Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/d6eafb-b329-4e12-825c-eb5b9a7da86b/1/LyJQYW-HRHOciT-t3zzt2mtKvqo.roa
File:                     LyJQYW-HRHOciT-t3zzt2mtKvqo.roa (raw, json)
Hash identifier:          hA/DgIKeeSXSTUSUNkruxjP/YBMVAxilDv/z/u3aUeM=
Subject key identifier:   2F:22:50:61:6F:87:44:73:9C:89:3F:AD:DF:3C:ED:DA:6B:4A:BE:AA
Certificate issuer:       /CN=c972aaec8733d45f7a0003510180b4ae2d4bbe8e
Certificate serial:       018CC5DC45EE371A73F37C261BDA9F95F013
Authority key identifier: C9:72:AA:EC:87:33:D4:5F:7A:00:03:51:01:80:B4:AE:2D:4B:BE:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yXKq7Icz1F96AANRAYC0ri1Lvo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/d6eafb-b329-4e12-825c-eb5b9a7da86b/1/LyJQYW-HRHOciT-t3zzt2mtKvqo.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208103
IP address blocks:        185.182.181.0/24 maxlen: 24
                          185.182.180.0/24 maxlen: 24
                          185.182.183.0/24 maxlen: 24
                          185.182.180.0/22 maxlen: 22
                          185.182.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/d6eafb-b329-4e12-825c-eb5b9a7da86b/1/yXKq7Icz1F96AANRAYC0ri1Lvo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/d6eafb-b329-4e12-825c-eb5b9a7da86b/1/yXKq7Icz1F96AANRAYC0ri1Lvo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yXKq7Icz1F96AANRAYC0ri1Lvo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:45:ee:37:1a:73:f3:7c:26:1b:da:9f:95:f0:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c972aaec8733d45f7a0003510180b4ae2d4bbe8e
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f2250616f8744739c893faddf3cedda6b4abeaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f5:80:e0:7c:e4:fb:f6:b1:aa:06:c2:4b:fa:
                    04:19:ab:d4:bf:4b:47:42:fa:a5:aa:d9:75:06:bf:
                    79:8e:65:52:d2:92:20:1d:4b:b6:44:5f:b0:f7:1c:
                    62:df:8b:3b:04:05:b0:0d:64:ec:48:63:19:44:f5:
                    da:0f:cf:85:44:f3:42:75:35:0c:85:1f:82:07:10:
                    ce:d6:79:13:7a:00:bc:7e:f2:38:89:82:5c:78:6f:
                    ac:24:3d:82:c8:3e:2f:37:bc:f1:44:9b:99:49:a3:
                    35:48:ed:14:fd:ff:aa:8b:d8:a3:a3:65:01:1c:58:
                    88:d4:b2:58:24:b4:8e:4d:84:d9:03:8d:69:9c:7e:
                    c5:b3:fb:55:b7:4f:59:4b:99:4e:5e:16:9c:f5:83:
                    82:8e:4a:1c:be:81:65:01:d3:18:2d:ff:3e:00:02:
                    31:a4:e2:44:1e:3d:b1:03:a4:11:c5:a4:c6:03:01:
                    7a:81:b6:a5:91:2e:49:7b:e0:0e:9c:fe:45:a8:1d:
                    3a:99:7f:c2:04:f1:17:95:a3:2c:83:0f:30:e2:8c:
                    d0:4d:0a:5d:aa:c1:6c:c8:4a:ac:29:3a:a7:75:f1:
                    0d:fd:2a:d9:60:01:8f:9d:54:1a:09:53:4c:72:fe:
                    36:82:04:3e:9d:81:3b:91:be:90:c7:18:9a:3b:c6:
                    e7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:22:50:61:6F:87:44:73:9C:89:3F:AD:DF:3C:ED:DA:6B:4A:BE:AA
            X509v3 Authority Key Identifier:
                keyid:C9:72:AA:EC:87:33:D4:5F:7A:00:03:51:01:80:B4:AE:2D:4B:BE:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yXKq7Icz1F96AANRAYC0ri1Lvo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/d6eafb-b329-4e12-825c-eb5b9a7da86b/1/LyJQYW-HRHOciT-t3zzt2mtKvqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/d6eafb-b329-4e12-825c-eb5b9a7da86b/1/yXKq7Icz1F96AANRAYC0ri1Lvo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:ac:ec:f9:c7:75:5a:fe:2a:fb:de:d6:c6:fd:20:4f:b4:7f:
         0f:c4:f6:01:28:d9:02:bd:67:77:31:5f:cb:ea:6f:d5:e8:2c:
         1b:2b:d7:92:bf:a9:ee:63:c1:76:be:b7:17:4a:d7:6c:9c:59:
         50:80:f2:fe:5f:a8:97:a2:21:47:cc:cd:70:33:68:51:95:23:
         d8:1d:1f:56:f8:e9:ea:70:c4:74:35:1f:22:1c:46:7a:55:fb:
         7f:34:ad:cf:5c:02:24:eb:f8:0e:a9:8d:e7:68:d0:21:f9:8d:
         9b:6a:e1:ec:fe:4e:dd:19:27:b1:e8:e9:7f:b6:b7:d5:60:8f:
         7f:66:7e:03:ae:de:96:b6:8b:c7:26:c2:17:38:64:b7:6f:ae:
         56:f3:ee:1a:a6:cc:ff:4d:8c:ad:e7:be:39:bf:40:ee:2a:e6:
         2f:b7:da:ea:a8:44:15:34:fb:54:41:9a:e3:24:05:4d:7d:fe:
         7a:3f:f8:38:44:df:b1:43:53:67:8b:93:52:95:1e:74:82:56:
         8a:cb:76:2a:aa:d2:97:d3:43:f2:ad:3d:13:31:d4:5a:c2:d2:
         79:f8:6d:2d:6e:cd:8d:cd:64:1f:83:4e:3c:d1:9d:d1:06:06:
         85:28:01:3b:f0:08:a9:12:ed:64:cf:82:aa:2c:0f:05:5c:1b:
         cf:97:77:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EXuNxpz83wmG9qflfATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NzJhYWVjODczM2Q0NWY3YTAwMDM1MTAxODBiNGFlMmQ0
YmJlOGUwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjIyNTA2MTZmODc0NDczOWM4OTNmYWRkZjNjZWRkYTZiNGFiZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/WA4Hzk+/axqgbCS/oEGavUv0tH
Qvqlqtl1Br95jmVS0pIgHUu2RF+w9xxi34s7BAWwDWTsSGMZRPXaD8+FRPNCdTUM
hR+CBxDO1nkTegC8fvI4iYJceG+sJD2CyD4vN7zxRJuZSaM1SO0U/f+qi9ijo2UB
HFiI1LJYJLSOTYTZA41pnH7Fs/tVt09ZS5lOXhac9YOCjkocvoFlAdMYLf8+AAIx
pOJEHj2xA6QRxaTGAwF6gbalkS5Je+AOnP5FqB06mX/CBPEXlaMsgw8w4ozQTQpd
qsFsyEqsKTqndfEN/SrZYAGPnVQaCVNMcv42ggQ+nYE7kb6QxxiaO8bnlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8iUGFvh0RznIk/rd887dprSr6qMB8GA1UdIwQY
MBaAFMlyquyHM9RfegADUQGAtK4tS76OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVhLcTdJY3oxRjk2QUFOUkFZQzByaTFMdm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9kNmVhZmItYjMyOS00ZTEyLTgyNWMt
ZWI1YjlhN2RhODZiLzEvTHlKUVlXLUhSSE9jaVQtdDN6enQybXRLdnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9kNmVhZmItYjMyOS00ZTEyLTgyNWMtZWI1YjlhN2RhODZi
LzEveVhLcTdJY3oxRjk2QUFOUkFZQzByaTFMdm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuba0MA0G
CSqGSIb3DQEBCwUAA4IBAQBLrOz5x3Va/ir73tbG/SBPtH8PxPYBKNkCvWd3MV/L
6m/V6CwbK9eSv6nuY8F2vrcXStdsnFlQgPL+X6iXoiFHzM1wM2hRlSPYHR9W+Onq
cMR0NR8iHEZ6Vft/NK3PXAIk6/gOqY3naNAh+Y2bauHs/k7dGSex6Ol/trfVYI9/
Zn4Drt6WtovHJsIXOGS3b65W8+4apsz/TYyt5745v0DuKuYvt9rqqEQVNPtUQZrj
JAVNff56P/g4RN+xQ1Nni5NSlR50glaKy3YqqtKX00PyrT0TMdRawtJ5+G0tbs2N
zWQfg0480Z3RBgaFKAE78AipEu1kz4KqLA8FXBvPl3cZ
-----END CERTIFICATE-----