Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/BYUwJEs-GWBrAJsOlszBio-L1mY.roa
File:                     BYUwJEs-GWBrAJsOlszBio-L1mY.roa (raw, json)
Hash identifier:          3JsGt0KwCzBtOZB3t33fhBoWrYHh7joRL1hG8qIzaDQ=
Subject key identifier:   05:85:30:24:4B:3E:19:60:6B:00:9B:0E:96:CC:C1:8A:8F:8B:D6:66
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FC0ED5B3027F08ADA254A2753C124
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/BYUwJEs-GWBrAJsOlszBio-L1mY.roa
Signing time:             Tue 02 Jan 2024 04:30:16 +0000
ROA not before:           Tue 02 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58065
IP address blocks:        176.103.122.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c0:ed:5b:30:27:f0:8a:da:25:4a:27:53:c1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=058530244b3e19606b009b0e96ccc18a8f8bd666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:13:2f:5a:9a:62:b0:ed:2b:48:26:e8:3d:17:
                    f6:89:0b:5d:ed:e9:8d:62:37:cd:78:2d:b3:c9:c8:
                    ae:fc:25:59:d9:46:0f:38:4d:e8:21:7d:37:2c:f3:
                    e8:23:13:7b:86:9e:93:46:95:d7:d9:68:3f:dd:20:
                    aa:68:85:ed:92:7f:9f:fd:9b:46:28:c5:b4:29:35:
                    82:ec:e5:fb:da:8c:4f:b1:0a:2f:be:e0:ee:98:a8:
                    79:93:4c:f6:2e:6a:ed:6d:6c:e4:77:45:4c:35:a8:
                    5b:bd:66:a7:a4:92:f7:c5:4f:6f:4d:83:a0:45:b0:
                    48:a5:c5:b0:01:78:c0:d4:6d:38:82:90:27:aa:a7:
                    d0:fb:75:f3:32:f6:c9:8e:e4:1a:f4:4b:59:83:05:
                    3c:05:ee:ac:67:13:86:2f:2f:9f:5f:cb:88:81:1c:
                    ee:39:4c:76:94:f0:fb:01:42:94:41:1f:95:e9:64:
                    bf:ac:26:bd:87:15:c7:1c:e4:da:89:12:46:cb:2b:
                    6f:34:bf:0e:2b:f6:d5:b6:b2:d5:7a:0e:72:3c:f6:
                    16:ed:07:31:43:bd:f8:ba:22:85:0a:3e:e7:75:76:
                    51:51:7c:7a:f7:83:2d:15:f7:37:e2:be:6f:30:9a:
                    ab:1f:e2:66:c5:fd:6c:3e:d2:27:db:dc:95:00:a6:
                    8a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:85:30:24:4B:3E:19:60:6B:00:9B:0E:96:CC:C1:8A:8F:8B:D6:66
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/BYUwJEs-GWBrAJsOlszBio-L1mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:cf:83:a2:70:9c:ce:39:4c:09:14:83:0d:bc:0e:85:09:75:
         90:66:a8:9b:d7:85:20:f3:72:91:08:db:77:8f:7f:ee:aa:78:
         67:c5:98:64:aa:bb:0c:80:40:ac:be:f9:52:0c:c0:ac:42:4e:
         b5:77:e1:6e:a0:ad:a0:10:d6:26:29:02:fc:27:bd:95:51:ab:
         32:28:e5:dd:8e:3c:79:a4:39:09:e3:3a:d3:3f:cc:38:cb:21:
         63:06:97:8c:fa:f4:9c:ad:98:87:bb:0f:a7:be:d8:52:d2:6a:
         48:a1:6d:2c:75:67:fa:a2:b0:56:bd:6c:47:77:52:28:e0:e3:
         58:80:7c:ed:8a:e9:1e:d9:16:37:6e:2b:fe:e0:db:73:03:ec:
         e4:3f:60:0b:a6:36:a7:ad:82:f4:42:dd:94:58:2b:5f:40:2d:
         0e:c3:e2:6f:f3:cb:14:35:db:f3:2b:c1:5e:47:81:6d:71:1b:
         e1:f8:39:ef:98:19:50:74:38:74:dc:08:80:bf:c4:6f:89:be:
         c4:2e:ad:77:de:cf:91:1b:45:01:f1:02:df:6f:35:af:f9:8c:
         90:74:b0:86:ff:26:c1:de:12:52:88:1b:9f:a1:6a:2c:a4:23:
         bf:54:89:26:88:68:eb:50:5f:d6:bf:9e:ff:9f:56:a0:76:76:
         bd:05:f7:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb8DtWzAn8IraJUonU8EkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTg1MzAyNDRiM2UxOTYwNmIwMDliMGU5NmNjYzE4YThmOGJkNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxMvWppisO0rSCboPRf2iQtd7emN
YjfNeC2zyciu/CVZ2UYPOE3oIX03LPPoIxN7hp6TRpXX2Wg/3SCqaIXtkn+f/ZtG
KMW0KTWC7OX72oxPsQovvuDumKh5k0z2LmrtbWzkd0VMNahbvWanpJL3xU9vTYOg
RbBIpcWwAXjA1G04gpAnqqfQ+3XzMvbJjuQa9EtZgwU8Be6sZxOGLy+fX8uIgRzu
OUx2lPD7AUKUQR+V6WS/rCa9hxXHHOTaiRJGyytvNL8OK/bVtrLVeg5yPPYW7Qcx
Q734uiKFCj7ndXZRUXx694MtFfc34r5vMJqrH+Jmxf1sPtIn29yVAKaKsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWFMCRLPhlgawCbDpbMwYqPi9ZmMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvQllVd0pFcy1HV0JyQUpzT2xzekJpby1MMW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsGd6MA0G
CSqGSIb3DQEBCwUAA4IBAQATz4OicJzOOUwJFIMNvA6FCXWQZqib14Ug83KRCNt3
j3/uqnhnxZhkqrsMgECsvvlSDMCsQk61d+FuoK2gENYmKQL8J72VUasyKOXdjjx5
pDkJ4zrTP8w4yyFjBpeM+vScrZiHuw+nvthS0mpIoW0sdWf6orBWvWxHd1Io4ONY
gHztiuke2RY3biv+4NtzA+zkP2ALpjanrYL0Qt2UWCtfQC0Ow+Jv88sUNdvzK8Fe
R4FtcRvh+DnvmBlQdDh03AiAv8Rvib7ELq133s+RG0UB8QLfbzWv+YyQdLCG/ybB
3hJSiBufoWospCO/VIkmiGjrUF/Wv57/n1agdna9BfcQ
-----END CERTIFICATE-----