Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/y-UWVZ14yTRnBHX7CiIurYRt0S0.roa
File:                     y-UWVZ14yTRnBHX7CiIurYRt0S0.roa (raw, json)
Hash identifier:          W4+fghzqtGyUyoI7WPu5uUf/kiUHfxFiUTkZAmR9Jxc=
Subject key identifier:   CB:E5:16:55:9D:78:C9:34:67:04:75:FB:0A:22:2E:AD:84:6D:D1:2D
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF2D43BA4FFB8F316358BBEFE0A4D
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/y-UWVZ14yTRnBHX7CiIurYRt0S0.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204574
IP address blocks:        188.164.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f2:d4:3b:a4:ff:b8:f3:16:35:8b:be:fe:0a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbe516559d78c934670475fb0a222ead846dd12d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:0f:e6:68:b7:02:69:d9:e1:b8:4e:9c:c2:84:
                    31:7e:ca:c2:42:2b:ab:5d:0e:00:3f:91:46:02:c8:
                    81:dd:bb:e0:32:a3:34:b4:3d:ca:26:f1:46:71:a4:
                    20:e7:19:61:4c:5f:10:ce:28:6f:be:23:64:e8:0f:
                    25:b6:42:f7:62:26:d1:72:77:8b:4f:65:8f:d2:63:
                    09:4d:c0:2e:3a:19:05:d8:ab:2a:4c:4a:4f:1e:f8:
                    c5:cb:72:f4:44:7c:4f:eb:06:8a:0b:14:c1:be:1e:
                    94:a4:68:a8:02:1d:34:b4:56:2a:22:49:9b:ce:b6:
                    c5:e8:15:a5:a1:98:30:39:6b:37:46:5b:82:02:5e:
                    cf:bb:ed:7b:ec:93:61:b7:2a:cd:ca:52:c5:fc:c8:
                    02:4d:69:db:94:fe:ea:73:e0:03:8b:b5:cf:cd:de:
                    35:d3:41:16:ef:30:c4:f0:79:01:d3:f7:d6:19:04:
                    f0:60:51:59:7e:cc:9b:4d:92:c8:0b:03:ac:f2:f3:
                    6a:16:01:5b:a8:dc:1c:5f:ba:fb:f2:c5:db:61:b8:
                    df:f9:c3:c8:89:83:6f:f9:ca:e8:54:6c:01:3a:be:
                    27:1d:c6:6a:52:5f:bb:fc:b9:c1:57:22:6a:75:cc:
                    8e:17:ed:92:82:8d:1d:fb:0a:6e:00:2d:68:3f:7e:
                    d4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E5:16:55:9D:78:C9:34:67:04:75:FB:0A:22:2E:AD:84:6D:D1:2D
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/y-UWVZ14yTRnBHX7CiIurYRt0S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:be:de:7e:61:f3:c8:02:e9:95:c4:9e:a7:f1:b6:00:d6:1a:
         45:4f:8f:90:0c:59:bf:be:d5:43:9e:aa:b8:13:ea:1c:7d:15:
         62:ea:1b:f2:46:bd:e3:26:85:11:d0:f5:aa:7a:cc:57:eb:7f:
         77:49:03:85:62:09:e5:af:61:33:25:98:5b:59:2d:32:fd:d1:
         db:fd:11:69:3c:b1:d2:6e:59:c2:a0:29:90:b9:ee:f3:70:e3:
         a3:bf:4d:34:64:be:47:34:6d:c9:28:7f:93:73:79:a1:4a:0b:
         b6:1b:0c:a2:38:1e:1b:80:93:52:20:b1:fe:3e:8b:68:6d:e7:
         1b:31:1d:d8:3b:89:1b:45:e3:15:93:99:03:92:8a:5f:1e:a8:
         6e:b1:19:c1:1a:9f:87:70:32:af:24:21:15:3a:29:97:8e:cf:
         ae:56:93:c7:d3:fb:ce:40:84:bb:87:b0:d8:21:7c:af:3d:25:
         f4:f5:e3:99:ff:1a:e6:b6:ea:84:ca:24:fd:03:71:7c:cd:78:
         b1:0b:af:8f:41:fe:27:9d:55:04:0c:50:75:ab:71:fa:c6:35:
         8a:a7:f1:31:b4:3a:51:7e:22:4a:62:46:cb:af:cd:a3:e2:dd:
         e6:07:87:bc:6b:b2:50:0f:9e:ee:c0:3d:68:3c:1f:d6:82:f8:
         26:30:7e:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfLUO6T/uPMWNYu+/gpNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmU1MTY1NTlkNzhjOTM0NjcwNDc1ZmIwYTIyMmVhZDg0NmRkMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgg/maLcCadnhuE6cwoQxfsrCQiur
XQ4AP5FGAsiB3bvgMqM0tD3KJvFGcaQg5xlhTF8QzihvviNk6A8ltkL3YibRcneL
T2WP0mMJTcAuOhkF2KsqTEpPHvjFy3L0RHxP6waKCxTBvh6UpGioAh00tFYqIkmb
zrbF6BWloZgwOWs3RluCAl7Pu+177JNhtyrNylLF/MgCTWnblP7qc+ADi7XPzd41
00EW7zDE8HkB0/fWGQTwYFFZfsybTZLICwOs8vNqFgFbqNwcX7r78sXbYbjf+cPI
iYNv+croVGwBOr4nHcZqUl+7/LnBVyJqdcyOF+2Sgo0d+wpuAC1oP37UaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvlFlWdeMk0ZwR1+woiLq2EbdEtMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEveS1VV1ZaMTR5VFJuQkhYN0NpSXVyWVJ0MFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvKTSMA0G
CSqGSIb3DQEBCwUAA4IBAQA7vt5+YfPIAumVxJ6n8bYA1hpFT4+QDFm/vtVDnqq4
E+ocfRVi6hvyRr3jJoUR0PWqesxX6393SQOFYgnlr2EzJZhbWS0y/dHb/RFpPLHS
blnCoCmQue7zcOOjv000ZL5HNG3JKH+Tc3mhSgu2GwyiOB4bgJNSILH+Potobecb
MR3YO4kbReMVk5kDkopfHqhusRnBGp+HcDKvJCEVOimXjs+uVpPH0/vOQIS7h7DY
IXyvPSX09eOZ/xrmtuqEyiT9A3F8zXixC6+PQf4nnVUEDFB1q3H6xjWKp/ExtDpR
fiJKYkbLr82j4t3mB4e8a7JQD57uwD1oPB/WgvgmMH7o
-----END CERTIFICATE-----