Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/acccd4-ea2b-49ee-9baf-22fb3991d2aa/1/z_tyR0HCAvRhQxYqIKt02g7QaLs.roa
File:                     z_tyR0HCAvRhQxYqIKt02g7QaLs.roa (raw, json)
Hash identifier:          DYl07lScWBEMTXYJCw7N1tAI4QI/PCiEGmRIhq3QlwE=
Subject key identifier:   CF:FB:72:47:41:C2:02:F4:61:43:16:2A:20:AB:74:DA:0E:D0:68:BB
Certificate issuer:       /CN=e187d5794d0ae8ab856ea0c26107720acd446d3a
Certificate serial:       018CC4937078002E3126B911C35219CD7EEF
Authority key identifier: E1:87:D5:79:4D:0A:E8:AB:85:6E:A0:C2:61:07:72:0A:CD:44:6D:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YfVeU0K6KuFbqDCYQdyCs1EbTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/acccd4-ea2b-49ee-9baf-22fb3991d2aa/1/z_tyR0HCAvRhQxYqIKt02g7QaLs.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200480
IP address blocks:        185.241.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/acccd4-ea2b-49ee-9baf-22fb3991d2aa/1/4YfVeU0K6KuFbqDCYQdyCs1EbTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/acccd4-ea2b-49ee-9baf-22fb3991d2aa/1/4YfVeU0K6KuFbqDCYQdyCs1EbTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YfVeU0K6KuFbqDCYQdyCs1EbTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 01:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:70:78:00:2e:31:26:b9:11:c3:52:19:cd:7e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e187d5794d0ae8ab856ea0c26107720acd446d3a
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cffb724741c202f46143162a20ab74da0ed068bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:3a:b5:c0:f1:4a:f7:b9:31:e5:6f:b8:19:
                    c9:bf:ab:0b:6a:c9:75:02:4a:44:ab:2d:a8:e1:a9:
                    d9:90:45:25:c7:81:88:e6:ac:64:b5:38:19:de:af:
                    03:7f:b9:22:3e:ac:94:d4:8e:4a:d7:cb:97:94:29:
                    f2:8c:9f:f0:d7:4e:7f:26:08:e0:61:2f:8b:e9:d1:
                    37:02:38:0a:ac:84:a4:b9:45:12:86:56:ae:de:0d:
                    7d:b3:29:2b:19:cd:e0:e1:ef:0e:7d:4a:9f:41:6f:
                    8f:18:c0:a1:ca:6c:93:83:ba:8a:3a:8d:53:8f:e4:
                    5a:d2:8a:0a:f6:c3:5e:c2:fd:cf:16:c1:9f:87:aa:
                    e5:05:96:32:0d:3c:f7:70:cd:56:41:25:ba:f8:ec:
                    83:95:34:ea:8e:78:1f:da:44:44:b4:4c:f8:35:15:
                    d7:02:9d:24:1d:bd:f1:dc:98:ae:3c:e1:6d:60:21:
                    72:74:fa:db:35:a0:ee:c4:2f:b9:dc:6d:a4:fc:a6:
                    75:76:37:25:65:c7:00:83:28:62:68:11:5f:9d:d6:
                    a9:ad:ce:86:66:66:38:5b:a7:4c:a8:b3:4a:c3:2a:
                    e4:c1:b6:cc:30:1c:4a:75:78:c7:23:b1:41:82:c8:
                    71:38:5b:7e:4b:3d:31:f7:2c:77:e6:13:22:ac:cc:
                    90:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FB:72:47:41:C2:02:F4:61:43:16:2A:20:AB:74:DA:0E:D0:68:BB
            X509v3 Authority Key Identifier:
                keyid:E1:87:D5:79:4D:0A:E8:AB:85:6E:A0:C2:61:07:72:0A:CD:44:6D:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YfVeU0K6KuFbqDCYQdyCs1EbTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/acccd4-ea2b-49ee-9baf-22fb3991d2aa/1/z_tyR0HCAvRhQxYqIKt02g7QaLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/acccd4-ea2b-49ee-9baf-22fb3991d2aa/1/4YfVeU0K6KuFbqDCYQdyCs1EbTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:e6:bd:fe:2b:21:ff:f3:75:c6:76:de:55:e1:79:2b:e2:3b:
         c6:9c:2e:19:d7:3f:1f:cc:cd:75:68:d1:f1:93:af:ff:bc:9d:
         e6:a6:c3:cd:85:11:ce:cb:93:56:11:fb:d7:1c:db:6a:fd:3e:
         36:6b:70:48:b2:23:2a:ff:1d:29:18:df:34:b8:18:aa:44:3f:
         96:3f:c3:ee:1b:21:2e:b0:ad:82:2a:b0:34:e3:32:3b:4a:18:
         60:5b:cb:91:a2:8e:9b:f7:08:77:c7:b2:ae:94:a9:ad:3a:7b:
         8c:b7:d4:b3:01:de:eb:07:df:ad:7b:c3:0e:54:dd:4c:86:a4:
         b6:21:f7:2e:c0:cf:da:1b:cc:79:1d:6a:dd:74:5d:cf:6d:71:
         02:1d:11:81:17:64:03:bb:06:c6:6e:04:7d:b7:47:aa:2c:fa:
         24:ca:2d:d5:54:c2:82:59:44:86:ad:ee:da:ce:ec:67:02:e7:
         52:11:6a:d7:ae:0b:8c:82:19:f0:3d:1b:ff:9b:f2:82:10:5b:
         6c:0a:91:f7:e9:d5:eb:c3:33:73:b2:65:43:2e:29:5d:07:11:
         cc:53:34:31:b5:36:6d:75:6e:40:86:29:4f:1f:5a:79:35:24:
         4e:a1:e3:a6:b8:c9:0c:54:9e:47:f0:bb:ca:8c:e0:d5:02:c8:
         9b:e7:36:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3B4AC4xJrkRw1IZzX7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODdkNTc5NGQwYWU4YWI4NTZlYTBjMjYxMDc3MjBhY2Q0
NDZkM2EwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZiNzI0NzQxYzIwMmY0NjE0MzE2MmEyMGFiNzRkYTBlZDA2OGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIE6tcDxSve5MeVvuBnJv6sLasl1
AkpEqy2o4anZkEUlx4GI5qxktTgZ3q8Df7kiPqyU1I5K18uXlCnyjJ/w105/Jgjg
YS+L6dE3AjgKrISkuUUShlau3g19sykrGc3g4e8OfUqfQW+PGMChymyTg7qKOo1T
j+Ra0ooK9sNewv3PFsGfh6rlBZYyDTz3cM1WQSW6+OyDlTTqjngf2kREtEz4NRXX
Ap0kHb3x3JiuPOFtYCFydPrbNaDuxC+53G2k/KZ1djclZccAgyhiaBFfndaprc6G
ZmY4W6dMqLNKwyrkwbbMMBxKdXjHI7FBgshxOFt+Sz0x9yx35hMirMyQxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/7ckdBwgL0YUMWKiCrdNoO0Gi7MB8GA1UdIwQY
MBaAFOGH1XlNCuirhW6gwmEHcgrNRG06MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlmVmVVMEs2S3VGYnFEQ1lRZHlDczFFYlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hY2NjZDQtZWEyYi00OWVlLTliYWYt
MjJmYjM5OTFkMmFhLzEvel90eVIwSENBdlJoUXhZcUlLdDAyZzdRYUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hY2NjZDQtZWEyYi00OWVlLTliYWYtMjJmYjM5OTFkMmFh
LzEvNFlmVmVVMEs2S3VGYnFEQ1lRZHlDczFFYlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufEQMA0G
CSqGSIb3DQEBCwUAA4IBAQB35r3+KyH/83XGdt5V4Xkr4jvGnC4Z1z8fzM11aNHx
k6//vJ3mpsPNhRHOy5NWEfvXHNtq/T42a3BIsiMq/x0pGN80uBiqRD+WP8PuGyEu
sK2CKrA04zI7ShhgW8uRoo6b9wh3x7KulKmtOnuMt9SzAd7rB9+te8MOVN1MhqS2
IfcuwM/aG8x5HWrddF3PbXECHRGBF2QDuwbGbgR9t0eqLPokyi3VVMKCWUSGre7a
zuxnAudSEWrXrguMghnwPRv/m/KCEFtsCpH36dXrwzNzsmVDLildBxHMUzQxtTZt
dW5AhilPH1p5NSROoeOmuMkMVJ5H8LvKjODVAsib5zb6
-----END CERTIFICATE-----