Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/873b2d-e20c-41cf-90d2-4be1053d1fc4/1/2vTyfN_Hlpu2wj2zRmfuFo9NidQ.roa
File:                     2vTyfN_Hlpu2wj2zRmfuFo9NidQ.roa (raw, json)
Hash identifier:          H8rORHo81bHhSSe/NftwmUuQNKIg7whlBdKL7TF/W6U=
Subject key identifier:   DA:F4:F2:7C:DF:C7:96:9B:B6:C2:3D:B3:46:67:EE:16:8F:4D:89:D4
Certificate issuer:       /CN=8d88629e3c7810acc228e17a18db6794ebed8193
Certificate serial:       018CC649A54C4B0553BA1850616F886442F8
Authority key identifier: 8D:88:62:9E:3C:78:10:AC:C2:28:E1:7A:18:DB:67:94:EB:ED:81:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYhinjx4EKzCKOF6GNtnlOvtgZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/873b2d-e20c-41cf-90d2-4be1053d1fc4/1/2vTyfN_Hlpu2wj2zRmfuFo9NidQ.roa
Signing time:             Mon 01 Jan 2024 18:29:24 +0000
ROA not before:           Mon 01 Jan 2024 18:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205428
IP address blocks:        185.216.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/873b2d-e20c-41cf-90d2-4be1053d1fc4/1/jYhinjx4EKzCKOF6GNtnlOvtgZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/873b2d-e20c-41cf-90d2-4be1053d1fc4/1/jYhinjx4EKzCKOF6GNtnlOvtgZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYhinjx4EKzCKOF6GNtnlOvtgZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a5:4c:4b:05:53:ba:18:50:61:6f:88:64:42:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d88629e3c7810acc228e17a18db6794ebed8193
        Validity
            Not Before: Jan  1 18:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daf4f27cdfc7969bb6c23db34667ee168f4d89d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5b:a6:cc:d6:88:ec:c0:d0:0a:a3:c3:66:f0:
                    5f:ec:40:c8:6d:38:db:77:bc:62:a9:33:51:7b:9f:
                    a7:dc:1d:18:60:91:48:06:58:e7:62:7e:17:df:25:
                    a1:1c:94:ab:37:48:0e:0c:bf:e1:82:40:26:49:f0:
                    86:50:04:71:d4:e6:7a:2f:ec:28:37:dc:03:27:fb:
                    b7:04:53:07:48:d0:2c:9d:e1:75:13:15:1e:21:23:
                    ee:a3:55:ca:57:9d:7c:53:4e:bc:f9:b0:29:f5:cf:
                    76:eb:ff:89:a6:aa:c1:cb:62:90:0b:51:d4:4b:84:
                    6e:62:ca:fc:7b:b5:8a:01:c8:4e:9b:ca:87:58:d9:
                    3c:a2:0d:60:5c:95:dc:c2:51:6d:62:ac:bd:5a:86:
                    92:f1:4d:1a:24:ba:42:24:99:62:fb:aa:88:3d:21:
                    d7:75:5a:3a:86:90:88:cc:8c:68:2b:90:8a:f0:d5:
                    7d:af:4b:72:aa:01:48:cc:9e:66:fc:20:90:65:f9:
                    ed:c8:2a:57:18:49:53:0e:31:4e:88:9b:a9:b3:6a:
                    e4:f1:ef:e2:36:7b:b0:0d:4e:f9:42:8d:fa:41:80:
                    b6:d9:07:a8:b1:6b:12:71:e2:f7:ad:8d:5a:67:f3:
                    dd:fd:b9:bf:fd:de:06:35:60:37:e3:57:89:f0:99:
                    75:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:F4:F2:7C:DF:C7:96:9B:B6:C2:3D:B3:46:67:EE:16:8F:4D:89:D4
            X509v3 Authority Key Identifier:
                keyid:8D:88:62:9E:3C:78:10:AC:C2:28:E1:7A:18:DB:67:94:EB:ED:81:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYhinjx4EKzCKOF6GNtnlOvtgZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/873b2d-e20c-41cf-90d2-4be1053d1fc4/1/2vTyfN_Hlpu2wj2zRmfuFo9NidQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/873b2d-e20c-41cf-90d2-4be1053d1fc4/1/jYhinjx4EKzCKOF6GNtnlOvtgZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:0b:fb:dc:c2:33:56:52:d1:45:b2:a8:cb:be:09:df:a9:4b:
         d6:5c:3b:74:52:8c:6f:6a:51:9e:1b:7b:bd:63:68:9e:bf:67:
         b1:55:9d:2e:49:7b:f8:ea:5a:68:24:8d:44:cb:82:e7:dd:35:
         3c:fa:4a:54:83:96:14:c4:4a:61:e8:f6:d3:b8:d2:dc:13:57:
         37:bb:ed:41:e6:71:0b:d8:e5:d8:f8:9e:5d:76:e5:37:4b:1c:
         ef:7e:01:80:22:ae:74:f1:f7:80:85:3b:12:81:d7:f4:3e:15:
         74:40:a0:df:aa:33:51:43:ca:10:53:16:05:6a:d9:ba:9e:99:
         41:46:51:8d:a5:90:90:37:f3:95:ee:43:63:b8:11:b9:e7:ec:
         13:25:a0:21:00:28:d2:52:bf:14:2e:03:05:a2:b6:ad:dd:08:
         c7:56:ab:86:00:de:9a:92:4d:14:9a:1a:0b:af:64:f2:7a:1d:
         cd:e7:ed:11:68:94:ab:62:75:b1:50:7e:94:70:b6:bd:bf:b9:
         5b:c5:30:11:c9:74:ba:01:ac:fd:ff:b7:cc:52:33:8f:6b:dc:
         db:f3:90:8e:4c:3b:04:28:bf:20:64:b5:99:12:2f:a1:57:04:
         70:2a:86:b3:6c:ed:d1:a8:63:e2:5a:2b:e8:f0:c3:07:c3:16:
         bb:ff:fc:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSaVMSwVTuhhQYW+IZEL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODg2MjllM2M3ODEwYWNjMjI4ZTE3YTE4ZGI2Nzk0ZWJl
ZDgxOTMwHhcNMjQwMTAxMTgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWY0ZjI3Y2RmYzc5NjliYjZjMjNkYjM0NjY3ZWUxNjhmNGQ4OWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFumzNaI7MDQCqPDZvBf7EDIbTjb
d7xiqTNRe5+n3B0YYJFIBljnYn4X3yWhHJSrN0gODL/hgkAmSfCGUARx1OZ6L+wo
N9wDJ/u3BFMHSNAsneF1ExUeISPuo1XKV518U068+bAp9c926/+JpqrBy2KQC1HU
S4RuYsr8e7WKAchOm8qHWNk8og1gXJXcwlFtYqy9WoaS8U0aJLpCJJli+6qIPSHX
dVo6hpCIzIxoK5CK8NV9r0tyqgFIzJ5m/CCQZfntyCpXGElTDjFOiJups2rk8e/i
NnuwDU75Qo36QYC22QeosWsSceL3rY1aZ/Pd/bm//d4GNWA341eJ8Jl1kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNr08nzfx5abtsI9s0Zn7haPTYnUMB8GA1UdIwQY
MBaAFI2IYp48eBCswijhehjbZ5Tr7YGTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalloaW5qeDRFS3pDS09GNkdOdG5sT3Z0Z1pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84NzNiMmQtZTIwYy00MWNmLTkwZDIt
NGJlMTA1M2QxZmM0LzEvMnZUeWZOX0hscHUyd2oyelJtZnVGbzlOaWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84NzNiMmQtZTIwYy00MWNmLTkwZDItNGJlMTA1M2QxZmM0
LzEvalloaW5qeDRFS3pDS09GNkdOdG5sT3Z0Z1pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudikMA0G
CSqGSIb3DQEBCwUAA4IBAQCbC/vcwjNWUtFFsqjLvgnfqUvWXDt0UoxvalGeG3u9
Y2iev2exVZ0uSXv46lpoJI1Ey4Ln3TU8+kpUg5YUxEph6PbTuNLcE1c3u+1B5nEL
2OXY+J5dduU3SxzvfgGAIq508feAhTsSgdf0PhV0QKDfqjNRQ8oQUxYFatm6nplB
RlGNpZCQN/OV7kNjuBG55+wTJaAhACjSUr8ULgMForat3QjHVquGAN6akk0UmhoL
r2Tyeh3N5+0RaJSrYnWxUH6UcLa9v7lbxTARyXS6Aaz9/7fMUjOPa9zb85COTDsE
KL8gZLWZEi+hVwRwKoazbO3RqGPiWivo8MMHwxa7//xa
-----END CERTIFICATE-----