Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/BaY5J_rigNIWISyUaov34kFuYvI.roa
File:                     BaY5J_rigNIWISyUaov34kFuYvI.roa (raw, json)
Hash identifier:          tV3wguCsfInRkjKxiJJzV0t40djuHsJjPjiD21qbcQ8=
Subject key identifier:   05:A6:39:27:FA:E2:80:D2:16:21:2C:94:6A:8B:F7:E2:41:6E:62:F2
Certificate issuer:       /CN=a375369b2d4bb2e2dede668645313e344e6f1cc0
Certificate serial:       018CC56ECEFB9E6981DEA784462A8C2DB1CF
Authority key identifier: A3:75:36:9B:2D:4B:B2:E2:DE:DE:66:86:45:31:3E:34:4E:6F:1C:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3U2my1LsuLe3maGRTE-NE5vHMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/BaY5J_rigNIWISyUaov34kFuYvI.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60456
IP address blocks:        185.231.168.0/22 maxlen: 22
                          45.81.204.0/22 maxlen: 22
                          2a0e:5f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/o3U2my1LsuLe3maGRTE-NE5vHMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/o3U2my1LsuLe3maGRTE-NE5vHMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3U2my1LsuLe3maGRTE-NE5vHMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ce:fb:9e:69:81:de:a7:84:46:2a:8c:2d:b1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a375369b2d4bb2e2dede668645313e344e6f1cc0
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a63927fae280d216212c946a8bf7e2416e62f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:43:e2:8f:61:2c:33:fc:5b:64:0a:09:e9:93:
                    7a:c4:ca:cb:09:d4:cf:cd:3e:ce:f1:76:d5:96:32:
                    d9:9b:3b:c5:67:39:3d:d8:37:a0:d9:2e:52:01:d2:
                    e9:23:26:26:d0:00:4c:18:8c:67:1e:36:f7:f1:16:
                    20:25:60:b2:d8:d7:3d:15:42:a8:35:00:e4:03:fc:
                    33:d5:f3:40:9c:9a:9c:dd:26:d8:d8:3e:60:fb:28:
                    e2:37:c6:89:c0:ad:d5:f7:1d:84:08:92:a1:9b:50:
                    da:48:db:98:55:d6:69:c8:29:70:79:05:12:ce:58:
                    67:80:a3:80:1e:b8:5e:ca:e1:49:40:03:5c:5f:a5:
                    9e:59:25:88:f9:68:22:f9:7c:e6:77:de:b5:f9:39:
                    a8:45:77:e6:9a:b6:62:66:5f:98:a7:08:69:e8:d9:
                    fe:d9:ed:c7:d9:04:e3:30:ff:7f:a9:46:9e:09:68:
                    c2:dc:05:28:1a:ad:a2:09:62:f2:02:1f:b2:1e:f2:
                    78:bc:f5:37:98:07:68:61:d4:7c:e7:32:ab:83:49:
                    30:34:ee:ce:3a:7b:d7:6c:0b:5c:78:21:81:c7:a0:
                    e7:38:b6:51:1a:0e:09:13:34:13:30:f0:a1:ee:03:
                    7d:61:04:ec:f2:4c:7e:6a:75:17:1c:7c:cf:23:01:
                    a6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A6:39:27:FA:E2:80:D2:16:21:2C:94:6A:8B:F7:E2:41:6E:62:F2
            X509v3 Authority Key Identifier:
                keyid:A3:75:36:9B:2D:4B:B2:E2:DE:DE:66:86:45:31:3E:34:4E:6F:1C:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3U2my1LsuLe3maGRTE-NE5vHMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/BaY5J_rigNIWISyUaov34kFuYvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/ec6905-b0f7-424f-8a84-28bec7b99929/1/o3U2my1LsuLe3maGRTE-NE5vHMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.204.0/22
                  185.231.168.0/22
                IPv6:
                  2a0e:5f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:b6:5f:43:e6:d6:19:eb:6c:64:ff:4a:a9:de:90:a8:f4:a7:
         d0:c2:c5:bb:f1:65:37:81:97:00:32:df:e8:29:6f:d5:b3:53:
         21:34:cb:34:8f:97:7e:01:2e:66:90:f5:2f:61:74:8b:b4:c6:
         ec:ec:93:ee:e3:3f:22:23:a4:b6:4d:83:32:e6:b0:c8:bd:36:
         23:97:14:c2:c9:1e:22:dd:ee:30:ad:aa:79:71:fe:a6:bd:6f:
         68:1c:18:26:31:c8:9f:b2:e1:2c:50:3d:e5:c2:dc:d4:27:f5:
         33:b0:58:cf:54:75:91:ac:0e:fa:35:d8:ff:4e:09:d7:78:a0:
         34:b1:db:d1:4d:33:ea:12:53:4f:a8:d3:00:1b:c6:a2:a7:6d:
         e1:95:82:80:0b:dd:9d:67:ee:d0:b5:d4:1c:da:17:5b:51:50:
         16:fc:47:f5:92:a0:92:08:f3:84:e7:21:b0:ee:59:cc:55:0f:
         e1:6d:5a:e3:f8:9a:83:23:bf:78:7a:e3:fd:5b:05:04:76:07:
         a7:0e:3b:4e:52:a0:de:0b:51:cb:5f:e9:40:10:6f:ee:a8:0d:
         30:a3:21:93:c6:88:bf:5b:80:db:a9:37:f4:5e:15:b3:33:aa:
         3e:e9:6d:54:91:83:25:f6:ba:e8:a9:06:be:12:09:c0:4e:ac:
         a1:43:de:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbs77nmmB3qeERiqMLbHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzUzNjliMmQ0YmIyZTJkZWRlNjY4NjQ1MzEzZTM0NGU2
ZjFjYzAwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE2MzkyN2ZhZTI4MGQyMTYyMTJjOTQ2YThiZjdlMjQxNmU2MmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkPij2EsM/xbZAoJ6ZN6xMrLCdTP
zT7O8XbVljLZmzvFZzk92Deg2S5SAdLpIyYm0ABMGIxnHjb38RYgJWCy2Nc9FUKo
NQDkA/wz1fNAnJqc3SbY2D5g+yjiN8aJwK3V9x2ECJKhm1DaSNuYVdZpyClweQUS
zlhngKOAHrheyuFJQANcX6WeWSWI+Wgi+Xzmd961+TmoRXfmmrZiZl+Ypwhp6Nn+
2e3H2QTjMP9/qUaeCWjC3AUoGq2iCWLyAh+yHvJ4vPU3mAdoYdR85zKrg0kwNO7O
OnvXbAtceCGBx6DnOLZRGg4JEzQTMPCh7gN9YQTs8kx+anUXHHzPIwGmBwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAWmOSf64oDSFiEslGqL9+JBbmLyMB8GA1UdIwQY
MBaAFKN1NpstS7Li3t5mhkUxPjRObxzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNVMm15MUxzdUxlM21hR1JURS1ORTV2SE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lYzY5MDUtYjBmNy00MjRmLThhODQt
MjhiZWM3Yjk5OTI5LzEvQmFZNUpfcmlnTklXSVN5VWFvdjM0a0Z1WXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lYzY5MDUtYjBmNy00MjRmLThhODQtMjhiZWM3Yjk5OTI5
LzEvbzNVMm15MUxzdUxlM21hR1JURS1ORTV2SE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLVHMAwQC
ueeoMA0EAgACMAcDBQMqDl+AMA0GCSqGSIb3DQEBCwUAA4IBAQAxtl9D5tYZ62xk
/0qp3pCo9KfQwsW78WU3gZcAMt/oKW/Vs1MhNMs0j5d+AS5mkPUvYXSLtMbs7JPu
4z8iI6S2TYMy5rDIvTYjlxTCyR4i3e4wrap5cf6mvW9oHBgmMcifsuEsUD3lwtzU
J/UzsFjPVHWRrA76Ndj/TgnXeKA0sdvRTTPqElNPqNMAG8aip23hlYKAC92dZ+7Q
tdQc2hdbUVAW/Ef1kqCSCPOE5yGw7lnMVQ/hbVrj+JqDI794euP9WwUEdgenDjtO
UqDeC1HLX+lAEG/uqA0woyGTxoi/W4DbqTf0XhWzM6o+6W1UkYMl9rroqQa+EgnA
TqyhQ97g
-----END CERTIFICATE-----