Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/cyHPwau1PB3pP_kZ5YCujf3oKiQ.roa
File:                     cyHPwau1PB3pP_kZ5YCujf3oKiQ.roa (raw, json)
Hash identifier:          7fse22Xj7bV5nxLbsPwjDd7Bl02ZVQ7Cz6dzbapeT/A=
Subject key identifier:   73:21:CF:C1:AB:B5:3C:1D:E9:3F:F9:19:E5:80:AE:8D:FD:E8:2A:24
Certificate issuer:       /CN=b712b25a2304f7ba44c38d0395ddf2ed04f5c7ef
Certificate serial:       018CC5005F5785C510A66870BA3EEFD8B93E
Authority key identifier: B7:12:B2:5A:23:04:F7:BA:44:C3:8D:03:95:DD:F2:ED:04:F5:C7:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txKyWiME97pEw40Dld3y7QT1x-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/cyHPwau1PB3pP_kZ5YCujf3oKiQ.roa
Signing time:             Mon 01 Jan 2024 12:29:45 +0000
ROA not before:           Mon 01 Jan 2024 12:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204140
IP address blocks:        185.138.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/txKyWiME97pEw40Dld3y7QT1x-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/txKyWiME97pEw40Dld3y7QT1x-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txKyWiME97pEw40Dld3y7QT1x-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5f:57:85:c5:10:a6:68:70:ba:3e:ef:d8:b9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b712b25a2304f7ba44c38d0395ddf2ed04f5c7ef
        Validity
            Not Before: Jan  1 12:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7321cfc1abb53c1de93ff919e580ae8dfde82a24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:75:28:df:b4:96:fa:f7:aa:2e:f6:4e:4f:dc:
                    88:97:de:f2:58:7d:4d:d5:06:ce:79:c0:25:00:89:
                    20:d2:f8:cb:60:36:78:b3:9c:4d:be:73:d0:73:58:
                    06:5f:79:ee:41:e2:db:e0:0c:42:35:f1:f1:01:3a:
                    a6:21:b9:48:8a:c2:42:9c:16:5c:3b:33:d9:7b:6f:
                    0c:33:5f:81:25:cd:7d:8d:30:4c:8c:e5:04:3e:70:
                    18:b2:f5:5d:10:bd:10:36:27:ea:65:89:f1:2c:77:
                    fd:f2:43:cf:a6:62:91:05:7c:32:1e:28:18:c1:89:
                    59:c7:99:09:e6:58:fd:b7:59:d0:03:0d:a2:8a:fb:
                    92:a3:22:5a:f6:33:de:50:a1:05:19:b3:25:1c:5f:
                    28:3e:fa:4e:ae:99:19:3d:d9:06:ca:c5:b7:4b:c8:
                    bf:7c:de:eb:b4:b7:63:83:fe:dd:eb:b6:56:34:ac:
                    25:72:41:04:d7:8c:17:af:8a:ae:7f:11:8c:a3:e2:
                    46:bb:5d:b2:05:b1:93:59:7c:de:db:e2:0b:1a:98:
                    62:63:17:4a:75:4a:c6:4d:5f:68:68:2c:1f:76:fc:
                    bb:0f:0e:66:5b:bb:7d:6b:69:32:fa:31:0a:3a:55:
                    f9:1b:f0:6c:82:ba:3b:99:0f:a3:89:a4:4a:6d:b4:
                    9a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:21:CF:C1:AB:B5:3C:1D:E9:3F:F9:19:E5:80:AE:8D:FD:E8:2A:24
            X509v3 Authority Key Identifier:
                keyid:B7:12:B2:5A:23:04:F7:BA:44:C3:8D:03:95:DD:F2:ED:04:F5:C7:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txKyWiME97pEw40Dld3y7QT1x-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/cyHPwau1PB3pP_kZ5YCujf3oKiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/9aeae7-df10-40a7-b933-081cb7cb88f3/1/txKyWiME97pEw40Dld3y7QT1x-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:27:a5:32:97:e7:b5:2e:f9:a3:77:1e:05:ac:9a:f7:5b:a1:
         4a:f9:79:9b:b6:b8:4f:26:c3:f2:a0:98:b3:3a:7b:33:18:9e:
         bc:da:ca:fd:18:e5:8d:d5:94:61:52:ec:fa:26:d1:d9:dc:c9:
         d9:2e:c7:6c:93:3e:96:b1:3b:a8:2a:3f:d5:29:ee:dc:50:34:
         5a:bc:a4:69:f9:3e:31:29:23:1a:df:0b:d4:97:d0:00:e1:71:
         f5:6a:de:e1:f9:32:34:ab:b0:72:ab:7f:ec:02:f4:72:1b:3b:
         92:af:34:34:0f:6a:4b:b0:fb:55:ad:19:48:5a:d4:d4:4c:c1:
         70:9e:2f:b3:0c:29:90:31:1a:cd:1f:27:03:9d:76:13:bc:56:
         fa:07:d0:07:b0:cf:47:39:67:29:bf:9b:4f:6f:67:dc:4d:e8:
         fa:0b:6f:30:c0:e7:94:df:c0:ea:d1:34:a6:1a:58:f8:a5:bd:
         09:6d:d0:40:c0:e4:ae:ed:ef:75:b3:17:fc:35:ee:48:47:fc:
         1b:08:74:c7:fa:b7:30:a8:ac:47:0f:06:d8:6e:73:e9:27:1e:
         e9:2a:45:f3:2c:fb:e3:89:ed:69:c0:e9:68:ab:f8:2e:5e:ca:
         36:19:8d:d0:d0:fb:6b:33:71:c9:83:3e:0f:33:5b:12:46:7c:
         07:1b:99:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAF9XhcUQpmhwuj7v2Lk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTJiMjVhMjMwNGY3YmE0NGMzOGQwMzk1ZGRmMmVkMDRm
NWM3ZWYwHhcNMjQwMTAxMTIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzIxY2ZjMWFiYjUzYzFkZTkzZmY5MTllNTgwYWU4ZGZkZTgyYTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHUo37SW+veqLvZOT9yIl97yWH1N
1QbOecAlAIkg0vjLYDZ4s5xNvnPQc1gGX3nuQeLb4AxCNfHxATqmIblIisJCnBZc
OzPZe28MM1+BJc19jTBMjOUEPnAYsvVdEL0QNifqZYnxLHf98kPPpmKRBXwyHigY
wYlZx5kJ5lj9t1nQAw2iivuSoyJa9jPeUKEFGbMlHF8oPvpOrpkZPdkGysW3S8i/
fN7rtLdjg/7d67ZWNKwlckEE14wXr4qufxGMo+JGu12yBbGTWXze2+ILGphiYxdK
dUrGTV9oaCwfdvy7Dw5mW7t9a2ky+jEKOlX5G/Bsgro7mQ+jiaRKbbSazwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMhz8GrtTwd6T/5GeWAro396CokMB8GA1UdIwQY
MBaAFLcSslojBPe6RMONA5Xd8u0E9cfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhLeVdpTUU5N3BFdzQwRGxkM3k3UVQxeC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi85YWVhZTctZGYxMC00MGE3LWI5MzMt
MDgxY2I3Y2I4OGYzLzEvY3lIUHdhdTFQQjNwUF9rWjVZQ3VqZjNvS2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi85YWVhZTctZGYxMC00MGE3LWI5MzMtMDgxY2I3Y2I4OGYz
LzEvdHhLeVdpTUU5N3BFdzQwRGxkM3k3UVQxeC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYqUMA0G
CSqGSIb3DQEBCwUAA4IBAQCGJ6Uyl+e1Lvmjdx4FrJr3W6FK+XmbtrhPJsPyoJiz
OnszGJ682sr9GOWN1ZRhUuz6JtHZ3MnZLsdskz6WsTuoKj/VKe7cUDRavKRp+T4x
KSMa3wvUl9AA4XH1at7h+TI0q7Byq3/sAvRyGzuSrzQ0D2pLsPtVrRlIWtTUTMFw
ni+zDCmQMRrNHycDnXYTvFb6B9AHsM9HOWcpv5tPb2fcTej6C28wwOeU38Dq0TSm
Glj4pb0JbdBAwOSu7e91sxf8Ne5IR/wbCHTH+rcwqKxHDwbYbnPpJx7pKkXzLPvj
ie1pwOloq/guXso2GY3Q0PtrM3HJgz4PM1sSRnwHG5lW
-----END CERTIFICATE-----