Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ad5bfd-85c7-47b7-997c-f5d2cb79456d/1/Y0P0BVJXL37i11M3aKxN6PIsM54.roa
File:                     Y0P0BVJXL37i11M3aKxN6PIsM54.roa (raw, json)
Hash identifier:          JuujgTYxIPTPfGweijgkD18oQCxRj/XIVWt476iBRCo=
Subject key identifier:   63:43:F4:05:52:57:2F:7E:E2:D7:53:37:68:AC:4D:E8:F2:2C:33:9E
Certificate issuer:       /CN=5f099f49978b960fa31f81acf54671273dc7ff61
Certificate serial:       018CC79358393C6B394EACEA449932D42E71
Authority key identifier: 5F:09:9F:49:97:8B:96:0F:A3:1F:81:AC:F5:46:71:27:3D:C7:FF:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwmfSZeLlg-jH4Gs9UZxJz3H_2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ad5bfd-85c7-47b7-997c-f5d2cb79456d/1/Y0P0BVJXL37i11M3aKxN6PIsM54.roa
Signing time:             Tue 02 Jan 2024 00:29:31 +0000
ROA not before:           Tue 02 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60979
IP address blocks:        185.22.68.0/22 maxlen: 24
                          185.70.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ad5bfd-85c7-47b7-997c-f5d2cb79456d/1/XwmfSZeLlg-jH4Gs9UZxJz3H_2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ad5bfd-85c7-47b7-997c-f5d2cb79456d/1/XwmfSZeLlg-jH4Gs9UZxJz3H_2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwmfSZeLlg-jH4Gs9UZxJz3H_2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:58:39:3c:6b:39:4e:ac:ea:44:99:32:d4:2e:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f099f49978b960fa31f81acf54671273dc7ff61
        Validity
            Not Before: Jan  2 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6343f40552572f7ee2d7533768ac4de8f22c339e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:94:88:8d:e3:b4:39:1b:ca:13:c3:8a:07:c6:
                    68:31:20:bc:69:84:e2:dd:84:5c:67:fc:41:cd:bd:
                    c7:f9:65:43:94:6c:59:00:e4:03:fd:8a:c5:33:36:
                    9e:bd:03:26:b5:9f:91:fd:f5:e1:95:cb:44:2b:36:
                    e8:7f:8f:77:6b:af:c8:6e:9e:e1:e1:16:1e:c8:2a:
                    b5:65:4c:2c:10:9c:2a:61:e1:e8:8f:81:86:54:f1:
                    42:d8:76:d1:34:0b:7d:85:d2:47:76:5b:02:91:20:
                    37:cf:7b:e4:5e:7d:6a:04:32:2f:85:c9:2d:f3:6f:
                    1d:b2:4d:9e:2f:5d:17:4a:59:5e:0e:53:d7:0d:f4:
                    7c:71:43:ec:cf:49:5d:52:55:21:24:05:db:93:c2:
                    d6:07:5f:70:25:40:09:d8:e0:9a:8e:a6:f8:89:e3:
                    0f:91:c9:dc:0d:ff:4e:2d:59:1c:52:c7:70:b6:bc:
                    5c:81:e6:1c:3e:5b:fc:ea:6a:b5:22:4b:5a:59:9d:
                    90:a2:3b:99:03:4a:ef:a9:11:51:d0:a3:87:e6:9c:
                    db:33:6b:51:5c:4a:8a:47:a9:a7:e2:bf:5e:06:84:
                    83:37:e7:48:69:3d:73:e9:6b:26:67:08:f1:ba:30:
                    59:44:a2:dc:d0:87:0c:b5:4e:52:71:30:b9:28:5c:
                    b7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:43:F4:05:52:57:2F:7E:E2:D7:53:37:68:AC:4D:E8:F2:2C:33:9E
            X509v3 Authority Key Identifier:
                keyid:5F:09:9F:49:97:8B:96:0F:A3:1F:81:AC:F5:46:71:27:3D:C7:FF:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwmfSZeLlg-jH4Gs9UZxJz3H_2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ad5bfd-85c7-47b7-997c-f5d2cb79456d/1/Y0P0BVJXL37i11M3aKxN6PIsM54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ad5bfd-85c7-47b7-997c-f5d2cb79456d/1/XwmfSZeLlg-jH4Gs9UZxJz3H_2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.68.0/22
                  185.70.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:7d:51:e4:98:9e:c7:68:68:79:cd:94:a8:68:8c:d5:d4:10:
         53:d3:88:67:ec:d4:ae:fc:fa:2b:8b:66:06:17:9f:5e:2a:82:
         d9:65:ff:73:18:37:14:dd:fa:96:a8:43:f4:86:de:76:d2:9e:
         f6:98:f8:ce:c3:92:c8:42:81:a1:79:95:5b:54:22:d8:b3:70:
         e6:cf:96:64:5e:b2:69:b9:0a:70:a0:7b:58:10:31:9a:69:2b:
         f8:91:5a:d8:7a:3a:d5:62:e7:21:6c:4f:de:d5:9a:f5:05:cf:
         d3:78:2f:db:ae:3b:8d:6c:24:23:07:cb:59:20:3b:2b:54:fa:
         0b:98:d3:9a:74:c3:a8:a4:e6:0f:2b:d6:21:ae:bd:53:e7:78:
         c2:fa:aa:32:40:d4:d1:7b:f1:87:84:a2:f0:b9:4a:53:08:b8:
         d6:c3:18:e6:5d:b3:e4:82:78:19:8d:69:07:49:fb:00:89:1c:
         c6:6a:c8:42:62:bc:21:6c:80:2f:85:04:bd:27:d4:a2:6c:c8:
         a3:06:95:12:47:58:f7:02:e2:a2:54:49:5e:0f:31:af:f3:e9:
         43:0b:ab:f2:5c:31:c9:1b:eb:da:86:2f:6f:69:a3:16:35:e7:
         be:83:88:f0:fd:51:2a:64:4c:ac:2d:38:c5:cf:42:e8:a6:82:
         19:cb:96:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1g5PGs5TqzqRJky1C5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDk5ZjQ5OTc4Yjk2MGZhMzFmODFhY2Y1NDY3MTI3M2Rj
N2ZmNjEwHhcNMjQwMTAyMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQzZjQwNTUyNTcyZjdlZTJkNzUzMzc2OGFjNGRlOGYyMmMzMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZSIjeO0ORvKE8OKB8ZoMSC8aYTi
3YRcZ/xBzb3H+WVDlGxZAOQD/YrFMzaevQMmtZ+R/fXhlctEKzbof493a6/Ibp7h
4RYeyCq1ZUwsEJwqYeHoj4GGVPFC2HbRNAt9hdJHdlsCkSA3z3vkXn1qBDIvhckt
828dsk2eL10XSlleDlPXDfR8cUPsz0ldUlUhJAXbk8LWB19wJUAJ2OCajqb4ieMP
kcncDf9OLVkcUsdwtrxcgeYcPlv86mq1IktaWZ2QojuZA0rvqRFR0KOH5pzbM2tR
XEqKR6mn4r9eBoSDN+dIaT1z6WsmZwjxujBZRKLc0IcMtU5ScTC5KFy3VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGND9AVSVy9+4tdTN2isTejyLDOeMB8GA1UdIwQY
MBaAFF8Jn0mXi5YPox+BrPVGcSc9x/9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdtZlNaZUxsZy1qSDRHczlVWnhKejNIXzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hZDViZmQtODVjNy00N2I3LTk5N2Mt
ZjVkMmNiNzk0NTZkLzEvWTBQMEJWSlhMMzdpMTFNM2FLeE42UElzTTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hZDViZmQtODVjNy00N2I3LTk5N2MtZjVkMmNiNzk0NTZk
LzEvWHdtZlNaZUxsZy1qSDRHczlVWnhKejNIXzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRZEAwQC
uUZ4MA0GCSqGSIb3DQEBCwUAA4IBAQBHfVHkmJ7HaGh5zZSoaIzV1BBT04hn7NSu
/Pori2YGF59eKoLZZf9zGDcU3fqWqEP0ht520p72mPjOw5LIQoGheZVbVCLYs3Dm
z5ZkXrJpuQpwoHtYEDGaaSv4kVrYejrVYuchbE/e1Zr1Bc/TeC/brjuNbCQjB8tZ
IDsrVPoLmNOadMOopOYPK9Yhrr1T53jC+qoyQNTRe/GHhKLwuUpTCLjWwxjmXbPk
gngZjWkHSfsAiRzGashCYrwhbIAvhQS9J9SibMijBpUSR1j3AuKiVEleDzGv8+lD
C6vyXDHJG+vahi9vaaMWNee+g4jw/VEqZEysLTjFz0LopoIZy5Y6
-----END CERTIFICATE-----