Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/yg7kx3mDXrJftP4zuIlyar9ZOu0.roa
File:                     yg7kx3mDXrJftP4zuIlyar9ZOu0.roa (raw, json)
Hash identifier:          ePg0lYmpLyO86LwDEdanx0baN8HvyPP5ABhDUZp21Ko=
Subject key identifier:   CA:0E:E4:C7:79:83:5E:B2:5F:B4:FE:33:B8:89:72:6A:BF:59:3A:ED
Certificate issuer:       /CN=e74c290b5bccdb7de5383ee45ba615d2f306761f
Certificate serial:       018CC7933F9098C574877FA9873A93014DA1
Authority key identifier: E7:4C:29:0B:5B:CC:DB:7D:E5:38:3E:E4:5B:A6:15:D2:F3:06:76:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/yg7kx3mDXrJftP4zuIlyar9ZOu0.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62154
IP address blocks:        185.34.203.0/24 maxlen: 24
                          2a04:5ec7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3f:90:98:c5:74:87:7f:a9:87:3a:93:01:4d:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e74c290b5bccdb7de5383ee45ba615d2f306761f
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca0ee4c779835eb25fb4fe33b889726abf593aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1b:3b:3d:99:1e:a1:94:59:9f:34:4d:41:f8:
                    4e:79:14:e5:a2:71:8b:90:06:95:93:87:39:db:d1:
                    38:9b:bf:ee:c5:91:30:ae:d1:ca:28:cb:34:13:c7:
                    23:e5:e3:b1:38:4b:f7:be:40:52:0b:1c:2c:4d:c7:
                    9b:a6:7f:dc:ea:fb:1b:f6:61:25:95:e9:64:d3:34:
                    fc:82:47:ec:cf:9f:46:1f:ea:e8:1a:55:6f:22:6b:
                    34:a5:a3:94:6f:16:37:53:9e:f9:e1:69:a2:0b:ab:
                    23:de:f9:b6:2b:6a:77:19:3c:b3:60:4b:0e:9f:27:
                    ef:47:b2:33:7c:5b:ce:fa:06:55:38:15:8c:8b:50:
                    b4:10:34:14:fe:25:a9:61:fe:0b:26:de:96:b2:37:
                    45:33:5d:04:d7:73:f5:e0:82:83:55:14:b4:8d:86:
                    a8:46:d0:b4:83:a5:6d:cc:18:c8:ae:ed:ae:ec:58:
                    01:f9:04:52:3a:eb:f4:b6:e4:06:35:4b:29:c7:55:
                    e3:20:d8:eb:31:4d:29:3e:d9:42:d0:21:36:32:02:
                    c6:ef:00:f8:ac:b7:20:f4:64:9b:05:84:2c:38:83:
                    e6:cf:e6:25:14:f1:44:90:85:53:f6:e1:c3:24:4f:
                    7b:9f:99:85:c4:fb:6b:1d:65:a1:70:94:45:d0:d7:
                    c9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0E:E4:C7:79:83:5E:B2:5F:B4:FE:33:B8:89:72:6A:BF:59:3A:ED
            X509v3 Authority Key Identifier:
                keyid:E7:4C:29:0B:5B:CC:DB:7D:E5:38:3E:E4:5B:A6:15:D2:F3:06:76:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/yg7kx3mDXrJftP4zuIlyar9ZOu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.203.0/24
                IPv6:
                  2a04:5ec7::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:5c:3d:e4:aa:ed:63:9e:f5:b0:91:2b:aa:70:87:b8:4d:6f:
         95:08:5d:02:e1:e2:e3:91:c4:f8:1e:33:8e:08:96:43:69:c8:
         13:bc:68:04:46:90:78:8c:f2:15:f9:14:59:ce:69:6f:53:83:
         77:17:00:03:43:04:8a:4a:eb:66:95:2c:27:e1:8c:17:95:2e:
         bc:03:ab:f3:7d:97:a9:53:04:fd:03:d5:c2:be:ab:42:39:ed:
         e0:ca:0e:af:f1:38:2d:9c:1c:39:d8:49:97:68:0a:40:41:f5:
         2a:a9:56:36:de:43:aa:40:1b:24:8a:38:21:10:e3:c2:93:ae:
         ee:35:0e:82:e0:9a:be:6c:af:42:c6:d0:e3:6a:9e:25:dc:70:
         49:c0:88:3c:08:67:65:c2:f2:d1:fc:52:d8:98:b6:fc:e1:bf:
         9e:8d:7a:9e:de:89:a0:e3:de:0d:b9:49:c9:f0:27:f9:83:e8:
         44:15:d1:d3:47:31:d1:46:30:61:b5:7d:ba:10:e7:a4:41:1d:
         7f:4a:e2:91:53:e1:00:35:16:43:a0:33:55:fc:f5:ae:0d:c5:
         25:c1:4b:5a:ef:20:f2:e4:3a:00:79:a7:59:73:eb:fc:0f:f3:
         ff:90:d2:75:f9:84:a3:d8:55:e4:d2:a2:6c:f8:dd:e9:60:ed:
         36:68:c7:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHkz+QmMV0h3+phzqTAU2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NGMyOTBiNWJjY2RiN2RlNTM4M2VlNDViYTYxNWQyZjMw
Njc2MWYwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTBlZTRjNzc5ODM1ZWIyNWZiNGZlMzNiODg5NzI2YWJmNTkzYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRs7PZkeoZRZnzRNQfhOeRTlonGL
kAaVk4c529E4m7/uxZEwrtHKKMs0E8cj5eOxOEv3vkBSCxwsTcebpn/c6vsb9mEl
lelk0zT8gkfsz59GH+roGlVvIms0paOUbxY3U5754WmiC6sj3vm2K2p3GTyzYEsO
nyfvR7IzfFvO+gZVOBWMi1C0EDQU/iWpYf4LJt6WsjdFM10E13P14IKDVRS0jYao
RtC0g6VtzBjIru2u7FgB+QRSOuv0tuQGNUspx1XjINjrMU0pPtlC0CE2MgLG7wD4
rLcg9GSbBYQsOIPmz+YlFPFEkIVT9uHDJE97n5mFxPtrHWWhcJRF0NfJPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMoO5Md5g16yX7T+M7iJcmq/WTrtMB8GA1UdIwQY
MBaAFOdMKQtbzNt95Tg+5FumFdLzBnYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTB3cEMxdk0yMzNsT0Q3a1c2WVYwdk1HZGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yMjIzNzYtNWNmNi00OTc4LWE4YTMt
ZDc0MWZiMjczMTE2LzEveWc3a3gzbURYckpmdFA0enVJbHlhcjlaT3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yMjIzNzYtNWNmNi00OTc4LWE4YTMtZDc0MWZiMjczMTE2
LzEvNTB3cEMxdk0yMzNsT0Q3a1c2WVYwdk1HZGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuSLLMA8E
AgACMAkDBwAqBF7HAAAwDQYJKoZIhvcNAQELBQADggEBALJcPeSq7WOe9bCRK6pw
h7hNb5UIXQLh4uORxPgeM44IlkNpyBO8aARGkHiM8hX5FFnOaW9Tg3cXAANDBIpK
62aVLCfhjBeVLrwDq/N9l6lTBP0D1cK+q0I57eDKDq/xOC2cHDnYSZdoCkBB9Sqp
VjbeQ6pAGySKOCEQ48KTru41DoLgmr5sr0LG0ONqniXccEnAiDwIZ2XC8tH8UtiY
tvzhv56Nep7eiaDj3g25ScnwJ/mD6EQV0dNHMdFGMGG1fboQ56RBHX9K4pFT4QA1
FkOgM1X89a4NxSXBS1rvIPLkOgB5p1lz6/wP8/+Q0nX5hKPYVeTSomz43elg7TZo
x5A=
-----END CERTIFICATE-----