dc:2a:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvocGUF7LdrIEyvrLfPcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YjAxOTI3YTFhMTc3ZDQyNjEyMjFkOTQ2Mjg1MTRhNTI1
YTk2ZTAwHhcNMjQwMTAyMDIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTg3N2JiM2Q3MTcxNjg1ZTFiOWI0NmZmZDQ0MTUwMTU2MTI0MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I32C5+JSR6cE1HgfG5AAbxdzH1R
e6bbqzLXizHvD1e4t+BH6Bc9kMyE+ql0yatbuq5n3zaw5Z0c8bKpp/P6JWocRGEB
q/IkMEiZfR97KHzHmW2cuNWGZZZ2UFl/Pkj9VJXxljwcRr3MDtL9yKz6KfiDRWN1
CmfNZuyiUN2Ky03vII5ftaqaQgwngOGTDOorPoXKhsC0CIo1FZuHcYJN8ZkkkU1n
zYMi2wu8tzduLk4rvkVBXLSrXuG7yHlUbkrucpWCOICH4junfVXgpU07Tld4IVfz
XEbETktegQUQWPfwKnWbgLjypRDAWrlzdcOajBlc06d/JtO6m2qxEgPlmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGHe7PXFxaF4bm0b/1EFQFWEkNuMB8GA1UdIwQY
MBaAFGmwGSehoXfUJhIh2UYoUUpSWpbgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWJBWko2R2hkOVFtRWlIWlJpaFJTbEphbHVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8zMjhlYjMtNTYwMy00OTU1LWFhOTIt
MjI1MmJjY2ZkYmY5LzEvY1lkN3M5Y1hGb1hodWJSdl9VUVZBVllTUTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8zMjhlYjMtNTYwMy00OTU1LWFhOTItMjI1MmJjY2ZkYmY5
LzEvYWJBWko2R2hkOVFtRWlIWlJpaFJTbEphbHVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZIIMA0G
CSqGSIb3DQEBCwUAA4IBAQBa4qMoNstenKRHN+ecqEDLQDwrH1q3/VEybmDiGenw
EMrGQjR7Bm9d6//o5G5gS1Oq23FznGezCUPVq7WLAevknp0aflEuGzdmLAIdJ1Z/
93pl1rRDztHa4wGNoHJx4TlONyfc7PiOph3aKQS47OlPsJrQEEALHVLBVotElIhx
8WZMBvh6devVF1/Xu1SakC1thCU522rgm7oZgapu1m7UJMnF/xFMu7UsoIzCgOrz
0kD25QRUv5rSEjHevf31R+rZ8gEkNXlJ8dGJDsHEmOsvfIF27lKpT6Im0mKiQLaT
EDa6N9nU5oU6dhlE7+MMkvMIa4dZ4Ep/r0IYCIKN3Cpo
-----END CERTIFICATE-----