Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/YsnTiHV3iJSb8pXWgaKfBVhA0ZE.roa
File:                     YsnTiHV3iJSb8pXWgaKfBVhA0ZE.roa (raw, json)
Hash identifier:          2ZoxqwMw0Zd5k66BkgRYMYRYVNGolkA/hmVfb6ZQ3eM=
Subject key identifier:   62:C9:D3:88:75:77:88:94:9B:F2:95:D6:81:A2:9F:05:58:40:D1:91
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       018CC2DB0E6AC83724D8CADB5F428851FC70
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/YsnTiHV3iJSb8pXWgaKfBVhA0ZE.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41202
IP address blocks:        176.96.236.0/24 maxlen: 24
                          176.96.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0e:6a:c8:37:24:d8:ca:db:5f:42:88:51:fc:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62c9d388757788949bf295d681a29f055840d191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ed:fc:e3:9e:51:e4:e5:be:b5:46:67:41:51:
                    9e:19:db:a9:e0:eb:3d:c6:bb:09:59:46:9e:05:d4:
                    c9:0d:f8:81:8a:25:4c:d1:6a:2d:ce:41:17:51:95:
                    14:81:f6:63:25:52:11:07:c9:97:6e:56:c1:ba:2b:
                    ee:b2:60:d7:4b:31:20:7e:91:73:0f:28:ff:37:ae:
                    64:1f:b3:aa:32:6e:26:bf:9d:c9:cb:20:c9:db:22:
                    43:36:56:f3:eb:35:98:33:62:7c:82:76:27:d1:48:
                    8b:85:a6:6e:c4:79:53:a2:12:97:42:94:7e:ce:9f:
                    3d:36:78:02:98:d0:15:b0:f9:10:b3:f5:63:c3:5e:
                    03:2a:87:3d:8b:94:80:1e:02:e4:5d:3c:49:41:dd:
                    b9:b4:91:9b:bc:c0:83:96:28:c1:60:f4:33:2f:11:
                    a7:e3:27:e0:28:bd:8b:d3:79:ed:97:bf:8b:12:bf:
                    dd:24:ee:7c:19:ff:28:a0:8a:6b:9a:b3:1a:ee:7a:
                    82:c8:a6:2c:80:17:31:df:2c:d3:c3:38:dd:21:bd:
                    3f:71:e3:73:d3:05:49:7b:1e:71:1b:9b:23:5d:42:
                    32:da:c4:5a:a7:82:26:fd:40:ec:b0:56:46:e4:da:
                    7c:d9:8a:94:8a:d1:e8:74:49:16:42:73:6c:09:63:
                    ef:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C9:D3:88:75:77:88:94:9B:F2:95:D6:81:A2:9F:05:58:40:D1:91
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/YsnTiHV3iJSb8pXWgaKfBVhA0ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.236.0/24
                  176.96.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:3f:3b:b6:b5:68:03:6d:02:25:37:2b:ad:c9:8e:24:ff:51:
         e2:48:7c:92:20:48:bd:af:77:82:2c:97:be:05:13:86:b8:4b:
         4b:ef:ee:2d:30:43:39:75:e5:c6:90:cb:8c:ba:95:f3:15:29:
         8b:36:e5:de:d2:59:72:33:b8:21:60:dd:96:73:84:5f:c4:35:
         f9:6a:33:ca:98:60:fd:bf:01:96:22:e4:8e:c6:1d:84:8a:36:
         cd:0c:69:01:3e:8e:ff:29:f6:16:bd:43:4a:6f:42:55:5b:42:
         2d:8f:00:38:76:c9:22:b8:7c:86:c3:af:63:32:3d:45:d8:98:
         79:86:85:4e:a5:1c:86:ef:ef:95:e4:47:03:9f:51:9d:9c:31:
         27:24:37:be:bd:c5:a9:9a:1f:58:8c:f7:f6:87:5a:16:cb:d7:
         68:5b:33:da:79:16:aa:c8:06:ae:33:d5:6f:9e:c7:de:4c:c0:
         7b:08:c3:3a:cf:50:7f:3c:ea:cd:2f:40:fa:06:58:db:ba:8d:
         cb:52:f6:62:c8:8c:f8:8e:37:d9:7b:10:c6:d7:96:55:58:19:
         40:aa:91:63:8a:60:da:b4:d1:35:5b:82:bf:33:b7:e2:1d:f4:
         06:21:ee:31:78:c1:0c:7d:55:59:e1:c4:30:35:60:d5:35:16:
         bf:99:39:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2w5qyDck2MrbX0KIUfxwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmM5ZDM4ODc1Nzc4ODk0OWJmMjk1ZDY4MWEyOWYwNTU4NDBkMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+38455R5OW+tUZnQVGeGdup4Os9
xrsJWUaeBdTJDfiBiiVM0WotzkEXUZUUgfZjJVIRB8mXblbBuivusmDXSzEgfpFz
Dyj/N65kH7OqMm4mv53JyyDJ2yJDNlbz6zWYM2J8gnYn0UiLhaZuxHlTohKXQpR+
zp89NngCmNAVsPkQs/Vjw14DKoc9i5SAHgLkXTxJQd25tJGbvMCDlijBYPQzLxGn
4yfgKL2L03ntl7+LEr/dJO58Gf8ooIprmrMa7nqCyKYsgBcx3yzTwzjdIb0/ceNz
0wVJex5xG5sjXUIy2sRap4Im/UDssFZG5Np82YqUitHodEkWQnNsCWPvYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGLJ04h1d4iUm/KV1oGinwVYQNGRMB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvWXNuVGlIVjNpSlNiOHBYV2dhS2ZCVmhBMFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsGDsAwQA
sGD+MA0GCSqGSIb3DQEBCwUAA4IBAQCmPzu2tWgDbQIlNyutyY4k/1HiSHySIEi9
r3eCLJe+BROGuEtL7+4tMEM5deXGkMuMupXzFSmLNuXe0llyM7ghYN2Wc4RfxDX5
ajPKmGD9vwGWIuSOxh2EijbNDGkBPo7/KfYWvUNKb0JVW0ItjwA4dskiuHyGw69j
Mj1F2Jh5hoVOpRyG7++V5EcDn1GdnDEnJDe+vcWpmh9YjPf2h1oWy9doWzPaeRaq
yAauM9VvnsfeTMB7CMM6z1B/POrNL0D6Bljbuo3LUvZiyIz4jjfZexDG15ZVWBlA
qpFjimDatNE1W4K/M7fiHfQGIe4xeMEMfVVZ4cQwNWDVNRa/mTnK
-----END CERTIFICATE-----