Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/a75e1d-4d81-49cb-aca5-82998a9287e2/1/yY9lRC-lRqjPIUjFir0VxQM_vQU.roa
File:                     yY9lRC-lRqjPIUjFir0VxQM_vQU.roa (raw, json)
Hash identifier:          CnzJDtlYxY/9XYJdyWKr/w0iY4v/fdPl8g9dZ62NfCs=
Subject key identifier:   C9:8F:65:44:2F:A5:46:A8:CF:21:48:C5:8A:BD:15:C5:03:3F:BD:05
Certificate issuer:       /CN=22ac8dff4e99d3e2289af63b15d55d2450c842c3
Certificate serial:       018E6605450D30F617BCAEDEB5880CF33E1F
Authority key identifier: 22:AC:8D:FF:4E:99:D3:E2:28:9A:F6:3B:15:D5:5D:24:50:C8:42:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqyN_06Z0-IomvY7FdVdJFDIQsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/a75e1d-4d81-49cb-aca5-82998a9287e2/1/yY9lRC-lRqjPIUjFir0VxQM_vQU.roa
Signing time:             Fri 22 Mar 2024 11:56:45 +0000
ROA not before:           Fri 22 Mar 2024 11:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51311
IP address blocks:        178.251.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/a75e1d-4d81-49cb-aca5-82998a9287e2/1/IqyN_06Z0-IomvY7FdVdJFDIQsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/a75e1d-4d81-49cb-aca5-82998a9287e2/1/IqyN_06Z0-IomvY7FdVdJFDIQsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqyN_06Z0-IomvY7FdVdJFDIQsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:05:45:0d:30:f6:17:bc:ae:de:b5:88:0c:f3:3e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22ac8dff4e99d3e2289af63b15d55d2450c842c3
        Validity
            Not Before: Mar 22 11:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c98f65442fa546a8cf2148c58abd15c5033fbd05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3a:80:24:03:41:e0:6a:15:d9:2e:f5:32:1c:
                    5c:c0:c9:67:17:30:5b:35:a2:cd:89:cb:b8:59:e7:
                    93:c9:37:8f:57:48:d5:43:9c:c5:be:f9:34:cd:ce:
                    ca:3a:7f:48:b9:1d:75:14:74:75:db:b9:4d:36:a9:
                    39:4c:15:45:00:2e:c1:65:ff:86:af:2e:e8:91:33:
                    62:6c:f8:4a:90:5d:54:38:12:a3:2d:27:67:c2:16:
                    40:56:6c:12:ce:4d:fa:32:26:83:00:c4:14:8d:bc:
                    1b:46:d5:96:74:c7:2c:70:db:13:8c:57:60:2a:84:
                    1f:e9:4a:47:8b:16:95:f2:8f:58:93:be:8a:84:c1:
                    0a:02:50:79:57:fe:2c:45:fd:d8:0b:27:4a:f1:cb:
                    f9:57:35:cb:8b:1f:75:41:ff:c3:40:27:a9:d5:84:
                    ac:ef:4e:f4:ec:52:88:3a:82:24:34:f2:42:33:74:
                    2c:72:24:58:ea:89:0d:39:40:1f:51:90:ee:87:cd:
                    52:cf:f7:8f:cb:7b:15:ee:e8:ac:9c:e9:16:67:1c:
                    85:a6:ad:fc:07:4a:7e:1c:40:26:36:c6:24:5d:30:
                    8a:08:a0:f7:ac:c9:bc:33:97:a0:88:4c:4c:55:6c:
                    be:58:64:f3:55:de:25:02:3c:60:a6:ef:21:ce:a6:
                    20:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:8F:65:44:2F:A5:46:A8:CF:21:48:C5:8A:BD:15:C5:03:3F:BD:05
            X509v3 Authority Key Identifier:
                keyid:22:AC:8D:FF:4E:99:D3:E2:28:9A:F6:3B:15:D5:5D:24:50:C8:42:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqyN_06Z0-IomvY7FdVdJFDIQsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/a75e1d-4d81-49cb-aca5-82998a9287e2/1/yY9lRC-lRqjPIUjFir0VxQM_vQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/a75e1d-4d81-49cb-aca5-82998a9287e2/1/IqyN_06Z0-IomvY7FdVdJFDIQsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:f0:32:4c:68:0b:69:dd:3f:3a:3e:a1:76:41:03:09:47:6d:
         2b:19:96:de:67:d2:56:65:0b:d3:23:01:cd:93:9d:f5:a3:b8:
         7d:9f:12:d4:bc:43:8d:30:74:d8:c4:f2:aa:b3:1a:0c:34:8e:
         85:d6:29:97:55:5c:05:44:80:34:61:cf:7b:0d:2d:d6:b7:8e:
         7b:f4:f5:71:7f:d6:9e:9e:9f:bf:0b:26:69:14:d8:9e:25:48:
         13:58:17:98:3c:90:51:3e:fc:3c:d9:f8:b3:2b:d7:63:1d:28:
         63:92:2a:28:d5:31:ab:7c:35:cc:7f:45:5c:6b:7b:e3:cd:31:
         45:b6:96:f9:66:bc:06:f6:ed:4a:6e:83:fa:4d:f5:8d:eb:ff:
         f2:ce:24:91:84:c1:6e:62:f6:f9:fa:29:f7:59:6f:49:92:f6:
         14:80:55:37:0a:c8:a1:c0:d7:7c:28:53:9a:0b:58:d4:cc:0b:
         80:72:2f:12:fe:f0:e2:90:3b:08:a8:83:7e:fe:3b:2d:3a:c9:
         e0:c6:06:b9:20:cb:5e:b2:4d:15:72:06:dc:ab:fc:23:0b:59:
         cb:3b:12:96:02:ed:a9:31:39:e7:d4:1d:49:69:34:9f:34:98:
         a8:83:4e:31:1d:c4:dc:d4:c5:49:71:f1:6d:5f:a0:f2:37:76:
         e5:5e:a1:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mBUUNMPYXvK7etYgM8z4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYWM4ZGZmNGU5OWQzZTIyODlhZjYzYjE1ZDU1ZDI0NTBj
ODQyYzMwHhcNMjQwMzIyMTE1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOThmNjU0NDJmYTU0NmE4Y2YyMTQ4YzU4YWJkMTVjNTAzM2ZiZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDqAJANB4GoV2S71MhxcwMlnFzBb
NaLNicu4WeeTyTePV0jVQ5zFvvk0zc7KOn9IuR11FHR127lNNqk5TBVFAC7BZf+G
ry7okTNibPhKkF1UOBKjLSdnwhZAVmwSzk36MiaDAMQUjbwbRtWWdMcscNsTjFdg
KoQf6UpHixaV8o9Yk76KhMEKAlB5V/4sRf3YCydK8cv5VzXLix91Qf/DQCep1YSs
70707FKIOoIkNPJCM3QsciRY6okNOUAfUZDuh81Sz/ePy3sV7uisnOkWZxyFpq38
B0p+HEAmNsYkXTCKCKD3rMm8M5egiExMVWy+WGTzVd4lAjxgpu8hzqYgawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmPZUQvpUaozyFIxYq9FcUDP70FMB8GA1UdIwQY
MBaAFCKsjf9OmdPiKJr2OxXVXSRQyELDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXF5Tl8wNlowLUlvbXZZN0ZkVmRKRkRJUXNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9hNzVlMWQtNGQ4MS00OWNiLWFjYTUt
ODI5OThhOTI4N2UyLzEveVk5bFJDLWxScWpQSVVqRmlyMFZ4UU1fdlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9hNzVlMWQtNGQ4MS00OWNiLWFjYTUtODI5OThhOTI4N2Uy
LzEvSXF5Tl8wNlowLUlvbXZZN0ZkVmRKRkRJUXNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsvuYMA0G
CSqGSIb3DQEBCwUAA4IBAQA88DJMaAtp3T86PqF2QQMJR20rGZbeZ9JWZQvTIwHN
k531o7h9nxLUvEONMHTYxPKqsxoMNI6F1imXVVwFRIA0Yc97DS3Wt4579PVxf9ae
np+/CyZpFNieJUgTWBeYPJBRPvw82fizK9djHShjkioo1TGrfDXMf0Vca3vjzTFF
tpb5ZrwG9u1KboP6TfWN6//yziSRhMFuYvb5+in3WW9JkvYUgFU3CsihwNd8KFOa
C1jUzAuAci8S/vDikDsIqIN+/jstOsngxga5IMtesk0Vcgbcq/wjC1nLOxKWAu2p
MTnn1B1JaTSfNJiog04xHcTc1MVJcfFtX6DyN3blXqEN
-----END CERTIFICATE-----