Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/Yp56FONBGOQSX3T0s6VQvQ7_ILg.roa
File:                     Yp56FONBGOQSX3T0s6VQvQ7_ILg.roa (raw, json)
Hash identifier:          Y1SjFvgwwVJz78xigK+kqjYU8zcaVkgvWxWJnZ2scFw=
Subject key identifier:   62:9E:7A:14:E3:41:18:E4:12:5F:74:F4:B3:A5:50:BD:0E:FF:20:B8
Certificate issuer:       /CN=0a77196340d2144b8ca7b0778984bb04bc1cb378
Certificate serial:       018CC349166186E1C4C6C566325FC57621E4
Authority key identifier: 0A:77:19:63:40:D2:14:4B:8C:A7:B0:77:89:84:BB:04:BC:1C:B3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/Yp56FONBGOQSX3T0s6VQvQ7_ILg.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21140
IP address blocks:        185.212.90.0/24 maxlen: 24
                          185.212.88.0/23 maxlen: 23
                          185.212.91.0/24 maxlen: 24
                          2a0b:7540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:16:61:86:e1:c4:c6:c5:66:32:5f:c5:76:21:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a77196340d2144b8ca7b0778984bb04bc1cb378
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=629e7a14e34118e4125f74f4b3a550bd0eff20b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7a:e5:d7:97:1b:38:7b:97:f1:47:81:05:31:
                    63:6f:83:54:7d:10:d5:35:9d:a7:10:d8:1f:9b:79:
                    34:93:0e:48:87:32:76:0b:9b:3d:fa:a9:c1:02:ed:
                    a9:31:43:28:03:6e:75:40:cd:bc:78:8a:7f:46:8c:
                    b6:30:3f:2a:71:88:f7:e4:03:b9:ce:03:30:14:ae:
                    55:2e:90:5e:fc:f4:92:25:9e:5c:d4:77:ed:47:c9:
                    ed:62:43:01:9d:3b:3f:6e:81:1d:cd:92:be:0b:eb:
                    f7:83:b1:c4:79:c9:59:15:0c:37:b7:e2:f3:9d:98:
                    d1:b7:6a:bb:bc:50:c7:79:c1:28:ae:f7:35:90:ae:
                    fb:e0:4e:c8:2f:3d:bc:9b:93:df:ba:53:f6:7d:d1:
                    01:67:d4:f8:f1:3a:a0:23:33:95:d4:9c:82:e9:5d:
                    ec:29:84:2a:9f:4e:ef:b4:22:94:0d:4a:86:c8:e6:
                    e3:80:f8:15:b4:20:a0:fa:8f:56:90:ef:a1:96:3d:
                    db:51:0d:82:b3:b4:53:5f:ee:03:c9:c9:49:ec:a0:
                    30:c6:a7:06:81:a7:e5:a1:c1:e3:e2:83:a7:e6:99:
                    84:7a:3e:c1:f9:de:ed:49:14:0b:ac:d9:14:b7:f0:
                    e5:96:c8:0e:7d:bb:e7:f8:21:b9:33:3e:77:cd:56:
                    11:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:9E:7A:14:E3:41:18:E4:12:5F:74:F4:B3:A5:50:BD:0E:FF:20:B8
            X509v3 Authority Key Identifier:
                keyid:0A:77:19:63:40:D2:14:4B:8C:A7:B0:77:89:84:BB:04:BC:1C:B3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/Yp56FONBGOQSX3T0s6VQvQ7_ILg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.88.0/22
                IPv6:
                  2a0b:7540::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:55:2b:a4:3b:35:b0:62:21:a9:8b:77:ec:04:3a:ad:7e:66:
         0a:4f:dd:62:40:b1:75:52:d5:0a:bf:a9:60:c0:6c:a4:51:d5:
         fe:4c:a5:4c:fe:ad:a2:40:d7:ec:f5:e4:e7:37:d3:71:8f:ae:
         f5:50:1f:c6:6c:01:79:7f:94:53:35:f3:cb:f4:e8:04:cb:b7:
         95:47:50:23:11:20:91:6c:94:15:f5:d5:ba:a8:25:a2:70:de:
         b9:fb:c0:77:61:0d:91:f0:dd:c2:8d:b4:eb:ab:b2:47:3c:bc:
         c6:d9:c3:6a:37:e3:9c:ac:88:7f:fe:ad:b5:58:c3:29:aa:61:
         52:3d:44:e2:29:e9:30:18:95:d6:5d:6b:05:98:21:60:f3:fb:
         4f:0c:ee:d4:c2:54:4d:09:23:6a:ed:21:47:00:0f:da:27:df:
         0f:fb:cc:21:23:0e:f6:03:28:4e:30:55:bc:de:4f:4b:01:e7:
         45:11:da:ca:fb:49:ab:c5:bf:98:d2:de:ac:31:d0:94:fc:45:
         0d:43:8f:2f:a1:9f:9a:b1:eb:f8:70:0c:91:63:74:e0:9d:5a:
         e3:a0:ff:63:e3:a0:b8:4d:1f:63:01:e2:0d:70:7a:78:f1:26:
         29:80:57:e3:ee:b9:e1:8b:d7:a8:25:04:3a:01:21:22:3a:af:
         56:8d:be:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSRZhhuHExsVmMl/FdiHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzcxOTYzNDBkMjE0NGI4Y2E3YjA3Nzg5ODRiYjA0YmMx
Y2IzNzgwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjllN2ExNGUzNDExOGU0MTI1Zjc0ZjRiM2E1NTBiZDBlZmYyMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3rl15cbOHuX8UeBBTFjb4NUfRDV
NZ2nENgfm3k0kw5IhzJ2C5s9+qnBAu2pMUMoA251QM28eIp/Roy2MD8qcYj35AO5
zgMwFK5VLpBe/PSSJZ5c1HftR8ntYkMBnTs/boEdzZK+C+v3g7HEeclZFQw3t+Lz
nZjRt2q7vFDHecEorvc1kK774E7ILz28m5PfulP2fdEBZ9T48TqgIzOV1JyC6V3s
KYQqn07vtCKUDUqGyObjgPgVtCCg+o9WkO+hlj3bUQ2Cs7RTX+4DyclJ7KAwxqcG
gaflocHj4oOn5pmEej7B+d7tSRQLrNkUt/DllsgOfbvn+CG5Mz53zVYR4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGKeehTjQRjkEl909LOlUL0O/yC4MB8GA1UdIwQY
MBaAFAp3GWNA0hRLjKewd4mEuwS8HLN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25jWlkwRFNGRXVNcDdCM2lZUzdCTHdjczNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80OTg5YmEtOWFmMy00ZTNkLTg0NWQt
ZWI5NzcxNjRhN2U0LzEvWXA1NkZPTkJHT1FTWDNUMHM2VlF2UTdfSUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80OTg5YmEtOWFmMy00ZTNkLTg0NWQtZWI5NzcxNjRhN2U0
LzEvQ25jWlkwRFNGRXVNcDdCM2lZUzdCTHdjczNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudRYMA0E
AgACMAcDBQMqC3VAMA0GCSqGSIb3DQEBCwUAA4IBAQAvVSukOzWwYiGpi3fsBDqt
fmYKT91iQLF1UtUKv6lgwGykUdX+TKVM/q2iQNfs9eTnN9Nxj671UB/GbAF5f5RT
NfPL9OgEy7eVR1AjESCRbJQV9dW6qCWicN65+8B3YQ2R8N3CjbTrq7JHPLzG2cNq
N+OcrIh//q21WMMpqmFSPUTiKekwGJXWXWsFmCFg8/tPDO7UwlRNCSNq7SFHAA/a
J98P+8whIw72AyhOMFW83k9LAedFEdrK+0mrxb+Y0t6sMdCU/EUNQ48voZ+asev4
cAyRY3TgnVrjoP9j46C4TR9jAeINcHp48SYpgFfj7rnhi9eoJQQ6ASEiOq9Wjb7v
-----END CERTIFICATE-----