Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/Yh2c_GMzK3-ijSMXLN98lVp8G-A.roa
File:                     Yh2c_GMzK3-ijSMXLN98lVp8G-A.roa (raw, json)
Hash identifier:          pBXbcVOr8+NQ8LoLA5X/tpdifZDHN83WO+8liZ4BTk0=
Subject key identifier:   62:1D:9C:FC:63:33:2B:7F:A2:8D:23:17:2C:DF:7C:95:5A:7C:1B:E0
Certificate issuer:       /CN=2901f5019a970ba5be0c754d20f78671818f4a2e
Certificate serial:       018CC7259BA25E6C92789B45EA742DDBE5A9
Authority key identifier: 29:01:F5:01:9A:97:0B:A5:BE:0C:75:4D:20:F7:86:71:81:8F:4A:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/Yh2c_GMzK3-ijSMXLN98lVp8G-A.roa
Signing time:             Mon 01 Jan 2024 22:29:39 +0000
ROA not before:           Mon 01 Jan 2024 22:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203988
IP address blocks:        185.65.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/KQH1AZqXC6W-DHVNIPeGcYGPSi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/KQH1AZqXC6W-DHVNIPeGcYGPSi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:9b:a2:5e:6c:92:78:9b:45:ea:74:2d:db:e5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2901f5019a970ba5be0c754d20f78671818f4a2e
        Validity
            Not Before: Jan  1 22:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=621d9cfc63332b7fa28d23172cdf7c955a7c1be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b6:75:05:e3:fc:49:72:26:5e:be:40:d3:f7:
                    c4:35:1a:a6:d8:c2:58:4d:5c:16:20:fc:6b:e8:ef:
                    9e:60:17:f7:c8:3d:66:1f:c7:7a:de:41:b8:7b:37:
                    50:43:1a:38:7a:e0:de:b8:12:73:ca:91:ab:b6:ac:
                    51:58:2a:8a:a7:d9:25:ff:10:c1:b9:d5:e3:a8:75:
                    8b:cf:d5:1c:a4:7a:25:06:30:39:d1:ff:ab:90:87:
                    4f:fd:59:aa:35:1d:be:35:7b:d1:7f:42:39:97:e7:
                    37:91:a2:a2:59:5f:8b:b3:06:af:d5:97:e5:5c:24:
                    31:4d:f0:16:94:5c:b0:74:24:35:2d:21:a0:29:4b:
                    ad:14:28:35:06:e9:ec:b1:a1:dc:31:c4:e9:cb:cb:
                    8d:fb:93:2e:50:c1:bf:c1:65:87:83:fb:52:1a:fc:
                    93:1b:c2:75:8d:a6:27:98:21:f4:f3:22:89:a9:b9:
                    a1:32:98:dc:1a:1c:7d:c5:ea:03:39:b1:ad:ae:9a:
                    e4:d8:3e:7a:e4:1f:6b:8b:cc:02:a5:b6:ca:1e:5e:
                    8e:e9:20:72:94:f7:ad:a6:61:52:a0:6c:66:ef:09:
                    75:6f:a5:5f:71:56:3e:f9:39:d2:24:74:ff:5b:7b:
                    0a:8a:b3:9c:f9:fb:17:5e:f7:42:da:08:2e:de:27:
                    03:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1D:9C:FC:63:33:2B:7F:A2:8D:23:17:2C:DF:7C:95:5A:7C:1B:E0
            X509v3 Authority Key Identifier:
                keyid:29:01:F5:01:9A:97:0B:A5:BE:0C:75:4D:20:F7:86:71:81:8F:4A:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/Yh2c_GMzK3-ijSMXLN98lVp8G-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/KQH1AZqXC6W-DHVNIPeGcYGPSi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:46:5a:ab:8d:99:12:1b:92:fc:45:3d:20:23:a4:81:ee:2b:
         4d:bf:32:a6:75:e1:37:41:75:1a:c5:5b:7b:e0:e9:7d:ea:53:
         8d:18:c5:b4:d6:38:bb:ac:83:aa:f0:f5:0e:bb:8c:ac:10:4e:
         53:63:61:c1:c9:7c:e2:cf:8e:00:90:cd:a9:c4:02:0c:e3:ea:
         b1:8e:ed:42:76:34:05:d5:08:83:9a:ef:f2:3b:87:6e:1a:d6:
         ff:e6:ba:a1:2c:1b:66:68:7d:15:b1:e8:97:26:b4:93:d5:21:
         d8:ef:19:81:76:00:85:3a:61:8c:a3:3a:5f:0e:dd:98:8b:94:
         40:5a:66:a6:0f:68:f3:5c:98:42:71:2e:d9:53:03:1d:b4:7e:
         ec:ae:07:5f:3d:07:a3:00:71:2e:6a:82:5e:83:1a:28:33:06:
         cb:bf:eb:4f:42:fb:08:e6:69:5f:67:f5:b8:a6:b2:71:a8:1d:
         dc:f7:90:83:ab:b4:9c:2b:ad:b7:f9:74:26:7f:29:f3:6e:b5:
         60:d4:a7:62:f5:74:77:0a:55:d2:23:2b:da:e2:b0:ea:8f:f4:
         25:3d:82:df:dc:8b:0a:db:c2:c8:27:84:e5:80:34:14:25:03:
         75:73:16:77:2f:b1:4a:8c:48:c9:0f:b4:07:36:48:f2:e1:cd:
         76:33:83:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJZuiXmySeJtF6nQt2+WpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDFmNTAxOWE5NzBiYTViZTBjNzU0ZDIwZjc4NjcxODE4
ZjRhMmUwHhcNMjQwMTAxMjIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFkOWNmYzYzMzMyYjdmYTI4ZDIzMTcyY2RmN2M5NTVhN2MxYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLZ1BeP8SXImXr5A0/fENRqm2MJY
TVwWIPxr6O+eYBf3yD1mH8d63kG4ezdQQxo4euDeuBJzypGrtqxRWCqKp9kl/xDB
udXjqHWLz9UcpHolBjA50f+rkIdP/VmqNR2+NXvRf0I5l+c3kaKiWV+Lswav1Zfl
XCQxTfAWlFywdCQ1LSGgKUutFCg1BunssaHcMcTpy8uN+5MuUMG/wWWHg/tSGvyT
G8J1jaYnmCH08yKJqbmhMpjcGhx9xeoDObGtrprk2D565B9ri8wCpbbKHl6O6SBy
lPetpmFSoGxm7wl1b6VfcVY++TnSJHT/W3sKirOc+fsXXvdC2ggu3icDnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIdnPxjMyt/oo0jFyzffJVafBvgMB8GA1UdIwQY
MBaAFCkB9QGalwulvgx1TSD3hnGBj0ouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FIMUFacVhDNlctREhWTklQZUdjWUdQU2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yN2I2MmUtMzYzOS00ZTc0LWFmZmUt
MmIyZjJiODkwOGNjLzEvWWgyY19HTXpLMy1palNNWExOOThsVnA4Ry1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yN2I2MmUtMzYzOS00ZTc0LWFmZmUtMmIyZjJiODkwOGNj
LzEvS1FIMUFacVhDNlctREhWTklQZUdjWUdQU2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUGIMA0G
CSqGSIb3DQEBCwUAA4IBAQCzRlqrjZkSG5L8RT0gI6SB7itNvzKmdeE3QXUaxVt7
4Ol96lONGMW01ji7rIOq8PUOu4ysEE5TY2HByXziz44AkM2pxAIM4+qxju1CdjQF
1QiDmu/yO4duGtb/5rqhLBtmaH0VseiXJrST1SHY7xmBdgCFOmGMozpfDt2Yi5RA
WmamD2jzXJhCcS7ZUwMdtH7srgdfPQejAHEuaoJegxooMwbLv+tPQvsI5mlfZ/W4
prJxqB3c95CDq7ScK623+XQmfynzbrVg1Kdi9XR3ClXSIyva4rDqj/QlPYLf3IsK
28LIJ4TlgDQUJQN1cxZ3L7FKjEjJD7QHNkjy4c12M4Mg
-----END CERTIFICATE-----