Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/b140ae-c047-4ff6-864f-3560356571a7/1/YNiriPReKszl8jXRidQBcFCnC4g.roa
File:                     YNiriPReKszl8jXRidQBcFCnC4g.roa (raw, json)
Hash identifier:          xiW4Da2lN0898RwNncJ0rEaEP5J3Rl5IverfKdiIVwA=
Subject key identifier:   60:D8:AB:88:F4:5E:2A:CC:E5:F2:35:D1:89:D4:01:70:50:A7:0B:88
Certificate issuer:       /CN=1e952e883736f79cbd9c564704bf3c36621b8eca
Certificate serial:       018CC56EEC30D52483A811F41300E7E4438F
Authority key identifier: 1E:95:2E:88:37:36:F7:9C:BD:9C:56:47:04:BF:3C:36:62:1B:8E:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpUuiDc295y9nFZHBL88NmIbjso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/b140ae-c047-4ff6-864f-3560356571a7/1/YNiriPReKszl8jXRidQBcFCnC4g.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3250
IP address blocks:        185.14.156.0/22 maxlen: 22
                          2a03:b240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/b140ae-c047-4ff6-864f-3560356571a7/1/HpUuiDc295y9nFZHBL88NmIbjso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/b140ae-c047-4ff6-864f-3560356571a7/1/HpUuiDc295y9nFZHBL88NmIbjso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpUuiDc295y9nFZHBL88NmIbjso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 23:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ec:30:d5:24:83:a8:11:f4:13:00:e7:e4:43:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e952e883736f79cbd9c564704bf3c36621b8eca
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60d8ab88f45e2acce5f235d189d4017050a70b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9e:19:02:8b:5c:45:2a:03:07:11:87:0e:00:
                    0a:fc:d2:e1:2f:12:03:17:5c:3a:58:1a:e7:c6:66:
                    fc:b1:5c:d0:c3:1f:ec:18:9c:d8:8d:69:d7:86:b0:
                    22:8a:c8:20:d1:a5:e7:b8:97:c8:8c:f9:0c:ea:f6:
                    96:04:04:cf:d7:1a:f9:f9:ea:4d:71:03:29:3e:c2:
                    47:fa:a8:42:ae:96:2d:df:81:12:21:f4:8e:87:fe:
                    11:87:f1:0c:47:94:53:cf:37:1f:d5:61:c6:f0:23:
                    2f:93:a9:3f:4c:4b:02:e2:cb:47:30:85:e2:58:af:
                    a3:a2:db:62:00:3d:b8:bc:1d:6e:eb:1a:98:1b:cf:
                    40:e1:40:68:be:4a:66:eb:2a:fa:77:03:26:23:84:
                    02:f5:70:b0:db:2a:99:6e:b7:0a:40:44:1a:69:a5:
                    d5:32:2e:ed:a0:09:fd:31:6c:f2:cd:68:b4:ed:5c:
                    d4:ff:50:15:e5:0f:37:56:e5:ad:3f:30:ec:d4:c0:
                    2e:cb:3d:00:66:42:6e:30:39:78:6e:ba:ad:7b:4a:
                    7f:e8:f6:b0:f3:2b:94:19:83:40:6d:7d:98:d4:47:
                    be:12:fe:20:20:4f:a8:5d:5d:94:01:41:8e:1d:a9:
                    79:2a:61:c9:4b:1d:f9:79:e0:9b:c8:bd:7b:3c:e6:
                    62:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D8:AB:88:F4:5E:2A:CC:E5:F2:35:D1:89:D4:01:70:50:A7:0B:88
            X509v3 Authority Key Identifier:
                keyid:1E:95:2E:88:37:36:F7:9C:BD:9C:56:47:04:BF:3C:36:62:1B:8E:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpUuiDc295y9nFZHBL88NmIbjso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/b140ae-c047-4ff6-864f-3560356571a7/1/YNiriPReKszl8jXRidQBcFCnC4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/b140ae-c047-4ff6-864f-3560356571a7/1/HpUuiDc295y9nFZHBL88NmIbjso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.156.0/22
                IPv6:
                  2a03:b240::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:2d:cc:15:0a:cf:a6:78:f9:2c:1c:f6:7f:79:0e:eb:7f:f0:
         ce:a0:72:25:c8:97:a8:b1:47:5e:40:2f:c1:b0:51:7e:7a:1f:
         3a:a6:37:dc:03:dd:16:51:82:34:9f:d6:0b:8f:a5:a1:51:aa:
         82:c6:ac:ec:50:a4:03:ee:3c:a3:45:b1:ee:6f:ab:5a:06:13:
         30:8a:ab:58:47:69:73:30:cc:a8:3e:93:3e:a7:55:d3:8f:b7:
         01:dd:be:f1:b7:9f:e0:54:3f:d0:85:34:b6:8a:01:cb:37:fb:
         1f:b6:41:13:bf:c5:0d:48:3e:3d:33:f1:97:52:97:dc:b5:97:
         57:56:f1:ca:a3:17:10:b1:08:f8:98:e0:a8:cd:50:55:34:bb:
         f5:53:9d:39:88:c4:5e:b6:94:ac:1f:f9:6c:13:83:75:6e:d4:
         69:74:f6:71:e0:92:c3:89:61:a5:ab:e1:4b:f7:89:ee:6f:7b:
         8e:06:d9:83:8c:cf:83:8a:5d:21:65:28:3b:a0:8d:c8:82:e8:
         bd:17:a6:e1:02:98:aa:6c:23:5d:09:40:6e:b2:4f:36:c6:98:
         f4:13:40:06:d6:05:4d:4f:0f:1d:ef:ae:c0:d8:e5:f4:db:a6:
         36:14:9e:fe:6c:fa:64:04:2f:5c:e7:2a:61:a0:f8:98:90:23:
         8a:38:fe:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbuww1SSDqBH0EwDn5EOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTUyZTg4MzczNmY3OWNiZDljNTY0NzA0YmYzYzM2NjIx
YjhlY2EwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQ4YWI4OGY0NWUyYWNjZTVmMjM1ZDE4OWQ0MDE3MDUwYTcwYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJ4ZAotcRSoDBxGHDgAK/NLhLxID
F1w6WBrnxmb8sVzQwx/sGJzYjWnXhrAiisgg0aXnuJfIjPkM6vaWBATP1xr5+epN
cQMpPsJH+qhCrpYt34ESIfSOh/4Rh/EMR5RTzzcf1WHG8CMvk6k/TEsC4stHMIXi
WK+jottiAD24vB1u6xqYG89A4UBovkpm6yr6dwMmI4QC9XCw2yqZbrcKQEQaaaXV
Mi7toAn9MWzyzWi07VzU/1AV5Q83VuWtPzDs1MAuyz0AZkJuMDl4brqte0p/6Paw
8yuUGYNAbX2Y1Ee+Ev4gIE+oXV2UAUGOHal5KmHJSx35eeCbyL17POZi8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGDYq4j0XirM5fI10YnUAXBQpwuIMB8GA1UdIwQY
MBaAFB6VLog3NvecvZxWRwS/PDZiG47KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBVdWlEYzI5NXk5bkZaSEJMODhObUlianNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9iMTQwYWUtYzA0Ny00ZmY2LTg2NGYt
MzU2MDM1NjU3MWE3LzEvWU5pcmlQUmVLc3psOGpYUmlkUUJjRkNuQzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9iMTQwYWUtYzA0Ny00ZmY2LTg2NGYtMzU2MDM1NjU3MWE3
LzEvSHBVdWlEYzI5NXk5bkZaSEJMODhObUlianNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ6cMA0E
AgACMAcDBQAqA7JAMA0GCSqGSIb3DQEBCwUAA4IBAQAuLcwVCs+mePksHPZ/eQ7r
f/DOoHIlyJeosUdeQC/BsFF+eh86pjfcA90WUYI0n9YLj6WhUaqCxqzsUKQD7jyj
RbHub6taBhMwiqtYR2lzMMyoPpM+p1XTj7cB3b7xt5/gVD/QhTS2igHLN/sftkET
v8UNSD49M/GXUpfctZdXVvHKoxcQsQj4mOCozVBVNLv1U505iMRetpSsH/lsE4N1
btRpdPZx4JLDiWGlq+FL94nub3uOBtmDjM+Dil0hZSg7oI3Igui9F6bhApiqbCNd
CUBusk82xpj0E0AG1gVNTw8d767A2OX026Y2FJ7+bPpkBC9c5yphoPiYkCOKOP7y
-----END CERTIFICATE-----