Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/yZMGc3yuztXTjkYBw5EjeNY07Zw.roa
File:                     yZMGc3yuztXTjkYBw5EjeNY07Zw.roa (raw, json)
Hash identifier:          rSv5YnAmktz1DEEeoQI6Mb4PPsb8RUJXHhb2XpoJsjE=
Subject key identifier:   C9:93:06:73:7C:AE:CE:D5:D3:8E:46:01:C3:91:23:78:D6:34:ED:9C
Certificate issuer:       /CN=8e5a36a38e9e562476ae70b915028e3018712919
Certificate serial:       018CCA2BD1416E376C44C772BEF59AE33726
Authority key identifier: 8E:5A:36:A3:8E:9E:56:24:76:AE:70:B9:15:02:8E:30:18:71:29:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jlo2o46eViR2rnC5FQKOMBhxKRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/yZMGc3yuztXTjkYBw5EjeNY07Zw.roa
Signing time:             Tue 02 Jan 2024 12:35:18 +0000
ROA not before:           Tue 02 Jan 2024 12:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207627
IP address blocks:        185.225.224.0/24 maxlen: 24
                          2a06:4740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/jlo2o46eViR2rnC5FQKOMBhxKRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/jlo2o46eViR2rnC5FQKOMBhxKRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jlo2o46eViR2rnC5FQKOMBhxKRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d1:41:6e:37:6c:44:c7:72:be:f5:9a:e3:37:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e5a36a38e9e562476ae70b915028e3018712919
        Validity
            Not Before: Jan  2 12:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c99306737caeced5d38e4601c3912378d634ed9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:aa:3d:fa:27:1f:14:74:0a:9e:66:4c:a1:9c:
                    2f:6c:ec:d5:43:6e:10:a1:ac:49:4a:c2:cf:d5:dd:
                    16:bf:8e:27:8d:d4:0e:7f:e9:2a:eb:74:65:63:ed:
                    2b:10:d1:13:6b:76:51:f7:09:9f:7f:f0:8a:7c:1e:
                    41:4e:63:3b:ae:3a:6e:fd:65:5e:86:3f:38:e0:ad:
                    ac:8b:0b:b3:1f:72:dc:8d:6d:f8:d1:c6:90:1e:21:
                    e8:f8:bf:fc:e1:e1:0f:f6:ee:66:5d:2d:8f:c1:3a:
                    da:70:31:ca:fc:39:bd:10:62:43:63:f9:9f:c0:2d:
                    95:82:f8:1c:77:f4:22:5f:98:2b:e8:e5:57:2f:10:
                    3f:2b:76:94:c2:b8:cf:7b:ca:53:d4:08:07:1e:7a:
                    d9:00:bc:30:51:5f:9c:17:7f:73:0c:8b:52:09:8f:
                    74:1a:aa:40:b1:5f:47:0c:9f:9c:c3:dd:d6:13:1a:
                    bf:76:08:62:4c:76:6c:57:e5:2c:55:e8:d1:df:a8:
                    1d:fe:a8:97:33:14:26:16:e2:3f:50:af:c2:89:86:
                    b3:bc:5f:5d:2f:40:d8:1c:df:56:39:1c:ba:16:6e:
                    39:fd:af:84:d2:b3:00:7b:56:1f:04:29:60:d7:01:
                    8b:d5:70:a8:74:6a:34:bc:c5:9e:f1:ce:6f:72:96:
                    18:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:93:06:73:7C:AE:CE:D5:D3:8E:46:01:C3:91:23:78:D6:34:ED:9C
            X509v3 Authority Key Identifier:
                keyid:8E:5A:36:A3:8E:9E:56:24:76:AE:70:B9:15:02:8E:30:18:71:29:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jlo2o46eViR2rnC5FQKOMBhxKRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/yZMGc3yuztXTjkYBw5EjeNY07Zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/jlo2o46eViR2rnC5FQKOMBhxKRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.224.0/24
                IPv6:
                  2a06:4740::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:bf:77:c6:60:fc:b1:d7:7c:23:01:63:d2:b0:a8:93:35:d5:
         8b:2b:27:79:0d:9b:22:05:d8:2a:b4:6c:95:65:c1:c5:48:e8:
         1c:65:60:27:4d:60:13:84:bc:56:74:02:7f:61:ad:03:79:2a:
         ad:1b:58:45:17:54:bb:46:7f:f5:9c:e4:3d:b7:cd:3f:40:c4:
         44:d8:92:42:bb:b2:33:16:a1:24:8e:e3:33:39:60:ab:20:b9:
         86:54:38:79:0a:27:7a:7b:32:95:c9:62:5e:ca:8b:97:f6:82:
         f5:60:14:35:7c:ba:d7:90:2b:35:94:46:eb:f0:af:d6:9b:63:
         16:f6:02:c6:ee:ee:ec:43:56:29:5c:9c:46:0b:e2:e9:ad:5d:
         d2:68:f3:b1:77:12:a0:68:41:57:45:55:9d:52:a1:0d:3c:a6:
         f5:e8:ce:5d:6e:e4:b4:a2:77:bd:97:d5:d0:6c:a9:d1:27:b5:
         37:3e:7d:4f:d8:e6:51:ca:a3:86:2f:c8:09:2c:17:ff:67:e6:
         ad:3d:96:f7:32:12:33:74:84:df:4b:75:cd:81:a4:53:05:5b:
         80:f4:88:29:90:d5:05:65:03:79:eb:1a:c6:bd:88:25:7a:49:
         d7:dd:58:93:37:d8:7e:30:b7:c7:f4:b7:d9:5a:fc:7f:3d:73:
         27:45:b0:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK9FBbjdsRMdyvvWa4zcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNWEzNmEzOGU5ZTU2MjQ3NmFlNzBiOTE1MDI4ZTMwMTg3
MTI5MTkwHhcNMjQwMTAyMTIzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkzMDY3MzdjYWVjZWQ1ZDM4ZTQ2MDFjMzkxMjM3OGQ2MzRlZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhao9+icfFHQKnmZMoZwvbOzVQ24Q
oaxJSsLP1d0Wv44njdQOf+kq63RlY+0rENETa3ZR9wmff/CKfB5BTmM7rjpu/WVe
hj844K2siwuzH3LcjW340caQHiHo+L/84eEP9u5mXS2PwTracDHK/Dm9EGJDY/mf
wC2Vgvgcd/QiX5gr6OVXLxA/K3aUwrjPe8pT1AgHHnrZALwwUV+cF39zDItSCY90
GqpAsV9HDJ+cw93WExq/dghiTHZsV+UsVejR36gd/qiXMxQmFuI/UK/CiYazvF9d
L0DYHN9WORy6Fm45/a+E0rMAe1YfBClg1wGL1XCodGo0vMWe8c5vcpYYFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMmTBnN8rs7V045GAcORI3jWNO2cMB8GA1UdIwQY
MBaAFI5aNqOOnlYkdq5wuRUCjjAYcSkZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamxvMm80NmVWaVIycm5DNUZRS09NQmh4S1JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83YjI1NjctZGJhZi00NmQzLThjMDEt
ZGYwZTYxOWEwYjgyLzEveVpNR2MzeXV6dFhUamtZQnc1RWplTlkwN1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83YjI1NjctZGJhZi00NmQzLThjMDEtZGYwZTYxOWEwYjgy
LzEvamxvMm80NmVWaVIycm5DNUZRS09NQmh4S1JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueHgMA0E
AgACMAcDBQMqBkdAMA0GCSqGSIb3DQEBCwUAA4IBAQAYv3fGYPyx13wjAWPSsKiT
NdWLKyd5DZsiBdgqtGyVZcHFSOgcZWAnTWAThLxWdAJ/Ya0DeSqtG1hFF1S7Rn/1
nOQ9t80/QMRE2JJCu7IzFqEkjuMzOWCrILmGVDh5Cid6ezKVyWJeyouX9oL1YBQ1
fLrXkCs1lEbr8K/Wm2MW9gLG7u7sQ1YpXJxGC+LprV3SaPOxdxKgaEFXRVWdUqEN
PKb16M5dbuS0one9l9XQbKnRJ7U3Pn1P2OZRyqOGL8gJLBf/Z+atPZb3MhIzdITf
S3XNgaRTBVuA9IgpkNUFZQN56xrGvYgleknX3ViTN9h+MLfH9LfZWvx/PXMnRbAh
-----END CERTIFICATE-----