Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/c7dd35-ef0f-4c5e-9ba6-0086a0c4e18c/1/ROytsCS52dUT5o1EbJjW60HGYUc.roa
File:                     ROytsCS52dUT5o1EbJjW60HGYUc.roa (raw, json)
Hash identifier:          PFwjOBtdE5ZumTJn+sUrZqZGx6CjyXLPoWr0bjFjaOg=
Subject key identifier:   44:EC:AD:B0:24:B9:D9:D5:13:E6:8D:44:6C:98:D6:EB:41:C6:61:47
Certificate issuer:       /CN=b8d701af43fd7f86cb3e04ce3ab542e559c6d4b7
Certificate serial:       018CC9BC9BB6F54CE94CDB0FB40CDD96EE14
Authority key identifier: B8:D7:01:AF:43:FD:7F:86:CB:3E:04:CE:3A:B5:42:E5:59:C6:D4:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNcBr0P9f4bLPgTOOrVC5VnG1Lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/c7dd35-ef0f-4c5e-9ba6-0086a0c4e18c/1/ROytsCS52dUT5o1EbJjW60HGYUc.roa
Signing time:             Tue 02 Jan 2024 10:33:50 +0000
ROA not before:           Tue 02 Jan 2024 10:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39307
IP address blocks:        185.222.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/c7dd35-ef0f-4c5e-9ba6-0086a0c4e18c/1/uNcBr0P9f4bLPgTOOrVC5VnG1Lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/c7dd35-ef0f-4c5e-9ba6-0086a0c4e18c/1/uNcBr0P9f4bLPgTOOrVC5VnG1Lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNcBr0P9f4bLPgTOOrVC5VnG1Lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9b:b6:f5:4c:e9:4c:db:0f:b4:0c:dd:96:ee:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d701af43fd7f86cb3e04ce3ab542e559c6d4b7
        Validity
            Not Before: Jan  2 10:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44ecadb024b9d9d513e68d446c98d6eb41c66147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8f:5b:22:6d:db:d5:13:4e:f6:56:5b:af:ca:
                    40:83:40:35:63:73:9c:13:75:16:85:4b:3f:f6:de:
                    32:eb:8b:ff:b7:f3:56:02:a9:4b:97:23:69:bf:6b:
                    23:c8:ca:c4:80:83:eb:3e:08:81:27:d2:e0:10:b7:
                    e2:e1:e7:c3:7d:cf:bc:33:41:eb:96:33:5f:67:5e:
                    f9:5a:5e:c9:81:55:63:60:2f:d7:1d:48:26:52:ba:
                    2f:98:31:95:66:18:6d:a1:4b:f0:38:37:87:9b:05:
                    5a:37:a3:78:e6:6f:b1:f4:28:db:0d:8c:84:95:b1:
                    7f:d5:43:00:ec:66:b1:e1:7c:54:1b:e8:c5:d5:6f:
                    70:b7:8c:ed:1a:39:44:cd:62:09:22:ac:35:a9:87:
                    d4:e9:19:08:8f:0c:53:bc:35:c6:cd:72:eb:2e:4f:
                    8a:35:06:d6:e5:84:25:dd:c8:6e:5a:6c:81:0e:86:
                    d7:3e:5b:b8:86:2a:6e:b8:77:9b:f6:7a:72:77:24:
                    41:d6:5a:8a:df:bc:03:60:be:7c:d9:2f:86:83:76:
                    4f:f2:f7:df:2c:5b:02:a6:eb:8c:10:cd:8f:ff:c6:
                    15:8e:e2:28:f2:9c:e7:e4:49:3d:2c:2c:2a:05:cf:
                    d7:5a:61:4c:65:46:6c:d6:f2:82:91:27:33:10:34:
                    4e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EC:AD:B0:24:B9:D9:D5:13:E6:8D:44:6C:98:D6:EB:41:C6:61:47
            X509v3 Authority Key Identifier:
                keyid:B8:D7:01:AF:43:FD:7F:86:CB:3E:04:CE:3A:B5:42:E5:59:C6:D4:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNcBr0P9f4bLPgTOOrVC5VnG1Lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/c7dd35-ef0f-4c5e-9ba6-0086a0c4e18c/1/ROytsCS52dUT5o1EbJjW60HGYUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/c7dd35-ef0f-4c5e-9ba6-0086a0c4e18c/1/uNcBr0P9f4bLPgTOOrVC5VnG1Lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:ff:b6:92:4c:7a:75:e1:f2:8d:05:32:fa:22:69:c2:9f:fb:
         9b:81:f8:dc:2f:ab:02:b6:a8:38:61:6f:a0:c2:27:c2:31:fc:
         5d:c1:d0:1c:35:11:41:44:60:e8:10:bf:25:17:5e:7e:3d:30:
         bd:e9:c2:12:a8:df:cb:ad:5d:29:9e:2f:3b:17:35:2a:8d:4d:
         4c:91:63:06:53:3c:53:b2:8a:18:75:b0:fa:00:e0:94:41:56:
         e8:1e:cf:fa:bd:d3:c0:0b:d7:39:ff:55:6a:3d:be:1c:d1:ff:
         d3:52:93:f7:26:ec:1a:16:4f:90:d9:89:f5:43:b4:fa:0a:40:
         c7:ea:95:98:b8:6e:27:ac:f6:e1:d1:92:83:c3:d4:72:dd:20:
         e1:0d:18:e5:8d:63:3a:aa:ea:89:f8:51:31:0e:e7:38:ca:47:
         29:fe:c8:84:0a:5d:be:f1:97:75:c9:9a:84:fe:3d:04:01:89:
         a9:02:71:8f:7d:4b:f0:f5:19:3b:45:7c:ad:06:83:85:10:54:
         27:a3:76:1d:39:12:7d:d8:31:57:c6:68:7e:82:95:81:ec:1a:
         fa:d5:90:2b:9d:43:e0:dc:47:7b:73:a8:ba:33:ff:c7:61:51:
         1d:e1:07:01:65:85:15:ce:ae:16:2c:4f:38:35:7e:ab:18:a6:
         51:44:0b:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJu29UzpTNsPtAzdlu4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDcwMWFmNDNmZDdmODZjYjNlMDRjZTNhYjU0MmU1NTlj
NmQ0YjcwHhcNMjQwMTAyMTAzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGVjYWRiMDI0YjlkOWQ1MTNlNjhkNDQ2Yzk4ZDZlYjQxYzY2MTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo9bIm3b1RNO9lZbr8pAg0A1Y3Oc
E3UWhUs/9t4y64v/t/NWAqlLlyNpv2sjyMrEgIPrPgiBJ9LgELfi4efDfc+8M0Hr
ljNfZ175Wl7JgVVjYC/XHUgmUrovmDGVZhhtoUvwODeHmwVaN6N45m+x9CjbDYyE
lbF/1UMA7Gax4XxUG+jF1W9wt4ztGjlEzWIJIqw1qYfU6RkIjwxTvDXGzXLrLk+K
NQbW5YQl3chuWmyBDobXPlu4hipuuHeb9npydyRB1lqK37wDYL582S+Gg3ZP8vff
LFsCpuuMEM2P/8YVjuIo8pzn5Ek9LCwqBc/XWmFMZUZs1vKCkSczEDROjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETsrbAkudnVE+aNRGyY1utBxmFHMB8GA1UdIwQY
MBaAFLjXAa9D/X+Gyz4Ezjq1QuVZxtS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5jQnIwUDlmNGJMUGdUT09yVkM1Vm5HMUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9jN2RkMzUtZWYwZi00YzVlLTliYTYt
MDA4NmEwYzRlMThjLzEvUk95dHNDUzUyZFVUNW8xRWJKalc2MEhHWVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9jN2RkMzUtZWYwZi00YzVlLTliYTYtMDA4NmEwYzRlMThj
LzEvdU5jQnIwUDlmNGJMUGdUT09yVkM1Vm5HMUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud4XMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ/7aSTHp14fKNBTL6ImnCn/ubgfjcL6sCtqg4YW+g
wifCMfxdwdAcNRFBRGDoEL8lF15+PTC96cISqN/LrV0pni87FzUqjU1MkWMGUzxT
sooYdbD6AOCUQVboHs/6vdPAC9c5/1VqPb4c0f/TUpP3JuwaFk+Q2Yn1Q7T6CkDH
6pWYuG4nrPbh0ZKDw9Ry3SDhDRjljWM6quqJ+FExDuc4ykcp/siECl2+8Zd1yZqE
/j0EAYmpAnGPfUvw9Rk7RXytBoOFEFQno3YdORJ92DFXxmh+gpWB7Br61ZArnUPg
3Ed7c6i6M//HYVEd4QcBZYUVzq4WLE84NX6rGKZRRAut
-----END CERTIFICATE-----