Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/a56b2d-f795-495d-9c48-6f67b647722d/1/ysz3YgjIEZM8fKVdry7QzMwNpzI.roa
File:                     ysz3YgjIEZM8fKVdry7QzMwNpzI.roa (raw, json)
Hash identifier:          se2lJ2SKiakOXOJEGAvWw9rRP13DyweFM9UGug5+jGM=
Subject key identifier:   CA:CC:F7:62:08:C8:11:93:3C:7C:A5:5D:AF:2E:D0:CC:CC:0D:A7:32
Certificate issuer:       /CN=b8fada87a76f29f82e25a3179e7a38cf0c6b0300
Certificate serial:       018CC8DF156A6399D2AF81F955235821F6B5
Authority key identifier: B8:FA:DA:87:A7:6F:29:F8:2E:25:A3:17:9E:7A:38:CF:0C:6B:03:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uPrah6dvKfguJaMXnno4zwxrAwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/a56b2d-f795-495d-9c48-6f67b647722d/1/ysz3YgjIEZM8fKVdry7QzMwNpzI.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207271
IP address blocks:        192.145.60.0/22 maxlen: 24
                          2a10:a40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/a56b2d-f795-495d-9c48-6f67b647722d/1/uPrah6dvKfguJaMXnno4zwxrAwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/a56b2d-f795-495d-9c48-6f67b647722d/1/uPrah6dvKfguJaMXnno4zwxrAwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uPrah6dvKfguJaMXnno4zwxrAwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:15:6a:63:99:d2:af:81:f9:55:23:58:21:f6:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8fada87a76f29f82e25a3179e7a38cf0c6b0300
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caccf76208c811933c7ca55daf2ed0cccc0da732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:67:94:fe:41:d8:e3:38:1e:4d:f6:92:9e:80:
                    17:ee:0e:0a:3b:69:ab:89:11:f8:4f:b5:39:c7:e5:
                    1e:cd:ef:17:3a:fc:b7:88:82:57:56:1f:f2:39:d8:
                    c8:22:55:e2:6e:3e:95:d6:97:0d:ce:1f:17:e1:f0:
                    31:fb:98:6b:90:01:e5:9e:46:a5:63:1e:4e:17:dd:
                    5a:af:0d:59:76:7e:44:3b:1a:4c:07:c5:c8:3b:30:
                    d3:8d:1b:0f:32:8e:98:e5:68:d8:9f:3b:b8:bb:41:
                    1d:81:2a:ab:4c:bc:ba:f4:53:57:f0:c5:d4:f2:20:
                    35:9e:c0:1b:f0:8a:f8:4e:d3:56:8e:a7:1a:a6:47:
                    d4:c6:b6:db:96:03:0b:a6:98:92:1a:2e:98:8c:37:
                    2a:83:bf:6f:e5:97:95:fc:63:75:dc:f9:97:f0:b5:
                    32:55:a4:3e:72:f9:4e:c0:90:3d:e6:d9:3f:47:d8:
                    c6:e5:5f:2a:04:46:3c:75:74:d1:73:d3:cb:33:18:
                    87:a4:96:44:18:b5:13:6e:77:fd:b0:d9:8d:bf:8c:
                    3c:de:dd:af:e3:4b:bb:5c:8f:fe:90:c7:35:bf:fb:
                    50:dd:61:59:10:ca:55:3a:cf:8b:f7:42:95:1f:2d:
                    bd:ab:6c:31:54:89:4d:36:70:0c:7f:de:ad:fe:21:
                    ba:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CC:F7:62:08:C8:11:93:3C:7C:A5:5D:AF:2E:D0:CC:CC:0D:A7:32
            X509v3 Authority Key Identifier:
                keyid:B8:FA:DA:87:A7:6F:29:F8:2E:25:A3:17:9E:7A:38:CF:0C:6B:03:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uPrah6dvKfguJaMXnno4zwxrAwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a56b2d-f795-495d-9c48-6f67b647722d/1/ysz3YgjIEZM8fKVdry7QzMwNpzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a56b2d-f795-495d-9c48-6f67b647722d/1/uPrah6dvKfguJaMXnno4zwxrAwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.60.0/22
                IPv6:
                  2a10:a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:5e:2d:95:ba:8b:fc:cc:d6:31:32:30:f9:54:78:58:d2:9b:
         f3:ac:4e:ac:b6:2c:48:51:2b:98:2a:99:93:31:9b:4e:a3:32:
         9e:87:c3:e2:aa:75:49:27:50:56:89:5b:56:76:81:c9:65:ff:
         57:00:56:57:6e:17:a6:32:0f:dc:a6:67:2c:75:4c:17:87:72:
         b8:a8:71:1e:05:c9:af:45:14:65:f7:43:d2:65:e7:d1:8b:58:
         3e:47:f9:92:68:08:08:11:bf:1c:6c:62:e4:1d:fd:af:ef:a9:
         82:27:44:15:ad:eb:c0:aa:dd:91:22:96:c8:c2:f8:ca:bc:4c:
         09:e6:2f:10:33:5a:79:4b:de:73:de:ce:e4:07:97:9c:c6:f9:
         96:4b:e3:28:ed:71:17:a8:80:ee:21:33:9e:0f:bf:20:6a:82:
         32:9e:14:d5:60:1d:d9:01:b1:49:87:3b:cd:2f:40:be:92:40:
         44:cf:df:d8:fa:6b:96:23:1e:eb:fc:c8:5d:4a:b6:20:a0:d4:
         83:6d:56:d8:e0:5c:16:33:91:fb:2d:c4:c6:a0:85:df:ff:7d:
         b1:fe:26:4d:75:ec:9a:5d:5e:31:a9:09:1b:89:79:f5:11:4d:
         47:54:8f:91:9d:a7:fe:cc:e4:1e:46:76:47:f6:ce:c2:7c:0d:
         5e:b3:71:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3xVqY5nSr4H5VSNYIfa1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZmFkYTg3YTc2ZjI5ZjgyZTI1YTMxNzllN2EzOGNmMGM2
YjAzMDAwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWNjZjc2MjA4YzgxMTkzM2M3Y2E1NWRhZjJlZDBjY2NjMGRhNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWeU/kHY4zgeTfaSnoAX7g4KO2mr
iRH4T7U5x+Ueze8XOvy3iIJXVh/yOdjIIlXibj6V1pcNzh8X4fAx+5hrkAHlnkal
Yx5OF91arw1Zdn5EOxpMB8XIOzDTjRsPMo6Y5WjYnzu4u0EdgSqrTLy69FNX8MXU
8iA1nsAb8Ir4TtNWjqcapkfUxrbblgMLppiSGi6YjDcqg79v5ZeV/GN13PmX8LUy
VaQ+cvlOwJA95tk/R9jG5V8qBEY8dXTRc9PLMxiHpJZEGLUTbnf9sNmNv4w83t2v
40u7XI/+kMc1v/tQ3WFZEMpVOs+L90KVHy29q2wxVIlNNnAMf96t/iG6+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMrM92IIyBGTPHylXa8u0MzMDacyMB8GA1UdIwQY
MBaAFLj62oenbyn4LiWjF556OM8MawMAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVByYWg2ZHZLZmd1SmFNWG5ubzR6d3hyQXdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9hNTZiMmQtZjc5NS00OTVkLTljNDgt
NmY2N2I2NDc3MjJkLzEveXN6M1lnaklFWk04ZktWZHJ5N1F6TXdOcHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9hNTZiMmQtZjc5NS00OTVkLTljNDgtNmY2N2I2NDc3MjJk
LzEvdVByYWg2ZHZLZmd1SmFNWG5ubzR6d3hyQXdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwJE8MA0E
AgACMAcDBQAqEApAMA0GCSqGSIb3DQEBCwUAA4IBAQArXi2Vuov8zNYxMjD5VHhY
0pvzrE6stixIUSuYKpmTMZtOozKeh8PiqnVJJ1BWiVtWdoHJZf9XAFZXbhemMg/c
pmcsdUwXh3K4qHEeBcmvRRRl90PSZefRi1g+R/mSaAgIEb8cbGLkHf2v76mCJ0QV
revAqt2RIpbIwvjKvEwJ5i8QM1p5S95z3s7kB5ecxvmWS+Mo7XEXqIDuITOeD78g
aoIynhTVYB3ZAbFJhzvNL0C+kkBEz9/Y+muWIx7r/MhdSrYgoNSDbVbY4FwWM5H7
LcTGoIXf/32x/iZNdeyaXV4xqQkbiXn1EU1HVI+Rnaf+zOQeRnZH9s7CfA1es3G3
-----END CERTIFICATE-----