Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/yelm7uLHOdqD9lNI-Gltk98yGXo.roa
File:                     yelm7uLHOdqD9lNI-Gltk98yGXo.roa (raw, json)
Hash identifier:          ZGzpArHprTY83L9dTrSU92FxI9+A8fnot6P5RumCgzQ=
Subject key identifier:   C9:E9:66:EE:E2:C7:39:DA:83:F6:53:48:F8:69:6D:93:DF:32:19:7A
Certificate issuer:       /CN=c76c3644741336b01b638563314f40d10c69d30d
Certificate serial:       018CC2DB3B6C32D8CE8B9A6AA7AA6624B6FF
Authority key identifier: C7:6C:36:44:74:13:36:B0:1B:63:85:63:31:4F:40:D1:0C:69:D3:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/yelm7uLHOdqD9lNI-Gltk98yGXo.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31428
IP address blocks:        193.16.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3b:6c:32:d8:ce:8b:9a:6a:a7:aa:66:24:b6:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76c3644741336b01b638563314f40d10c69d30d
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9e966eee2c739da83f65348f8696d93df32197a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a5:57:91:e6:d1:da:16:fd:90:1f:fe:1c:c2:
                    0f:8c:53:1e:4c:92:16:23:85:1a:25:88:1d:4e:31:
                    96:58:1b:20:64:0c:d5:d9:2d:59:c0:5d:a3:b0:df:
                    9f:f2:92:29:fb:47:40:85:ea:de:2a:18:bb:90:2e:
                    b1:22:37:c0:f4:83:08:19:87:18:ad:8d:39:cf:9d:
                    25:db:87:af:ef:58:06:42:4c:f1:42:de:24:35:1b:
                    b8:b2:ba:e8:55:d0:49:90:f7:1e:a0:25:bc:5c:3b:
                    3a:c9:5d:5c:e4:b2:99:4c:d7:77:4f:c7:f7:63:84:
                    19:f1:52:3d:32:52:10:a1:4d:2b:22:af:d3:e3:73:
                    ce:4a:d9:9f:d3:49:71:df:18:dc:83:b5:f2:a9:d9:
                    1b:45:b1:2d:df:6c:57:1b:69:ba:49:4e:ad:c8:2e:
                    46:dc:a2:5c:73:df:d9:d2:a7:40:82:1e:d2:78:4c:
                    11:88:a1:f3:ae:6f:98:cf:ed:cd:00:19:7d:d6:f7:
                    54:07:73:dc:54:5e:d7:7d:b0:a4:fe:77:50:8d:79:
                    42:3b:fb:f4:c1:7a:2c:e5:69:60:02:47:2c:03:d5:
                    fa:b7:ab:b8:da:22:5c:89:08:45:c8:53:38:64:09:
                    1b:0c:f3:2c:47:d9:41:20:ab:95:a8:b6:f3:07:c9:
                    0b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E9:66:EE:E2:C7:39:DA:83:F6:53:48:F8:69:6D:93:DF:32:19:7A
            X509v3 Authority Key Identifier:
                keyid:C7:6C:36:44:74:13:36:B0:1B:63:85:63:31:4F:40:D1:0C:69:D3:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/yelm7uLHOdqD9lNI-Gltk98yGXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f5:95:bc:ae:75:30:4a:5b:4c:c5:4d:c2:e3:d7:ea:ce:15:
         56:15:00:63:91:83:a5:84:a4:bc:8c:9f:d8:25:ca:21:d1:55:
         ea:42:ec:8d:d0:52:86:6c:25:b5:23:1b:75:1e:e1:fe:75:f9:
         7a:63:32:66:98:0d:1f:0d:b2:9f:e2:07:2a:e8:f8:8a:86:f9:
         01:7c:68:14:e6:ac:78:ec:19:b9:07:4e:ff:4c:d4:20:5a:86:
         4d:ad:41:a6:eb:d1:ba:56:02:6c:b0:8e:69:72:ee:9b:81:bb:
         4f:33:b7:93:8f:f7:75:5f:97:ff:04:af:e4:58:e9:8b:27:16:
         b1:4e:b3:e4:6a:1d:e0:ba:9e:35:60:5b:fe:e6:df:07:58:5e:
         bb:9c:5c:ce:f0:c5:a1:65:56:19:86:ad:cc:94:21:d5:a2:80:
         70:12:8a:9e:d7:18:bf:09:48:82:12:e1:f5:bd:42:7c:36:ee:
         dd:a9:0d:66:43:9c:da:cb:db:b2:ad:7b:9a:a9:5a:e6:7e:85:
         4b:92:ac:b9:8a:58:5a:f6:9d:4a:f6:78:a4:25:f2:9e:12:b4:
         9b:87:a2:e6:d7:a9:c4:25:dd:f6:4e:94:bd:b6:f4:72:05:5d:
         70:4f:ab:a0:83:7e:ba:81:e6:8d:59:94:67:06:3b:ad:cf:ca:
         63:0a:d3:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ztsMtjOi5pqp6pmJLb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmMzNjQ0NzQxMzM2YjAxYjYzODU2MzMxNGY0MGQxMGM2
OWQzMGQwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU5NjZlZWUyYzczOWRhODNmNjUzNDhmODY5NmQ5M2RmMzIxOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaVXkebR2hb9kB/+HMIPjFMeTJIW
I4UaJYgdTjGWWBsgZAzV2S1ZwF2jsN+f8pIp+0dAhereKhi7kC6xIjfA9IMIGYcY
rY05z50l24ev71gGQkzxQt4kNRu4srroVdBJkPceoCW8XDs6yV1c5LKZTNd3T8f3
Y4QZ8VI9MlIQoU0rIq/T43POStmf00lx3xjcg7XyqdkbRbEt32xXG2m6SU6tyC5G
3KJcc9/Z0qdAgh7SeEwRiKHzrm+Yz+3NABl91vdUB3PcVF7XfbCk/ndQjXlCO/v0
wXos5WlgAkcsA9X6t6u42iJciQhFyFM4ZAkbDPMsR9lBIKuVqLbzB8kLTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnpZu7ixznag/ZTSPhpbZPfMhl6MB8GA1UdIwQY
MBaAFMdsNkR0EzawG2OFYzFPQNEMadMNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ3MlJIUVROckFiWTRWak1VOUEwUXhwMHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ZGY3YzYtZGVjZC00YmJjLWJhYmMt
MjM2OTdmNzUyZjJlLzEveWVsbTd1TEhPZHFEOWxOSS1HbHRrOTh5R1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ZGY3YzYtZGVjZC00YmJjLWJhYmMtMjM2OTdmNzUyZjJl
LzEveDJ3MlJIUVROckFiWTRWak1VOUEwUXhwMHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRCZMA0G
CSqGSIb3DQEBCwUAA4IBAQAP9ZW8rnUwSltMxU3C49fqzhVWFQBjkYOlhKS8jJ/Y
Jcoh0VXqQuyN0FKGbCW1Ixt1HuH+dfl6YzJmmA0fDbKf4gcq6PiKhvkBfGgU5qx4
7Bm5B07/TNQgWoZNrUGm69G6VgJssI5pcu6bgbtPM7eTj/d1X5f/BK/kWOmLJxax
TrPkah3gup41YFv+5t8HWF67nFzO8MWhZVYZhq3MlCHVooBwEoqe1xi/CUiCEuH1
vUJ8Nu7dqQ1mQ5zay9uyrXuaqVrmfoVLkqy5ilha9p1K9nikJfKeErSbh6Lm16nE
Jd32TpS9tvRyBV1wT6ugg366geaNWZRnBjutz8pjCtOE
-----END CERTIFICATE-----