Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/CY1SOGqLnQage4AlLMPTzgQnO4k.roa
File:                     CY1SOGqLnQage4AlLMPTzgQnO4k.roa (raw, json)
Hash identifier:          6xvIHW5mYPUy03jlj98uHtau4xCKFvHp4s2k+EbcKTs=
Subject key identifier:   09:8D:52:38:6A:8B:9D:06:A0:7B:80:25:2C:C3:D3:CE:04:27:3B:89
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018CC5012B865F02D7417C6BCCA9B7C30BBA
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/CY1SOGqLnQage4AlLMPTzgQnO4k.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        185.114.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2b:86:5f:02:d7:41:7c:6b:cc:a9:b7:c3:0b:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=098d52386a8b9d06a07b80252cc3d3ce04273b89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f3:7e:2a:fd:c2:5a:30:97:2a:50:25:f6:d7:
                    58:88:3d:f8:f5:72:2c:93:af:2a:28:03:37:c5:07:
                    3c:25:ee:99:ad:2c:48:cc:99:4d:b9:e9:5b:ea:e1:
                    5c:35:5e:4a:55:e1:b7:fb:f8:96:24:a2:20:f7:d6:
                    3e:9b:ff:9a:38:5d:36:eb:ca:60:fc:88:d2:75:51:
                    21:0c:3c:2c:73:7d:1e:92:3e:87:70:30:3f:63:8d:
                    b7:f0:17:0c:ef:b0:5c:19:9f:09:fa:1c:f7:67:05:
                    39:8b:92:10:44:3e:7f:66:88:41:1e:00:1b:de:73:
                    f6:61:f0:f9:74:ed:0f:4a:a2:49:c9:49:bc:10:b2:
                    46:85:60:95:08:21:41:30:96:0b:47:43:73:07:29:
                    3f:34:8b:68:e6:e9:f9:e9:f3:5c:a6:93:ff:18:84:
                    77:bb:fd:3f:53:25:27:36:be:ee:d4:75:2f:80:f2:
                    be:9d:33:c0:78:06:65:5a:f4:e5:01:8f:67:a0:3f:
                    87:ab:df:1a:1e:96:55:3b:cd:d6:3e:61:b4:d1:da:
                    b8:38:ae:25:a2:c6:99:1d:43:1d:64:47:39:ff:e1:
                    5f:e2:aa:d3:a3:0e:af:da:aa:ea:bb:1a:bf:52:b1:
                    59:74:fa:67:2e:06:59:b5:38:5d:e0:28:45:6f:ec:
                    ae:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8D:52:38:6A:8B:9D:06:A0:7B:80:25:2C:C3:D3:CE:04:27:3B:89
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/CY1SOGqLnQage4AlLMPTzgQnO4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:fb:8a:99:b4:17:18:58:94:03:ef:f7:af:65:91:2a:07:66:
         82:cb:9e:86:5f:7a:32:a1:d6:d5:35:6a:7b:50:b3:3e:01:51:
         d0:08:41:d2:8d:22:6c:75:fd:30:10:47:d9:ac:f2:85:4b:b5:
         d6:f4:8c:50:2f:5e:b3:d8:04:64:00:60:dd:8b:ce:d6:5e:e0:
         f8:2e:88:a2:92:e6:15:d9:e9:37:55:68:90:87:05:cf:62:1b:
         73:0b:41:5c:95:3f:b5:f1:84:ad:da:b5:6e:5e:94:6c:1f:14:
         52:e6:48:5b:a3:e9:d3:b2:b3:a2:b2:7a:3e:0f:f1:62:14:7f:
         61:d3:38:92:72:6a:0e:68:80:80:25:fa:bc:0f:83:d9:97:ac:
         f6:2e:b0:21:0d:ab:90:08:2f:64:56:eb:8e:3e:bb:35:59:67:
         d1:c8:cf:ab:58:17:5d:f5:4c:f6:c8:93:4b:df:4c:12:a1:5d:
         a8:c9:c8:bf:15:84:39:e9:69:2e:c7:49:b9:13:2e:7d:a4:5a:
         b8:c0:98:98:4e:1e:38:bd:27:b4:6e:73:8d:32:d0:69:e8:fb:
         64:9f:20:e6:ff:35:33:3d:ae:8d:0b:b1:83:fb:2f:39:b8:cc:
         38:f8:19:43:c9:bd:c0:7f:58:12:64:48:e2:6b:a9:c3:03:93:
         dd:64:2f:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASuGXwLXQXxrzKm3wwu6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOThkNTIzODZhOGI5ZDA2YTA3YjgwMjUyY2MzZDNjZTA0MjczYjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPN+Kv3CWjCXKlAl9tdYiD349XIs
k68qKAM3xQc8Je6ZrSxIzJlNuelb6uFcNV5KVeG3+/iWJKIg99Y+m/+aOF0268pg
/IjSdVEhDDwsc30ekj6HcDA/Y4238BcM77BcGZ8J+hz3ZwU5i5IQRD5/ZohBHgAb
3nP2YfD5dO0PSqJJyUm8ELJGhWCVCCFBMJYLR0NzByk/NIto5un56fNcppP/GIR3
u/0/UyUnNr7u1HUvgPK+nTPAeAZlWvTlAY9noD+Hq98aHpZVO83WPmG00dq4OK4l
osaZHUMdZEc5/+Ff4qrTow6v2qrquxq/UrFZdPpnLgZZtThd4ChFb+yuWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmNUjhqi50GoHuAJSzD084EJzuJMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvQ1kxU09HcUxuUWFnZTRBbExNUFR6Z1FuTzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXLOMA0G
CSqGSIb3DQEBCwUAA4IBAQAE+4qZtBcYWJQD7/evZZEqB2aCy56GX3oyodbVNWp7
ULM+AVHQCEHSjSJsdf0wEEfZrPKFS7XW9IxQL16z2ARkAGDdi87WXuD4LoiikuYV
2ek3VWiQhwXPYhtzC0FclT+18YSt2rVuXpRsHxRS5khbo+nTsrOisno+D/FiFH9h
0ziScmoOaICAJfq8D4PZl6z2LrAhDauQCC9kVuuOPrs1WWfRyM+rWBdd9Uz2yJNL
30wSoV2oyci/FYQ56Wkux0m5Ey59pFq4wJiYTh44vSe0bnONMtBp6PtknyDm/zUz
Pa6NC7GD+y85uMw4+BlDyb3Af1gSZEjia6nDA5PdZC8/
-----END CERTIFICATE-----