Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/yx_nfDe-Wor201fhVLVg1ZW3ZtU.roa
File:                     yx_nfDe-Wor201fhVLVg1ZW3ZtU.roa (raw, json)
Hash identifier:          BDmWAKnaQeEueFdnoctPcghLtW59IRpfq+O3HZXwMhc=
Subject key identifier:   CB:1F:E7:7C:37:BE:5A:8A:F6:D3:57:E1:54:B5:60:D5:95:B7:66:D5
Certificate issuer:       /CN=f6eea10afacf3a9c26ea1b1ec488e955e4dfa06a
Certificate serial:       018CC9BC4121A34A2D4B9A6951BBBCCFD327
Authority key identifier: F6:EE:A1:0A:FA:CF:3A:9C:26:EA:1B:1E:C4:88:E9:55:E4:DF:A0:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9u6hCvrPOpwm6hsexIjpVeTfoGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/yx_nfDe-Wor201fhVLVg1ZW3ZtU.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58039
IP address blocks:        193.135.15.0/24 maxlen: 24
                          193.135.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/9u6hCvrPOpwm6hsexIjpVeTfoGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/9u6hCvrPOpwm6hsexIjpVeTfoGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9u6hCvrPOpwm6hsexIjpVeTfoGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:41:21:a3:4a:2d:4b:9a:69:51:bb:bc:cf:d3:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6eea10afacf3a9c26ea1b1ec488e955e4dfa06a
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb1fe77c37be5a8af6d357e154b560d595b766d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:37:8d:c0:a9:09:ec:62:a4:6d:03:65:02:be:
                    26:b2:7d:d8:6b:5c:42:e0:fe:c3:b5:18:6c:fe:88:
                    74:3f:67:e8:0d:1a:d0:e1:0c:85:84:c3:08:f8:7c:
                    c1:e0:d3:73:62:5c:af:c2:2e:49:75:a3:6b:bb:42:
                    b3:5e:94:93:47:30:a2:d1:a7:3b:69:a9:e1:11:59:
                    a0:83:2f:27:ba:ee:ac:39:8e:16:6f:fb:dd:18:cb:
                    ba:5e:43:37:44:9a:da:1d:d8:f0:3e:6f:f2:f2:d7:
                    6d:e2:75:e7:ee:32:97:2d:91:dd:9b:d0:d8:bc:94:
                    9e:83:38:3e:da:21:7e:0f:b3:e8:46:7e:c8:07:64:
                    a0:59:25:a2:d5:47:b3:85:83:7a:94:d6:ec:96:12:
                    b3:0e:ec:9e:45:91:ec:ae:76:71:14:17:58:d5:f5:
                    06:90:58:d0:53:11:8e:90:c5:b2:a2:94:33:12:23:
                    6a:c6:ee:8d:c5:b7:02:7e:8c:3d:14:a1:fe:b3:2d:
                    98:a7:f1:00:1c:1f:4d:92:01:b1:e1:67:18:54:da:
                    18:16:14:33:98:19:eb:c3:74:a5:5e:c8:0b:47:1e:
                    10:15:6b:67:1e:43:24:18:06:69:51:07:78:bc:2d:
                    ea:f7:d2:bb:ef:ee:5d:fd:6f:23:94:40:20:1b:85:
                    0c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:1F:E7:7C:37:BE:5A:8A:F6:D3:57:E1:54:B5:60:D5:95:B7:66:D5
            X509v3 Authority Key Identifier:
                keyid:F6:EE:A1:0A:FA:CF:3A:9C:26:EA:1B:1E:C4:88:E9:55:E4:DF:A0:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9u6hCvrPOpwm6hsexIjpVeTfoGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/yx_nfDe-Wor201fhVLVg1ZW3ZtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/9u6hCvrPOpwm6hsexIjpVeTfoGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.15.0/24
                  193.135.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1b:8e:68:cf:e2:84:21:0e:e1:b3:17:b6:08:59:76:f5:9d:
         93:ad:8c:aa:40:25:77:38:e2:bf:c2:74:40:b7:6b:e2:51:de:
         58:a3:b2:09:68:c5:4a:d7:08:cd:90:06:1b:a7:c4:73:30:95:
         c4:cb:71:c4:23:4c:6a:0e:ca:54:4d:ae:6a:0e:dc:df:07:5b:
         4a:89:58:4a:74:03:0f:67:09:75:a8:1e:ad:3e:07:6b:8d:14:
         49:40:9b:b8:2d:88:6a:15:33:f9:00:e8:d5:b8:56:1d:49:52:
         0c:3f:dd:2a:09:ce:f2:8b:16:60:4a:2a:c8:c0:a2:7b:e4:23:
         89:33:ff:28:07:6c:d8:82:d2:3c:b2:31:41:46:e3:5a:62:cf:
         f7:f5:f1:55:6c:9d:81:3c:9c:86:81:49:de:84:bb:0b:58:81:
         4c:8d:5d:4b:14:f7:22:4f:7d:66:05:c6:d2:00:01:46:c0:8a:
         fd:dc:04:ac:06:31:ee:bd:23:dc:5f:4a:d9:0e:60:56:2f:0e:
         a8:72:bb:63:68:b9:c6:cc:87:f7:06:7b:bb:77:2e:92:3a:61:
         90:c5:03:16:42:b7:57:c2:ac:cd:88:54:42:2a:ab:0b:44:35:
         f9:c8:62:88:c9:b8:c8:5c:08:90:df:e9:6c:98:6b:a7:c1:74:
         f9:e5:e2:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvEEho0otS5ppUbu8z9MnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZWVhMTBhZmFjZjNhOWMyNmVhMWIxZWM0ODhlOTU1ZTRk
ZmEwNmEwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjFmZTc3YzM3YmU1YThhZjZkMzU3ZTE1NGI1NjBkNTk1Yjc2NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzeNwKkJ7GKkbQNlAr4msn3Ya1xC
4P7DtRhs/oh0P2foDRrQ4QyFhMMI+HzB4NNzYlyvwi5JdaNru0KzXpSTRzCi0ac7
aanhEVmggy8nuu6sOY4Wb/vdGMu6XkM3RJraHdjwPm/y8tdt4nXn7jKXLZHdm9DY
vJSegzg+2iF+D7PoRn7IB2SgWSWi1UezhYN6lNbslhKzDuyeRZHsrnZxFBdY1fUG
kFjQUxGOkMWyopQzEiNqxu6NxbcCfow9FKH+sy2Yp/EAHB9NkgGx4WcYVNoYFhQz
mBnrw3SlXsgLRx4QFWtnHkMkGAZpUQd4vC3q99K77+5d/W8jlEAgG4UMDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMsf53w3vlqK9tNX4VS1YNWVt2bVMB8GA1UdIwQY
MBaAFPbuoQr6zzqcJuobHsSI6VXk36BqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXU2aEN2clBPcHdtNmhzZXhJanBWZVRmb0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS82ZjU3NDYtYjQwNi00YzA1LTk3NDEt
NTRkOGY2YjA2YjgzLzEveXhfbmZEZS1Xb3IyMDFmaFZMVmcxWlczWnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS82ZjU3NDYtYjQwNi00YzA1LTk3NDEtNTRkOGY2YjA2Yjgz
LzEvOXU2aEN2clBPcHdtNmhzZXhJanBWZVRmb0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwYcPAwQA
wYcYMA0GCSqGSIb3DQEBCwUAA4IBAQCBG45oz+KEIQ7hsxe2CFl29Z2TrYyqQCV3
OOK/wnRAt2viUd5Yo7IJaMVK1wjNkAYbp8RzMJXEy3HEI0xqDspUTa5qDtzfB1tK
iVhKdAMPZwl1qB6tPgdrjRRJQJu4LYhqFTP5AOjVuFYdSVIMP90qCc7yixZgSirI
wKJ75COJM/8oB2zYgtI8sjFBRuNaYs/39fFVbJ2BPJyGgUnehLsLWIFMjV1LFPci
T31mBcbSAAFGwIr93ASsBjHuvSPcX0rZDmBWLw6ocrtjaLnGzIf3Bnu7dy6SOmGQ
xQMWQrdXwqzNiFRCKqsLRDX5yGKIybjIXAiQ3+lsmGunwXT55eLT
-----END CERTIFICATE-----