Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/bbcy5Rf-U3SHO1fuFF_GtORUf-A.roa
File:                     bbcy5Rf-U3SHO1fuFF_GtORUf-A.roa (raw, json)
Hash identifier:          5M7YIrXiZFxAEXOGd8hatMnyENc54nJwEElKm/Pj0Eg=
Subject key identifier:   6D:B7:32:E5:17:FE:53:74:87:3B:57:EE:14:5F:C6:B4:E4:54:7F:E0
Certificate issuer:       /CN=998e9cb27f3d1abcc4cc61c3c1bbfdc72628e57b
Certificate serial:       018CC86F3796B53971208EFE016E6A398B73
Authority key identifier: 99:8E:9C:B2:7F:3D:1A:BC:C4:CC:61:C3:C1:BB:FD:C7:26:28:E5:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mY6csn89GrzEzGHDwbv9xyYo5Xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/bbcy5Rf-U3SHO1fuFF_GtORUf-A.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59866
IP address blocks:        185.68.134.0/23 maxlen: 23
                          185.68.134.0/24 maxlen: 24
                          185.68.135.0/24 maxlen: 24
                          2a05:1840::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/mY6csn89GrzEzGHDwbv9xyYo5Xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/mY6csn89GrzEzGHDwbv9xyYo5Xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mY6csn89GrzEzGHDwbv9xyYo5Xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:37:96:b5:39:71:20:8e:fe:01:6e:6a:39:8b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=998e9cb27f3d1abcc4cc61c3c1bbfdc72628e57b
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6db732e517fe5374873b57ee145fc6b4e4547fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e7:d4:5c:03:3f:e8:f1:be:b6:f4:ee:e9:2d:
                    a2:71:db:39:37:bc:0b:69:5a:33:1d:04:1c:72:25:
                    01:a0:ba:a8:50:0c:e8:93:99:aa:06:a2:5e:c3:e3:
                    eb:7f:6b:e4:66:6f:1e:f8:d4:07:4a:b9:35:63:74:
                    3d:51:b4:41:29:2e:5b:b9:7b:89:fe:2c:7d:d6:6f:
                    ff:dd:41:b3:bb:35:28:2d:8a:b9:da:35:f3:ad:81:
                    ce:40:92:2a:c2:7f:0d:2f:8d:a6:77:2b:9b:f1:38:
                    58:9d:e8:ed:83:ec:07:99:c2:d4:a4:67:13:81:84:
                    c5:9e:29:cf:e6:66:b1:ed:42:7b:9d:f8:2d:be:f6:
                    39:7d:0a:91:62:62:1c:05:66:f6:95:d8:48:55:f0:
                    eb:a7:14:87:a7:88:d0:88:1d:55:39:0c:78:20:46:
                    7b:4e:f5:6f:0b:86:7b:64:81:42:1a:ab:25:7e:38:
                    58:8c:6d:7d:1f:fd:6d:c3:a0:ce:81:e5:6a:77:33:
                    1c:e3:bd:66:2a:eb:7c:08:63:1d:09:0e:5c:41:02:
                    73:a8:a7:85:22:c7:14:fa:43:23:74:09:3b:80:67:
                    b4:f2:c8:3e:91:95:5b:27:e6:05:ef:bb:4c:48:cc:
                    21:aa:c5:b1:1c:d5:48:22:6c:fc:f3:40:b4:8c:b7:
                    eb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:B7:32:E5:17:FE:53:74:87:3B:57:EE:14:5F:C6:B4:E4:54:7F:E0
            X509v3 Authority Key Identifier:
                keyid:99:8E:9C:B2:7F:3D:1A:BC:C4:CC:61:C3:C1:BB:FD:C7:26:28:E5:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mY6csn89GrzEzGHDwbv9xyYo5Xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/bbcy5Rf-U3SHO1fuFF_GtORUf-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/mY6csn89GrzEzGHDwbv9xyYo5Xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.134.0/23
                IPv6:
                  2a05:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:9e:b1:1c:ce:3f:0f:b8:8a:b6:cc:13:7b:b2:3e:1e:9b:c2:
         56:10:ab:50:ca:49:27:91:bd:59:06:54:95:37:29:96:12:0f:
         11:07:7c:c6:7d:78:29:7e:da:11:16:d0:6c:8c:d7:51:49:b9:
         83:7c:03:d1:b4:2a:12:f5:9e:0f:e0:3d:fd:7b:fb:f6:b7:db:
         db:ae:54:d7:4f:0e:0b:58:b0:e5:d3:dd:be:f6:9b:17:08:52:
         c1:de:16:f9:6b:76:a0:0c:b0:5e:04:f5:c1:63:19:b6:12:6b:
         3f:18:b0:9f:11:02:06:8d:32:1e:24:76:11:99:a4:9e:52:13:
         6a:97:29:ce:d9:7a:32:d0:15:9b:53:b1:76:cf:a7:92:cc:12:
         ef:fc:50:01:c5:9a:c5:26:49:13:05:1d:46:d4:ab:86:57:47:
         f0:21:62:40:00:c5:50:9a:63:3b:9a:37:d0:17:f9:a5:17:ca:
         9e:99:0f:ba:fb:c5:e5:0c:51:ac:9b:d6:5b:18:0a:11:29:37:
         fe:55:d1:b0:ec:24:e0:32:18:c4:7a:1d:6c:6d:dd:bd:19:81:
         88:16:53:e0:b1:64:76:6c:35:f2:1e:98:84:9b:0d:e8:ea:88:
         fa:ed:04:36:7c:cf:85:0d:11:a3:c9:94:50:a7:6c:ca:be:a2:
         02:29:dd:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbzeWtTlxII7+AW5qOYtzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OGU5Y2IyN2YzZDFhYmNjNGNjNjFjM2MxYmJmZGM3MjYy
OGU1N2IwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGI3MzJlNTE3ZmU1Mzc0ODczYjU3ZWUxNDVmYzZiNGU0NTQ3ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoefUXAM/6PG+tvTu6S2icds5N7wL
aVozHQQcciUBoLqoUAzok5mqBqJew+Prf2vkZm8e+NQHSrk1Y3Q9UbRBKS5buXuJ
/ix91m//3UGzuzUoLYq52jXzrYHOQJIqwn8NL42mdyub8ThYnejtg+wHmcLUpGcT
gYTFninP5max7UJ7nfgtvvY5fQqRYmIcBWb2ldhIVfDrpxSHp4jQiB1VOQx4IEZ7
TvVvC4Z7ZIFCGqslfjhYjG19H/1tw6DOgeVqdzMc471mKut8CGMdCQ5cQQJzqKeF
IscU+kMjdAk7gGe08sg+kZVbJ+YF77tMSMwhqsWxHNVIImz880C0jLfroQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG23MuUX/lN0hztX7hRfxrTkVH/gMB8GA1UdIwQY
MBaAFJmOnLJ/PRq8xMxhw8G7/ccmKOV7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVk2Y3NuODlHcnpFekdIRHdidjl4eVlvNVhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zYzlmNGEtNDQ1Ni00NTgxLWIyODct
NTJkNmIzZTQ3ODlmLzEvYmJjeTVSZi1VM1NITzFmdUZGX0d0T1JVZi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zYzlmNGEtNDQ1Ni00NTgxLWIyODctNTJkNmIzZTQ3ODlm
LzEvbVk2Y3NuODlHcnpFekdIRHdidjl4eVlvNVhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuUSGMA0E
AgACMAcDBQMqBRhAMA0GCSqGSIb3DQEBCwUAA4IBAQB+nrEczj8PuIq2zBN7sj4e
m8JWEKtQykknkb1ZBlSVNymWEg8RB3zGfXgpftoRFtBsjNdRSbmDfAPRtCoS9Z4P
4D39e/v2t9vbrlTXTw4LWLDl092+9psXCFLB3hb5a3agDLBeBPXBYxm2Ems/GLCf
EQIGjTIeJHYRmaSeUhNqlynO2Xoy0BWbU7F2z6eSzBLv/FABxZrFJkkTBR1G1KuG
V0fwIWJAAMVQmmM7mjfQF/mlF8qemQ+6+8XlDFGsm9ZbGAoRKTf+VdGw7CTgMhjE
eh1sbd29GYGIFlPgsWR2bDXyHpiEmw3o6oj67QQ2fM+FDRGjyZRQp2zKvqICKd2E
-----END CERTIFICATE-----