Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/syBkKQClvaM6RRHgEwquGxOSftQ.roa
File:                     syBkKQClvaM6RRHgEwquGxOSftQ.roa (raw, json)
Hash identifier:          K7H/kt//ExG7naqhre/MwmM9UTRWpXoRFhJRpmZVCjI=
Subject key identifier:   B3:20:64:29:00:A5:BD:A3:3A:45:11:E0:13:0A:AE:1B:13:92:7E:D4
Certificate issuer:       /CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
Certificate serial:       018CC26D6DFA663555260699A895052A45CE
Authority key identifier: F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/syBkKQClvaM6RRHgEwquGxOSftQ.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201534
IP address blocks:        185.71.219.0/24 maxlen: 24
                          185.71.216.0/24 maxlen: 24
                          185.71.218.0/24 maxlen: 24
                          185.71.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6d:fa:66:35:55:26:06:99:a8:95:05:2a:45:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b320642900a5bda33a4511e0130aae1b13927ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fe:19:02:b1:4f:62:dc:a4:19:e7:fd:85:c2:
                    29:10:c0:3b:2b:44:cd:1f:e7:c3:66:05:3e:53:7e:
                    9e:0d:2f:6d:be:1f:74:92:e9:f9:c3:4f:2e:22:fa:
                    52:b6:dc:1a:72:87:bb:1e:d1:41:00:b4:6d:59:aa:
                    b9:4e:6e:b3:c6:5a:06:06:b1:5b:d2:ce:e6:b1:4b:
                    8b:4f:7f:ec:7f:3e:80:37:42:7a:19:24:cb:5a:25:
                    ab:0a:17:70:ec:29:af:db:61:e2:d2:4d:49:ca:49:
                    bb:1d:13:a9:9f:11:fb:0d:b9:16:88:c6:2a:a7:b0:
                    d3:7a:52:7f:96:a5:5f:38:1c:ba:76:7a:ec:84:d0:
                    fa:84:a3:14:15:da:df:f9:e4:a9:f3:5c:c7:a2:aa:
                    ae:8b:b9:e2:38:37:dc:29:e1:63:15:ca:e1:e1:63:
                    0f:39:71:2c:fc:29:84:29:3f:dd:0b:7e:83:21:03:
                    a2:de:60:4e:fa:c2:27:d7:71:52:8f:67:05:b9:f3:
                    62:17:76:22:3e:58:2a:41:5b:09:bd:d7:f2:f0:56:
                    a4:3c:34:b0:c1:e2:48:da:29:07:6f:3e:45:83:8a:
                    f6:fd:6a:fe:2d:b5:0a:8d:47:34:77:d3:90:e8:c6:
                    b8:fe:a9:23:60:99:03:4a:6f:1b:8c:71:97:08:f5:
                    65:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:20:64:29:00:A5:BD:A3:3A:45:11:E0:13:0A:AE:1B:13:92:7E:D4
            X509v3 Authority Key Identifier:
                keyid:F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/syBkKQClvaM6RRHgEwquGxOSftQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:ef:67:69:0d:5c:91:bf:a3:b1:0c:e6:8c:77:b1:76:f6:1e:
         2c:87:92:a7:96:1c:5a:a4:4a:fe:83:f6:b7:fd:8f:5e:36:0b:
         5c:0d:1b:7d:d1:ed:1c:6a:f1:49:80:34:a0:bd:5a:cc:e3:51:
         68:14:83:d0:e1:8b:21:c9:21:03:e7:54:93:e5:d5:99:0f:21:
         09:43:94:de:fb:14:20:97:63:d3:b3:a4:0d:fd:70:04:8d:83:
         01:d6:45:6d:c0:1a:6b:dd:9c:2f:b5:43:0b:59:f6:cf:cb:5a:
         e9:6d:a3:15:f3:b6:0e:b4:4d:b7:b5:b7:36:91:53:3f:e4:da:
         d6:7e:d8:7c:07:c7:cd:ba:a3:a1:d5:9e:18:76:81:cc:34:f7:
         f0:01:49:15:1f:dc:32:8d:6a:49:93:5b:fb:55:ef:6b:69:3f:
         0b:b9:51:5a:80:63:74:e2:a8:20:78:1c:12:9a:65:db:d3:df:
         10:88:96:bb:d2:a4:c1:4b:4b:16:27:64:05:ba:b6:3c:b5:d4:
         39:7b:53:ac:b1:00:de:35:a0:74:b7:a3:9b:1a:3f:b4:0d:25:
         7f:23:18:04:dd:48:db:e1:72:53:d7:f2:5e:72:da:b8:26:ce:
         12:bb:fc:b1:25:96:d7:2b:02:50:b5:2f:42:1d:05:84:84:67:
         d2:c8:91:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbW36ZjVVJgaZqJUFKkXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzM1M2YzNjhkZDgwMWNkNjEwMjIzMmRmYTFjZWE2OWRk
OGNiNmMwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzIwNjQyOTAwYTViZGEzM2E0NTExZTAxMzBhYWUxYjEzOTI3ZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwP4ZArFPYtykGef9hcIpEMA7K0TN
H+fDZgU+U36eDS9tvh90kun5w08uIvpSttwacoe7HtFBALRtWaq5Tm6zxloGBrFb
0s7msUuLT3/sfz6AN0J6GSTLWiWrChdw7Cmv22Hi0k1Jykm7HROpnxH7DbkWiMYq
p7DTelJ/lqVfOBy6dnrshND6hKMUFdrf+eSp81zHoqqui7niODfcKeFjFcrh4WMP
OXEs/CmEKT/dC36DIQOi3mBO+sIn13FSj2cFufNiF3YiPlgqQVsJvdfy8FakPDSw
weJI2ikHbz5Fg4r2/Wr+LbUKjUc0d9OQ6Ma4/qkjYJkDSm8bjHGXCPVlUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMgZCkApb2jOkUR4BMKrhsTkn7UMB8GA1UdIwQY
MBaAFPUzU/No3YAc1hAiMt+hzqad2MtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEt
MGVjN2VjYjI1MDMwLzEvc3lCa0tRQ2x2YU02UlJIZ0V3cXVHeE9TZnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEtMGVjN2VjYjI1MDMw
LzEvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUfYMA0G
CSqGSIb3DQEBCwUAA4IBAQBI72dpDVyRv6OxDOaMd7F29h4sh5KnlhxapEr+g/a3
/Y9eNgtcDRt90e0cavFJgDSgvVrM41FoFIPQ4YshySED51ST5dWZDyEJQ5Te+xQg
l2PTs6QN/XAEjYMB1kVtwBpr3ZwvtUMLWfbPy1rpbaMV87YOtE23tbc2kVM/5NrW
fth8B8fNuqOh1Z4YdoHMNPfwAUkVH9wyjWpJk1v7Ve9raT8LuVFagGN04qggeBwS
mmXb098QiJa70qTBS0sWJ2QFurY8tdQ5e1OssQDeNaB0t6ObGj+0DSV/IxgE3Ujb
4XJT1/Jectq4Js4Su/yxJZbXKwJQtS9CHQWEhGfSyJGA
-----END CERTIFICATE-----