Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/cyYC2yI3F9YWWyEazy-Qp9JowOg.roa
File:                     cyYC2yI3F9YWWyEazy-Qp9JowOg.roa (raw, json)
Hash identifier:          E9hp6MLh0q2eCqWa1Z5apmWbnF+W7pOlBh7pcm5UAR0=
Subject key identifier:   73:26:02:DB:22:37:17:D6:16:5B:21:1A:CF:2F:90:A7:D2:68:C0:E8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B4B66333C706EFFC73D22863EC963
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/cyYC2yI3F9YWWyEazy-Qp9JowOg.roa
Signing time:             Tue 02 Jan 2024 12:34:44 +0000
ROA not before:           Tue 02 Jan 2024 12:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        5.183.207.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4b:66:33:3c:70:6e:ff:c7:3d:22:86:3e:c9:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=732602db223717d6165b211acf2f90a7d268c0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cc:32:12:78:3d:1d:29:64:62:c7:31:43:bf:
                    21:22:f3:f4:c2:47:53:ca:2f:f6:22:b4:36:03:bd:
                    3b:62:f6:50:cb:e1:a0:52:08:dd:cc:2d:b9:0c:b6:
                    76:d4:92:34:00:a9:9d:eb:89:f5:5a:66:3d:fb:c9:
                    47:a6:09:35:31:b1:79:51:f8:74:1a:b5:8a:5d:2b:
                    11:bb:9c:f0:e2:73:de:bd:d8:bd:bc:d6:b5:f8:d4:
                    08:33:d6:14:7b:76:05:b9:aa:7a:99:3b:be:86:82:
                    6c:3e:b9:df:c2:e4:15:60:88:d3:69:0e:e4:7e:2c:
                    2f:72:46:b2:e1:b0:6b:28:75:28:d3:e8:38:13:94:
                    b8:a5:3a:74:5e:61:f5:08:7a:90:f0:c6:7a:20:9d:
                    42:ee:e4:e7:81:4a:c5:16:5f:09:a3:44:f7:d5:bb:
                    07:cb:d5:48:62:f6:16:9b:26:42:5b:8d:ad:00:f1:
                    68:0b:7a:86:e7:75:4b:b9:57:97:30:88:16:db:de:
                    bf:74:2e:b9:7f:40:e7:3f:fb:fb:76:7f:52:40:ec:
                    e8:c9:6a:09:ca:21:0e:10:21:7b:72:e7:31:30:dc:
                    49:3f:ad:d7:54:28:d2:68:5d:86:12:f2:ed:15:87:
                    04:b3:e2:d6:3d:78:10:c5:63:44:49:db:b0:e5:39:
                    eb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:26:02:DB:22:37:17:D6:16:5B:21:1A:CF:2F:90:A7:D2:68:C0:E8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/cyYC2yI3F9YWWyEazy-Qp9JowOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:12:b2:cc:8d:02:9d:3f:1f:85:0a:62:5c:8f:16:91:b6:da:
         ea:88:17:d6:78:36:ad:0f:5a:68:83:e2:8a:d1:ad:0f:f8:5f:
         e9:92:26:e0:f3:75:73:5e:7f:59:fa:17:30:fc:e1:db:76:dd:
         f9:55:eb:31:bd:c0:4c:68:d2:9e:79:77:cc:ba:8f:5d:40:0a:
         78:c5:f0:24:ba:50:e4:60:f7:be:4f:71:0f:bc:6a:65:58:3d:
         0b:f7:88:3a:bd:f5:5c:d4:dd:16:5b:2e:00:6f:ca:0d:89:af:
         53:1e:fe:94:ac:61:8d:46:6e:17:d3:ca:e4:76:da:65:90:0c:
         2b:5c:b0:08:e2:0f:52:47:bb:1b:1f:6c:83:67:8e:9c:e1:38:
         3e:6b:24:9c:95:12:00:2a:bc:d9:b2:ef:47:00:6e:77:91:ee:
         a1:b4:54:29:c8:f1:26:a2:45:cd:b4:13:4b:49:85:39:f0:07:
         e8:eb:35:31:88:17:d5:d4:6f:df:7c:59:66:d2:8b:e0:f9:fd:
         09:5f:08:d1:32:7a:07:61:1f:10:c8:d7:3c:b6:5b:db:a9:5e:
         75:db:e8:a3:fc:09:84:ee:04:0c:7f:9d:51:13:24:2e:db:9c:
         2a:18:bb:29:d3:da:1b:5d:fe:87:0a:4c:f2:f2:fa:ff:58:d0:
         cc:a7:15:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0tmMzxwbv/HPSKGPsljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzI2MDJkYjIyMzcxN2Q2MTY1YjIxMWFjZjJmOTBhN2QyNjhjMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkswyEng9HSlkYscxQ78hIvP0wkdT
yi/2IrQ2A707YvZQy+GgUgjdzC25DLZ21JI0AKmd64n1WmY9+8lHpgk1MbF5Ufh0
GrWKXSsRu5zw4nPevdi9vNa1+NQIM9YUe3YFuap6mTu+hoJsPrnfwuQVYIjTaQ7k
fiwvckay4bBrKHUo0+g4E5S4pTp0XmH1CHqQ8MZ6IJ1C7uTngUrFFl8Jo0T31bsH
y9VIYvYWmyZCW42tAPFoC3qG53VLuVeXMIgW296/dC65f0DnP/v7dn9SQOzoyWoJ
yiEOECF7cucxMNxJP63XVCjSaF2GEvLtFYcEs+LWPXgQxWNESduw5TnrkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMmAtsiNxfWFlshGs8vkKfSaMDoMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvY3lZQzJ5STNGOVlXV3lFYXp5LVFwOUpvd09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbfPMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ErLMjQKdPx+FCmJcjxaRttrqiBfWeDatD1pog+KK
0a0P+F/pkibg83VzXn9Z+hcw/OHbdt35VesxvcBMaNKeeXfMuo9dQAp4xfAkulDk
YPe+T3EPvGplWD0L94g6vfVc1N0WWy4Ab8oNia9THv6UrGGNRm4X08rkdtplkAwr
XLAI4g9SR7sbH2yDZ46c4Tg+aySclRIAKrzZsu9HAG53ke6htFQpyPEmokXNtBNL
SYU58Afo6zUxiBfV1G/ffFlm0ovg+f0JXwjRMnoHYR8QyNc8tlvbqV512+ij/AmE
7gQMf51REyQu25wqGLsp09obXf6HCkzy8vr/WNDMpxUd
-----END CERTIFICATE-----