Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/Y5-S_iv_vWih2EkktvAzz97lx9M.roa
File:                     Y5-S_iv_vWih2EkktvAzz97lx9M.roa (raw, json)
Hash identifier:          88RdgFbQsVzlFI0SanuOyFYZG4AX5lcJ2GLcEPMs9Pc=
Subject key identifier:   63:9F:92:FE:2B:FF:BD:68:A1:D8:49:24:B6:F0:33:CF:DE:E5:C7:D3
Certificate issuer:       /CN=d2a4452602c9df977c9d5dd8dc13b6661df40136
Certificate serial:       018CC794351F7332D12576FC4BF9059D5908
Authority key identifier: D2:A4:45:26:02:C9:DF:97:7C:9D:5D:D8:DC:13:B6:66:1D:F4:01:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/Y5-S_iv_vWih2EkktvAzz97lx9M.roa
Signing time:             Tue 02 Jan 2024 00:30:28 +0000
ROA not before:           Tue 02 Jan 2024 00:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21448
IP address blocks:        194.28.136.0/22 maxlen: 24
                          195.69.92.0/22 maxlen: 24
                          193.110.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:35:1f:73:32:d1:25:76:fc:4b:f9:05:9d:59:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2a4452602c9df977c9d5dd8dc13b6661df40136
        Validity
            Not Before: Jan  2 00:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=639f92fe2bffbd68a1d84924b6f033cfdee5c7d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:30:1c:2b:49:08:0e:d6:61:82:51:48:54:6b:
                    ad:89:f0:01:a8:b1:94:43:48:cc:f1:7e:18:d2:78:
                    cd:b9:ef:89:05:9b:8d:de:ec:ac:5d:11:9f:72:e6:
                    74:37:f0:e0:a3:f4:fd:41:6c:9a:9c:72:f8:c2:7a:
                    27:34:49:06:5c:56:2d:83:82:24:41:8d:76:7d:c8:
                    13:23:95:28:e3:87:84:2f:f7:55:84:6c:dd:b7:6a:
                    5d:e6:38:c2:5c:02:55:2a:10:39:da:4f:f9:78:32:
                    a0:7a:02:29:91:fe:c5:a2:51:60:fb:e3:18:e4:ba:
                    3e:f7:56:7f:9b:32:04:29:00:04:30:fc:88:9a:2b:
                    17:f6:52:f4:a9:c6:3f:67:e2:e1:d2:ab:93:08:6b:
                    4b:3f:c8:7c:f9:e4:d3:d9:39:3d:eb:da:9d:e4:32:
                    09:8d:e7:5c:71:58:83:58:8d:7e:97:1a:69:5b:7a:
                    64:e4:22:55:e3:00:40:67:59:05:f2:66:66:e0:ea:
                    c1:bc:86:d8:37:56:6b:01:60:ad:69:7f:5c:5f:5f:
                    21:70:d6:16:e4:1c:d2:50:9d:46:7d:df:06:2e:9f:
                    2b:7f:91:88:63:d0:66:b2:65:78:af:02:16:ef:ac:
                    55:81:ec:ec:c0:f8:04:24:bb:7f:75:f8:7b:15:58:
                    11:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:9F:92:FE:2B:FF:BD:68:A1:D8:49:24:B6:F0:33:CF:DE:E5:C7:D3
            X509v3 Authority Key Identifier:
                keyid:D2:A4:45:26:02:C9:DF:97:7C:9D:5D:D8:DC:13:B6:66:1D:F4:01:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/Y5-S_iv_vWih2EkktvAzz97lx9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.88.0/24
                  194.28.136.0/22
                  195.69.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:57:de:83:5a:6c:ca:47:1d:ce:de:51:7d:40:10:f2:5f:95:
         fb:10:88:bb:5d:d5:ef:cd:4b:8a:38:70:5d:46:91:50:92:fb:
         12:99:0a:4f:71:1a:40:d4:c6:fe:d3:7b:ff:6f:64:e2:f2:2e:
         5d:2b:81:9c:84:62:dc:42:cf:61:38:3f:54:ec:d5:5c:c2:7e:
         48:ae:4e:ed:16:8b:3a:10:de:24:bf:8d:b4:c6:7d:10:ea:5d:
         37:d5:cc:ca:bc:99:82:67:36:4b:47:7a:a6:96:c9:3a:27:94:
         5e:63:2e:25:cb:3e:f3:9c:60:8f:c3:d2:9b:8c:01:0b:76:15:
         7c:c1:95:bd:27:11:34:76:e3:17:53:e4:59:51:9c:dc:e9:97:
         f6:b1:03:8b:94:36:88:1d:1a:8a:c7:f0:fb:c8:24:40:a3:8a:
         5c:2e:86:3a:18:3f:1c:72:7c:e3:6f:10:11:f7:c3:d6:58:77:
         82:0b:84:f2:a0:47:2c:64:c6:e3:f8:78:d0:1a:73:bf:2e:b2:
         67:87:66:bc:09:c6:0f:35:0b:f5:10:5e:db:80:da:b3:57:7e:
         5d:16:3f:3b:a9:1d:f5:26:33:58:79:43:40:d2:2b:36:1a:5f:
         e0:84:46:12:02:85:fb:33:f2:10:31:1b:ac:7a:07:d7:27:b1:
         62:40:d1:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlDUfczLRJXb8S/kFnVkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYTQ0NTI2MDJjOWRmOTc3YzlkNWRkOGRjMTNiNjY2MWRm
NDAxMzYwHhcNMjQwMTAyMDAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzlmOTJmZTJiZmZiZDY4YTFkODQ5MjRiNmYwMzNjZmRlZTVjN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDAcK0kIDtZhglFIVGutifABqLGU
Q0jM8X4Y0njNue+JBZuN3uysXRGfcuZ0N/Dgo/T9QWyanHL4wnonNEkGXFYtg4Ik
QY12fcgTI5Uo44eEL/dVhGzdt2pd5jjCXAJVKhA52k/5eDKgegIpkf7FolFg++MY
5Lo+91Z/mzIEKQAEMPyImisX9lL0qcY/Z+Lh0quTCGtLP8h8+eTT2Tk969qd5DIJ
jedccViDWI1+lxppW3pk5CJV4wBAZ1kF8mZm4OrBvIbYN1ZrAWCtaX9cX18hcNYW
5BzSUJ1Gfd8GLp8rf5GIY9BmsmV4rwIW76xVgezswPgEJLt/dfh7FVgR9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGOfkv4r/71oodhJJLbwM8/e5cfTMB8GA1UdIwQY
MBaAFNKkRSYCyd+XfJ1d2NwTtmYd9AE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHFSRkpnTEozNWQ4blYzWTNCTzJaaDMwQVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kNWZkOTktOGFlMC00YWUwLWI2YjQt
ZmU3NGVmN2FhYzk1LzEvWTUtU19pdl92V2loMkVra3R2QXp6OTdseDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kNWZkOTktOGFlMC00YWUwLWI2YjQtZmU3NGVmN2FhYzk1
LzEvMHFSRkpnTEozNWQ4blYzWTNCTzJaaDMwQVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwW5YAwQC
whyIAwQCw0VcMA0GCSqGSIb3DQEBCwUAA4IBAQAAV96DWmzKRx3O3lF9QBDyX5X7
EIi7XdXvzUuKOHBdRpFQkvsSmQpPcRpA1Mb+03v/b2Ti8i5dK4GchGLcQs9hOD9U
7NVcwn5Irk7tFos6EN4kv420xn0Q6l031czKvJmCZzZLR3qmlsk6J5ReYy4lyz7z
nGCPw9KbjAELdhV8wZW9JxE0duMXU+RZUZzc6Zf2sQOLlDaIHRqKx/D7yCRAo4pc
LoY6GD8ccnzjbxAR98PWWHeCC4TyoEcsZMbj+HjQGnO/LrJnh2a8CcYPNQv1EF7b
gNqzV35dFj87qR31JjNYeUNA0is2Gl/ghEYSAoX7M/IQMRusegfXJ7FiQNHs
-----END CERTIFICATE-----