Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/DyN6P_FzbxO2eyjm4DAbYyVGmwI.roa
File:                     DyN6P_FzbxO2eyjm4DAbYyVGmwI.roa (raw, json)
Hash identifier:          9/8/naCxtMRZEuhPOjjngchWEvUW3r7/6CBsxj78HCo=
Subject key identifier:   0F:23:7A:3F:F1:73:6F:13:B6:7B:28:E6:E0:30:1B:63:25:46:9B:02
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       018D31A10123804F311DDB48BBC553139922
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/DyN6P_FzbxO2eyjm4DAbYyVGmwI.roa
Signing time:             Mon 22 Jan 2024 14:44:11 +0000
ROA not before:           Mon 22 Jan 2024 14:44:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.103.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:a1:01:23:80:4f:31:1d:db:48:bb:c5:53:13:99:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: Jan 22 14:44:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f237a3ff1736f13b67b28e6e0301b6325469b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e8:aa:53:56:18:18:cc:fe:68:e6:a6:46:8c:
                    e5:dd:2c:92:03:17:2b:bb:57:e8:23:4b:3a:54:6a:
                    b6:73:72:dd:52:98:76:ba:c5:48:09:13:7f:3d:79:
                    55:b4:54:d2:92:14:c1:99:2c:2b:49:6e:b4:9d:4e:
                    22:dd:88:79:10:a7:34:93:fc:1b:4e:f5:ad:fe:d6:
                    df:af:df:a9:28:0c:fc:ae:92:f3:aa:82:b5:7c:52:
                    8a:06:78:dc:08:76:8e:e3:d0:42:d7:79:27:c7:aa:
                    5d:0b:fc:5c:3a:d0:5e:0d:e2:c0:07:00:19:61:d9:
                    92:24:d0:c1:87:d5:07:99:d4:84:ad:88:ee:cc:e5:
                    5e:58:d6:40:57:4f:d9:18:92:9a:73:6d:d2:16:39:
                    9f:da:dd:db:80:8e:07:de:17:c6:9f:f8:e4:81:c6:
                    a7:9a:e5:ef:ad:a0:59:da:c2:4e:9e:de:28:95:5b:
                    c4:39:3e:18:d3:95:15:8f:ae:dd:3b:19:16:7a:8e:
                    e4:75:70:3d:fc:86:3d:e6:41:ae:ec:bf:c7:e7:58:
                    6e:93:9b:30:99:4f:72:0e:54:f4:c5:09:7d:a0:a1:
                    c3:07:36:7a:d7:f4:36:f5:7d:37:c0:e0:83:35:64:
                    c0:86:3e:0c:db:02:b6:47:08:88:3f:2b:ad:88:4f:
                    9a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:23:7A:3F:F1:73:6F:13:B6:7B:28:E6:E0:30:1B:63:25:46:9B:02
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/DyN6P_FzbxO2eyjm4DAbYyVGmwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:32:47:0d:b5:03:51:b5:d1:5e:ff:e4:6b:53:70:9e:b5:d7:
         ec:78:f8:aa:9b:33:c5:55:6e:a0:67:22:07:4f:66:0c:68:e0:
         00:05:8b:7f:04:b5:31:ef:96:3a:2b:fe:c3:e4:45:b5:1b:76:
         93:62:7a:e2:7a:fa:51:b3:ba:66:84:10:63:b8:b9:b1:7d:2f:
         11:d5:4f:32:37:50:bd:84:3c:d8:48:75:a0:92:7b:2a:a4:86:
         17:94:c7:7e:02:4d:06:b8:cd:41:42:65:08:13:9c:36:b9:75:
         02:6b:08:9c:4e:92:80:41:7c:50:3a:29:70:75:c6:1e:57:8a:
         6d:f2:a4:7b:bd:0d:c3:7d:01:05:ca:b6:32:ac:9c:5e:aa:84:
         cd:37:34:b7:59:3b:96:67:15:67:22:cd:bd:36:c7:d9:18:ba:
         1e:19:1e:90:33:a5:95:1a:91:26:4d:ae:30:43:b0:19:7c:94:
         9a:08:b0:c1:56:39:9b:44:f8:69:cb:fa:e9:30:04:a1:5e:bc:
         92:ac:de:e2:63:70:6a:f1:f5:0d:af:2e:10:e5:39:63:1f:da:
         d3:0d:bc:d1:31:08:cd:9b:82:04:fd:64:8a:90:16:35:14:44:
         cc:2d:b6:b0:d2:61:b3:27:ff:50:97:bc:7b:dc:bc:3c:b0:ad:
         e5:41:8e:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0xoQEjgE8xHdtIu8VTE5kiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjQwMTIyMTQ0NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIzN2EzZmYxNzM2ZjEzYjY3YjI4ZTZlMDMwMWI2MzI1NDY5YjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+iqU1YYGMz+aOamRozl3SySAxcr
u1foI0s6VGq2c3LdUph2usVICRN/PXlVtFTSkhTBmSwrSW60nU4i3Yh5EKc0k/wb
TvWt/tbfr9+pKAz8rpLzqoK1fFKKBnjcCHaO49BC13knx6pdC/xcOtBeDeLABwAZ
YdmSJNDBh9UHmdSErYjuzOVeWNZAV0/ZGJKac23SFjmf2t3bgI4H3hfGn/jkgcan
muXvraBZ2sJOnt4olVvEOT4Y05UVj67dOxkWeo7kdXA9/IY95kGu7L/H51huk5sw
mU9yDlT0xQl9oKHDBzZ61/Q29X03wOCDNWTAhj4M2wK2RwiIPyutiE+aewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8jej/xc28Ttnso5uAwG2MlRpsCMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvRHlONlBfRnpieE8yZXlqbTREQWJZeVZHbXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWcEMA0G
CSqGSIb3DQEBCwUAA4IBAQDQMkcNtQNRtdFe/+RrU3CetdfsePiqmzPFVW6gZyIH
T2YMaOAABYt/BLUx75Y6K/7D5EW1G3aTYnrievpRs7pmhBBjuLmxfS8R1U8yN1C9
hDzYSHWgknsqpIYXlMd+Ak0GuM1BQmUIE5w2uXUCawicTpKAQXxQOilwdcYeV4pt
8qR7vQ3DfQEFyrYyrJxeqoTNNzS3WTuWZxVnIs29NsfZGLoeGR6QM6WVGpEmTa4w
Q7AZfJSaCLDBVjmbRPhpy/rpMAShXrySrN7iY3Bq8fUNry4Q5TljH9rTDbzRMQjN
m4IE/WSKkBY1FETMLbaw0mGzJ/9Ql7x73Lw8sK3lQY4c
-----END CERTIFICATE-----