Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YtkHxgF0bS4Hwu0M8Y1lOUS6uCk.roa
File:                     YtkHxgF0bS4Hwu0M8Y1lOUS6uCk.roa (raw, json)
Hash identifier:          QtrY6lEqa9Rl2sfPbqlWLBminafKMwhUJ01GbfqGkwk=
Subject key identifier:   62:D9:07:C6:01:74:6D:2E:07:C2:ED:0C:F1:8D:65:39:44:BA:B8:29
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF33ABD16AB85ADC5C83C2A691F00
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YtkHxgF0bS4Hwu0M8Y1lOUS6uCk.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199513
IP address blocks:        85.120.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f3:3a:bd:16:ab:85:ad:c5:c8:3c:2a:69:1f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62d907c601746d2e07c2ed0cf18d653944bab829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b4:da:e2:9d:b0:bf:f8:70:cd:31:32:2d:a2:
                    76:cd:76:cb:e4:72:ea:f7:a8:01:d4:d2:9e:34:d4:
                    f6:72:7e:a0:ed:28:d2:85:bf:4a:e5:91:13:6d:75:
                    52:4a:8a:94:47:00:92:04:31:c7:60:d5:71:3d:de:
                    b7:1e:73:59:1c:0c:ae:02:c2:da:7e:29:00:1b:c7:
                    63:ac:ac:1a:58:31:98:d5:04:44:d2:f1:68:1a:20:
                    da:8f:d0:4f:00:7c:65:31:7c:83:e3:aa:3c:6e:e7:
                    06:91:d8:31:e2:04:25:d5:6b:f8:cb:ea:21:07:8c:
                    6d:92:48:0e:dd:2c:77:9a:71:ab:73:b9:1f:60:98:
                    64:58:6c:23:57:ec:b0:5e:85:a4:53:fe:36:f1:72:
                    51:6f:9f:c7:30:8a:5a:ad:8a:03:92:86:01:fa:c6:
                    7c:14:38:01:64:7b:cc:4e:30:7f:fd:f1:71:00:09:
                    0e:1a:d2:fa:44:d9:d3:98:2b:5c:cf:3a:d1:c5:c9:
                    6f:25:46:cb:3d:1f:29:34:a7:88:2c:a6:8d:64:a8:
                    ad:df:3f:32:2b:58:33:fb:f2:27:02:77:b3:fa:09:
                    74:c7:b6:66:52:6a:94:33:e6:d7:8d:76:2f:9c:7f:
                    e2:03:53:03:2e:d3:88:d8:e9:eb:5a:44:48:a2:33:
                    f0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D9:07:C6:01:74:6D:2E:07:C2:ED:0C:F1:8D:65:39:44:BA:B8:29
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YtkHxgF0bS4Hwu0M8Y1lOUS6uCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:48:ec:e2:40:08:4f:a4:79:3d:26:17:38:cd:11:10:e8:d6:
         25:2c:84:c8:49:35:2d:cb:6d:77:61:56:93:2e:12:92:0f:84:
         46:89:6b:2c:1d:c6:f6:64:3c:1e:96:3c:66:5b:19:77:ff:bb:
         c0:14:0d:cd:44:0a:7e:20:53:79:01:7e:58:43:ff:c8:d7:fc:
         8c:f6:18:c0:28:a6:ef:68:85:cd:e1:ae:ea:bd:dd:88:32:d3:
         07:38:5c:ea:63:8f:0a:35:2a:e5:f0:9c:9a:ff:c3:86:6b:f2:
         d8:eb:b5:f8:77:9b:db:73:ae:79:24:30:70:17:5b:fd:da:12:
         55:b4:64:c4:61:70:51:40:60:6a:af:5f:5f:5d:59:fa:28:a2:
         0f:c9:39:59:bf:ac:af:b3:82:f6:1f:5a:6c:b1:75:dd:e8:2d:
         aa:cb:6c:91:37:81:0e:a5:fd:3b:21:cf:3d:7d:9e:9f:ac:e4:
         a0:9b:0d:f1:f7:9b:f9:5b:6c:db:5b:6b:5e:f0:dd:bd:01:83:
         53:df:d0:82:d0:69:1f:c0:16:55:87:a4:32:41:05:64:96:c2:
         25:80:fc:4c:3c:de:d8:f8:94:69:19:7e:12:1e:e0:97:e2:5b:
         b3:0c:c9:f1:8e:61:57:d1:01:55:89:1e:52:ac:c6:9b:f9:34:
         d1:81:2e:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvM6vRarha3FyDwqaR8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQ5MDdjNjAxNzQ2ZDJlMDdjMmVkMGNmMThkNjUzOTQ0YmFiODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rTa4p2wv/hwzTEyLaJ2zXbL5HLq
96gB1NKeNNT2cn6g7SjShb9K5ZETbXVSSoqURwCSBDHHYNVxPd63HnNZHAyuAsLa
fikAG8djrKwaWDGY1QRE0vFoGiDaj9BPAHxlMXyD46o8bucGkdgx4gQl1Wv4y+oh
B4xtkkgO3Sx3mnGrc7kfYJhkWGwjV+ywXoWkU/428XJRb5/HMIparYoDkoYB+sZ8
FDgBZHvMTjB//fFxAAkOGtL6RNnTmCtczzrRxclvJUbLPR8pNKeILKaNZKit3z8y
K1gz+/InAnez+gl0x7ZmUmqUM+bXjXYvnH/iA1MDLtOI2OnrWkRIojPwXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLZB8YBdG0uB8LtDPGNZTlEurgpMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvWXRrSHhnRjBiUzRId3UwTThZMWxPVVM2dUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXjMMA0G
CSqGSIb3DQEBCwUAA4IBAQAnSOziQAhPpHk9Jhc4zREQ6NYlLITISTUty213YVaT
LhKSD4RGiWssHcb2ZDweljxmWxl3/7vAFA3NRAp+IFN5AX5YQ//I1/yM9hjAKKbv
aIXN4a7qvd2IMtMHOFzqY48KNSrl8Jya/8OGa/LY67X4d5vbc655JDBwF1v92hJV
tGTEYXBRQGBqr19fXVn6KKIPyTlZv6yvs4L2H1pssXXd6C2qy2yRN4EOpf07Ic89
fZ6frOSgmw3x95v5W2zbW2te8N29AYNT39CC0GkfwBZVh6QyQQVklsIlgPxMPN7Y
+JRpGX4SHuCX4luzDMnxjmFX0QFViR5SrMab+TTRgS7G
-----END CERTIFICATE-----