Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Yj4VjdnvLX-HpSH1b0yBmCnALpA.roa
File:                     Yj4VjdnvLX-HpSH1b0yBmCnALpA.roa (raw, json)
Hash identifier:          gRDpBsfqHqCxCTTmO2xACHEsE0lRh8CjRcQe87u6Dig=
Subject key identifier:   62:3E:15:8D:D9:EF:2D:7F:87:A5:21:F5:6F:4C:81:98:29:C0:2E:90
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B7DC3C959C75800FD34DCA7BFB6CC
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Yj4VjdnvLX-HpSH1b0yBmCnALpA.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12912
IP address blocks:        85.202.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7d:c3:c9:59:c7:58:00:fd:34:dc:a7:bf:b6:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=623e158dd9ef2d7f87a521f56f4c819829c02e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:75:d0:8d:f2:37:db:0f:cc:76:81:e6:28:16:
                    e0:78:ac:94:82:a5:ac:6d:62:6d:82:1a:22:9e:e8:
                    ba:47:cd:50:37:ab:f3:aa:cf:6d:15:a6:63:14:6b:
                    5f:76:b3:cf:cd:d6:d8:dd:a4:9c:0f:53:10:b7:ea:
                    e8:28:da:59:51:9c:a7:91:43:f1:12:0c:31:1f:22:
                    f7:69:64:5d:2a:7f:94:65:32:79:d9:c9:e2:cf:94:
                    d3:c5:2c:cc:db:88:ab:f8:56:ff:71:14:37:4d:66:
                    f7:c8:f1:43:60:80:f2:ca:8e:20:8c:b1:8e:de:37:
                    04:c4:5b:bf:55:46:fb:8a:d0:3d:14:72:f5:8b:32:
                    fe:47:ca:dd:56:9c:4e:89:ed:a8:40:f8:b0:b8:6f:
                    28:d2:8b:cc:df:2a:e5:b9:3a:b0:9e:29:dc:27:f6:
                    a9:e7:83:b3:b0:58:e9:93:26:3a:ce:9b:e6:a6:1a:
                    fd:1d:f4:1b:d5:a6:04:f2:93:12:e2:a4:67:d3:ee:
                    af:fb:5e:f2:4f:a1:34:a4:90:43:99:aa:86:5c:78:
                    39:65:a8:ce:9f:0a:16:f8:ec:ef:6f:b6:90:ad:e0:
                    5c:05:11:45:63:53:0c:5a:cd:e3:9d:d2:93:e8:1b:
                    9a:27:89:59:fa:ff:a2:a4:c2:ef:38:f9:25:2f:df:
                    64:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3E:15:8D:D9:EF:2D:7F:87:A5:21:F5:6F:4C:81:98:29:C0:2E:90
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Yj4VjdnvLX-HpSH1b0yBmCnALpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:53:4f:e9:9c:60:1b:66:da:60:fe:73:92:1c:7c:e1:4c:07:
         5c:a9:05:80:fe:dc:55:85:84:53:3d:92:2e:84:25:75:f5:85:
         27:17:f7:86:66:eb:c9:03:4f:bb:aa:f8:6e:43:c3:70:6b:6e:
         ad:fb:03:47:b0:c8:68:77:c1:17:87:1e:e3:99:dc:83:09:36:
         ae:42:33:07:3b:61:01:cc:89:e0:8e:98:66:ac:80:f1:c9:55:
         79:86:68:7c:7e:d9:3b:e9:bf:a6:98:07:ad:cd:fa:bc:29:f0:
         03:19:15:50:b5:26:bf:a4:d5:93:10:f4:96:f9:98:7a:fd:29:
         3c:cd:16:16:50:74:8b:8a:ce:3a:85:b0:c3:48:50:85:ad:15:
         29:8a:84:33:00:be:04:63:1c:05:6a:84:d8:06:e3:43:80:e6:
         2c:d8:00:5d:48:8a:14:87:48:ab:d5:e8:b8:6e:b2:e5:95:c7:
         59:3d:a4:8f:27:43:7b:87:ba:fb:24:2b:04:21:42:b7:e8:05:
         6f:1e:64:15:f6:f2:40:7e:b7:7b:3d:66:db:12:84:6d:f5:1e:
         8d:3e:ac:e5:19:52:bd:5b:cc:2f:96:eb:6b:5f:b2:2b:8c:42:
         33:ae:12:16:39:d7:22:58:6c:6a:ea:c7:00:c7:11:91:fa:45:
         64:19:ac:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS33DyVnHWAD9NNynv7bMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNlMTU4ZGQ5ZWYyZDdmODdhNTIxZjU2ZjRjODE5ODI5YzAyZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnXQjfI32w/MdoHmKBbgeKyUgqWs
bWJtghoinui6R81QN6vzqs9tFaZjFGtfdrPPzdbY3aScD1MQt+roKNpZUZynkUPx
EgwxHyL3aWRdKn+UZTJ52cniz5TTxSzM24ir+Fb/cRQ3TWb3yPFDYIDyyo4gjLGO
3jcExFu/VUb7itA9FHL1izL+R8rdVpxOie2oQPiwuG8o0ovM3yrluTqwnincJ/ap
54OzsFjpkyY6zpvmphr9HfQb1aYE8pMS4qRn0+6v+17yT6E0pJBDmaqGXHg5ZajO
nwoW+Ozvb7aQreBcBRFFY1MMWs3jndKT6BuaJ4lZ+v+ipMLvOPklL99kWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGI+FY3Z7y1/h6Uh9W9MgZgpwC6QMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvWWo0VmpkbnZMWC1IcFNIMWIweUJtQ25BTHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVco4MA0G
CSqGSIb3DQEBCwUAA4IBAQB7U0/pnGAbZtpg/nOSHHzhTAdcqQWA/txVhYRTPZIu
hCV19YUnF/eGZuvJA0+7qvhuQ8Nwa26t+wNHsMhod8EXhx7jmdyDCTauQjMHO2EB
zIngjphmrIDxyVV5hmh8ftk76b+mmAetzfq8KfADGRVQtSa/pNWTEPSW+Zh6/Sk8
zRYWUHSLis46hbDDSFCFrRUpioQzAL4EYxwFaoTYBuNDgOYs2ABdSIoUh0ir1ei4
brLllcdZPaSPJ0N7h7r7JCsEIUK36AVvHmQV9vJAfrd7PWbbEoRt9R6NPqzlGVK9
W8wvlutrX7IrjEIzrhIWOdciWGxq6scAxxGR+kVkGawF
-----END CERTIFICATE-----