Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/YJr0-rOVSM9qD2-6HRxAl8NgMfs.roa
File:                     YJr0-rOVSM9qD2-6HRxAl8NgMfs.roa (raw, json)
Hash identifier:          0oveyR2h1PiIHJb0OMwhuKIUm29//mo7HCxOOMvIX4M=
Subject key identifier:   60:9A:F4:FA:B3:95:48:CF:6A:0F:6F:BA:1D:1C:40:97:C3:60:31:FB
Certificate issuer:       /CN=7d4d1c8790a913e832c733dff778dee79129700a
Certificate serial:       018CC26D0BB16E795CE0C455FB95BA62681B
Authority key identifier: 7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/YJr0-rOVSM9qD2-6HRxAl8NgMfs.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44880
IP address blocks:        192.101.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0b:b1:6e:79:5c:e0:c4:55:fb:95:ba:62:68:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d4d1c8790a913e832c733dff778dee79129700a
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=609af4fab39548cf6a0f6fba1d1c4097c36031fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:10:ef:cb:9a:bb:e5:96:b3:32:d4:a2:28:e0:
                    69:26:9b:58:86:60:f1:20:f0:c7:29:60:e2:2e:43:
                    76:e6:a3:11:4c:33:7c:a2:a5:c3:de:2d:f2:83:ce:
                    1a:d9:32:a9:a1:37:25:10:96:32:32:8c:d5:9a:0c:
                    e6:39:7b:ad:a3:6b:2f:99:0b:69:a5:29:49:cc:12:
                    05:28:c5:78:a7:d9:7b:5d:e9:f7:96:3f:58:83:49:
                    a3:8e:17:80:77:e1:d7:8a:28:50:b4:ee:b3:2e:cd:
                    82:63:d7:59:9d:92:7b:3e:63:12:2b:f7:95:27:16:
                    23:9a:de:97:87:7e:98:16:40:bc:a7:91:5d:b7:e9:
                    25:34:ae:c0:4c:ac:13:da:3a:6e:c7:5b:1e:7d:04:
                    96:ae:4f:61:34:b0:4f:90:ab:bf:dd:f8:c9:c1:6c:
                    e4:02:14:96:69:b5:22:28:0a:39:5f:b1:a4:a8:66:
                    d3:28:d7:ff:82:e8:7b:4a:19:43:6f:7e:32:04:f4:
                    f3:83:42:5d:ff:f5:d2:da:6a:11:c9:1e:33:6c:be:
                    fd:c3:aa:33:ea:a3:68:c2:3c:41:be:66:69:d6:f0:
                    63:d2:eb:8a:6a:49:b1:fd:79:ee:c0:16:dc:80:46:
                    94:5e:69:21:a1:0c:fd:3e:d4:96:90:89:4f:b9:bd:
                    db:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9A:F4:FA:B3:95:48:CF:6A:0F:6F:BA:1D:1C:40:97:C3:60:31:FB
            X509v3 Authority Key Identifier:
                keyid:7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/YJr0-rOVSM9qD2-6HRxAl8NgMfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.101.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:27:7b:48:4b:64:80:e9:f7:36:07:cb:3c:1a:8c:91:f3:a6:
         04:60:2f:0b:31:c8:1e:de:f9:dc:18:d4:9e:63:b8:8d:e1:24:
         0a:6b:4b:d8:fc:17:be:30:d3:fd:2e:01:2d:08:99:cc:6d:d6:
         e0:cb:ea:b9:66:7d:93:64:84:ac:69:cd:6f:fd:41:b9:b4:53:
         5a:71:11:2b:52:03:b6:6a:09:58:c7:e3:47:3d:cd:6c:45:7a:
         88:fe:16:d9:09:4a:e6:bc:b8:ae:34:ca:7f:4c:6a:f9:14:15:
         72:d6:35:e4:90:19:29:92:5c:fc:39:3b:ee:38:71:6f:27:4a:
         05:d9:24:2f:dc:7f:1c:d7:64:e9:46:5e:84:2b:d2:57:ed:33:
         09:36:c4:03:71:d2:1b:0c:e5:2b:d4:c1:17:b1:3f:a1:9d:8f:
         d7:03:0b:91:69:c8:f6:39:ab:c7:0e:67:5b:32:44:12:40:c7:
         e8:69:ce:41:1b:55:b4:2a:90:01:30:69:15:d0:ca:ea:ae:8f:
         27:9e:22:15:27:8d:01:4c:7f:dd:36:d0:6d:6a:d4:6d:0d:76:
         34:0c:46:53:c5:37:0b:7d:33:64:56:9f:9f:35:9f:eb:fe:54:
         49:24:66:b4:da:d8:7d:ba:8d:9e:ab:c0:a4:ce:59:22:75:f7:
         cb:0c:e9:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQuxbnlc4MRV+5W6YmgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGQxYzg3OTBhOTEzZTgzMmM3MzNkZmY3NzhkZWU3OTEy
OTcwMGEwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDlhZjRmYWIzOTU0OGNmNmEwZjZmYmExZDFjNDA5N2MzNjAzMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRDvy5q75ZazMtSiKOBpJptYhmDx
IPDHKWDiLkN25qMRTDN8oqXD3i3yg84a2TKpoTclEJYyMozVmgzmOXuto2svmQtp
pSlJzBIFKMV4p9l7Xen3lj9Yg0mjjheAd+HXiihQtO6zLs2CY9dZnZJ7PmMSK/eV
JxYjmt6Xh36YFkC8p5Fdt+klNK7ATKwT2jpux1sefQSWrk9hNLBPkKu/3fjJwWzk
AhSWabUiKAo5X7GkqGbTKNf/guh7ShlDb34yBPTzg0Jd//XS2moRyR4zbL79w6oz
6qNowjxBvmZp1vBj0uuKakmx/XnuwBbcgEaUXmkhoQz9PtSWkIlPub3bCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCa9PqzlUjPag9vuh0cQJfDYDH7MB8GA1UdIwQY
MBaAFH1NHIeQqRPoMscz3/d43ueRKXAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUt
ZjhkNjYyYjk2ZGFiLzEvWUpyMC1yT1ZTTTlxRDItNkhSeEFsOE5nTWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUtZjhkNjYyYjk2ZGFi
LzEvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGVLMA0G
CSqGSIb3DQEBCwUAA4IBAQAgJ3tIS2SA6fc2B8s8GoyR86YEYC8LMcge3vncGNSe
Y7iN4SQKa0vY/Be+MNP9LgEtCJnMbdbgy+q5Zn2TZISsac1v/UG5tFNacRErUgO2
aglYx+NHPc1sRXqI/hbZCUrmvLiuNMp/TGr5FBVy1jXkkBkpklz8OTvuOHFvJ0oF
2SQv3H8c12TpRl6EK9JX7TMJNsQDcdIbDOUr1MEXsT+hnY/XAwuRacj2OavHDmdb
MkQSQMfoac5BG1W0KpABMGkV0Mrqro8nniIVJ40BTH/dNtBtatRtDXY0DEZTxTcL
fTNkVp+fNZ/r/lRJJGa02th9uo2eq8CkzlkidffLDOmr
-----END CERTIFICATE-----