Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/yJwM8AzSEBwizLjTexzHANFQZ1A.roa
File:                     yJwM8AzSEBwizLjTexzHANFQZ1A.roa (raw, json)
Hash identifier:          RwJ0qZ4LL9/Fh6w+9Ba7k0GgS1cQD/y4U3KVUrq7bAw=
Subject key identifier:   C8:9C:0C:F0:0C:D2:10:1C:22:CC:B8:D3:7B:1C:C7:00:D1:50:67:50
Certificate issuer:       /CN=b3ab7a89808687cc3dad7ba0f7df0bace019f763
Certificate serial:       018CC5DC17EF6A75867B7A3BFB7AAD7DC1A4
Authority key identifier: B3:AB:7A:89:80:86:87:CC:3D:AD:7B:A0:F7:DF:0B:AC:E0:19:F7:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6t6iYCGh8w9rXug998LrOAZ92M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/yJwM8AzSEBwizLjTexzHANFQZ1A.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33832
IP address blocks:        185.99.144.0/22 maxlen: 22
                          2a06:12c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/s6t6iYCGh8w9rXug998LrOAZ92M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/s6t6iYCGh8w9rXug998LrOAZ92M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6t6iYCGh8w9rXug998LrOAZ92M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:17:ef:6a:75:86:7b:7a:3b:fb:7a:ad:7d:c1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3ab7a89808687cc3dad7ba0f7df0bace019f763
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c89c0cf00cd2101c22ccb8d37b1cc700d1506750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f4:b4:2b:71:15:f1:bd:22:08:e3:0c:80:b8:
                    bf:08:51:0a:7b:14:8b:da:35:c4:52:99:b6:37:37:
                    c5:0b:af:55:8c:41:bf:54:7f:79:42:6f:30:ec:9f:
                    72:c0:74:ad:0e:39:15:fa:21:e7:c5:57:5d:b8:f0:
                    d2:d6:75:e6:50:8f:e2:e8:6f:39:e1:d4:c9:55:92:
                    ad:14:b7:ab:41:bd:bc:06:b6:56:44:5a:de:9e:ed:
                    7d:a9:3c:f7:12:60:2e:f9:e9:24:d8:ed:f6:dc:12:
                    d8:3e:4a:2e:ad:8b:02:0a:93:c6:9a:21:48:21:3f:
                    6e:c1:08:e2:b1:72:fd:6a:4f:b4:0e:17:fe:a6:0f:
                    e9:95:07:f5:01:25:18:8c:78:c7:4d:c9:ec:5c:bc:
                    33:4c:ba:6d:41:f6:64:d0:a8:f0:ff:dd:47:99:a9:
                    c3:70:84:ba:53:b1:84:c4:9e:7a:a4:a2:6f:ab:a0:
                    e9:4f:97:19:a6:6a:1d:b3:c3:7d:34:55:2e:bc:af:
                    42:6e:e2:00:fc:4d:3f:74:10:b8:fd:fc:57:68:be:
                    e1:03:56:0c:b1:29:7f:a4:d4:0d:51:10:8e:a3:3d:
                    25:dd:63:6e:86:bc:33:63:44:03:a7:04:98:94:97:
                    be:c4:69:37:f3:23:8f:2c:57:b6:e8:92:fd:42:0f:
                    32:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:9C:0C:F0:0C:D2:10:1C:22:CC:B8:D3:7B:1C:C7:00:D1:50:67:50
            X509v3 Authority Key Identifier:
                keyid:B3:AB:7A:89:80:86:87:CC:3D:AD:7B:A0:F7:DF:0B:AC:E0:19:F7:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6t6iYCGh8w9rXug998LrOAZ92M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/yJwM8AzSEBwizLjTexzHANFQZ1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/s6t6iYCGh8w9rXug998LrOAZ92M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.144.0/22
                IPv6:
                  2a06:12c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:0f:4a:0b:6c:0e:d8:1d:8b:e8:37:29:68:1b:a0:66:74:ab:
         72:77:cb:62:07:13:17:cd:c9:fa:7a:0c:b9:6c:45:31:b1:3f:
         71:ac:8c:5e:e4:02:4f:b5:d0:72:85:cc:21:67:6c:d3:c4:b3:
         06:cb:60:06:c6:7b:7b:7b:73:e5:6e:25:88:83:39:70:93:68:
         48:d5:92:58:4f:e8:77:00:66:c4:2c:26:01:e7:fb:b6:0e:1f:
         89:ed:58:3b:1e:3e:bd:ed:18:66:1b:80:7b:0c:9a:ae:4d:fc:
         3d:33:5b:cc:85:7b:18:b7:e7:52:1a:49:a3:49:c1:6d:48:39:
         01:da:76:b2:db:06:58:07:43:82:6e:04:dd:4e:13:28:bb:05:
         75:37:c8:0e:10:76:f5:1e:eb:d3:f0:6b:d5:43:3e:5f:ef:b1:
         c7:56:c2:c7:73:6c:24:0c:8d:17:68:6d:23:24:5a:41:d6:ee:
         7f:0c:10:f6:d8:c2:fb:d6:37:24:fc:ca:38:86:aa:42:83:d4:
         e9:dd:49:f4:21:ea:49:7c:f3:21:8f:a5:30:f3:90:22:29:03:
         aa:8c:af:00:e4:83:d0:f9:a5:94:22:e7:b7:85:3e:e8:87:2b:
         3c:19:ec:2a:36:20:e8:56:7f:7c:84:47:cd:2b:17:fa:e5:6c:
         30:15:b6:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3BfvanWGe3o7+3qtfcGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYWI3YTg5ODA4Njg3Y2MzZGFkN2JhMGY3ZGYwYmFjZTAx
OWY3NjMwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODljMGNmMDBjZDIxMDFjMjJjY2I4ZDM3YjFjYzcwMGQxNTA2NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvS0K3EV8b0iCOMMgLi/CFEKexSL
2jXEUpm2NzfFC69VjEG/VH95Qm8w7J9ywHStDjkV+iHnxVdduPDS1nXmUI/i6G85
4dTJVZKtFLerQb28BrZWRFrenu19qTz3EmAu+ekk2O323BLYPkourYsCCpPGmiFI
IT9uwQjisXL9ak+0Dhf+pg/plQf1ASUYjHjHTcnsXLwzTLptQfZk0Kjw/91HmanD
cIS6U7GExJ56pKJvq6DpT5cZpmods8N9NFUuvK9CbuIA/E0/dBC4/fxXaL7hA1YM
sSl/pNQNURCOoz0l3WNuhrwzY0QDpwSYlJe+xGk38yOPLFe26JL9Qg8yWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMicDPAM0hAcIsy403scxwDRUGdQMB8GA1UdIwQY
MBaAFLOreomAhofMPa17oPffC6zgGfdjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZ0NmlZQ0doOHc5clh1Zzk5OExyT0FaOTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS84M2Y5MzktMDVmMS00YWZhLWFhMTAt
ODYwNmE3MjRkODkxLzEveUp3TThBelNFQndpekxqVGV4ekhBTkZRWjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS84M2Y5MzktMDVmMS00YWZhLWFhMTAtODYwNmE3MjRkODkx
LzEvczZ0NmlZQ0doOHc5clh1Zzk5OExyT0FaOTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWOQMA0E
AgACMAcDBQMqBhLAMA0GCSqGSIb3DQEBCwUAA4IBAQB2D0oLbA7YHYvoNyloG6Bm
dKtyd8tiBxMXzcn6egy5bEUxsT9xrIxe5AJPtdByhcwhZ2zTxLMGy2AGxnt7e3Pl
biWIgzlwk2hI1ZJYT+h3AGbELCYB5/u2Dh+J7Vg7Hj697RhmG4B7DJquTfw9M1vM
hXsYt+dSGkmjScFtSDkB2nay2wZYB0OCbgTdThMouwV1N8gOEHb1HuvT8GvVQz5f
77HHVsLHc2wkDI0XaG0jJFpB1u5/DBD22ML71jck/Mo4hqpCg9Tp3Un0IepJfPMh
j6Uw85AiKQOqjK8A5IPQ+aWUIue3hT7ohys8GewqNiDoVn98hEfNKxf65WwwFbaV
-----END CERTIFICATE-----