Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/Ya_h4H5TBTRtMc7SOjh392jn5FA.roa
File:                     Ya_h4H5TBTRtMc7SOjh392jn5FA.roa (raw, json)
Hash identifier:          xnSn0poed0diF78E2oDs1yfxJtWFBKfheVoP2rEJEQ4=
Subject key identifier:   61:AF:E1:E0:7E:53:05:34:6D:31:CE:D2:3A:38:77:F7:68:E7:E4:50
Certificate issuer:       /CN=960dd7cdce588bdaa2b7a8cb056d4db016701532
Certificate serial:       018CC9BCDE236D5A69273E063B47669FF703
Authority key identifier: 96:0D:D7:CD:CE:58:8B:DA:A2:B7:A8:CB:05:6D:4D:B0:16:70:15:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/Ya_h4H5TBTRtMc7SOjh392jn5FA.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41432
IP address blocks:        193.164.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:de:23:6d:5a:69:27:3e:06:3b:47:66:9f:f7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=960dd7cdce588bdaa2b7a8cb056d4db016701532
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61afe1e07e5305346d31ced23a3877f768e7e450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:98:07:76:3a:c9:c6:41:de:4f:e4:95:e1:72:
                    25:d1:9d:7f:40:ca:8a:de:9b:eb:a5:09:bd:03:34:
                    1b:05:3b:8b:a3:5b:e1:c5:ff:e3:63:ff:b6:ec:f0:
                    b7:1f:fc:14:51:65:50:09:93:3b:85:ae:88:61:dd:
                    03:41:d2:e6:62:43:96:8f:4e:ee:96:03:4a:f6:ad:
                    83:4c:48:81:18:d5:6b:b4:75:22:45:00:04:0e:b2:
                    33:a0:d7:67:9d:f6:0a:a4:6d:87:75:f8:f9:2e:c9:
                    a1:20:fe:4a:09:09:01:f2:c1:f4:18:bc:f3:40:b0:
                    a4:ef:c6:cb:2e:e0:1e:c6:b3:f0:27:4a:dd:fc:97:
                    17:62:d9:bc:40:6d:5b:0c:83:b1:12:6a:6c:6a:2a:
                    02:13:83:c7:95:dc:31:d1:5e:d0:35:75:a7:41:ea:
                    75:11:4a:ae:60:30:a7:b4:5f:fb:0e:22:84:5f:fa:
                    c3:1c:6d:88:16:b5:1c:d9:c0:5d:23:20:fb:c5:15:
                    cc:41:ae:9e:b4:37:c3:67:af:b0:7b:90:ea:62:58:
                    3f:1d:15:f8:c6:4b:8d:05:2f:a6:af:85:6f:ae:0a:
                    c2:ea:c6:35:3c:96:d9:6f:8c:97:52:17:2d:a2:36:
                    2b:50:8c:63:b0:94:c3:39:1a:78:76:98:15:21:b1:
                    f0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:AF:E1:E0:7E:53:05:34:6D:31:CE:D2:3A:38:77:F7:68:E7:E4:50
            X509v3 Authority Key Identifier:
                keyid:96:0D:D7:CD:CE:58:8B:DA:A2:B7:A8:CB:05:6D:4D:B0:16:70:15:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/Ya_h4H5TBTRtMc7SOjh392jn5FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:80:60:fe:ff:af:11:90:f1:1c:a1:c2:a0:89:17:04:68:c2:
         d3:d3:97:9c:3f:eb:68:aa:2a:8b:5f:b3:4d:25:0a:12:65:cf:
         c8:61:ee:42:08:5c:66:b2:73:78:51:57:61:25:54:c5:29:59:
         6e:bd:17:19:b5:89:f9:7f:d2:1a:f1:70:42:fa:ed:20:d4:d2:
         94:ec:40:5e:ff:fd:5b:61:36:ad:aa:04:a8:d1:f5:28:8b:75:
         9e:4e:5a:4c:74:1c:20:5b:36:e8:eb:3f:c5:cb:9f:a5:8f:3d:
         3d:6f:01:3d:dc:32:78:d8:5f:7e:c6:fe:f4:56:c1:80:2b:6e:
         7e:c6:25:3a:d1:04:b2:57:5f:f6:1d:28:87:b9:0c:4d:e2:7a:
         07:28:6b:13:ba:3d:2e:34:35:4f:aa:36:64:a0:47:22:e0:5a:
         f2:a1:af:8a:d5:6d:57:63:fe:8d:eb:b6:a4:c2:ce:43:54:e9:
         39:4d:a4:7b:d0:19:69:90:b5:4f:01:ca:ff:8e:83:44:d2:d4:
         35:df:7d:eb:fd:56:7d:f4:e8:a7:79:5a:1d:8b:f2:4f:a4:da:
         ac:96:89:be:7b:22:31:86:2b:68:73:ed:30:0b:ac:1a:16:f6:
         7a:22:15:41:d4:38:eb:06:49:c9:04:fc:9b:ea:c8:40:c8:9d:
         6f:fd:fa:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvN4jbVppJz4GO0dmn/cDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MGRkN2NkY2U1ODhiZGFhMmI3YThjYjA1NmQ0ZGIwMTY3
MDE1MzIwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWFmZTFlMDdlNTMwNTM0NmQzMWNlZDIzYTM4NzdmNzY4ZTdlNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ZgHdjrJxkHeT+SV4XIl0Z1/QMqK
3pvrpQm9AzQbBTuLo1vhxf/jY/+27PC3H/wUUWVQCZM7ha6IYd0DQdLmYkOWj07u
lgNK9q2DTEiBGNVrtHUiRQAEDrIzoNdnnfYKpG2Hdfj5LsmhIP5KCQkB8sH0GLzz
QLCk78bLLuAexrPwJ0rd/JcXYtm8QG1bDIOxEmpsaioCE4PHldwx0V7QNXWnQep1
EUquYDCntF/7DiKEX/rDHG2IFrUc2cBdIyD7xRXMQa6etDfDZ6+we5DqYlg/HRX4
xkuNBS+mr4VvrgrC6sY1PJbZb4yXUhctojYrUIxjsJTDORp4dpgVIbHwNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGv4eB+UwU0bTHO0jo4d/do5+RQMB8GA1UdIwQY
MBaAFJYN183OWIvaoreoywVtTbAWcBUyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGczWHpjNVlpOXFpdDZqTEJXMU5zQlp3RlRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMzEyMzAtY2JkYy00MmMxLTg3MzIt
OTAyZmYxN2JjNDk0LzEvWWFfaDRINVRCVFJ0TWM3U09qaDM5MmpuNUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMzEyMzAtY2JkYy00MmMxLTg3MzItOTAyZmYxN2JjNDk0
LzEvbGczWHpjNVlpOXFpdDZqTEJXMU5zQlp3RlRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaSIMA0G
CSqGSIb3DQEBCwUAA4IBAQCdgGD+/68RkPEcocKgiRcEaMLT05ecP+toqiqLX7NN
JQoSZc/IYe5CCFxmsnN4UVdhJVTFKVluvRcZtYn5f9Ia8XBC+u0g1NKU7EBe//1b
YTatqgSo0fUoi3WeTlpMdBwgWzbo6z/Fy5+ljz09bwE93DJ42F9+xv70VsGAK25+
xiU60QSyV1/2HSiHuQxN4noHKGsTuj0uNDVPqjZkoEci4Fryoa+K1W1XY/6N67ak
ws5DVOk5TaR70BlpkLVPAcr/joNE0tQ1333r/VZ99OineVodi/JPpNqslom+eyIx
hitoc+0wC6waFvZ6IhVB1DjrBknJBPyb6shAyJ1v/fo5
-----END CERTIFICATE-----