Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/c_YL0A-7T1chIT_IccvIIi9A8mw.roa
File:                     c_YL0A-7T1chIT_IccvIIi9A8mw.roa (raw, json)
Hash identifier:          vuf3EK232BuQcTIVA9H7vd8dsVwa0I72Zof1Brd6nfM=
Subject key identifier:   73:F6:0B:D0:0F:BB:4F:57:21:21:3F:C8:71:CB:C8:22:2F:40:F2:6C
Certificate issuer:       /CN=6086314f87635e793bc2e3dbbed66405b8ac6771
Certificate serial:       018CC8DF817E30026407F7A6DF18E025C172
Authority key identifier: 60:86:31:4F:87:63:5E:79:3B:C2:E3:DB:BE:D6:64:05:B8:AC:67:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YIYxT4djXnk7wuPbvtZkBbisZ3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/c_YL0A-7T1chIT_IccvIIi9A8mw.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204712
IP address blocks:        185.83.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/YIYxT4djXnk7wuPbvtZkBbisZ3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/YIYxT4djXnk7wuPbvtZkBbisZ3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YIYxT4djXnk7wuPbvtZkBbisZ3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:81:7e:30:02:64:07:f7:a6:df:18:e0:25:c1:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6086314f87635e793bc2e3dbbed66405b8ac6771
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73f60bd00fbb4f5721213fc871cbc8222f40f26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:03:94:4c:27:e1:8c:88:a6:7a:14:8d:d0:fc:
                    2c:4f:71:2d:b1:4d:40:82:58:63:0f:76:91:9d:be:
                    f5:d5:f0:64:2b:90:4b:4e:57:28:bd:e9:23:0f:6b:
                    be:81:a3:10:22:f4:38:a3:64:0a:3d:49:32:44:ba:
                    96:31:a9:b5:c5:32:58:97:ac:92:fd:56:a2:e3:fc:
                    5c:5f:a0:2b:14:57:89:42:86:60:1f:c2:47:04:7b:
                    40:ab:61:65:76:d1:70:69:40:d6:6d:61:24:d8:7c:
                    e5:8e:94:42:be:32:d7:9c:1d:7b:9f:de:b5:da:b5:
                    e8:ef:71:5a:af:86:b3:f1:81:a2:2f:c6:c4:59:cb:
                    c0:bd:5c:aa:a1:6c:87:ca:28:ed:e5:7c:dd:b6:15:
                    14:38:f8:94:51:b0:b6:ef:fc:3c:95:0c:ae:a7:6d:
                    15:48:9d:f2:28:68:0b:03:6f:f3:b1:dd:47:72:cc:
                    6a:fb:1b:88:8a:c8:60:05:9e:ca:9a:18:2e:bc:68:
                    83:de:42:c5:0e:16:45:e8:e0:50:89:8a:eb:51:ce:
                    9e:c5:08:46:9f:b1:3d:af:4d:ce:19:b5:28:84:8b:
                    b7:c1:84:a9:ad:3d:6c:92:f6:fc:d9:01:e5:74:d5:
                    f3:f7:dc:1c:6d:56:fc:2a:d9:bb:ae:6f:76:53:be:
                    e6:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F6:0B:D0:0F:BB:4F:57:21:21:3F:C8:71:CB:C8:22:2F:40:F2:6C
            X509v3 Authority Key Identifier:
                keyid:60:86:31:4F:87:63:5E:79:3B:C2:E3:DB:BE:D6:64:05:B8:AC:67:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YIYxT4djXnk7wuPbvtZkBbisZ3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/c_YL0A-7T1chIT_IccvIIi9A8mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/YIYxT4djXnk7wuPbvtZkBbisZ3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:3f:d3:d7:5c:f9:f9:62:7f:16:1a:aa:dd:27:28:b9:b6:a8:
         33:fd:b3:bb:c7:62:2e:90:bc:ea:4c:e3:c1:db:1c:82:13:7a:
         30:b0:9b:b9:15:d4:7e:4d:6f:d3:2b:51:b3:72:a0:30:e1:47:
         20:e6:da:79:27:25:c8:cc:54:98:d8:b2:0d:0c:28:a3:47:3c:
         0d:e1:86:69:ef:58:ef:39:02:ab:af:e4:8a:65:0f:4c:e2:cc:
         62:f2:db:a4:b8:64:5e:2f:cb:3b:fa:dc:13:f5:c7:fa:76:ce:
         fb:97:73:16:f8:43:c4:74:18:d1:1b:77:01:da:bb:e5:9f:a0:
         62:c7:1b:0b:2f:05:86:c0:2e:e3:c2:7b:a5:c2:27:9e:69:48:
         1f:11:e7:a2:ee:c7:19:26:05:4e:92:61:8e:d9:db:04:b8:fa:
         41:ba:06:ef:ed:44:c2:98:d3:f1:26:20:71:0a:22:d0:3f:e5:
         87:3a:b4:dd:68:94:c4:88:52:f8:f7:63:b5:86:71:93:51:fd:
         d4:99:6b:74:02:03:4d:44:4f:cf:19:af:c2:71:ee:5f:9c:b3:
         79:b0:cc:cf:ec:f3:55:53:14:b5:0f:18:80:90:9a:20:2e:ca:
         c8:5c:c3:e3:b0:c4:cf:77:31:53:95:18:bc:96:9e:7c:76:d2:
         fc:ce:a6:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34F+MAJkB/em3xjgJcFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwODYzMTRmODc2MzVlNzkzYmMyZTNkYmJlZDY2NDA1Yjhh
YzY3NzEwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Y2MGJkMDBmYmI0ZjU3MjEyMTNmYzg3MWNiYzgyMjJmNDBmMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwOUTCfhjIimehSN0PwsT3EtsU1A
glhjD3aRnb711fBkK5BLTlcovekjD2u+gaMQIvQ4o2QKPUkyRLqWMam1xTJYl6yS
/Vai4/xcX6ArFFeJQoZgH8JHBHtAq2FldtFwaUDWbWEk2HzljpRCvjLXnB17n961
2rXo73Far4az8YGiL8bEWcvAvVyqoWyHyijt5XzdthUUOPiUUbC27/w8lQyup20V
SJ3yKGgLA2/zsd1Hcsxq+xuIishgBZ7KmhguvGiD3kLFDhZF6OBQiYrrUc6exQhG
n7E9r03OGbUohIu3wYSprT1skvb82QHldNXz99wcbVb8Ktm7rm92U77mKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHP2C9APu09XISE/yHHLyCIvQPJsMB8GA1UdIwQY
MBaAFGCGMU+HY155O8Lj277WZAW4rGdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUlZeFQ0ZGpYbms3d3VQYnZ0WmtCYmlzWjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZmJjNWYtN2MwNC00MGRhLTlkNWEt
MDI4MDU5OGYxOWUzLzEvY19ZTDBBLTdUMWNoSVRfSWNjdklJaTlBOG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZmJjNWYtN2MwNC00MGRhLTlkNWEtMDI4MDU5OGYxOWUz
LzEvWUlZeFQ0ZGpYbms3d3VQYnZ0WmtCYmlzWjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVPAMA0G
CSqGSIb3DQEBCwUAA4IBAQC+P9PXXPn5Yn8WGqrdJyi5tqgz/bO7x2IukLzqTOPB
2xyCE3owsJu5FdR+TW/TK1GzcqAw4Ucg5tp5JyXIzFSY2LINDCijRzwN4YZp71jv
OQKrr+SKZQ9M4sxi8tukuGReL8s7+twT9cf6ds77l3MW+EPEdBjRG3cB2rvln6Bi
xxsLLwWGwC7jwnulwieeaUgfEeei7scZJgVOkmGO2dsEuPpBugbv7UTCmNPxJiBx
CiLQP+WHOrTdaJTEiFL492O1hnGTUf3UmWt0AgNNRE/PGa/Cce5fnLN5sMzP7PNV
UxS1DxiAkJogLsrIXMPjsMTPdzFTlRi8lp58dtL8zqYY
-----END CERTIFICATE-----