Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/R_yz31UEx6e6yNnynG_1i6K5TQE.roa
File:                     R_yz31UEx6e6yNnynG_1i6K5TQE.roa (raw, json)
Hash identifier:          KGM4VGUD65awSO4TW81UsKOButytc5O/5GBESJEscK4=
Subject key identifier:   47:FC:B3:DF:55:04:C7:A7:BA:C8:D9:F2:9C:6F:F5:8B:A2:B9:4D:01
Certificate issuer:       /CN=83c103d65a54d6af1efba6ac3e63722028af2bb1
Certificate serial:       018CC64AA59B0C8F43EEF1A6BE5CA96CA1C5
Authority key identifier: 83:C1:03:D6:5A:54:D6:AF:1E:FB:A6:AC:3E:63:72:20:28:AF:2B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g8ED1lpU1q8e-6asPmNyICivK7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/R_yz31UEx6e6yNnynG_1i6K5TQE.roa
Signing time:             Mon 01 Jan 2024 18:30:29 +0000
ROA not before:           Mon 01 Jan 2024 18:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206570
IP address blocks:        66.22.239.0/24 maxlen: 24
                          66.22.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/g8ED1lpU1q8e-6asPmNyICivK7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/g8ED1lpU1q8e-6asPmNyICivK7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g8ED1lpU1q8e-6asPmNyICivK7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a5:9b:0c:8f:43:ee:f1:a6:be:5c:a9:6c:a1:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83c103d65a54d6af1efba6ac3e63722028af2bb1
        Validity
            Not Before: Jan  1 18:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47fcb3df5504c7a7bac8d9f29c6ff58ba2b94d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6d:69:81:8a:b1:e3:21:53:af:90:ec:9e:7b:
                    f2:b9:04:ee:33:ba:e8:06:82:67:51:b2:48:e6:62:
                    8b:72:d7:a4:d6:08:25:23:0b:d4:ad:18:35:41:3c:
                    43:f7:9b:71:0e:a0:0a:06:09:63:ca:5b:8e:6c:54:
                    5c:81:09:b1:5a:51:55:c6:af:19:d7:35:01:d0:31:
                    d0:1e:b7:7d:44:13:db:cd:de:1d:21:a1:74:88:c8:
                    16:94:f4:19:bb:5d:37:62:cd:c7:ba:95:ce:26:66:
                    2d:6e:bc:ca:19:11:94:97:e0:a3:fb:54:64:b7:6b:
                    28:ba:e5:92:41:cb:b2:a0:29:55:d5:c0:01:a5:37:
                    57:ec:23:7b:56:2c:8a:5d:4d:8a:9f:93:f5:c8:04:
                    bf:b9:7d:87:19:9a:d9:f8:c5:b9:6d:72:6f:19:26:
                    30:3a:b8:c4:32:9d:a3:81:f5:2d:ea:03:60:89:e8:
                    46:e6:99:0c:6f:e6:66:d1:06:86:5f:e8:38:24:46:
                    80:57:f2:c9:93:3f:b1:1a:06:4c:e8:e5:44:67:8e:
                    38:c5:0a:aa:ff:53:04:5c:fc:1c:1f:30:3c:d3:bd:
                    f2:68:20:84:60:e2:8d:02:89:ca:33:6a:e4:9b:1e:
                    a4:a6:5c:4a:7f:59:2f:8a:0e:f4:3e:f4:3c:23:7e:
                    5f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FC:B3:DF:55:04:C7:A7:BA:C8:D9:F2:9C:6F:F5:8B:A2:B9:4D:01
            X509v3 Authority Key Identifier:
                keyid:83:C1:03:D6:5A:54:D6:AF:1E:FB:A6:AC:3E:63:72:20:28:AF:2B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g8ED1lpU1q8e-6asPmNyICivK7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/R_yz31UEx6e6yNnynG_1i6K5TQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/g8ED1lpU1q8e-6asPmNyICivK7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.22.239.0-66.22.240.255

    Signature Algorithm: sha256WithRSAEncryption
         1c:00:e9:5b:30:f6:ff:e9:37:59:a7:03:e7:da:64:62:60:94:
         23:21:36:bd:a9:21:c4:42:2a:73:d9:de:28:5b:34:ed:a3:46:
         58:fe:d5:47:88:fa:79:62:2d:69:9f:59:ac:40:59:65:b7:7f:
         7b:41:1a:8c:45:ad:9c:8d:aa:9b:4c:69:11:c1:e4:aa:af:77:
         06:5f:1e:10:66:39:18:7b:0f:22:39:27:56:c5:60:10:a4:c9:
         22:7f:b6:60:21:d1:28:7a:f7:21:ea:7d:2b:5e:32:9c:20:19:
         ba:4a:31:0a:d7:3b:00:41:ba:a1:4b:da:84:a6:83:a3:c5:26:
         c2:d0:4c:5f:81:28:ae:28:28:d2:88:4e:aa:72:1d:cc:cc:36:
         83:f8:a1:41:9d:82:70:b6:32:40:87:81:1b:7a:9f:a6:1f:2b:
         c2:65:e1:08:43:0c:57:ff:50:30:55:77:73:29:70:2a:34:37:
         bf:24:68:03:74:5e:af:c7:d3:eb:6b:ae:36:34:c0:06:0b:79:
         71:49:86:df:33:7d:c9:31:e5:a1:65:0a:d4:39:10:f3:46:34:
         b2:c8:2f:10:f9:51:c0:6a:84:7a:9f:84:6e:1b:85:91:9e:85:
         52:f4:e0:50:f2:f4:9f:35:38:18:64:2e:42:40:b1:30:e7:e3:
         1b:2f:6d:ac
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSqWbDI9D7vGmvlypbKHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYzEwM2Q2NWE1NGQ2YWYxZWZiYTZhYzNlNjM3MjIwMjhh
ZjJiYjEwHhcNMjQwMTAxMTgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2ZjYjNkZjU1MDRjN2E3YmFjOGQ5ZjI5YzZmZjU4YmEyYjk0ZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm21pgYqx4yFTr5DsnnvyuQTuM7ro
BoJnUbJI5mKLctek1gglIwvUrRg1QTxD95txDqAKBgljyluObFRcgQmxWlFVxq8Z
1zUB0DHQHrd9RBPbzd4dIaF0iMgWlPQZu103Ys3HupXOJmYtbrzKGRGUl+Cj+1Rk
t2souuWSQcuyoClV1cABpTdX7CN7ViyKXU2Kn5P1yAS/uX2HGZrZ+MW5bXJvGSYw
OrjEMp2jgfUt6gNgiehG5pkMb+Zm0QaGX+g4JEaAV/LJkz+xGgZM6OVEZ444xQqq
/1MEXPwcHzA8073yaCCEYOKNAonKM2rkmx6kplxKf1kvig70PvQ8I35fBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEf8s99VBMenusjZ8pxv9YuiuU0BMB8GA1UdIwQY
MBaAFIPBA9ZaVNavHvumrD5jciAoryuxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzhFRDFscFUxcThlLTZhc1BtTnlJQ2l2SzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wODFiZDQtMTIxMC00MDIxLWE4NjQt
YjUwY2Y1ZjJhYTIyLzEvUl95ejMxVUV4NmU2eU5ueW5HXzFpNks1VFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wODFiZDQtMTIxMC00MDIxLWE4NjQtYjUwY2Y1ZjJhYTIy
LzEvZzhFRDFscFUxcThlLTZhc1BtTnlJQ2l2SzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABCFu8D
BABCFvAwDQYJKoZIhvcNAQELBQADggEBABwA6Vsw9v/pN1mnA+faZGJglCMhNr2p
IcRCKnPZ3ihbNO2jRlj+1UeI+nliLWmfWaxAWWW3f3tBGoxFrZyNqptMaRHB5Kqv
dwZfHhBmORh7DyI5J1bFYBCkySJ/tmAh0Sh69yHqfSteMpwgGbpKMQrXOwBBuqFL
2oSmg6PFJsLQTF+BKK4oKNKITqpyHczMNoP4oUGdgnC2MkCHgRt6n6YfK8Jl4QhD
DFf/UDBVd3MpcCo0N78kaAN0Xq/H0+trrjY0wAYLeXFJht8zfckx5aFlCtQ5EPNG
NLLILxD5UcBqhHqfhG4bhZGehVL04FDy9J81OBhkLkJAsTDn4xsvbaw=
-----END CERTIFICATE-----