Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/06be8f-a265-426a-aa0a-e479c6b9ff2b/1/Kyfpr5aT55DL-bLo16uBNrjAqHc.roa
File:                     Kyfpr5aT55DL-bLo16uBNrjAqHc.roa (raw, json)
Hash identifier:          v7cyTheKoZ6JUxQD0pgosWJVuOPNM7ltYjLsCX7DGKs=
Subject key identifier:   2B:27:E9:AF:96:93:E7:90:CB:F9:B2:E8:D7:AB:81:36:B8:C0:A8:77
Certificate issuer:       /CN=2e67f3e4e1977abe98ccb20ca1afa858f1e6681c
Certificate serial:       018CC9BB483C3ACB118F2DEC53036703A282
Authority key identifier: 2E:67:F3:E4:E1:97:7A:BE:98:CC:B2:0C:A1:AF:A8:58:F1:E6:68:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lmfz5OGXer6YzLIMoa-oWPHmaBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/06be8f-a265-426a-aa0a-e479c6b9ff2b/1/Kyfpr5aT55DL-bLo16uBNrjAqHc.roa
Signing time:             Tue 02 Jan 2024 10:32:23 +0000
ROA not before:           Tue 02 Jan 2024 10:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59989
IP address blocks:        185.82.33.0/24 maxlen: 24
                          185.82.35.0/24 maxlen: 24
                          185.82.32.0/24 maxlen: 24
                          185.82.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/06be8f-a265-426a-aa0a-e479c6b9ff2b/1/Lmfz5OGXer6YzLIMoa-oWPHmaBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/06be8f-a265-426a-aa0a-e479c6b9ff2b/1/Lmfz5OGXer6YzLIMoa-oWPHmaBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lmfz5OGXer6YzLIMoa-oWPHmaBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:48:3c:3a:cb:11:8f:2d:ec:53:03:67:03:a2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e67f3e4e1977abe98ccb20ca1afa858f1e6681c
        Validity
            Not Before: Jan  2 10:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b27e9af9693e790cbf9b2e8d7ab8136b8c0a877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e5:31:d9:26:46:0b:6d:28:88:06:ca:93:8f:
                    b5:0c:8a:c5:cf:cb:a8:5b:16:3c:dd:85:03:75:be:
                    50:2b:2d:f0:0b:08:b3:09:36:f1:30:18:a8:24:c8:
                    34:aa:61:a8:0b:f6:2d:88:7c:00:43:59:75:d1:52:
                    0e:31:5f:5d:60:3b:62:a1:09:a0:9c:0d:c1:0d:82:
                    d7:14:c6:f5:1e:29:fd:89:11:7c:bf:1c:c0:2d:e0:
                    1a:1a:1b:3a:f3:20:13:a0:2b:19:87:af:dc:96:8f:
                    fe:33:59:a7:8c:f6:18:83:a4:03:d3:ec:03:72:bd:
                    35:9b:94:8b:5b:85:cd:75:c6:d1:7e:9d:9a:20:94:
                    53:7d:8a:dc:65:f4:b3:3b:c3:61:a8:90:b8:bc:98:
                    37:fa:26:45:6f:f6:ec:9a:9d:1c:40:b6:08:90:5b:
                    ce:58:7f:d1:ad:81:d7:44:cb:8a:86:56:82:eb:fd:
                    43:2a:3e:4c:16:03:fa:57:c6:14:87:3c:f1:79:7a:
                    8c:46:41:c7:97:cc:e1:8b:7f:2c:9c:02:1a:66:b7:
                    1a:f4:b8:a8:f1:cb:49:3a:1c:f1:47:43:88:3b:33:
                    60:c4:b2:0a:ca:08:4c:e2:22:2f:9d:13:12:ff:27:
                    e1:b3:00:e4:6c:3b:90:c5:26:8b:75:c1:a0:c9:bd:
                    f8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:27:E9:AF:96:93:E7:90:CB:F9:B2:E8:D7:AB:81:36:B8:C0:A8:77
            X509v3 Authority Key Identifier:
                keyid:2E:67:F3:E4:E1:97:7A:BE:98:CC:B2:0C:A1:AF:A8:58:F1:E6:68:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lmfz5OGXer6YzLIMoa-oWPHmaBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/06be8f-a265-426a-aa0a-e479c6b9ff2b/1/Kyfpr5aT55DL-bLo16uBNrjAqHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/06be8f-a265-426a-aa0a-e479c6b9ff2b/1/Lmfz5OGXer6YzLIMoa-oWPHmaBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:0f:73:86:a8:4a:3c:1d:ca:63:37:8f:12:d5:db:53:f1:72:
         4d:c2:89:26:34:47:5a:72:4f:77:9e:8d:5c:db:fd:6a:27:92:
         a4:2f:7b:25:44:d6:07:1b:e0:af:a8:00:f6:94:31:63:aa:51:
         1f:dd:fa:7f:3a:69:18:27:f2:f8:bf:42:1c:00:30:45:8c:89:
         21:e4:0f:6d:f0:80:7d:5e:d6:8f:f4:34:df:8b:ff:72:8e:cd:
         42:f3:15:31:f1:1d:c5:b7:29:48:f0:5b:41:a3:20:af:67:1f:
         3a:4a:ba:83:5f:30:42:3b:60:20:a0:b7:2f:48:00:e5:65:80:
         62:68:5f:70:9b:cd:68:ec:01:81:61:a8:a7:5c:8b:6c:9a:86:
         d8:dc:f1:87:59:87:ce:77:49:2d:2a:8e:79:37:97:c8:d1:4a:
         1a:e0:b0:51:26:22:1f:60:fd:6d:b3:ba:a3:f4:b3:ae:70:bc:
         c6:4c:c6:98:d7:b2:30:8c:19:59:d0:85:a4:36:35:d9:86:be:
         f4:80:1f:4d:2b:d7:c1:99:39:98:53:ab:37:9a:18:1b:5f:a5:
         57:a1:f0:22:d6:fd:aa:91:b2:bf:ae:20:53:85:83:14:a6:cf:
         66:a9:c0:3b:20:e1:43:d6:40:24:45:91:b0:15:37:40:f6:a5:
         d7:2f:26:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu0g8OssRjy3sUwNnA6KCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNjdmM2U0ZTE5NzdhYmU5OGNjYjIwY2ExYWZhODU4ZjFl
NjY4MWMwHhcNMjQwMTAyMTAzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjI3ZTlhZjk2OTNlNzkwY2JmOWIyZThkN2FiODEzNmI4YzBhODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheUx2SZGC20oiAbKk4+1DIrFz8uo
WxY83YUDdb5QKy3wCwizCTbxMBioJMg0qmGoC/YtiHwAQ1l10VIOMV9dYDtioQmg
nA3BDYLXFMb1Hin9iRF8vxzALeAaGhs68yAToCsZh6/clo/+M1mnjPYYg6QD0+wD
cr01m5SLW4XNdcbRfp2aIJRTfYrcZfSzO8NhqJC4vJg3+iZFb/bsmp0cQLYIkFvO
WH/RrYHXRMuKhlaC6/1DKj5MFgP6V8YUhzzxeXqMRkHHl8zhi38snAIaZrca9Lio
8ctJOhzxR0OIOzNgxLIKyghM4iIvnRMS/yfhswDkbDuQxSaLdcGgyb34BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsn6a+Wk+eQy/my6NergTa4wKh3MB8GA1UdIwQY
MBaAFC5n8+Thl3q+mMyyDKGvqFjx5mgcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1mejVPR1hlcjZZekxJTW9hLW9XUEhtYUJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wNmJlOGYtYTI2NS00MjZhLWFhMGEt
ZTQ3OWM2YjlmZjJiLzEvS3lmcHI1YVQ1NURMLWJMbzE2dUJOcmpBcUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wNmJlOGYtYTI2NS00MjZhLWFhMGEtZTQ3OWM2YjlmZjJi
LzEvTG1mejVPR1hlcjZZekxJTW9hLW9XUEhtYUJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVIgMA0G
CSqGSIb3DQEBCwUAA4IBAQAVD3OGqEo8HcpjN48S1dtT8XJNwokmNEdack93no1c
2/1qJ5KkL3slRNYHG+CvqAD2lDFjqlEf3fp/OmkYJ/L4v0IcADBFjIkh5A9t8IB9
XtaP9DTfi/9yjs1C8xUx8R3FtylI8FtBoyCvZx86SrqDXzBCO2AgoLcvSADlZYBi
aF9wm81o7AGBYainXItsmobY3PGHWYfOd0ktKo55N5fI0Uoa4LBRJiIfYP1ts7qj
9LOucLzGTMaY17IwjBlZ0IWkNjXZhr70gB9NK9fBmTmYU6s3mhgbX6VXofAi1v2q
kbK/riBThYMUps9mqcA7IOFD1kAkRZGwFTdA9qXXLyb6
-----END CERTIFICATE-----