Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/yzWRMncrnhgWEHpfqYWCHdlQIew.roa
File:                     yzWRMncrnhgWEHpfqYWCHdlQIew.roa (raw, json)
Hash identifier:          4PcPgtmH1iieQzHjO8IewQ3YDiunW2pclP2S78jlv7g=
Subject key identifier:   CB:35:91:32:77:2B:9E:18:16:10:7A:5F:A9:85:82:1D:D9:50:21:EC
Certificate issuer:       /CN=3f273b6861cf7cf4646cc5e04275d6617635f07b
Certificate serial:       018CCA2BD2989B3F333FC5E0382A2A5ADFD4
Authority key identifier: 3F:27:3B:68:61:CF:7C:F4:64:6C:C5:E0:42:75:D6:61:76:35:F0:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/yzWRMncrnhgWEHpfqYWCHdlQIew.roa
Signing time:             Tue 02 Jan 2024 12:35:18 +0000
ROA not before:           Tue 02 Jan 2024 12:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47798
IP address blocks:        94.124.216.0/22 maxlen: 22
                          94.124.216.0/21 maxlen: 21
                          94.124.220.0/22 maxlen: 22
                          109.203.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d2:98:9b:3f:33:3f:c5:e0:38:2a:2a:5a:df:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f273b6861cf7cf4646cc5e04275d6617635f07b
        Validity
            Not Before: Jan  2 12:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb359132772b9e1816107a5fa985821dd95021ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:27:a7:3f:6a:13:8c:4e:66:ce:ca:a3:db:f2:
                    aa:b6:50:b7:dd:25:95:91:db:08:43:5b:4a:79:5e:
                    20:b1:5c:b0:e8:f3:1e:60:4d:dd:5e:b5:75:01:d1:
                    57:58:fa:86:e6:fa:0c:c6:e1:7a:7e:2e:1b:1a:87:
                    42:47:9d:b5:78:57:4f:da:bf:bb:1c:90:b0:76:c3:
                    91:8f:5f:9b:e2:42:71:56:5a:76:92:19:e9:ba:81:
                    f2:d0:58:ef:55:53:bd:8f:94:71:ad:7b:6f:ad:30:
                    4e:5d:86:f6:ac:33:d4:d0:5d:17:52:6d:61:06:fc:
                    54:df:75:9e:3e:12:74:77:28:1c:48:c3:47:0b:37:
                    c1:0d:ea:2d:8d:cb:fd:15:42:9a:e3:ce:f2:a3:98:
                    38:a4:2e:f9:0c:bd:cc:08:73:38:6a:cc:4c:9a:92:
                    ed:a8:94:fe:12:98:c8:9c:75:ad:9b:68:37:dc:2d:
                    c1:13:ef:f1:50:36:69:24:fa:1a:3d:d9:b8:bc:ba:
                    bd:36:30:fd:93:2d:51:68:96:a5:2c:5f:b3:40:cb:
                    b6:62:fb:75:74:7d:ca:bb:28:f5:25:3d:16:22:12:
                    66:fe:5f:a4:c0:fe:04:68:79:f1:c1:4b:e0:ec:21:
                    7b:41:88:e8:30:f4:28:f7:f6:1f:ef:33:25:d0:0d:
                    9e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:35:91:32:77:2B:9E:18:16:10:7A:5F:A9:85:82:1D:D9:50:21:EC
            X509v3 Authority Key Identifier:
                keyid:3F:27:3B:68:61:CF:7C:F4:64:6C:C5:E0:42:75:D6:61:76:35:F0:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/yzWRMncrnhgWEHpfqYWCHdlQIew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.216.0/21
                  109.203.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1c:92:75:b5:8b:8e:f9:f3:bb:74:0e:62:eb:4c:54:fc:4b:32:
         d6:eb:59:01:70:0c:2a:1f:9e:cc:fe:34:ea:e0:91:51:32:e7:
         20:9a:8e:a8:dd:15:22:04:16:0d:bd:41:ef:27:2c:ef:02:6a:
         80:6c:15:71:93:51:0c:1d:f4:e3:6d:7c:44:06:2d:92:70:cc:
         8f:52:48:9f:80:fa:4f:97:3a:14:75:46:4d:78:bc:27:78:90:
         21:2c:f8:c6:cd:5e:70:45:73:da:8f:c6:36:19:fa:4c:08:c0:
         af:03:9b:6a:a8:db:92:8e:12:49:74:85:d6:53:7b:f1:4d:fb:
         98:b3:b6:0b:86:b6:09:e4:3b:10:1d:0e:2f:9e:1e:77:fe:b9:
         c2:b5:7c:95:8f:a1:90:e3:39:4b:44:57:44:9c:0e:86:2b:8d:
         3f:26:3c:51:b4:3c:77:70:e1:0d:3b:59:17:56:45:82:94:b2:
         bb:c9:50:01:32:1e:b6:ea:2c:0d:d2:7f:91:8a:fd:dd:aa:c6:
         ca:d2:a9:4c:ac:3f:b2:40:eb:9d:90:76:68:aa:0a:96:3c:95:
         06:a5:c6:ce:b4:22:d7:3e:17:fa:a9:c6:7e:77:3a:c7:f2:36:
         6b:c1:b4:a2:be:52:c3:c8:17:38:5c:01:6c:a9:6c:b2:9d:87:
         e5:9c:8c:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK9KYmz8zP8XgOCoqWt/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjczYjY4NjFjZjdjZjQ2NDZjYzVlMDQyNzVkNjYxNzYz
NWYwN2IwHhcNMjQwMTAyMTIzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjM1OTEzMjc3MmI5ZTE4MTYxMDdhNWZhOTg1ODIxZGQ5NTAyMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCenP2oTjE5mzsqj2/KqtlC33SWV
kdsIQ1tKeV4gsVyw6PMeYE3dXrV1AdFXWPqG5voMxuF6fi4bGodCR521eFdP2r+7
HJCwdsORj1+b4kJxVlp2khnpuoHy0FjvVVO9j5RxrXtvrTBOXYb2rDPU0F0XUm1h
BvxU33WePhJ0dygcSMNHCzfBDeotjcv9FUKa487yo5g4pC75DL3MCHM4asxMmpLt
qJT+EpjInHWtm2g33C3BE+/xUDZpJPoaPdm4vLq9NjD9ky1RaJalLF+zQMu2Yvt1
dH3Kuyj1JT0WIhJm/l+kwP4EaHnxwUvg7CF7QYjoMPQo9/Yf7zMl0A2e1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMs1kTJ3K54YFhB6X6mFgh3ZUCHsMB8GA1UdIwQY
MBaAFD8nO2hhz3z0ZGzF4EJ11mF2NfB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHljN2FHSFBmUFJrYk1YZ1FuWFdZWFkxOEhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83NTQ2NWYtNjc5Ny00MTQxLWI5NjEt
OGI3YzU3YzU2MjE1LzEveXpXUk1uY3JuaGdXRUhwZnFZV0NIZGxRSWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83NTQ2NWYtNjc5Ny00MTQxLWI5NjEtOGI3YzU3YzU2MjE1
LzEvUHljN2FHSFBmUFJrYk1YZ1FuWFdZWFkxOEhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXnzYAwQF
bcvgMA0GCSqGSIb3DQEBCwUAA4IBAQAcknW1i47587t0DmLrTFT8SzLW61kBcAwq
H57M/jTq4JFRMucgmo6o3RUiBBYNvUHvJyzvAmqAbBVxk1EMHfTjbXxEBi2ScMyP
UkifgPpPlzoUdUZNeLwneJAhLPjGzV5wRXPaj8Y2GfpMCMCvA5tqqNuSjhJJdIXW
U3vxTfuYs7YLhrYJ5DsQHQ4vnh53/rnCtXyVj6GQ4zlLRFdEnA6GK40/JjxRtDx3
cOENO1kXVkWClLK7yVABMh626iwN0n+Riv3dqsbK0qlMrD+yQOudkHZoqgqWPJUG
pcbOtCLXPhf6qcZ+dzrH8jZrwbSivlLDyBc4XAFsqWyynYflnIx/
-----END CERTIFICATE-----