Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/f0b09b-86b3-48b5-b71b-e0aa86d250e3/1/Ys5ZcIWNUfItTusOPrfvQd8ap0g.roa
File:                     Ys5ZcIWNUfItTusOPrfvQd8ap0g.roa (raw, json)
Hash identifier:          38d64IY2ChVXjGOP4GDjbOrJeZmqfSM1GL3TXxbSeec=
Subject key identifier:   62:CE:59:70:85:8D:51:F2:2D:4E:EB:0E:3E:B7:EF:41:DF:1A:A7:48
Certificate issuer:       /CN=db0ae651defb0666c22b2e5d7add5653487076af
Certificate serial:       018CC3B730D96FDF005C5C172AC0D8C360F8
Authority key identifier: DB:0A:E6:51:DE:FB:06:66:C2:2B:2E:5D:7A:DD:56:53:48:70:76:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2wrmUd77BmbCKy5det1WU0hwdq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/f0b09b-86b3-48b5-b71b-e0aa86d250e3/1/Ys5ZcIWNUfItTusOPrfvQd8ap0g.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.105.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/f0b09b-86b3-48b5-b71b-e0aa86d250e3/1/2wrmUd77BmbCKy5det1WU0hwdq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/f0b09b-86b3-48b5-b71b-e0aa86d250e3/1/2wrmUd77BmbCKy5det1WU0hwdq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2wrmUd77BmbCKy5det1WU0hwdq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:30:d9:6f:df:00:5c:5c:17:2a:c0:d8:c3:60:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db0ae651defb0666c22b2e5d7add5653487076af
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62ce5970858d51f22d4eeb0e3eb7ef41df1aa748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:67:fb:f8:8f:f8:8e:97:2c:8e:b2:cc:35:bc:
                    78:ec:b4:7e:5c:62:45:38:f2:31:fd:70:93:ef:cd:
                    7e:76:09:00:b2:57:fa:30:e6:dc:e9:a7:c0:aa:c4:
                    5e:32:2d:8b:a9:8f:1f:f4:ab:84:9a:c5:aa:3f:5e:
                    b9:4c:9b:c1:08:d0:8a:44:dd:ec:8d:50:ab:3a:23:
                    55:98:01:b7:d0:18:bd:0a:cc:93:b2:ea:42:ab:b7:
                    5f:37:8d:21:3a:b2:23:8a:c3:61:c1:ca:b1:88:78:
                    d4:84:65:78:2b:bd:5c:83:cb:bb:03:ff:ab:fd:9b:
                    53:f6:e4:9f:80:c8:31:7a:af:03:9b:d0:3a:f2:cb:
                    73:45:98:00:41:dc:0e:9a:a4:2c:63:0c:2f:e2:fd:
                    de:62:f8:f5:db:f6:76:39:93:64:4b:06:03:b4:cd:
                    0e:b9:cf:dd:54:59:ff:73:c5:c9:2b:84:47:98:a4:
                    f7:77:bc:62:87:6a:8e:6e:c3:3d:b4:da:95:5a:50:
                    66:72:6c:4c:3c:57:67:e4:e1:ba:c5:c5:ec:bd:6b:
                    79:2b:3b:58:81:a3:db:c5:0e:4d:f1:0c:9d:78:c7:
                    30:46:b3:fd:d0:77:c4:e1:e8:31:a2:45:55:c9:8b:
                    5d:4e:13:be:17:2c:38:27:1d:58:38:6d:6b:6e:96:
                    d1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:CE:59:70:85:8D:51:F2:2D:4E:EB:0E:3E:B7:EF:41:DF:1A:A7:48
            X509v3 Authority Key Identifier:
                keyid:DB:0A:E6:51:DE:FB:06:66:C2:2B:2E:5D:7A:DD:56:53:48:70:76:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2wrmUd77BmbCKy5det1WU0hwdq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f0b09b-86b3-48b5-b71b-e0aa86d250e3/1/Ys5ZcIWNUfItTusOPrfvQd8ap0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f0b09b-86b3-48b5-b71b-e0aa86d250e3/1/2wrmUd77BmbCKy5det1WU0hwdq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:5a:8d:7d:37:d7:cd:b9:4d:34:17:cf:cc:13:58:fc:8b:6c:
         2d:fc:02:1b:d1:25:66:0a:c5:de:b8:c3:f2:ea:46:b8:f6:f8:
         88:2d:38:bd:db:11:88:e2:77:5d:65:41:4a:a2:29:d3:42:6a:
         1f:8c:3b:3e:19:fd:56:cd:41:f6:c2:a8:93:61:43:b9:66:ea:
         68:b9:1a:48:25:c8:56:2f:31:8a:28:ca:9f:96:1c:8d:93:6d:
         07:7f:2f:56:41:13:b0:90:0f:b4:99:a1:c6:d7:a5:0d:86:51:
         c9:67:e6:72:a6:9c:06:69:1a:2c:98:10:b0:49:5a:d2:8d:96:
         9a:a3:ac:63:33:41:23:07:1b:b4:c7:2a:a1:5e:28:91:cb:b2:
         3e:2f:5b:4e:76:a5:fd:6e:5b:ed:fa:24:19:7b:5e:de:18:c1:
         c3:61:78:8d:5e:b9:54:cb:fd:57:c9:61:84:fc:4e:7e:cf:6b:
         b7:41:4e:c4:71:eb:2e:71:fc:08:cb:12:3d:4d:17:22:f4:81:
         1f:d4:87:46:4d:9b:fd:50:24:49:cd:3c:ee:8c:3e:00:a6:47:
         f9:36:24:9e:f9:53:31:83:da:07:41:b5:d9:5a:5a:42:34:a2:
         a9:01:55:0d:45:57:ef:4d:95:f8:3d:54:8c:89:a8:00:e7:95:
         7a:4e:12:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzDZb98AXFwXKsDYw2D4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMGFlNjUxZGVmYjA2NjZjMjJiMmU1ZDdhZGQ1NjUzNDg3
MDc2YWYwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmNlNTk3MDg1OGQ1MWYyMmQ0ZWViMGUzZWI3ZWY0MWRmMWFhNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWf7+I/4jpcsjrLMNbx47LR+XGJF
OPIx/XCT781+dgkAslf6MObc6afAqsReMi2LqY8f9KuEmsWqP165TJvBCNCKRN3s
jVCrOiNVmAG30Bi9CsyTsupCq7dfN40hOrIjisNhwcqxiHjUhGV4K71cg8u7A/+r
/ZtT9uSfgMgxeq8Dm9A68stzRZgAQdwOmqQsYwwv4v3eYvj12/Z2OZNkSwYDtM0O
uc/dVFn/c8XJK4RHmKT3d7xih2qObsM9tNqVWlBmcmxMPFdn5OG6xcXsvWt5KztY
gaPbxQ5N8QydeMcwRrP90HfE4egxokVVyYtdThO+Fyw4Jx1YOG1rbpbREQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLOWXCFjVHyLU7rDj6370HfGqdIMB8GA1UdIwQY
MBaAFNsK5lHe+wZmwisuXXrdVlNIcHavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMndybVVkNzdCbWJDS3k1ZGV0MVdVMGh3ZHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9mMGIwOWItODZiMy00OGI1LWI3MWIt
ZTBhYTg2ZDI1MGUzLzEvWXM1WmNJV05VZkl0VHVzT1ByZnZRZDhhcDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9mMGIwOWItODZiMy00OGI1LWI3MWItZTBhYTg2ZDI1MGUz
LzEvMndybVVkNzdCbWJDS3k1ZGV0MVdVMGh3ZHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWnUMA0G
CSqGSIb3DQEBCwUAA4IBAQArWo19N9fNuU00F8/ME1j8i2wt/AIb0SVmCsXeuMPy
6ka49viILTi92xGI4nddZUFKoinTQmofjDs+Gf1WzUH2wqiTYUO5ZupouRpIJchW
LzGKKMqflhyNk20Hfy9WQROwkA+0maHG16UNhlHJZ+ZyppwGaRosmBCwSVrSjZaa
o6xjM0EjBxu0xyqhXiiRy7I+L1tOdqX9blvt+iQZe17eGMHDYXiNXrlUy/1XyWGE
/E5+z2u3QU7EcesucfwIyxI9TRci9IEf1IdGTZv9UCRJzTzujD4Apkf5NiSe+VMx
g9oHQbXZWlpCNKKpAVUNRVfvTZX4PVSMiagA55V6ThJU
-----END CERTIFICATE-----