Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/y40D-F2_hQKra6AOcaeeXQ4Vm2g.roa
File:                     y40D-F2_hQKra6AOcaeeXQ4Vm2g.roa (raw, json)
Hash identifier:          BmyWA0Uk5Wo5OXIfiobCi0DSTidVsnbEiED4tHpeUlc=
Subject key identifier:   CB:8D:03:F8:5D:BF:85:02:AB:6B:A0:0E:71:A7:9E:5D:0E:15:9B:68
Certificate issuer:       /CN=61b866e323382caea961e7d2423e53cab5099131
Certificate serial:       018CC86F3E3BBA5C408742470051A3552AC1
Authority key identifier: 61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/y40D-F2_hQKra6AOcaeeXQ4Vm2g.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200741
IP address blocks:        185.33.14.0/24 maxlen: 24
                          185.33.13.0/24 maxlen: 24
                          185.33.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3e:3b:ba:5c:40:87:42:47:00:51:a3:55:2a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b866e323382caea961e7d2423e53cab5099131
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb8d03f85dbf8502ab6ba00e71a79e5d0e159b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c6:e4:9d:0f:ed:b8:56:00:d3:55:03:90:67:
                    75:bf:d2:31:12:b0:ce:7c:65:6a:6e:fe:39:62:8f:
                    eb:cd:63:fe:5b:db:18:2b:bc:b1:be:8b:78:4f:b1:
                    4f:98:5d:3b:f1:80:d1:b1:de:8c:63:5e:79:e2:4d:
                    28:d4:45:79:ef:11:d6:c9:c9:3b:99:6c:b5:33:97:
                    8d:cb:bb:ab:e2:c1:4e:3c:0f:6e:04:9c:13:b1:21:
                    eb:00:11:ee:c0:e2:c5:c8:c4:32:65:75:08:da:7d:
                    09:bc:2b:c6:1e:40:9c:95:46:4d:d7:6a:b1:fc:04:
                    42:be:ea:00:ef:a9:06:c0:03:69:7b:95:a3:82:1c:
                    e2:9a:ea:4e:c1:c1:12:ee:cc:a3:fb:c5:cc:56:bb:
                    91:a9:4c:df:78:77:e9:14:d1:9b:6e:29:d9:86:c1:
                    10:da:0e:49:09:f9:37:27:a1:42:3b:1e:94:d6:68:
                    2c:38:af:4b:c2:d7:c6:d2:fe:39:c6:4d:5d:18:43:
                    90:ed:e4:a7:eb:31:a8:ca:e0:85:83:15:6e:f3:ea:
                    80:df:ba:09:fd:c5:db:22:9b:42:8a:1a:b4:cf:ef:
                    26:46:43:ac:60:64:51:5d:89:85:68:bf:6f:1b:54:
                    4d:27:12:c3:81:ff:46:27:6b:46:58:df:93:6b:1d:
                    25:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:8D:03:F8:5D:BF:85:02:AB:6B:A0:0E:71:A7:9E:5D:0E:15:9B:68
            X509v3 Authority Key Identifier:
                keyid:61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/y40D-F2_hQKra6AOcaeeXQ4Vm2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.13.0-185.33.15.255

    Signature Algorithm: sha256WithRSAEncryption
         4f:43:89:e3:5b:7e:ff:c0:68:70:7b:91:d8:e0:f8:04:f7:55:
         59:43:c3:e7:5e:f8:f4:60:92:48:ba:71:61:9f:10:6d:b8:f3:
         a8:c6:ab:08:99:fd:2e:36:6d:c4:7c:42:c7:dc:38:99:ff:6f:
         d3:b2:19:2b:c1:fb:9f:87:27:f8:88:3a:a8:55:09:b7:66:05:
         80:ad:b3:91:bd:f6:5d:40:fc:a8:4a:0e:e7:47:70:77:be:ea:
         64:09:96:77:c9:8a:21:d9:8c:0c:ae:a0:f2:a3:51:85:eb:f9:
         b1:7b:1b:6e:69:26:0d:d2:31:f2:56:d8:17:50:94:39:36:b3:
         0e:5c:f5:c4:9a:87:73:98:35:e3:0a:83:69:5d:85:9d:41:e5:
         47:2b:a7:52:bc:07:f5:98:75:a3:da:36:7e:82:67:ba:47:1d:
         aa:44:ae:78:8d:03:04:49:0f:bb:8b:17:ff:6c:cb:ea:2b:c7:
         4a:7f:a6:eb:a4:60:88:b6:42:ec:4a:f2:fa:18:65:53:e5:5c:
         9e:96:6b:79:c8:05:fd:55:28:52:fe:48:22:df:e0:d0:78:bc:
         e8:ef:27:a1:ab:1d:88:13:d9:b7:68:1c:54:68:e5:c6:8f:f6:
         4c:f8:f0:57:ca:00:96:ae:c4:a1:22:96:e6:71:ee:05:68:17:
         4c:ad:51:19
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIbz47ulxAh0JHAFGjVSrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjg2NmUzMjMzODJjYWVhOTYxZTdkMjQyM2U1M2NhYjUw
OTkxMzEwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjhkMDNmODVkYmY4NTAyYWI2YmEwMGU3MWE3OWU1ZDBlMTU5YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8bknQ/tuFYA01UDkGd1v9IxErDO
fGVqbv45Yo/rzWP+W9sYK7yxvot4T7FPmF078YDRsd6MY1554k0o1EV57xHWyck7
mWy1M5eNy7ur4sFOPA9uBJwTsSHrABHuwOLFyMQyZXUI2n0JvCvGHkCclUZN12qx
/ARCvuoA76kGwANpe5WjghzimupOwcES7syj+8XMVruRqUzfeHfpFNGbbinZhsEQ
2g5JCfk3J6FCOx6U1mgsOK9LwtfG0v45xk1dGEOQ7eSn6zGoyuCFgxVu8+qA37oJ
/cXbIptCihq0z+8mRkOsYGRRXYmFaL9vG1RNJxLDgf9GJ2tGWN+Tax0luwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMuNA/hdv4UCq2ugDnGnnl0OFZtoMB8GA1UdIwQY
MBaAFGG4ZuMjOCyuqWHn0kI+U8q1CZExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEt
ZDkyZTY4ZGZmZmU0LzEveTQwRC1GMl9oUUtyYTZBT2NhZWVYUTRWbTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEtZDkyZTY4ZGZmZmU0
LzEvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IQ0D
BAS5IQAwDQYJKoZIhvcNAQELBQADggEBAE9DieNbfv/AaHB7kdjg+AT3VVlDw+de
+PRgkki6cWGfEG2486jGqwiZ/S42bcR8QsfcOJn/b9OyGSvB+5+HJ/iIOqhVCbdm
BYCts5G99l1A/KhKDudHcHe+6mQJlnfJiiHZjAyuoPKjUYXr+bF7G25pJg3SMfJW
2BdQlDk2sw5c9cSah3OYNeMKg2ldhZ1B5Ucrp1K8B/WYdaPaNn6CZ7pHHapErniN
AwRJD7uLF/9sy+orx0p/puukYIi2QuxK8voYZVPlXJ6Wa3nIBf1VKFL+SCLf4NB4
vOjvJ6GrHYgT2bdoHFRo5caP9kz48FfKAJauxKEiluZx7gVoF0ytURk=
-----END CERTIFICATE-----