Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/CypyPJ4byh6ujH4Muo2gyOU5x6c.roa
File:                     CypyPJ4byh6ujH4Muo2gyOU5x6c.roa (raw, json)
Hash identifier:          vYS8OeAvMcJXxr4rp8CQhVoKiQf0YZOHQmQlQBZgN3U=
Subject key identifier:   0B:2A:72:3C:9E:1B:CA:1E:AE:8C:7E:0C:BA:8D:A0:C8:E5:39:C7:A7
Certificate issuer:       /CN=01423ad4d629b2f828b79f00ac40388e37b8e252
Certificate serial:       018CC8011A607A2A2D3DDEB9C766848179BE
Authority key identifier: 01:42:3A:D4:D6:29:B2:F8:28:B7:9F:00:AC:40:38:8E:37:B8:E2:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUI61NYpsvgot58ArEA4jje44lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/CypyPJ4byh6ujH4Muo2gyOU5x6c.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61355
IP address blocks:        185.234.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/AUI61NYpsvgot58ArEA4jje44lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/AUI61NYpsvgot58ArEA4jje44lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUI61NYpsvgot58ArEA4jje44lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1a:60:7a:2a:2d:3d:de:b9:c7:66:84:81:79:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01423ad4d629b2f828b79f00ac40388e37b8e252
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b2a723c9e1bca1eae8c7e0cba8da0c8e539c7a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7d:12:d7:1f:33:62:ec:d4:c4:34:54:38:90:
                    32:ec:df:33:e9:8c:f3:e9:0c:9d:91:29:fd:47:b5:
                    b3:10:9e:cd:50:28:47:bb:59:dc:ab:0d:15:30:f7:
                    b6:8d:55:43:31:99:ab:61:49:f6:4b:13:09:2a:75:
                    80:3e:8c:cc:b3:65:ea:99:73:f0:f7:19:21:91:c9:
                    23:c8:9d:87:a7:45:e3:48:30:d5:66:d8:e3:15:96:
                    ec:da:ec:df:bf:0d:2f:5a:71:3c:79:9a:99:53:35:
                    d7:b5:62:fc:dd:36:ad:6c:0c:9f:aa:72:19:b1:97:
                    7a:e3:24:b7:29:bf:97:55:06:92:f3:02:f3:c5:5c:
                    a2:60:d3:1f:1d:75:46:a4:00:30:af:c8:9c:b7:16:
                    a5:4e:76:14:2b:50:cd:56:55:60:7e:40:66:f6:e9:
                    88:77:24:fe:f1:95:6c:92:5a:9e:0b:52:6e:3a:d4:
                    85:f5:79:b3:f6:d9:f3:95:63:67:41:94:87:5e:90:
                    a4:97:67:6f:90:bf:c8:34:62:2e:91:06:c1:7f:b3:
                    88:a8:7f:94:02:a1:fd:36:84:f2:d8:74:c2:9d:1d:
                    1e:6d:5a:91:32:8d:aa:bb:ed:70:20:f1:bf:56:55:
                    99:1d:08:75:d8:cc:a0:20:78:a7:dd:ee:3e:bf:56:
                    46:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2A:72:3C:9E:1B:CA:1E:AE:8C:7E:0C:BA:8D:A0:C8:E5:39:C7:A7
            X509v3 Authority Key Identifier:
                keyid:01:42:3A:D4:D6:29:B2:F8:28:B7:9F:00:AC:40:38:8E:37:B8:E2:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUI61NYpsvgot58ArEA4jje44lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/CypyPJ4byh6ujH4Muo2gyOU5x6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/AUI61NYpsvgot58ArEA4jje44lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:16:ec:0a:71:bf:d7:f7:a6:07:9a:1f:d1:3e:de:bd:2c:d4:
         30:43:a1:fc:ad:67:55:ba:6b:50:aa:d0:21:b6:71:a7:07:10:
         35:ea:c9:8f:81:7a:d7:74:5b:90:52:f5:93:04:43:5f:e4:04:
         1e:b4:b3:09:57:99:a0:a3:62:d0:28:c1:db:5f:44:05:db:58:
         14:bc:7c:73:c2:c2:97:bc:88:99:f6:74:d5:76:1a:92:04:d0:
         bc:51:8a:40:8c:64:5e:1c:f9:9f:df:3d:95:e5:91:4f:fe:f7:
         5f:65:18:3e:aa:43:41:89:61:26:cd:c4:07:ed:7d:30:1b:3f:
         27:1f:7a:16:a9:eb:fa:cd:54:09:3c:b3:10:19:0f:98:3f:9a:
         7d:d4:67:3e:1a:2b:4d:81:ab:62:9a:a6:a6:4c:01:06:66:ed:
         a2:23:08:8f:04:c3:8a:16:a1:ca:70:dc:b7:50:14:7d:96:9d:
         6a:4b:fd:82:9e:ef:50:5d:27:39:0c:63:99:38:23:7a:21:ce:
         c0:78:0b:b6:2a:02:ad:fd:14:0b:40:6b:c5:26:4e:94:7e:92:
         85:be:83:fe:4f:22:67:96:77:b4:0b:80:61:16:5e:1f:0e:36:
         46:4b:c7:b0:f6:51:63:78:35:14:28:25:62:bf:d9:82:8f:ab:
         96:f2:f1:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARpgeiotPd65x2aEgXm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDIzYWQ0ZDYyOWIyZjgyOGI3OWYwMGFjNDAzODhlMzdi
OGUyNTIwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjJhNzIzYzllMWJjYTFlYWU4YzdlMGNiYThkYTBjOGU1MzljN2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr30S1x8zYuzUxDRUOJAy7N8z6Yzz
6QydkSn9R7WzEJ7NUChHu1ncqw0VMPe2jVVDMZmrYUn2SxMJKnWAPozMs2XqmXPw
9xkhkckjyJ2Hp0XjSDDVZtjjFZbs2uzfvw0vWnE8eZqZUzXXtWL83TatbAyfqnIZ
sZd64yS3Kb+XVQaS8wLzxVyiYNMfHXVGpAAwr8ictxalTnYUK1DNVlVgfkBm9umI
dyT+8ZVsklqeC1JuOtSF9Xmz9tnzlWNnQZSHXpCkl2dvkL/INGIukQbBf7OIqH+U
AqH9NoTy2HTCnR0ebVqRMo2qu+1wIPG/VlWZHQh12MygIHin3e4+v1ZGXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsqcjyeG8oerox+DLqNoMjlOcenMB8GA1UdIwQY
MBaAFAFCOtTWKbL4KLefAKxAOI43uOJSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVJNjFOWXBzdmdvdDU4QXJFQTRqamU0NGxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMzZkYmQtNTVlYi00ZGU0LWI2Yjkt
ODM5MTk2MzQ1YjZkLzEvQ3lweVBKNGJ5aDZ1akg0TXVvMmd5T1U1eDZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMzZkYmQtNTVlYi00ZGU0LWI2YjktODM5MTk2MzQ1YjZk
LzEvQVVJNjFOWXBzdmdvdDU4QXJFQTRqamU0NGxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueptMA0G
CSqGSIb3DQEBCwUAA4IBAQCrFuwKcb/X96YHmh/RPt69LNQwQ6H8rWdVumtQqtAh
tnGnBxA16smPgXrXdFuQUvWTBENf5AQetLMJV5mgo2LQKMHbX0QF21gUvHxzwsKX
vIiZ9nTVdhqSBNC8UYpAjGReHPmf3z2V5ZFP/vdfZRg+qkNBiWEmzcQH7X0wGz8n
H3oWqev6zVQJPLMQGQ+YP5p91Gc+GitNgatimqamTAEGZu2iIwiPBMOKFqHKcNy3
UBR9lp1qS/2Cnu9QXSc5DGOZOCN6Ic7AeAu2KgKt/RQLQGvFJk6UfpKFvoP+TyJn
lne0C4BhFl4fDjZGS8ew9lFjeDUUKCViv9mCj6uW8vEZ
-----END CERTIFICATE-----