Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/3701f7-20ef-4966-a2cd-119dcd2ea9db/1/yfaCoEQGZ1B5vI35ePi2mj6CCsc.roa
File:                     yfaCoEQGZ1B5vI35ePi2mj6CCsc.roa (raw, json)
Hash identifier:          4dtWlU+THt08+uD9+UM94CJzz5rDBT7irahl7TkEhdk=
Subject key identifier:   C9:F6:82:A0:44:06:67:50:79:BC:8D:F9:78:F8:B6:9A:3E:82:0A:C7
Certificate issuer:       /CN=9087833e025b2320f9053a103ba61de52eab2afb
Certificate serial:       018D5A63E871D5413E19A829194AFF0F98F9
Authority key identifier: 90:87:83:3E:02:5B:23:20:F9:05:3A:10:3B:A6:1D:E5:2E:AB:2A:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIeDPgJbIyD5BToQO6Yd5S6rKvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/3701f7-20ef-4966-a2cd-119dcd2ea9db/1/yfaCoEQGZ1B5vI35ePi2mj6CCsc.roa
Signing time:             Tue 30 Jan 2024 12:41:53 +0000
ROA not before:           Tue 30 Jan 2024 12:41:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        194.37.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/3701f7-20ef-4966-a2cd-119dcd2ea9db/1/kIeDPgJbIyD5BToQO6Yd5S6rKvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/3701f7-20ef-4966-a2cd-119dcd2ea9db/1/kIeDPgJbIyD5BToQO6Yd5S6rKvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIeDPgJbIyD5BToQO6Yd5S6rKvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:63:e8:71:d5:41:3e:19:a8:29:19:4a:ff:0f:98:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9087833e025b2320f9053a103ba61de52eab2afb
        Validity
            Not Before: Jan 30 12:41:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9f682a04406675079bc8df978f8b69a3e820ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0f:35:4e:79:a9:28:09:b8:b9:82:60:de:83:
                    1b:93:43:43:b6:c1:df:b6:5d:06:22:84:78:32:b3:
                    62:70:f8:c9:12:b6:62:f6:3b:36:66:2a:59:1a:7e:
                    53:6b:c0:c4:80:b4:ae:d1:ba:df:ef:a6:4c:2b:b0:
                    de:a9:35:75:67:3a:a9:c3:2d:6f:25:d4:29:1e:46:
                    2c:fb:20:68:a2:8a:f2:9a:f0:19:5f:66:40:c1:12:
                    eb:4b:97:e2:96:6e:0b:ee:59:74:c2:56:bd:c3:ec:
                    c0:d2:76:f5:a9:be:23:bc:3f:c6:d5:8d:00:09:b7:
                    aa:21:d8:ed:eb:b2:77:98:d8:fe:f3:9a:31:00:e1:
                    cc:e7:f5:79:22:0c:85:39:a5:71:93:2f:aa:ba:fb:
                    f2:a0:6f:3c:f4:e2:1b:d9:f3:ea:cb:f3:14:8f:91:
                    1a:56:00:ce:ec:16:44:d5:d3:15:c2:b8:39:eb:b0:
                    8e:f7:87:71:4c:0c:86:ca:47:c4:98:3d:70:f2:f7:
                    4a:22:2a:14:38:71:48:33:b2:ad:eb:3c:5e:14:95:
                    76:87:b4:20:89:16:0a:b0:02:5e:d7:c4:8e:c1:63:
                    d5:ff:83:b2:5d:23:47:72:0d:86:c0:6a:93:d5:d9:
                    83:c0:b0:e0:0a:94:79:00:92:4a:81:38:eb:c9:d4:
                    83:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F6:82:A0:44:06:67:50:79:BC:8D:F9:78:F8:B6:9A:3E:82:0A:C7
            X509v3 Authority Key Identifier:
                keyid:90:87:83:3E:02:5B:23:20:F9:05:3A:10:3B:A6:1D:E5:2E:AB:2A:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIeDPgJbIyD5BToQO6Yd5S6rKvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3701f7-20ef-4966-a2cd-119dcd2ea9db/1/yfaCoEQGZ1B5vI35ePi2mj6CCsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3701f7-20ef-4966-a2cd-119dcd2ea9db/1/kIeDPgJbIyD5BToQO6Yd5S6rKvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:94:a7:ce:e1:e4:20:b5:e7:d1:29:be:6e:05:d3:2d:02:61:
         43:99:15:49:92:dc:b7:24:dc:3f:2a:e5:bd:d3:d5:33:a3:b7:
         fb:fc:b1:3d:f0:e5:d3:db:ab:0d:61:17:6f:07:60:6b:6f:0a:
         4d:ce:63:61:d8:40:1f:0e:7f:b0:4c:f8:27:8f:87:f6:d9:a3:
         07:09:66:02:99:ac:5a:1d:bc:22:e3:f7:60:07:62:45:b0:b2:
         65:3f:56:c8:f3:b3:6a:a5:15:cf:ae:f9:51:91:d9:9c:6b:23:
         d4:d4:a0:f9:02:00:fd:0b:21:01:bb:eb:f3:4d:66:2d:78:ee:
         18:10:7d:50:27:f4:41:f8:1f:16:0d:f0:45:db:e8:1f:13:c8:
         58:53:64:95:e2:02:89:7a:37:25:e6:68:81:a7:63:81:f1:48:
         62:18:18:18:43:07:de:b6:af:0e:ea:47:0a:13:12:17:ba:ca:
         bd:2e:db:30:82:72:56:4f:e1:62:b5:05:bc:57:de:26:01:83:
         4c:f5:5c:b1:35:88:22:20:b9:90:2d:68:a2:b6:ea:3c:08:69:
         cd:a1:f6:1e:19:53:08:54:14:ee:a4:a1:c4:b2:6a:c3:1c:a9:
         ad:b8:4d:d4:dd:19:3d:d6:ba:d9:65:8c:1a:10:4c:e3:aa:89:
         9a:84:6e:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1aY+hx1UE+GagpGUr/D5j5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODc4MzNlMDI1YjIzMjBmOTA1M2ExMDNiYTYxZGU1MmVh
YjJhZmIwHhcNMjQwMTMwMTI0MTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY2ODJhMDQ0MDY2NzUwNzliYzhkZjk3OGY4YjY5YTNlODIwYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ81TnmpKAm4uYJg3oMbk0NDtsHf
tl0GIoR4MrNicPjJErZi9js2ZipZGn5Ta8DEgLSu0brf76ZMK7DeqTV1Zzqpwy1v
JdQpHkYs+yBooorymvAZX2ZAwRLrS5film4L7ll0wla9w+zA0nb1qb4jvD/G1Y0A
CbeqIdjt67J3mNj+85oxAOHM5/V5IgyFOaVxky+quvvyoG889OIb2fPqy/MUj5Ea
VgDO7BZE1dMVwrg567CO94dxTAyGykfEmD1w8vdKIioUOHFIM7Kt6zxeFJV2h7Qg
iRYKsAJe18SOwWPV/4OyXSNHcg2GwGqT1dmDwLDgCpR5AJJKgTjrydSDewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMn2gqBEBmdQebyN+Xj4tpo+ggrHMB8GA1UdIwQY
MBaAFJCHgz4CWyMg+QU6EDumHeUuqyr7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0llRFBnSmJJeUQ1QlRvUU82WWQ1UzZyS3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zNzAxZjctMjBlZi00OTY2LWEyY2Qt
MTE5ZGNkMmVhOWRiLzEveWZhQ29FUUdaMUI1dkkzNWVQaTJtajZDQ3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zNzAxZjctMjBlZi00OTY2LWEyY2QtMTE5ZGNkMmVhOWRi
LzEva0llRFBnSmJJeUQ1QlRvUU82WWQ1UzZyS3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiVkMA0G
CSqGSIb3DQEBCwUAA4IBAQBllKfO4eQgtefRKb5uBdMtAmFDmRVJkty3JNw/KuW9
09Uzo7f7/LE98OXT26sNYRdvB2BrbwpNzmNh2EAfDn+wTPgnj4f22aMHCWYCmaxa
Hbwi4/dgB2JFsLJlP1bI87NqpRXPrvlRkdmcayPU1KD5AgD9CyEBu+vzTWYteO4Y
EH1QJ/RB+B8WDfBF2+gfE8hYU2SV4gKJejcl5miBp2OB8UhiGBgYQwfetq8O6kcK
ExIXusq9LtswgnJWT+FitQW8V94mAYNM9VyxNYgiILmQLWiituo8CGnNofYeGVMI
VBTupKHEsmrDHKmtuE3U3Rk91rrZZYwaEEzjqomahG5F
-----END CERTIFICATE-----