Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/yojOX_Kh61Kh1jgj6RAua8FCXMY.roa
File:                     yojOX_Kh61Kh1jgj6RAua8FCXMY.roa (raw, json)
Hash identifier:          j/ZoLKB88HCbVXZ+c0dMmVuhaj4In+rdQ8dcpT7RzAc=
Subject key identifier:   CA:88:CE:5F:F2:A1:EB:52:A1:D6:38:23:E9:10:2E:6B:C1:42:5C:C6
Certificate issuer:       /CN=4f4fe81f3231268f7ce3c314a496a82cc2277c3b
Certificate serial:       018CC3B715B0D1D35001E26A84AA86F299B0
Authority key identifier: 4F:4F:E8:1F:32:31:26:8F:7C:E3:C3:14:A4:96:A8:2C:C2:27:7C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0_oHzIxJo9848MUpJaoLMInfDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/yojOX_Kh61Kh1jgj6RAua8FCXMY.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213004
IP address blocks:        185.216.64.0/22 maxlen: 22
                          185.216.64.0/24 maxlen: 24
                          185.216.65.0/24 maxlen: 24
                          185.216.66.0/24 maxlen: 24
                          185.216.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/T0_oHzIxJo9848MUpJaoLMInfDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/T0_oHzIxJo9848MUpJaoLMInfDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0_oHzIxJo9848MUpJaoLMInfDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:15:b0:d1:d3:50:01:e2:6a:84:aa:86:f2:99:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4fe81f3231268f7ce3c314a496a82cc2277c3b
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca88ce5ff2a1eb52a1d63823e9102e6bc1425cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ff:7d:20:24:28:31:13:f5:5d:1a:38:28:9e:
                    0b:6f:3b:ef:e9:db:aa:86:b5:e5:87:4a:7f:5f:ce:
                    0c:b3:35:a8:e2:07:23:f7:a3:82:74:26:12:53:ee:
                    c2:68:bf:a6:1d:37:ec:d3:3b:1f:35:7e:54:54:f1:
                    9a:3b:41:1a:ff:63:da:19:00:d0:4c:6a:e8:94:8f:
                    67:cd:d5:5b:ec:5a:f6:3e:54:fb:7c:83:4b:e5:10:
                    f3:c7:90:92:db:70:87:3d:89:b2:9f:54:37:7d:6f:
                    b9:07:66:8a:f9:ff:b3:ef:82:42:9c:cf:b4:4d:bc:
                    63:9c:32:b3:5d:82:f2:4d:7a:29:0e:03:dc:a7:ae:
                    71:d5:a7:40:f8:04:22:34:0e:1c:f4:e7:40:21:ad:
                    a7:69:07:ee:36:f0:ae:2a:a8:29:8c:e8:23:f1:db:
                    45:9a:8a:f1:cb:94:ec:93:d3:95:20:2c:44:91:61:
                    bd:73:8d:0c:62:1c:07:fe:02:b1:61:e0:38:29:7b:
                    37:b5:71:59:b6:aa:3e:28:73:0b:1f:69:28:28:c3:
                    c3:ff:f6:66:89:dd:4b:7f:5d:9c:5b:33:32:fb:23:
                    77:a1:33:5f:64:74:c4:2f:4f:c5:6c:a6:da:4c:52:
                    1d:91:cb:66:99:ee:63:fb:7d:ab:cb:c5:9d:45:e4:
                    3f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:88:CE:5F:F2:A1:EB:52:A1:D6:38:23:E9:10:2E:6B:C1:42:5C:C6
            X509v3 Authority Key Identifier:
                keyid:4F:4F:E8:1F:32:31:26:8F:7C:E3:C3:14:A4:96:A8:2C:C2:27:7C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0_oHzIxJo9848MUpJaoLMInfDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/yojOX_Kh61Kh1jgj6RAua8FCXMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/T0_oHzIxJo9848MUpJaoLMInfDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:04:04:22:6d:ea:8d:ed:c5:32:2d:74:c0:17:a6:04:49:10:
         9f:59:fb:f0:59:f3:b8:47:73:43:87:d7:60:0b:31:38:a1:73:
         87:c5:a7:9b:a7:ea:06:13:50:24:d7:b2:17:36:1e:8e:e3:b4:
         f9:68:95:dd:4c:ac:23:a0:81:04:82:be:9c:31:47:d7:ea:26:
         f0:a3:a8:59:54:b9:cf:17:b7:e9:d9:3f:db:ca:15:f9:09:8e:
         45:f4:09:10:6e:eb:16:38:49:c6:b3:24:e1:86:0e:02:df:fd:
         c4:5d:ff:46:88:7c:9d:29:56:c0:c6:f7:d1:21:51:b7:2d:1f:
         95:ab:8f:f9:65:c6:a0:de:b1:71:f8:37:78:89:d7:3e:57:b2:
         29:42:77:43:83:18:ed:c0:86:c0:00:e0:15:90:71:9d:a9:6d:
         e6:91:ab:3a:5a:35:41:a4:4f:fb:48:ea:ac:fa:63:9f:eb:15:
         93:e3:e2:64:2e:bb:21:2e:be:23:69:ed:b7:22:30:1d:c8:ac:
         c6:51:77:77:0a:6c:5a:71:9b:db:98:10:40:e0:5f:76:5c:f7:
         e6:ea:30:5f:d3:e0:0a:a7:22:2c:4e:8e:63:74:08:95:37:2b:
         74:e0:00:8c:ea:2b:f4:72:5f:3f:a2:50:9a:75:30:55:01:09:
         c2:47:f7:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxWw0dNQAeJqhKqG8pmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGZlODFmMzIzMTI2OGY3Y2UzYzMxNGE0OTZhODJjYzIy
NzdjM2IwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg4Y2U1ZmYyYTFlYjUyYTFkNjM4MjNlOTEwMmU2YmMxNDI1Y2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/99ICQoMRP1XRo4KJ4Lbzvv6duq
hrXlh0p/X84MszWo4gcj96OCdCYSU+7CaL+mHTfs0zsfNX5UVPGaO0Ea/2PaGQDQ
TGrolI9nzdVb7Fr2PlT7fINL5RDzx5CS23CHPYmyn1Q3fW+5B2aK+f+z74JCnM+0
TbxjnDKzXYLyTXopDgPcp65x1adA+AQiNA4c9OdAIa2naQfuNvCuKqgpjOgj8dtF
morxy5Tsk9OVICxEkWG9c40MYhwH/gKxYeA4KXs3tXFZtqo+KHMLH2koKMPD//Zm
id1Lf12cWzMy+yN3oTNfZHTEL0/FbKbaTFIdkctmme5j+32ry8WdReQ/FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqIzl/yoetSodY4I+kQLmvBQlzGMB8GA1UdIwQY
MBaAFE9P6B8yMSaPfOPDFKSWqCzCJ3w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBfb0h6SXhKbzk4NDhNVXBKYW9MTUluZkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC84OTQ2MGMtMTMyZi00YzkxLWJkODEt
Y2ZjMGZjYmE4M2EyLzEveW9qT1hfS2g2MUtoMWpnajZSQXVhOEZDWE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC84OTQ2MGMtMTMyZi00YzkxLWJkODEtY2ZjMGZjYmE4M2Ey
LzEvVDBfb0h6SXhKbzk4NDhNVXBKYW9MTUluZkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudhAMA0G
CSqGSIb3DQEBCwUAA4IBAQBqBAQibeqN7cUyLXTAF6YESRCfWfvwWfO4R3NDh9dg
CzE4oXOHxaebp+oGE1Ak17IXNh6O47T5aJXdTKwjoIEEgr6cMUfX6ibwo6hZVLnP
F7fp2T/byhX5CY5F9AkQbusWOEnGsyThhg4C3/3EXf9GiHydKVbAxvfRIVG3LR+V
q4/5Zcag3rFx+Dd4idc+V7IpQndDgxjtwIbAAOAVkHGdqW3mkas6WjVBpE/7SOqs
+mOf6xWT4+JkLrshLr4jae23IjAdyKzGUXd3CmxacZvbmBBA4F92XPfm6jBf0+AK
pyIsTo5jdAiVNyt04ACM6iv0cl8/olCadTBVAQnCR/c1
-----END CERTIFICATE-----