Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/Y-22STYS5p5pjUJW0U7izf96C1s.roa
File:                     Y-22STYS5p5pjUJW0U7izf96C1s.roa (raw, json)
Hash identifier:          sfn8noDiZ1EXcREq74Qrsva7acu1oS1b8SDwv0as7Fk=
Subject key identifier:   63:ED:B6:49:36:12:E6:9E:69:8D:42:56:D1:4E:E2:CD:FF:7A:0B:5B
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018DA256959E851DCDD7225925ADC4A75C09
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/Y-22STYS5p5pjUJW0U7izf96C1s.roa
Signing time:             Tue 13 Feb 2024 11:59:59 +0000
ROA not before:           Tue 13 Feb 2024 11:59:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203377
IP address blocks:        185.136.205.0/24 maxlen: 24
                          185.207.39.0/24 maxlen: 24
                          194.147.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a2:56:95:9e:85:1d:cd:d7:22:59:25:ad:c4:a7:5c:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Feb 13 11:59:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63edb6493612e69e698d4256d14ee2cdff7a0b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c9:55:90:b3:dd:67:46:35:0f:9d:7c:05:87:
                    6d:8d:02:b9:5c:a2:e9:11:5f:4f:ad:36:ee:ed:64:
                    47:1e:6a:c0:65:39:47:f7:82:5d:7b:91:c1:2f:be:
                    d9:90:eb:80:f5:12:7b:46:07:57:96:18:93:d3:83:
                    a6:4b:3e:7b:72:88:37:79:2f:bf:07:60:75:71:30:
                    c2:6d:93:15:17:b7:07:50:23:3f:e6:b9:eb:d3:32:
                    ec:12:b4:fa:ee:a8:4a:10:35:b5:c9:f8:81:e8:e3:
                    7c:c0:9a:85:c2:f8:f6:d8:dc:10:e2:fd:70:af:38:
                    b7:82:9e:d7:c4:cd:e6:28:2b:1d:bc:b2:a5:d9:1c:
                    6f:2b:66:ea:89:7b:c6:41:f5:51:72:b2:1a:1a:05:
                    0b:14:c1:36:66:ae:e2:55:1e:29:68:6b:17:e0:71:
                    24:08:14:97:95:35:a5:b2:66:d4:66:3c:ea:89:d9:
                    95:6a:69:0e:16:bc:33:cc:52:2e:34:50:0a:e8:76:
                    cf:5a:1d:c8:8b:bd:50:dc:72:07:7d:91:0a:eb:b3:
                    fb:fe:bc:0c:ff:e5:59:32:76:26:54:8c:9e:3c:57:
                    25:4e:82:1f:64:91:f3:42:8a:af:4a:fd:34:1a:4b:
                    14:cb:9d:9f:b9:5d:72:6a:7f:6b:fe:50:d4:71:d3:
                    33:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:ED:B6:49:36:12:E6:9E:69:8D:42:56:D1:4E:E2:CD:FF:7A:0B:5B
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/Y-22STYS5p5pjUJW0U7izf96C1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.205.0/24
                  185.207.39.0/24
                  194.147.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:b1:ca:29:c9:7c:a8:fc:0f:57:1b:97:df:23:49:7e:c1:a0:
         8d:fd:df:86:4d:52:ee:4c:4b:e7:c1:52:42:95:97:69:35:c7:
         40:46:4d:ce:4b:bd:24:bc:01:cc:ae:a7:58:27:ff:bb:50:96:
         1e:c9:7a:4c:a7:35:12:5e:08:73:91:d4:37:6e:8b:61:25:3c:
         0d:bf:c1:05:48:d3:c0:22:f5:a4:aa:0f:f1:2c:c5:23:9e:bc:
         5b:4c:4d:35:f9:4f:4c:05:b2:c7:61:01:76:7d:0b:6a:58:33:
         ba:da:dc:58:8a:34:49:1f:83:1b:63:63:14:2a:b0:7f:b9:ee:
         5d:7f:2a:49:73:25:b2:2b:6a:19:e5:49:72:82:b9:96:b9:ef:
         d0:bd:29:5e:35:28:56:e2:c5:3b:7b:26:5d:ea:e4:1c:33:a6:
         54:00:47:71:45:55:e7:7c:36:3d:a1:ff:42:a9:d2:27:bf:f1:
         3e:0e:e3:61:96:e9:73:5a:54:15:ad:28:6b:d5:0b:02:dd:00:
         40:1b:43:60:3e:e3:b2:02:a9:dd:ff:af:3a:06:39:da:30:bb:
         0c:bb:2d:05:99:4f:6c:4f:44:f4:79:15:fa:e8:cc:b9:4d:3c:
         10:6d:ad:02:96:73:b9:54:64:f3:a7:d4:ed:14:2b:82:ac:24:
         a0:ac:b4:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2iVpWehR3N1yJZJa3Ep1wJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMjEzMTE1OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2VkYjY0OTM2MTJlNjllNjk4ZDQyNTZkMTRlZTJjZGZmN2EwYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhclVkLPdZ0Y1D518BYdtjQK5XKLp
EV9PrTbu7WRHHmrAZTlH94Jde5HBL77ZkOuA9RJ7RgdXlhiT04OmSz57cog3eS+/
B2B1cTDCbZMVF7cHUCM/5rnr0zLsErT67qhKEDW1yfiB6ON8wJqFwvj22NwQ4v1w
rzi3gp7XxM3mKCsdvLKl2RxvK2bqiXvGQfVRcrIaGgULFME2Zq7iVR4paGsX4HEk
CBSXlTWlsmbUZjzqidmVamkOFrwzzFIuNFAK6HbPWh3Ii71Q3HIHfZEK67P7/rwM
/+VZMnYmVIyePFclToIfZJHzQoqvSv00GksUy52fuV1yan9r/lDUcdMzgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGPttkk2EuaeaY1CVtFO4s3/egtbMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvWS0yMlNUWVM1cDVwalVKVzBVN2l6Zjk2QzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuYjNAwQA
uc8nAwQAwpPYMA0GCSqGSIb3DQEBCwUAA4IBAQC8scopyXyo/A9XG5ffI0l+waCN
/d+GTVLuTEvnwVJClZdpNcdARk3OS70kvAHMrqdYJ/+7UJYeyXpMpzUSXghzkdQ3
bothJTwNv8EFSNPAIvWkqg/xLMUjnrxbTE01+U9MBbLHYQF2fQtqWDO62txYijRJ
H4MbY2MUKrB/ue5dfypJcyWyK2oZ5UlygrmWue/QvSleNShW4sU7eyZd6uQcM6ZU
AEdxRVXnfDY9of9CqdInv/E+DuNhlulzWlQVrShr1QsC3QBAG0NgPuOyAqnd/686
BjnaMLsMuy0FmU9sT0T0eRX66My5TTwQba0ClnO5VGTzp9TtFCuCrCSgrLRE
-----END CERTIFICATE-----