Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/4d74d9-6c4c-4b14-815f-d262803cf644/1/2YalKgzXVnbsloMHlLaqdYpAavE.roa
File:                     2YalKgzXVnbsloMHlLaqdYpAavE.roa (raw, json)
Hash identifier:          S0X4KPWkAQYpuM0XSHn2hAnCModRvDIdOsGLGbFV2u8=
Subject key identifier:   D9:86:A5:2A:0C:D7:56:76:EC:96:83:07:94:B6:AA:75:8A:40:6A:F1
Certificate issuer:       /CN=9fa736d46981ce486394dfef9c738b7ebeb61a6d
Certificate serial:       018CC493502580638E55D32256CFF459FF9A
Authority key identifier: 9F:A7:36:D4:69:81:CE:48:63:94:DF:EF:9C:73:8B:7E:BE:B6:1A:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n6c21GmBzkhjlN_vnHOLfr62Gm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/4d74d9-6c4c-4b14-815f-d262803cf644/1/2YalKgzXVnbsloMHlLaqdYpAavE.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        185.205.112.0/22 maxlen: 22
                          2a09:1780::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/4d74d9-6c4c-4b14-815f-d262803cf644/1/n6c21GmBzkhjlN_vnHOLfr62Gm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/4d74d9-6c4c-4b14-815f-d262803cf644/1/n6c21GmBzkhjlN_vnHOLfr62Gm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n6c21GmBzkhjlN_vnHOLfr62Gm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:50:25:80:63:8e:55:d3:22:56:cf:f4:59:ff:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fa736d46981ce486394dfef9c738b7ebeb61a6d
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d986a52a0cd75676ec96830794b6aa758a406af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3f:01:6d:8c:8d:eb:9c:8b:b4:f4:d1:7e:77:
                    bf:d1:ba:f8:6b:77:4e:f7:7b:29:96:8f:49:ba:1a:
                    c0:74:0f:27:5a:76:eb:f0:85:a8:86:7f:b2:e2:97:
                    58:1b:3e:69:06:9d:f6:5f:38:3d:61:38:bf:c5:e8:
                    0c:c0:00:5a:1f:e1:a8:4f:7a:0e:f3:53:a4:c1:82:
                    c9:04:3a:b0:c6:54:7b:42:b2:20:33:2a:dc:1a:ba:
                    77:2f:fb:18:03:9f:ed:53:8d:4b:17:65:94:b1:35:
                    53:de:85:29:b0:f8:59:b6:6d:f6:d4:44:d2:32:76:
                    35:32:b9:24:de:47:7d:39:c5:5b:9c:c8:3a:f1:a4:
                    3e:9b:e6:93:85:49:f0:67:36:32:e9:f7:07:f0:af:
                    30:d5:20:4f:19:0f:5a:1f:bf:ed:81:73:71:df:18:
                    51:04:91:47:52:61:ed:23:74:23:8a:60:e5:5f:72:
                    b6:16:b1:68:f4:fa:7b:a3:bb:8b:df:17:dd:02:ec:
                    c3:03:ad:aa:e5:07:b3:01:c7:f7:2d:86:35:bb:1e:
                    c2:83:79:4f:e1:1a:30:a2:1d:e4:59:18:8a:56:96:
                    03:63:cb:9c:00:13:d6:10:ab:44:1d:41:2a:cf:c9:
                    4f:8e:5a:8c:1a:82:0d:86:ae:28:5a:ad:fc:36:87:
                    fc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:86:A5:2A:0C:D7:56:76:EC:96:83:07:94:B6:AA:75:8A:40:6A:F1
            X509v3 Authority Key Identifier:
                keyid:9F:A7:36:D4:69:81:CE:48:63:94:DF:EF:9C:73:8B:7E:BE:B6:1A:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n6c21GmBzkhjlN_vnHOLfr62Gm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/4d74d9-6c4c-4b14-815f-d262803cf644/1/2YalKgzXVnbsloMHlLaqdYpAavE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/4d74d9-6c4c-4b14-815f-d262803cf644/1/n6c21GmBzkhjlN_vnHOLfr62Gm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.112.0/22
                IPv6:
                  2a09:1780::/34

    Signature Algorithm: sha256WithRSAEncryption
         39:cf:79:0f:9a:64:07:63:8b:2c:1b:47:57:d6:f3:8e:a0:2f:
         c6:ec:9e:ae:e3:6d:1c:7b:a0:8f:bb:02:8b:d8:a8:86:2f:72:
         19:67:27:e9:eb:4f:92:f4:22:c8:84:50:f3:20:e7:94:8d:77:
         31:9b:78:d2:37:7d:b2:90:ae:2f:c0:4f:57:62:f8:24:f6:3c:
         6c:eb:e2:54:66:77:92:13:bf:56:bd:80:31:c7:79:22:c4:6c:
         80:73:7c:24:27:f5:88:2c:4f:54:59:5a:b5:0a:98:83:c1:0a:
         1e:42:18:66:da:af:d8:f5:c8:47:2a:6f:18:77:ac:c2:23:4d:
         f2:f5:99:31:36:58:ed:fa:01:ab:e8:52:51:ab:fe:a5:b7:b3:
         d6:9f:3e:e1:8a:85:f2:ee:88:2f:53:38:25:b0:f7:14:d5:76:
         29:01:2e:05:f8:2e:da:8e:00:65:58:7f:d6:ad:ab:9b:1d:ea:
         51:b9:06:84:c3:a4:e5:90:9e:c2:95:df:88:62:6b:1d:c5:98:
         09:b0:a6:30:25:66:2e:17:d7:1d:7d:cb:8f:89:23:a3:06:ce:
         78:de:90:45:08:f1:da:97:af:55:09:bc:26:68:fd:fe:bb:36:
         91:51:94:32:8e:de:1e:ef:51:bd:de:03:34:aa:6e:81:ce:85:
         d1:65:3a:f3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEk1AlgGOOVdMiVs/0Wf+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYTczNmQ0Njk4MWNlNDg2Mzk0ZGZlZjljNzM4YjdlYmVi
NjFhNmQwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg2YTUyYTBjZDc1Njc2ZWM5NjgzMDc5NGI2YWE3NThhNDA2YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoD8BbYyN65yLtPTRfne/0br4a3dO
93splo9JuhrAdA8nWnbr8IWohn+y4pdYGz5pBp32Xzg9YTi/xegMwABaH+GoT3oO
81OkwYLJBDqwxlR7QrIgMyrcGrp3L/sYA5/tU41LF2WUsTVT3oUpsPhZtm321ETS
MnY1Mrkk3kd9OcVbnMg68aQ+m+aThUnwZzYy6fcH8K8w1SBPGQ9aH7/tgXNx3xhR
BJFHUmHtI3QjimDlX3K2FrFo9Pp7o7uL3xfdAuzDA62q5QezAcf3LYY1ux7Cg3lP
4Rowoh3kWRiKVpYDY8ucABPWEKtEHUEqz8lPjlqMGoINhq4oWq38Nof8XQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNmGpSoM11Z27JaDB5S2qnWKQGrxMB8GA1UdIwQY
MBaAFJ+nNtRpgc5IY5Tf75xzi36+thptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjZjMjFHbUJ6a2hqbE5fdm5IT0xmcjYyR20wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80ZDc0ZDktNmM0Yy00YjE0LTgxNWYt
ZDI2MjgwM2NmNjQ0LzEvMllhbEtnelhWbmJzbG9NSGxMYXFkWXBBYXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80ZDc0ZDktNmM0Yy00YjE0LTgxNWYtZDI2MjgwM2NmNjQ0
LzEvbjZjMjFHbUJ6a2hqbE5fdm5IT0xmcjYyR20wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCuc1wMA4E
AgACMAgDBgYqCReAADANBgkqhkiG9w0BAQsFAAOCAQEAOc95D5pkB2OLLBtHV9bz
jqAvxuyeruNtHHugj7sCi9iohi9yGWcn6etPkvQiyIRQ8yDnlI13MZt40jd9spCu
L8BPV2L4JPY8bOviVGZ3khO/Vr2AMcd5IsRsgHN8JCf1iCxPVFlatQqYg8EKHkIY
Ztqv2PXIRypvGHeswiNN8vWZMTZY7foBq+hSUav+pbez1p8+4YqF8u6IL1M4JbD3
FNV2KQEuBfgu2o4AZVh/1q2rmx3qUbkGhMOk5ZCewpXfiGJrHcWYCbCmMCVmLhfX
HX3Lj4kjowbOeN6QRQjx2pevVQm8Jmj9/rs2kVGUMo7eHu9Rvd4DNKpugc6F0WU6
8w==
-----END CERTIFICATE-----