Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/yPcEN9P-_ycbqRZxVwtzu1hhzvw.roa
File:                     yPcEN9P-_ycbqRZxVwtzu1hhzvw.roa (raw, json)
Hash identifier:          puLGr2BJe+JBm0jA0O3HeXJ/Fm9RSnmhVeCRwTllgSM=
Subject key identifier:   C8:F7:04:37:D3:FE:FF:27:1B:A9:16:71:57:0B:73:BB:58:61:CE:FC
Certificate issuer:       /CN=b43258a18cf4d1228e5c79070dfa6331168320c5
Certificate serial:       018CC4934B8B49881882F73E34DFBFE75B3B
Authority key identifier: B4:32:58:A1:8C:F4:D1:22:8E:5C:79:07:0D:FA:63:31:16:83:20:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDJYoYz00SKOXHkHDfpjMRaDIMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/yPcEN9P-_ycbqRZxVwtzu1hhzvw.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        144.2.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/tDJYoYz00SKOXHkHDfpjMRaDIMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/tDJYoYz00SKOXHkHDfpjMRaDIMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDJYoYz00SKOXHkHDfpjMRaDIMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4b:8b:49:88:18:82:f7:3e:34:df:bf:e7:5b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b43258a18cf4d1228e5c79070dfa6331168320c5
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8f70437d3feff271ba91671570b73bb5861cefc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d4:d8:04:5c:8f:ae:0d:67:a2:fb:29:8e:58:
                    23:e1:c6:72:5e:dd:6b:66:1f:07:79:7b:ad:a6:28:
                    f0:f8:25:9c:17:cc:14:2b:1e:5e:d3:0f:06:79:22:
                    6d:d5:10:d4:d7:cb:ed:c9:c3:fc:a0:d7:17:0e:ab:
                    35:26:e8:ad:6b:88:11:39:db:46:f3:b7:b3:d5:35:
                    3b:6e:29:56:88:ec:b5:d3:33:7b:c1:0c:5f:9d:80:
                    71:6c:05:4b:05:d6:db:66:da:45:e9:3b:e2:5c:5f:
                    5d:d8:57:4e:4d:61:ee:2f:d2:2f:0c:85:e1:b9:23:
                    43:60:5e:ad:e5:71:c3:c1:ae:31:53:34:20:e6:41:
                    f9:fc:3e:66:67:53:ba:49:3d:cc:b6:67:15:af:fe:
                    ec:eb:d1:db:70:a8:7a:3d:61:40:eb:60:de:b4:f4:
                    75:5e:1b:1d:5d:43:40:11:75:17:15:e6:1f:9a:ae:
                    d7:4d:7b:21:4e:2a:80:4d:56:c6:0a:12:3f:58:1b:
                    98:c0:29:b0:c4:70:19:2e:e0:a7:86:51:c6:8a:79:
                    22:af:d1:2a:3c:f1:c1:b5:1e:f0:c6:3c:06:fe:64:
                    a4:34:6a:b3:b6:48:38:a6:9f:95:ca:f9:3c:1d:df:
                    25:e5:99:54:14:5d:72:06:65:e6:d3:b3:51:16:7e:
                    0a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F7:04:37:D3:FE:FF:27:1B:A9:16:71:57:0B:73:BB:58:61:CE:FC
            X509v3 Authority Key Identifier:
                keyid:B4:32:58:A1:8C:F4:D1:22:8E:5C:79:07:0D:FA:63:31:16:83:20:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDJYoYz00SKOXHkHDfpjMRaDIMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/yPcEN9P-_ycbqRZxVwtzu1hhzvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/tDJYoYz00SKOXHkHDfpjMRaDIMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:2d:14:42:24:1b:b8:07:13:55:cd:61:eb:e7:f5:26:97:bb:
         9b:7d:f8:b7:e7:aa:33:6d:fd:84:0c:93:30:06:85:53:04:d2:
         e2:c9:3b:22:7f:c6:1a:dd:85:75:54:2c:bd:e1:bd:10:93:ff:
         28:73:d7:5a:3a:aa:1e:f9:bc:98:d9:95:87:8e:41:3f:61:6f:
         38:d4:c7:8d:4b:14:27:55:bf:c5:f5:c7:f8:74:c7:5b:c9:d7:
         ab:76:c3:54:56:7b:6e:13:42:d9:51:cb:b2:53:c1:3c:9a:a1:
         15:4e:86:1d:ff:18:a0:9b:9d:f5:76:3b:41:f9:d3:ea:e9:5f:
         37:f1:0e:d0:ad:28:e5:90:5f:d3:cf:82:91:87:0b:c4:f9:29:
         2a:fb:bd:d9:db:b9:ea:0e:02:9b:ef:96:17:2b:4a:1e:89:19:
         79:6f:ce:91:ac:e0:8b:0d:db:26:91:bd:9e:76:dd:b0:d0:22:
         02:e4:a1:37:84:8a:9f:29:bf:6b:c4:a6:b8:39:75:36:2e:8c:
         f0:45:9b:ba:97:6f:d3:8a:99:7e:b1:f3:0e:7f:48:ba:91:35:
         35:8d:19:7a:75:14:67:d5:0b:75:9f:b0:e4:7b:a4:5e:cb:9a:
         d8:c0:6e:72:79:81:9e:34:54:db:08:c4:ae:e1:1d:f7:f7:ef:
         bf:2b:e3:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0uLSYgYgvc+NN+/51s7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzI1OGExOGNmNGQxMjI4ZTVjNzkwNzBkZmE2MzMxMTY4
MzIwYzUwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY3MDQzN2QzZmVmZjI3MWJhOTE2NzE1NzBiNzNiYjU4NjFjZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9TYBFyPrg1novspjlgj4cZyXt1r
Zh8HeXutpijw+CWcF8wUKx5e0w8GeSJt1RDU18vtycP8oNcXDqs1Juita4gROdtG
87ez1TU7bilWiOy10zN7wQxfnYBxbAVLBdbbZtpF6TviXF9d2FdOTWHuL9IvDIXh
uSNDYF6t5XHDwa4xUzQg5kH5/D5mZ1O6ST3MtmcVr/7s69HbcKh6PWFA62DetPR1
XhsdXUNAEXUXFeYfmq7XTXshTiqATVbGChI/WBuYwCmwxHAZLuCnhlHGinkir9Eq
PPHBtR7wxjwG/mSkNGqztkg4pp+Vyvk8Hd8l5ZlUFF1yBmXm07NRFn4K2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMj3BDfT/v8nG6kWcVcLc7tYYc78MB8GA1UdIwQY
MBaAFLQyWKGM9NEijlx5Bw36YzEWgyDFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERKWW9ZejAwU0tPWEhrSERmcGpNUmFESU1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8wM2EzMjUtYTE2OS00NGNlLTg0ZWMt
NTcyOGZiMjRiZjBlLzEveVBjRU45UC1feWNicVJaeFZ3dHp1MWhoenZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8wM2EzMjUtYTE2OS00NGNlLTg0ZWMtNTcyOGZiMjRiZjBl
LzEvdERKWW9ZejAwU0tPWEhrSERmcGpNUmFESU1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAKaMA0G
CSqGSIb3DQEBCwUAA4IBAQCdLRRCJBu4BxNVzWHr5/Uml7ubffi356ozbf2EDJMw
BoVTBNLiyTsif8Ya3YV1VCy94b0Qk/8oc9daOqoe+byY2ZWHjkE/YW841MeNSxQn
Vb/F9cf4dMdbyderdsNUVntuE0LZUcuyU8E8mqEVToYd/xigm531djtB+dPq6V83
8Q7QrSjlkF/Tz4KRhwvE+Skq+73Z27nqDgKb75YXK0oeiRl5b86RrOCLDdsmkb2e
dt2w0CIC5KE3hIqfKb9rxKa4OXU2LozwRZu6l2/Tipl+sfMOf0i6kTU1jRl6dRRn
1Qt1n7Dke6Rey5rYwG5yeYGeNFTbCMSu4R339++/K+Np
-----END CERTIFICATE-----