Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/98c609-07fa-4e2b-b476-6a29bc9f8a78/1/Y3I_ejsn4mPuFlQYuAtKjiFC7Y8.roa
File:                     Y3I_ejsn4mPuFlQYuAtKjiFC7Y8.roa (raw, json)
Hash identifier:          q7EYClNFrbCH/UPqOtoqhNucKuckK3JhtmZNJSRZZZQ=
Subject key identifier:   63:72:3F:7A:3B:27:E2:63:EE:16:54:18:B8:0B:4A:8E:21:42:ED:8F
Certificate issuer:       /CN=a6a88b0887c32de5966f81ff915d6b5ff31532dd
Certificate serial:       018CC5DC343BB7B1FE6AB4753AF037B83A58
Authority key identifier: A6:A8:8B:08:87:C3:2D:E5:96:6F:81:FF:91:5D:6B:5F:F3:15:32:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqiLCIfDLeWWb4H_kV1rX_MVMt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/98c609-07fa-4e2b-b476-6a29bc9f8a78/1/Y3I_ejsn4mPuFlQYuAtKjiFC7Y8.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206730
IP address blocks:        185.166.48.0/22 maxlen: 22
                          2a0a:8a00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/98c609-07fa-4e2b-b476-6a29bc9f8a78/1/pqiLCIfDLeWWb4H_kV1rX_MVMt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/98c609-07fa-4e2b-b476-6a29bc9f8a78/1/pqiLCIfDLeWWb4H_kV1rX_MVMt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqiLCIfDLeWWb4H_kV1rX_MVMt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:34:3b:b7:b1:fe:6a:b4:75:3a:f0:37:b8:3a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6a88b0887c32de5966f81ff915d6b5ff31532dd
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63723f7a3b27e263ee165418b80b4a8e2142ed8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:de:7d:00:32:a3:49:e2:a2:34:5e:fa:04:02:
                    d0:a5:f5:da:06:45:0a:b5:50:1c:a9:e1:6b:89:0d:
                    b2:2f:f7:21:fb:f1:9d:35:f4:6e:2c:a0:fa:ce:2d:
                    8b:52:8b:10:a3:83:a9:7f:0e:75:b8:e2:ad:ed:52:
                    02:e7:1b:dc:8c:e6:0c:6f:8b:02:f0:5d:15:1e:d7:
                    e8:0b:7c:e0:88:23:2c:03:46:75:fd:36:d6:37:ed:
                    a0:20:5d:30:70:f5:a0:56:b0:1a:6c:75:b3:0e:e1:
                    b7:38:8a:26:e7:a3:a5:64:3b:8f:f5:c0:7b:98:f5:
                    3b:da:f4:ae:0c:cd:e9:4a:ed:77:31:d9:46:a9:6f:
                    39:a7:a4:78:c5:c5:76:ac:d0:db:da:08:35:95:81:
                    f2:da:31:f0:40:51:5b:d5:dd:5c:07:4d:a5:7f:23:
                    42:fe:59:2a:26:ed:a1:81:13:2d:2d:bc:9d:64:60:
                    de:5a:e4:cb:a3:ea:c4:07:bf:99:39:c7:2f:1b:0f:
                    7a:a3:dd:44:6b:59:13:a6:0d:36:0d:4d:4c:0b:e9:
                    59:3f:e2:57:87:7b:1c:4a:68:6a:b4:37:06:04:47:
                    a1:2e:30:4b:31:75:38:ae:b1:7a:e2:05:02:51:75:
                    38:7f:43:91:0a:95:01:08:20:4d:03:22:60:52:08:
                    d7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:72:3F:7A:3B:27:E2:63:EE:16:54:18:B8:0B:4A:8E:21:42:ED:8F
            X509v3 Authority Key Identifier:
                keyid:A6:A8:8B:08:87:C3:2D:E5:96:6F:81:FF:91:5D:6B:5F:F3:15:32:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqiLCIfDLeWWb4H_kV1rX_MVMt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/98c609-07fa-4e2b-b476-6a29bc9f8a78/1/Y3I_ejsn4mPuFlQYuAtKjiFC7Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/98c609-07fa-4e2b-b476-6a29bc9f8a78/1/pqiLCIfDLeWWb4H_kV1rX_MVMt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.48.0/22
                IPv6:
                  2a0a:8a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:60:81:dc:f1:96:ee:73:27:ec:39:df:bd:84:ca:16:ca:0c:
         e2:fa:ec:4d:2d:c6:5b:69:25:a8:f6:7b:d6:f7:6f:87:77:82:
         36:2c:af:88:8b:67:5d:e9:26:cc:ad:b0:a1:da:c8:58:6d:99:
         5a:d4:e9:9b:07:0d:fd:01:8c:e3:37:32:09:22:90:7c:88:87:
         90:b9:03:f3:b3:e8:f4:6f:dd:a7:b7:55:70:90:65:99:f9:61:
         5d:fa:c3:d1:6b:2c:32:e4:f2:44:07:12:d3:d9:fa:fe:2d:61:
         10:a0:21:40:ba:9b:fe:ad:5d:66:96:45:34:1a:ed:0f:ca:4e:
         e4:ec:21:49:66:11:b9:56:9d:bd:28:0c:b1:27:d0:c8:b7:b6:
         33:c9:5f:95:25:17:36:d9:e3:87:01:73:36:00:8e:f1:e6:27:
         89:a2:5f:f8:3c:a6:fc:3d:70:6e:ad:3f:fe:d6:aa:da:df:2b:
         ac:ab:5b:fa:51:f7:d6:4f:5b:11:fa:1a:fb:a5:ae:90:b1:b3:
         58:eb:22:ba:81:fe:b1:56:44:8d:ce:b6:c8:34:be:a0:e0:6d:
         52:51:d7:52:b3:71:97:2a:e4:53:24:fe:6e:07:01:39:53:ee:
         73:07:b4:75:6c:2e:18:0a:dd:be:2e:cf:30:90:49:1d:d6:95:
         be:01:ee:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3DQ7t7H+arR1OvA3uDpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YTg4YjA4ODdjMzJkZTU5NjZmODFmZjkxNWQ2YjVmZjMx
NTMyZGQwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzcyM2Y3YTNiMjdlMjYzZWUxNjU0MThiODBiNGE4ZTIxNDJlZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d59ADKjSeKiNF76BALQpfXaBkUK
tVAcqeFriQ2yL/ch+/GdNfRuLKD6zi2LUosQo4Opfw51uOKt7VIC5xvcjOYMb4sC
8F0VHtfoC3zgiCMsA0Z1/TbWN+2gIF0wcPWgVrAabHWzDuG3OIom56OlZDuP9cB7
mPU72vSuDM3pSu13MdlGqW85p6R4xcV2rNDb2gg1lYHy2jHwQFFb1d1cB02lfyNC
/lkqJu2hgRMtLbydZGDeWuTLo+rEB7+ZOccvGw96o91Ea1kTpg02DU1MC+lZP+JX
h3scSmhqtDcGBEehLjBLMXU4rrF64gUCUXU4f0ORCpUBCCBNAyJgUgjXjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGNyP3o7J+Jj7hZUGLgLSo4hQu2PMB8GA1UdIwQY
MBaAFKaoiwiHwy3llm+B/5Fda1/zFTLdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFpTENJZkRMZVdXYjRIX2tWMXJYX01WTXQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi85OGM2MDktMDdmYS00ZTJiLWI0NzYt
NmEyOWJjOWY4YTc4LzEvWTNJX2Vqc240bVB1RmxRWXVBdEtqaUZDN1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi85OGM2MDktMDdmYS00ZTJiLWI0NzYtNmEyOWJjOWY4YTc4
LzEvcHFpTENJZkRMZVdXYjRIX2tWMXJYX01WTXQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaYwMA0E
AgACMAcDBQAqCooAMA0GCSqGSIb3DQEBCwUAA4IBAQBgYIHc8ZbucyfsOd+9hMoW
ygzi+uxNLcZbaSWo9nvW92+Hd4I2LK+Ii2dd6SbMrbCh2shYbZla1OmbBw39AYzj
NzIJIpB8iIeQuQPzs+j0b92nt1VwkGWZ+WFd+sPRaywy5PJEBxLT2fr+LWEQoCFA
upv+rV1mlkU0Gu0Pyk7k7CFJZhG5Vp29KAyxJ9DIt7YzyV+VJRc22eOHAXM2AI7x
5ieJol/4PKb8PXBurT/+1qra3yusq1v6UffWT1sR+hr7pa6QsbNY6yK6gf6xVkSN
zrbINL6g4G1SUddSs3GXKuRTJP5uBwE5U+5zB7R1bC4YCt2+Ls8wkEkd1pW+Ae5p
-----END CERTIFICATE-----