Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/d3d257-6e4c-4d60-9c93-dfcae36a3ef8/1/ruKYfofeZOzJmPqnwGm6D75whrg.roa
File:                     ruKYfofeZOzJmPqnwGm6D75whrg.roa (raw, json)
Hash identifier:          yB9e6rj9cz6KeAkU544z2N4/13zKw2qEgUqs7AQCAzE=
Subject key identifier:   AE:E2:98:7E:87:DE:64:EC:C9:98:FA:A7:C0:69:BA:0F:BE:70:86:B8
Certificate issuer:       /CN=d1c70f1f33c581db78a149bc86d739cdc7ce26a7
Certificate serial:       018F710EF4A8ABB7D7C043A4B9D58DD0A58D
Authority key identifier: D1:C7:0F:1F:33:C5:81:DB:78:A1:49:BC:86:D7:39:CD:C7:CE:26:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ccPHzPFgdt4oUm8htc5zcfOJqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/d3d257-6e4c-4d60-9c93-dfcae36a3ef8/1/ruKYfofeZOzJmPqnwGm6D75whrg.roa
Signing time:             Mon 13 May 2024 08:25:56 +0000
ROA not before:           Mon 13 May 2024 08:25:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202393
IP address blocks:        185.249.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/d3d257-6e4c-4d60-9c93-dfcae36a3ef8/1/0ccPHzPFgdt4oUm8htc5zcfOJqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/d3d257-6e4c-4d60-9c93-dfcae36a3ef8/1/0ccPHzPFgdt4oUm8htc5zcfOJqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ccPHzPFgdt4oUm8htc5zcfOJqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:71:0e:f4:a8:ab:b7:d7:c0:43:a4:b9:d5:8d:d0:a5:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1c70f1f33c581db78a149bc86d739cdc7ce26a7
        Validity
            Not Before: May 13 08:25:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aee2987e87de64ecc998faa7c069ba0fbe7086b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2f:b1:d4:ad:5c:09:57:b5:6c:f8:8a:5f:38:
                    76:e0:2d:6d:4a:22:d0:c7:08:d6:83:ae:4c:58:c3:
                    7d:5a:e8:44:80:6f:f6:dd:6f:88:d2:0b:dc:6e:e9:
                    e1:bb:4c:49:29:b9:94:72:7b:44:05:3a:fa:0b:c7:
                    aa:d8:5f:a7:7c:45:0b:59:4f:7d:b1:91:0c:44:7f:
                    e5:ee:0d:19:48:15:54:53:44:eb:12:0d:08:57:e3:
                    f3:29:99:00:c0:c2:e4:dc:2d:25:cd:51:17:1f:7f:
                    70:ef:a4:bd:60:e1:7d:dc:64:b1:af:55:6e:bd:87:
                    e2:8c:38:69:c4:e5:f9:a6:44:4b:73:36:e5:51:81:
                    46:52:27:6b:4a:86:7c:af:7f:77:74:8d:62:0d:d7:
                    89:21:ed:e4:fe:48:46:cb:2b:cd:23:de:d2:20:56:
                    8f:a7:8c:c2:08:fd:9a:66:01:d4:25:80:3c:e9:ed:
                    6a:43:6d:5a:6c:15:f7:c8:54:79:90:93:64:14:85:
                    9a:d2:5f:4d:f5:de:4f:c9:3c:42:9b:de:87:50:5f:
                    d3:db:5a:3d:2a:75:18:c3:60:c2:d7:a4:e5:ec:76:
                    7c:17:32:3b:3c:94:ab:be:b9:c9:57:b0:fa:5f:b2:
                    87:74:71:10:67:fa:1a:df:43:04:d6:5e:95:16:ee:
                    8a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E2:98:7E:87:DE:64:EC:C9:98:FA:A7:C0:69:BA:0F:BE:70:86:B8
            X509v3 Authority Key Identifier:
                keyid:D1:C7:0F:1F:33:C5:81:DB:78:A1:49:BC:86:D7:39:CD:C7:CE:26:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ccPHzPFgdt4oUm8htc5zcfOJqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/d3d257-6e4c-4d60-9c93-dfcae36a3ef8/1/ruKYfofeZOzJmPqnwGm6D75whrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/d3d257-6e4c-4d60-9c93-dfcae36a3ef8/1/0ccPHzPFgdt4oUm8htc5zcfOJqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:c5:b3:dc:5e:12:98:a4:61:1e:fd:5b:68:9b:af:65:41:84:
         7f:da:e7:0c:8f:41:b3:70:e1:79:ab:49:f5:77:d4:07:a0:07:
         d5:3d:06:49:9f:78:78:92:75:f0:95:70:ff:14:1a:22:f3:72:
         99:84:f5:f6:01:d6:0b:3d:f8:56:b6:d4:f3:bb:db:7c:32:37:
         fb:45:81:a9:75:bc:4a:fe:f6:5b:49:32:1e:b4:d1:25:65:49:
         87:7b:15:e2:df:81:4a:88:4e:26:22:db:95:30:5d:8f:da:c7:
         05:bc:dd:0e:30:61:66:8d:03:83:bb:88:4f:9b:f0:d2:d9:9c:
         bc:c9:8b:01:40:d7:52:be:30:66:04:a0:b6:a1:b7:f5:77:65:
         8e:41:42:b9:cc:57:77:c1:ed:25:3a:ef:f3:9e:9c:39:98:be:
         ad:a5:76:28:40:0d:d8:da:cf:5e:fb:0b:49:61:c4:ec:2c:30:
         69:29:59:3d:76:cf:bc:22:8f:6e:fb:07:c2:bc:d0:a1:ae:3a:
         15:9d:55:10:ef:74:15:b2:4e:87:20:25:e5:37:bd:2e:ac:99:
         e8:7a:66:14:57:d8:08:6d:a8:e4:28:6e:2b:e2:75:fd:8d:b5:
         0e:0d:ec:09:21:b3:7f:df:31:2a:5b:0c:c9:f0:54:90:42:ba:
         e7:eb:3e:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9xDvSoq7fXwEOkudWN0KWNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYzcwZjFmMzNjNTgxZGI3OGExNDliYzg2ZDczOWNkYzdj
ZTI2YTcwHhcNMjQwNTEzMDgyNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWUyOTg3ZTg3ZGU2NGVjYzk5OGZhYTdjMDY5YmEwZmJlNzA4NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi+x1K1cCVe1bPiKXzh24C1tSiLQ
xwjWg65MWMN9WuhEgG/23W+I0gvcbunhu0xJKbmUcntEBTr6C8eq2F+nfEULWU99
sZEMRH/l7g0ZSBVUU0TrEg0IV+PzKZkAwMLk3C0lzVEXH39w76S9YOF93GSxr1Vu
vYfijDhpxOX5pkRLczblUYFGUidrSoZ8r393dI1iDdeJIe3k/khGyyvNI97SIFaP
p4zCCP2aZgHUJYA86e1qQ21abBX3yFR5kJNkFIWa0l9N9d5PyTxCm96HUF/T21o9
KnUYw2DC16Tl7HZ8FzI7PJSrvrnJV7D6X7KHdHEQZ/oa30ME1l6VFu6KqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7imH6H3mTsyZj6p8Bpug++cIa4MB8GA1UdIwQY
MBaAFNHHDx8zxYHbeKFJvIbXOc3HzianMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNjUEh6UEZnZHQ0b1VtOGh0YzV6Y2ZPSnFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9kM2QyNTctNmU0Yy00ZDYwLTljOTMt
ZGZjYWUzNmEzZWY4LzEvcnVLWWZvZmVaT3pKbVBxbndHbTZENzV3aHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9kM2QyNTctNmU0Yy00ZDYwLTljOTMtZGZjYWUzNmEzZWY4
LzEvMGNjUEh6UEZnZHQ0b1VtOGh0YzV6Y2ZPSnFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufnkMA0G
CSqGSIb3DQEBCwUAA4IBAQC7xbPcXhKYpGEe/Vtom69lQYR/2ucMj0GzcOF5q0n1
d9QHoAfVPQZJn3h4knXwlXD/FBoi83KZhPX2AdYLPfhWttTzu9t8Mjf7RYGpdbxK
/vZbSTIetNElZUmHexXi34FKiE4mItuVMF2P2scFvN0OMGFmjQODu4hPm/DS2Zy8
yYsBQNdSvjBmBKC2obf1d2WOQUK5zFd3we0lOu/znpw5mL6tpXYoQA3Y2s9e+wtJ
YcTsLDBpKVk9ds+8Io9u+wfCvNChrjoVnVUQ73QVsk6HICXlN70urJnoemYUV9gI
bajkKG4r4nX9jbUODewJIbN/3zEqWwzJ8FSQQrrn6z5N
-----END CERTIFICATE-----