Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/15bd53-994a-46f2-9e6e-71887d0a83be/1/K1YbpBI2iT3l5jsomFQzMKKMQDU.roa
File:                     K1YbpBI2iT3l5jsomFQzMKKMQDU.roa (raw, json)
Hash identifier:          bJ7tW+sYumQ64GEb7nGRrOHJTEgb50pNIWjudy02iRo=
Subject key identifier:   2B:56:1B:A4:12:36:89:3D:E5:E6:3B:28:98:54:33:30:A2:8C:40:35
Certificate issuer:       /CN=c4dff0e15237805507af5d03abedeb8832b4b8cb
Certificate serial:       018CC56E9BD033FED5BC05DCAF43E4C08DBE
Authority key identifier: C4:DF:F0:E1:52:37:80:55:07:AF:5D:03:AB:ED:EB:88:32:B4:B8:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN_w4VI3gFUHr10Dq-3riDK0uMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/15bd53-994a-46f2-9e6e-71887d0a83be/1/K1YbpBI2iT3l5jsomFQzMKKMQDU.roa
Signing time:             Mon 01 Jan 2024 14:30:09 +0000
ROA not before:           Mon 01 Jan 2024 14:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60255
IP address blocks:        185.190.196.0/22 maxlen: 24
                          2a0e:2e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/15bd53-994a-46f2-9e6e-71887d0a83be/1/xN_w4VI3gFUHr10Dq-3riDK0uMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/15bd53-994a-46f2-9e6e-71887d0a83be/1/xN_w4VI3gFUHr10Dq-3riDK0uMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN_w4VI3gFUHr10Dq-3riDK0uMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9b:d0:33:fe:d5:bc:05:dc:af:43:e4:c0:8d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4dff0e15237805507af5d03abedeb8832b4b8cb
        Validity
            Not Before: Jan  1 14:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b561ba41236893de5e63b2898543330a28c4035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:6a:73:a0:fa:61:fd:d7:4f:d7:ae:ec:b7:8e:
                    9f:29:7c:7d:7f:30:00:f6:52:9f:34:da:a1:ae:67:
                    a8:57:db:9c:6a:47:32:8c:51:95:8f:35:9b:db:c9:
                    b4:81:f9:6d:49:ae:cc:db:ed:b1:9a:8d:aa:f6:e1:
                    25:b4:a1:c6:77:14:de:21:97:9b:27:7b:ac:f1:59:
                    34:8c:64:48:28:56:e6:6d:0b:55:68:c6:03:bd:9e:
                    b5:b7:7b:11:9f:b0:20:10:44:9e:1e:57:5d:12:bf:
                    9f:8a:3f:81:64:56:c2:be:70:0a:12:59:d1:bc:87:
                    89:ba:4b:a8:46:56:df:49:2e:df:c4:86:c1:42:e7:
                    ad:07:d6:48:5f:9a:b5:f4:50:42:2c:8e:bc:9c:7e:
                    bf:51:20:68:c7:e0:da:8a:eb:90:88:55:15:1f:35:
                    71:fc:23:47:03:58:2a:28:c8:8b:3c:2b:27:58:9b:
                    a0:12:9c:f8:b7:cd:75:8e:df:e6:7b:f2:36:0a:66:
                    41:67:b6:f2:4f:7d:88:45:13:a5:05:d8:3e:8e:32:
                    8d:5d:18:d8:39:a8:2d:92:58:05:90:ce:29:9c:a4:
                    ff:23:e9:7b:d2:2a:0a:9d:5e:11:d1:da:26:b7:6d:
                    47:d1:2a:3c:50:ea:0c:9c:7a:49:f1:bb:13:cc:4d:
                    95:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:56:1B:A4:12:36:89:3D:E5:E6:3B:28:98:54:33:30:A2:8C:40:35
            X509v3 Authority Key Identifier:
                keyid:C4:DF:F0:E1:52:37:80:55:07:AF:5D:03:AB:ED:EB:88:32:B4:B8:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN_w4VI3gFUHr10Dq-3riDK0uMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/15bd53-994a-46f2-9e6e-71887d0a83be/1/K1YbpBI2iT3l5jsomFQzMKKMQDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/15bd53-994a-46f2-9e6e-71887d0a83be/1/xN_w4VI3gFUHr10Dq-3riDK0uMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.196.0/22
                IPv6:
                  2a0e:2e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:1d:cf:99:24:0e:b9:c3:c7:d8:55:0c:04:16:d2:48:08:4a:
         dd:82:f6:85:d3:32:e3:26:55:1a:e0:21:04:2e:5d:a1:67:56:
         69:ff:b5:90:56:49:7f:d0:f8:38:8e:23:4b:63:df:e3:9a:6e:
         3c:a7:f6:4e:7b:66:6b:65:5e:26:7e:37:7b:29:99:0e:8d:b5:
         6d:78:fa:76:5e:5f:9c:43:93:97:fb:13:cd:75:21:18:f4:15:
         52:3a:4d:4b:98:75:98:4c:8c:ae:9a:b9:ce:c4:d7:f4:b4:bc:
         7e:73:fe:2b:d4:bf:d3:57:7c:82:ba:ec:d0:d1:3f:3c:fb:5f:
         2d:ca:40:8c:4f:e6:4f:fb:56:00:8a:ea:0b:58:cd:e4:cd:16:
         02:6c:dd:4a:f4:cf:86:f8:0e:9b:ad:d6:24:a7:85:64:34:91:
         91:de:3e:d5:91:23:4d:72:88:bc:35:3d:40:94:e5:b2:21:74:
         c3:a5:8b:c8:18:7e:5c:f6:d9:5a:38:8e:a9:a6:79:f9:23:05:
         67:f4:84:40:53:61:76:65:97:bd:64:1f:f4:e9:b8:a8:e8:76:
         c3:d5:77:15:46:42:94:ea:d7:0b:06:3d:eb:68:84:83:e6:04:
         ba:c7:a9:be:5a:66:6f:3f:dc:f9:e7:a9:66:07:13:1b:4d:17:
         69:69:79:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbpvQM/7VvAXcr0PkwI2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGZmMGUxNTIzNzgwNTUwN2FmNWQwM2FiZWRlYjg4MzJi
NGI4Y2IwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjU2MWJhNDEyMzY4OTNkZTVlNjNiMjg5ODU0MzMzMGEyOGM0MDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GpzoPph/ddP167st46fKXx9fzAA
9lKfNNqhrmeoV9ucakcyjFGVjzWb28m0gfltSa7M2+2xmo2q9uEltKHGdxTeIZeb
J3us8Vk0jGRIKFbmbQtVaMYDvZ61t3sRn7AgEESeHlddEr+fij+BZFbCvnAKElnR
vIeJukuoRlbfSS7fxIbBQuetB9ZIX5q19FBCLI68nH6/USBox+DaiuuQiFUVHzVx
/CNHA1gqKMiLPCsnWJugEpz4t811jt/me/I2CmZBZ7byT32IRROlBdg+jjKNXRjY
OagtklgFkM4pnKT/I+l70ioKnV4R0domt21H0So8UOoMnHpJ8bsTzE2VpQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCtWG6QSNok95eY7KJhUMzCijEA1MB8GA1UdIwQY
MBaAFMTf8OFSN4BVB69dA6vt64gytLjLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE5fdzRWSTNnRlVIcjEwRHEtM3JpREswdU1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xNWJkNTMtOTk0YS00NmYyLTllNmUt
NzE4ODdkMGE4M2JlLzEvSzFZYnBCSTJpVDNsNWpzb21GUXpNS0tNUURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xNWJkNTMtOTk0YS00NmYyLTllNmUtNzE4ODdkMGE4M2Jl
LzEveE5fdzRWSTNnRlVIcjEwRHEtM3JpREswdU1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub7EMA0E
AgACMAcDBQMqDi6AMA0GCSqGSIb3DQEBCwUAA4IBAQCIHc+ZJA65w8fYVQwEFtJI
CErdgvaF0zLjJlUa4CEELl2hZ1Zp/7WQVkl/0Pg4jiNLY9/jmm48p/ZOe2ZrZV4m
fjd7KZkOjbVtePp2Xl+cQ5OX+xPNdSEY9BVSOk1LmHWYTIyumrnOxNf0tLx+c/4r
1L/TV3yCuuzQ0T88+18tykCMT+ZP+1YAiuoLWM3kzRYCbN1K9M+G+A6brdYkp4Vk
NJGR3j7VkSNNcoi8NT1AlOWyIXTDpYvIGH5c9tlaOI6ppnn5IwVn9IRAU2F2ZZe9
ZB/06bio6HbD1XcVRkKU6tcLBj3raISD5gS6x6m+WmZvP9z556lmBxMbTRdpaXmP
-----END CERTIFICATE-----