Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/sY3FmCOrl_N-US8qa3kLY1K6Kh0.roa
File:                     sY3FmCOrl_N-US8qa3kLY1K6Kh0.roa (raw, json)
Hash identifier:          lkTYehPk6gAdw+AB9kFn7tuh0Vyu0h028AoR+xJsES0=
Subject key identifier:   B1:8D:C5:98:23:AB:97:F3:7E:51:2F:2A:6B:79:0B:63:52:BA:2A:1D
Certificate issuer:       /CN=5ada11556399e28fc55dab3ba07868ff491c6fb8
Certificate serial:       018CC6B7A462EF48165FCA41579CC5855CD1
Authority key identifier: 5A:DA:11:55:63:99:E2:8F:C5:5D:AB:3B:A0:78:68:FF:49:1C:6F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtoRVWOZ4o_FXas7oHho_0kcb7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/sY3FmCOrl_N-US8qa3kLY1K6Kh0.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56636
IP address blocks:        185.217.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/WtoRVWOZ4o_FXas7oHho_0kcb7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/WtoRVWOZ4o_FXas7oHho_0kcb7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtoRVWOZ4o_FXas7oHho_0kcb7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a4:62:ef:48:16:5f:ca:41:57:9c:c5:85:5c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ada11556399e28fc55dab3ba07868ff491c6fb8
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b18dc59823ab97f37e512f2a6b790b6352ba2a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:75:51:78:1d:43:56:cc:7e:73:ca:70:5e:ea:
                    2d:19:a2:45:e5:95:66:2c:30:bf:00:29:25:5c:4b:
                    2b:ff:e4:f5:44:1c:00:7e:87:86:a5:a7:5c:72:d7:
                    b0:f8:e8:b0:c7:79:09:32:24:cb:3e:2b:a4:ae:5e:
                    5e:f7:62:2b:2c:5c:6d:d5:13:83:c8:76:d0:6c:1c:
                    3a:0b:5f:58:c7:74:4e:bd:0e:37:25:18:0e:21:13:
                    54:43:d7:ac:41:43:0f:37:83:df:52:51:30:f0:12:
                    1b:ed:50:14:c6:90:89:77:80:8b:50:23:8a:2e:bb:
                    ae:eb:24:3a:da:b6:8f:ce:c5:33:15:c9:23:21:98:
                    cc:31:6c:1f:2d:4d:9f:9c:17:06:5c:00:55:f6:50:
                    c8:32:73:55:b1:c5:c6:7f:29:b0:33:1e:a0:37:f8:
                    83:2d:67:27:c0:bc:32:b3:e7:c4:bf:a1:16:15:57:
                    10:83:92:3e:6d:4d:de:a4:38:73:81:b8:0e:18:f2:
                    99:ee:3f:00:0f:99:72:36:f6:19:71:1c:f8:37:ce:
                    0d:e3:f9:b1:85:76:62:5b:65:52:35:48:56:46:00:
                    eb:b8:cb:09:39:3b:30:76:43:d9:19:d1:8a:a5:83:
                    f4:4b:e1:c3:a5:f0:db:63:7e:4c:49:37:7f:2d:3b:
                    c4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:8D:C5:98:23:AB:97:F3:7E:51:2F:2A:6B:79:0B:63:52:BA:2A:1D
            X509v3 Authority Key Identifier:
                keyid:5A:DA:11:55:63:99:E2:8F:C5:5D:AB:3B:A0:78:68:FF:49:1C:6F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtoRVWOZ4o_FXas7oHho_0kcb7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/sY3FmCOrl_N-US8qa3kLY1K6Kh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/WtoRVWOZ4o_FXas7oHho_0kcb7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:86:35:f1:22:dd:d9:e9:48:ed:77:42:89:c5:ce:26:ed:12:
         70:11:73:88:35:d5:69:f9:76:15:e7:a6:d5:32:a8:eb:1e:18:
         f6:c2:ec:e6:bd:d5:37:b8:ed:fc:2f:2d:a9:22:0a:fc:f6:95:
         c9:c9:90:e4:25:72:d0:33:dd:08:ea:5f:71:16:da:56:a3:f8:
         29:33:47:05:69:14:12:1a:52:40:9a:2d:a8:2e:3b:d7:aa:49:
         ac:a8:dc:5d:d8:6e:8a:6e:92:10:f2:32:8e:c0:c5:81:c5:e9:
         95:ab:ab:e6:ba:5d:3f:ce:d4:93:7c:46:76:1d:13:12:34:ef:
         f5:29:e0:15:6f:2c:c7:a3:19:04:35:02:8a:2e:7d:81:10:01:
         05:7f:1a:90:df:e4:a9:0c:be:df:5c:3e:0f:ad:1a:1b:5b:3f:
         0d:e6:15:07:b1:cb:4e:44:dc:21:0a:e6:31:f7:d2:31:77:fa:
         13:7a:96:e8:1e:ec:0b:72:cc:df:a2:3c:58:05:d5:28:42:8c:
         25:7d:13:91:5a:c0:31:6e:46:c2:75:af:94:be:b0:95:96:01:
         f4:af:34:68:de:9f:f3:6f:2f:bc:60:3d:10:60:8a:5c:a4:22:
         46:e9:e1:70:de:6a:f0:42:73:c4:58:93:f3:0b:39:b1:fe:f8:
         b3:90:d8:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6Ri70gWX8pBV5zFhVzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZGExMTU1NjM5OWUyOGZjNTVkYWIzYmEwNzg2OGZmNDkx
YzZmYjgwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThkYzU5ODIzYWI5N2YzN2U1MTJmMmE2Yjc5MGI2MzUyYmEyYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8nVReB1DVsx+c8pwXuotGaJF5ZVm
LDC/ACklXEsr/+T1RBwAfoeGpadcctew+Oiwx3kJMiTLPiukrl5e92IrLFxt1ROD
yHbQbBw6C19Yx3ROvQ43JRgOIRNUQ9esQUMPN4PfUlEw8BIb7VAUxpCJd4CLUCOK
Lruu6yQ62raPzsUzFckjIZjMMWwfLU2fnBcGXABV9lDIMnNVscXGfymwMx6gN/iD
LWcnwLwys+fEv6EWFVcQg5I+bU3epDhzgbgOGPKZ7j8AD5lyNvYZcRz4N84N4/mx
hXZiW2VSNUhWRgDruMsJOTswdkPZGdGKpYP0S+HDpfDbY35MSTd/LTvElwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGNxZgjq5fzflEvKmt5C2NSuiodMB8GA1UdIwQY
MBaAFFraEVVjmeKPxV2rO6B4aP9JHG+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RvUlZXT1o0b19GWGFzN29IaG9fMGtjYjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84MTIzNTctM2Q3MC00NjhlLWIwNDQt
ODRhZmVhYWJiMzczLzEvc1kzRm1DT3JsX04tVVM4cWEza0xZMUs2S2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84MTIzNTctM2Q3MC00NjhlLWIwNDQtODRhZmVhYWJiMzcz
LzEvV3RvUlZXT1o0b19GWGFzN29IaG9fMGtjYjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudn8MA0G
CSqGSIb3DQEBCwUAA4IBAQAbhjXxIt3Z6Ujtd0KJxc4m7RJwEXOINdVp+XYV56bV
MqjrHhj2wuzmvdU3uO38Ly2pIgr89pXJyZDkJXLQM90I6l9xFtpWo/gpM0cFaRQS
GlJAmi2oLjvXqkmsqNxd2G6KbpIQ8jKOwMWBxemVq6vmul0/ztSTfEZ2HRMSNO/1
KeAVbyzHoxkENQKKLn2BEAEFfxqQ3+SpDL7fXD4PrRobWz8N5hUHsctORNwhCuYx
99Ixd/oTepboHuwLcszfojxYBdUoQowlfRORWsAxbkbCda+UvrCVlgH0rzRo3p/z
by+8YD0QYIpcpCJG6eFw3mrwQnPEWJPzCzmx/vizkNhe
-----END CERTIFICATE-----