Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/YllJttbKLAz7vT7C31cbyWuVV8c.roa
File:                     YllJttbKLAz7vT7C31cbyWuVV8c.roa (raw, json)
Hash identifier:          I4XUKKjqUDSkzZrZEfVZnVgEvx0vb+ezEdlceW/yd2s=
Subject key identifier:   62:59:49:B6:D6:CA:2C:0C:FB:BD:3E:C2:DF:57:1B:C9:6B:95:57:C7
Certificate issuer:       /CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Certificate serial:       018CC7954EA1996D3D119346E3B3BF2365C2
Authority key identifier: DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/YllJttbKLAz7vT7C31cbyWuVV8c.roa
Signing time:             Tue 02 Jan 2024 00:31:40 +0000
ROA not before:           Tue 02 Jan 2024 00:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        185.75.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 18:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4e:a1:99:6d:3d:11:93:46:e3:b3:bf:23:65:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
        Validity
            Not Before: Jan  2 00:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=625949b6d6ca2c0cfbbd3ec2df571bc96b9557c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a4:61:69:a6:16:36:5b:78:88:47:c0:bc:ef:
                    42:8a:7e:89:26:0a:15:e9:5c:46:78:2c:f1:1e:c0:
                    27:cd:74:86:fb:9c:30:c1:9c:4b:aa:f5:b2:15:fe:
                    5a:b5:27:95:b3:b7:8a:69:e2:5c:72:de:62:79:b7:
                    65:3a:a4:a0:6d:82:ae:5e:74:e5:2e:78:65:d4:3b:
                    ba:cb:20:62:c6:65:74:ab:4d:e0:70:02:f1:23:64:
                    1d:7e:8d:1d:4f:3d:d7:72:2f:ca:0e:fb:e7:ff:1f:
                    31:f7:e7:c9:bd:81:2f:48:a7:28:07:71:ae:b3:9a:
                    8c:18:59:9c:9b:ee:89:12:22:8d:ce:4d:d0:01:3e:
                    ab:3d:02:f9:58:1d:dd:16:05:12:a4:f3:95:5d:8e:
                    7d:59:cc:e1:ef:1b:f8:9b:60:de:85:25:ef:34:0c:
                    56:e6:b0:31:6e:f7:22:cb:ae:6f:73:3a:e6:a8:8a:
                    33:d7:19:11:b1:8d:8b:79:88:99:69:e0:e1:ea:e1:
                    7b:c0:a2:3e:16:8a:7c:b1:9f:06:44:e1:90:53:d9:
                    5f:93:ed:54:3f:36:31:db:1d:12:6c:d1:22:2e:d9:
                    3a:c5:5b:85:e4:65:0f:a6:c8:75:49:88:4b:f3:1d:
                    ef:31:8f:a0:6d:cd:2e:54:33:23:b0:d8:60:25:45:
                    5c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:59:49:B6:D6:CA:2C:0C:FB:BD:3E:C2:DF:57:1B:C9:6B:95:57:C7
            X509v3 Authority Key Identifier:
                keyid:DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/YllJttbKLAz7vT7C31cbyWuVV8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c2:fb:0e:11:29:fb:b7:47:f1:1f:c7:77:6e:12:4c:a4:44:
         f2:a2:e3:39:7d:60:5b:55:74:21:11:e1:4f:17:cf:e5:cc:60:
         88:d0:3e:65:1d:0e:1b:2b:2d:7e:65:27:a1:0e:a8:4c:81:78:
         c8:5a:1b:2c:79:ac:b7:33:4e:45:37:e5:64:9f:e2:e0:66:2c:
         2d:83:52:d2:5d:ae:4c:15:fb:34:85:b8:09:15:f2:6c:d9:0b:
         18:48:7d:67:48:20:fd:7f:32:cb:cb:7a:93:a5:82:a3:dd:c0:
         b8:fe:9c:28:25:db:4b:bf:85:16:4d:1f:b5:f7:2b:20:e2:b9:
         2b:de:c3:c3:ab:ec:66:1a:fb:ef:df:81:61:47:5f:b8:e8:2f:
         97:32:4d:3d:56:2e:6a:c3:8b:4f:2d:81:56:0c:d4:a8:df:57:
         20:a7:06:bd:48:da:53:30:37:19:86:b2:94:57:55:7e:0d:c1:
         60:7f:cf:0b:9d:36:95:e4:97:44:b8:02:ff:06:65:af:8c:4e:
         99:5b:7f:ac:7d:b1:9f:59:b3:24:ea:eb:d4:a3:41:11:5d:74:
         35:57:05:32:2f:11:c3:4d:93:32:84:f4:e7:23:5a:41:f2:99:
         3a:cd:2f:26:9e:8e:78:67:03:56:46:7d:71:32:9a:12:30:29:
         11:c8:d4:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlU6hmW09EZNG47O/I2XCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMjdiOTM5OTM0YTJjYzIwNmZmYmE2YmNlOWM5MGZkY2Jh
MzljNzEwHhcNMjQwMTAyMDAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjU5NDliNmQ2Y2EyYzBjZmJiZDNlYzJkZjU3MWJjOTZiOTU1N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaRhaaYWNlt4iEfAvO9Cin6JJgoV
6VxGeCzxHsAnzXSG+5wwwZxLqvWyFf5atSeVs7eKaeJcct5iebdlOqSgbYKuXnTl
Lnhl1Du6yyBixmV0q03gcALxI2Qdfo0dTz3Xci/KDvvn/x8x9+fJvYEvSKcoB3Gu
s5qMGFmcm+6JEiKNzk3QAT6rPQL5WB3dFgUSpPOVXY59Wczh7xv4m2DehSXvNAxW
5rAxbvciy65vczrmqIoz1xkRsY2LeYiZaeDh6uF7wKI+Fop8sZ8GROGQU9lfk+1U
PzYx2x0SbNEiLtk6xVuF5GUPpsh1SYhL8x3vMY+gbc0uVDMjsNhgJUVc8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJZSbbWyiwM+70+wt9XG8lrlVfHMB8GA1UdIwQY
MBaAFN8nuTmTSizCBv+6a86ckP3Lo5xxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0Njgt
NmVkNTRkM2ZlNGY0LzEvWWxsSnR0YktMQXo3dlQ3QzMxY2J5V3VWVjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0NjgtNmVkNTRkM2ZlNGY0
LzEvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUvMMA0G
CSqGSIb3DQEBCwUAA4IBAQAhwvsOESn7t0fxH8d3bhJMpETyouM5fWBbVXQhEeFP
F8/lzGCI0D5lHQ4bKy1+ZSehDqhMgXjIWhsseay3M05FN+Vkn+LgZiwtg1LSXa5M
Ffs0hbgJFfJs2QsYSH1nSCD9fzLLy3qTpYKj3cC4/pwoJdtLv4UWTR+19ysg4rkr
3sPDq+xmGvvv34FhR1+46C+XMk09Vi5qw4tPLYFWDNSo31cgpwa9SNpTMDcZhrKU
V1V+DcFgf88LnTaV5JdEuAL/BmWvjE6ZW3+sfbGfWbMk6uvUo0ERXXQ1VwUyLxHD
TZMyhPTnI1pB8pk6zS8mno54ZwNWRn1xMpoSMCkRyNRN
-----END CERTIFICATE-----