Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/YhUsbq7srD4mKALhZSZAv2AuNy0.roa
File:                     YhUsbq7srD4mKALhZSZAv2AuNy0.roa (raw, json)
Hash identifier:          tNUgA6UiwEnkHAn7jnMlMzgtBttoJrm6i6PPMlfXaHw=
Subject key identifier:   62:15:2C:6E:AE:EC:AC:3E:26:28:02:E1:65:26:40:BF:60:2E:37:2D
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       018CCE561947C7D4A528B874A6DCBBC64EE6
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/YhUsbq7srD4mKALhZSZAv2AuNy0.roa
Signing time:             Wed 03 Jan 2024 07:59:58 +0000
ROA not before:           Wed 03 Jan 2024 07:59:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        37.143.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:56:19:47:c7:d4:a5:28:b8:74:a6:dc:bb:c6:4e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jan  3 07:59:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62152c6eaeecac3e262802e1652640bf602e372d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:04:1a:65:35:b5:f4:b4:3d:04:3a:b3:5e:26:
                    6d:f6:44:ff:e1:70:60:53:b8:a3:9b:c8:95:fd:e0:
                    81:7e:c9:6b:6e:98:c7:f5:95:6f:a9:b1:9e:c9:5f:
                    ef:f7:f3:e9:31:aa:9f:e3:47:d9:ec:4a:23:90:00:
                    c8:e4:15:28:26:5f:a6:8e:13:c9:d1:88:e7:4b:3b:
                    e6:b4:93:de:a6:15:2b:72:aa:f1:c0:61:47:17:1d:
                    1e:e4:2d:fa:94:57:f2:22:91:c7:f7:c7:4a:b0:c2:
                    e8:f0:d2:d7:06:f0:04:f2:74:8c:71:bc:81:14:bc:
                    46:87:9e:63:ea:4d:3c:e4:19:90:c8:60:20:43:f3:
                    92:18:8a:92:00:13:87:5b:1f:58:f5:c0:d4:e9:b1:
                    3a:a2:6e:76:3d:18:06:91:e2:ce:cd:6a:e0:e9:a2:
                    b2:9c:c9:ba:c2:00:02:76:8b:9a:0c:13:25:99:95:
                    ab:98:bf:bc:07:d7:f0:41:49:31:61:1e:bd:e8:8c:
                    de:9c:23:07:89:52:95:18:83:27:ac:e8:26:b2:5c:
                    47:be:5d:44:e1:0f:4d:e6:1d:48:bf:9c:e2:08:d3:
                    db:ac:64:0a:4e:df:6d:0f:51:b0:79:10:92:04:23:
                    5b:31:be:81:d5:9a:14:ba:54:c0:4d:c9:19:fb:57:
                    20:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:15:2C:6E:AE:EC:AC:3E:26:28:02:E1:65:26:40:BF:60:2E:37:2D
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/YhUsbq7srD4mKALhZSZAv2AuNy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:14:28:04:92:65:d5:6b:ea:c3:29:75:2b:7e:e5:ae:64:ef:
         e7:88:2c:16:f2:db:66:fe:bd:42:8a:22:a4:f4:15:de:23:1d:
         38:f3:fa:b9:64:be:8e:f0:56:02:c5:a0:cf:5f:b8:f0:55:2f:
         aa:81:27:1f:4a:a6:26:b3:a6:ae:f0:1c:3a:c7:78:24:de:d3:
         8e:5f:54:58:6c:3c:d3:da:a4:04:b9:29:03:c9:7b:08:3b:a6:
         81:17:b0:a1:5a:70:13:4f:6c:39:1a:a0:63:b1:39:67:7e:4b:
         ee:2b:74:1f:0a:4a:f1:a7:d8:ee:fb:c4:d3:72:fd:44:b0:f2:
         c7:9f:ca:27:3a:85:50:83:41:58:a8:2b:59:69:2c:6f:16:15:
         cc:34:da:23:c0:c2:34:4e:28:c0:62:7c:46:d0:66:61:0d:57:
         c5:01:04:7d:ac:42:7b:00:f1:93:72:97:05:b0:5f:7a:21:dd:
         b3:8b:3c:79:9a:23:f8:64:06:e0:e5:52:28:1f:52:c4:17:27:
         c2:d0:9b:4a:db:10:33:f5:bf:9b:02:01:cc:60:9b:bb:19:c2:
         db:b3:44:c4:76:0d:f3:4a:e3:1a:27:1b:39:88:bd:f2:3a:10:
         7c:c3:fc:cf:ee:28:d7:5a:37:42:52:c3:99:09:25:29:89:7e:
         20:48:95:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzOVhlHx9SlKLh0pty7xk7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjQwMTAzMDc1OTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjE1MmM2ZWFlZWNhYzNlMjYyODAyZTE2NTI2NDBiZjYwMmUzNzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowQaZTW19LQ9BDqzXiZt9kT/4XBg
U7ijm8iV/eCBfslrbpjH9ZVvqbGeyV/v9/PpMaqf40fZ7EojkADI5BUoJl+mjhPJ
0YjnSzvmtJPephUrcqrxwGFHFx0e5C36lFfyIpHH98dKsMLo8NLXBvAE8nSMcbyB
FLxGh55j6k085BmQyGAgQ/OSGIqSABOHWx9Y9cDU6bE6om52PRgGkeLOzWrg6aKy
nMm6wgACdouaDBMlmZWrmL+8B9fwQUkxYR696IzenCMHiVKVGIMnrOgmslxHvl1E
4Q9N5h1Iv5ziCNPbrGQKTt9tD1GweRCSBCNbMb6B1ZoUulTATckZ+1cgrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIVLG6u7Kw+JigC4WUmQL9gLjctMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvWWhVc2JxN3NyRDRtS0FMaFpTWkF2MkF1TnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY8AMA0G
CSqGSIb3DQEBCwUAA4IBAQAJFCgEkmXVa+rDKXUrfuWuZO/niCwW8ttm/r1CiiKk
9BXeIx048/q5ZL6O8FYCxaDPX7jwVS+qgScfSqYms6au8Bw6x3gk3tOOX1RYbDzT
2qQEuSkDyXsIO6aBF7ChWnATT2w5GqBjsTlnfkvuK3QfCkrxp9ju+8TTcv1EsPLH
n8onOoVQg0FYqCtZaSxvFhXMNNojwMI0TijAYnxG0GZhDVfFAQR9rEJ7APGTcpcF
sF96Id2zizx5miP4ZAbg5VIoH1LEFyfC0JtK2xAz9b+bAgHMYJu7GcLbs0TEdg3z
SuMaJxs5iL3yOhB8w/zP7ijXWjdCUsOZCSUpiX4gSJVM
-----END CERTIFICATE-----