Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/YJ2L5D_sPnBdsTpNEkXxwHUYKwo.roa
File:                     YJ2L5D_sPnBdsTpNEkXxwHUYKwo.roa (raw, json)
Hash identifier:          G4cNioErTsb/zdUn/WesPmmeW+Z3YpAPoZAgTyip23k=
Subject key identifier:   60:9D:8B:E4:3F:EC:3E:70:5D:B1:3A:4D:12:45:F1:C0:75:18:2B:0A
Certificate issuer:       /CN=bc063d650534aa9f06931fd8ed6e0bb276ebd3bf
Certificate serial:       018CC794827F0CD4BD192831F6B14BE39195
Authority key identifier: BC:06:3D:65:05:34:AA:9F:06:93:1F:D8:ED:6E:0B:B2:76:EB:D3:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/YJ2L5D_sPnBdsTpNEkXxwHUYKwo.roa
Signing time:             Tue 02 Jan 2024 00:30:47 +0000
ROA not before:           Tue 02 Jan 2024 00:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35349
IP address blocks:        185.239.248.0/22 maxlen: 22
                          2a0c:6780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:82:7f:0c:d4:bd:19:28:31:f6:b1:4b:e3:91:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc063d650534aa9f06931fd8ed6e0bb276ebd3bf
        Validity
            Not Before: Jan  2 00:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=609d8be43fec3e705db13a4d1245f1c075182b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2a:c0:ab:02:ff:ae:45:ab:74:14:9e:4f:5e:
                    34:38:62:21:37:1c:60:ca:b5:7e:86:99:be:86:c3:
                    86:9d:57:88:1e:0b:8b:46:ff:60:e3:f8:da:98:86:
                    ac:32:c3:83:be:3b:0c:44:a8:9b:67:6b:18:44:86:
                    7f:17:c8:2e:39:8e:2a:1b:c4:7d:02:38:ec:4c:4c:
                    fa:fd:09:65:43:89:ea:21:47:02:f1:23:ca:70:28:
                    13:fe:7c:5f:f6:ae:d5:fa:25:2a:54:5b:83:0f:6d:
                    cf:c1:d6:80:14:43:cb:08:09:8b:31:58:03:57:29:
                    de:74:ce:c8:12:bb:01:3c:75:b8:e9:2a:9f:06:5c:
                    89:00:85:eb:03:7e:81:8a:46:aa:7d:3f:72:e0:8d:
                    16:00:8d:f1:97:49:23:d6:f2:16:9a:dd:38:ef:a4:
                    11:3a:e5:a0:4b:65:fc:e7:99:47:e9:0f:97:80:5b:
                    d5:91:84:ff:8c:51:29:2b:bb:08:37:f9:af:c7:3b:
                    5e:28:f3:c2:b6:fd:73:e8:35:29:ff:70:a8:1a:57:
                    79:6d:a2:e8:3e:41:f5:d6:54:39:af:d2:71:03:75:
                    5b:fd:16:37:b3:be:09:29:a8:d2:c1:84:7f:83:92:
                    ab:6c:ab:a1:a2:be:04:7f:7e:7f:bb:83:d3:38:3b:
                    c2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9D:8B:E4:3F:EC:3E:70:5D:B1:3A:4D:12:45:F1:C0:75:18:2B:0A
            X509v3 Authority Key Identifier:
                keyid:BC:06:3D:65:05:34:AA:9F:06:93:1F:D8:ED:6E:0B:B2:76:EB:D3:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/YJ2L5D_sPnBdsTpNEkXxwHUYKwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.248.0/22
                IPv6:
                  2a0c:6780::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:97:24:be:29:6a:cc:52:2c:fe:95:4e:7f:d6:d3:cf:47:75:
         e8:59:8b:30:63:cb:6f:67:92:e0:ae:d3:31:27:71:57:b0:ed:
         cd:9d:ac:b3:09:0b:cc:4a:d9:e3:48:13:d4:57:55:d0:cb:e0:
         10:d5:ad:c1:f9:d9:92:9d:30:29:43:d4:3b:17:74:cd:3a:08:
         c1:c7:83:db:79:cc:31:1d:cc:70:d5:cd:74:2e:ac:2e:86:0f:
         fc:a6:c7:79:15:6c:d5:99:61:65:9b:bb:3d:0a:ce:33:1c:e7:
         c3:b1:0b:ff:89:69:ae:f0:c4:56:de:d9:ca:09:58:8d:64:93:
         42:6f:9f:84:55:2c:18:43:e3:83:12:2c:c4:93:51:61:2a:00:
         15:7e:e0:b5:5d:5d:80:8f:8e:a9:31:4b:39:3c:ac:32:23:29:
         51:cf:59:24:c7:55:fd:e8:c6:af:22:fd:7e:4d:ed:5b:09:ca:
         67:32:4c:c0:77:00:1a:5e:34:ae:a3:fc:f0:41:e2:1a:ba:68:
         64:3f:ab:98:f8:19:fd:e0:fd:58:d0:b9:fa:d1:d2:a6:49:4c:
         d3:ed:1d:8b:f7:0a:3c:b1:3b:e4:27:77:21:7d:ed:51:0c:8c:
         26:0c:f0:97:be:4e:ef:7b:55:b6:56:75:6c:7e:cc:36:35:64:
         de:27:94:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlIJ/DNS9GSgx9rFL45GVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMDYzZDY1MDUzNGFhOWYwNjkzMWZkOGVkNmUwYmIyNzZl
YmQzYmYwHhcNMjQwMTAyMDAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDlkOGJlNDNmZWMzZTcwNWRiMTNhNGQxMjQ1ZjFjMDc1MTgyYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSrAqwL/rkWrdBSeT140OGIhNxxg
yrV+hpm+hsOGnVeIHguLRv9g4/jamIasMsODvjsMRKibZ2sYRIZ/F8guOY4qG8R9
AjjsTEz6/QllQ4nqIUcC8SPKcCgT/nxf9q7V+iUqVFuDD23PwdaAFEPLCAmLMVgD
VynedM7IErsBPHW46SqfBlyJAIXrA36BikaqfT9y4I0WAI3xl0kj1vIWmt0476QR
OuWgS2X855lH6Q+XgFvVkYT/jFEpK7sIN/mvxzteKPPCtv1z6DUp/3CoGld5baLo
PkH11lQ5r9JxA3Vb/RY3s74JKajSwYR/g5KrbKuhor4Ef35/u4PTODvC2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGCdi+Q/7D5wXbE6TRJF8cB1GCsKMB8GA1UdIwQY
MBaAFLwGPWUFNKqfBpMf2O1uC7J269O/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkFZOVpRVTBxcDhHa3hfWTdXNExzbmJyMDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xNzk0ZTgtODk5OC00NTE0LWI3ZTEt
MjE2ZDI4OWYxNzY0LzEvWUoyTDVEX3NQbkJkc1RwTkVrWHh3SFVZS3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xNzk0ZTgtODk5OC00NTE0LWI3ZTEtMjE2ZDI4OWYxNzY0
LzEvdkFZOVpRVTBxcDhHa3hfWTdXNExzbmJyMDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCue/4MA0E
AgACMAcDBQMqDGeAMA0GCSqGSIb3DQEBCwUAA4IBAQB9lyS+KWrMUiz+lU5/1tPP
R3XoWYswY8tvZ5LgrtMxJ3FXsO3NnayzCQvMStnjSBPUV1XQy+AQ1a3B+dmSnTAp
Q9Q7F3TNOgjBx4PbecwxHcxw1c10Lqwuhg/8psd5FWzVmWFlm7s9Cs4zHOfDsQv/
iWmu8MRW3tnKCViNZJNCb5+EVSwYQ+ODEizEk1FhKgAVfuC1XV2Aj46pMUs5PKwy
IylRz1kkx1X96MavIv1+Te1bCcpnMkzAdwAaXjSuo/zwQeIaumhkP6uY+Bn94P1Y
0Ln60dKmSUzT7R2L9wo8sTvkJ3chfe1RDIwmDPCXvk7ve1W2VnVsfsw2NWTeJ5Ss
-----END CERTIFICATE-----