Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/322cde-5d75-4f50-a945-8f59a3910bdd/1/TyEVQPjtLZdwqpcf_Lb2kSy5yf8.roa
File:                     TyEVQPjtLZdwqpcf_Lb2kSy5yf8.roa (raw, json)
Hash identifier:          XzEcSdxZaRqLkcPwz8tPAyxID3EkrfCJQXCPFgAywzA=
Subject key identifier:   4F:21:15:40:F8:ED:2D:97:70:AA:97:1F:FC:B6:F6:91:2C:B9:C9:FF
Certificate issuer:       /CN=2a8bdc9c127fb718e240dfb2756f5202036fe3d5
Certificate serial:       018CC94BDE23F2AFE242F9A60DEA4E976119
Authority key identifier: 2A:8B:DC:9C:12:7F:B7:18:E2:40:DF:B2:75:6F:52:02:03:6F:E3:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KovcnBJ_txjiQN-ydW9SAgNv49U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/322cde-5d75-4f50-a945-8f59a3910bdd/1/TyEVQPjtLZdwqpcf_Lb2kSy5yf8.roa
Signing time:             Tue 02 Jan 2024 08:30:41 +0000
ROA not before:           Tue 02 Jan 2024 08:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207390
IP address blocks:        185.151.248.0/22 maxlen: 22
                          2a07:7840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/322cde-5d75-4f50-a945-8f59a3910bdd/1/KovcnBJ_txjiQN-ydW9SAgNv49U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/322cde-5d75-4f50-a945-8f59a3910bdd/1/KovcnBJ_txjiQN-ydW9SAgNv49U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KovcnBJ_txjiQN-ydW9SAgNv49U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:de:23:f2:af:e2:42:f9:a6:0d:ea:4e:97:61:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a8bdc9c127fb718e240dfb2756f5202036fe3d5
        Validity
            Not Before: Jan  2 08:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f211540f8ed2d9770aa971ffcb6f6912cb9c9ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:fe:78:87:25:a4:4e:c0:71:eb:55:a5:df:
                    9e:df:b2:2b:0d:33:c7:a7:11:35:6d:8d:dd:c6:fc:
                    ec:c2:ef:e5:9f:06:73:32:e5:a1:34:3f:0c:56:0f:
                    e2:3e:42:aa:0c:f3:59:bb:90:17:dc:a3:84:ce:c7:
                    44:24:9c:f9:9c:77:62:bd:2f:e7:67:39:d7:b8:e6:
                    2d:16:29:32:57:f8:36:fb:75:8d:2b:eb:6a:50:09:
                    4c:ed:de:77:df:c3:77:33:c3:a0:06:58:4a:f4:0b:
                    a3:8f:dd:8d:06:4c:f7:3d:a5:dd:90:c0:33:d5:cb:
                    c3:da:0e:0f:1a:77:bb:f3:1a:17:c3:8c:f4:86:f9:
                    04:19:d7:80:a1:0b:48:0f:54:0e:fe:f1:ed:59:dc:
                    f1:f1:7f:8e:d7:52:ee:85:da:68:0d:7f:b3:89:2e:
                    ec:76:dd:77:ff:f2:4d:58:25:42:6f:f7:15:00:6c:
                    4b:b4:9d:fd:db:53:2d:6d:0d:64:27:95:ad:ed:b3:
                    7e:c6:7f:0a:29:00:71:49:82:09:ff:79:a7:c0:08:
                    ef:48:82:02:53:80:9c:70:62:48:dd:65:49:a8:bc:
                    c7:30:d9:97:1b:40:a2:55:93:34:cd:60:0a:1c:65:
                    a7:2b:2c:9f:60:83:d6:f8:38:26:20:bd:74:3b:b8:
                    d2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:21:15:40:F8:ED:2D:97:70:AA:97:1F:FC:B6:F6:91:2C:B9:C9:FF
            X509v3 Authority Key Identifier:
                keyid:2A:8B:DC:9C:12:7F:B7:18:E2:40:DF:B2:75:6F:52:02:03:6F:E3:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KovcnBJ_txjiQN-ydW9SAgNv49U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/322cde-5d75-4f50-a945-8f59a3910bdd/1/TyEVQPjtLZdwqpcf_Lb2kSy5yf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/322cde-5d75-4f50-a945-8f59a3910bdd/1/KovcnBJ_txjiQN-ydW9SAgNv49U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.248.0/22
                IPv6:
                  2a07:7840::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:8c:6a:96:c1:e3:5e:d0:cb:ab:23:bb:1d:ab:a0:af:90:0c:
         3c:d5:fe:c3:d3:6e:dd:5f:9a:bb:fe:e2:4b:4b:a7:c3:d0:24:
         e8:44:b6:93:77:63:ef:78:a2:fd:91:f1:76:6e:dc:33:27:2f:
         5e:65:4e:fa:06:88:c4:0b:55:f6:1c:9f:52:69:4b:49:5a:08:
         28:b4:32:c4:2d:01:e8:4b:3f:5c:f9:4f:c5:f6:01:2a:b2:01:
         1c:22:a6:bf:01:89:06:cb:db:5c:75:4b:1f:ae:88:32:3b:53:
         42:c8:fe:dc:89:94:85:59:3f:de:bb:fc:2a:bd:1e:fd:67:76:
         64:79:ac:aa:88:1f:f5:c9:92:19:a6:e2:06:cc:de:a2:c9:64:
         6e:1a:62:38:bc:70:d2:a3:b2:0f:a2:26:d4:bf:f0:8b:11:e2:
         80:b0:0c:bb:5d:50:52:eb:dd:3f:5c:9a:6a:0f:50:5c:84:ab:
         da:6e:4f:d5:25:ea:43:fd:32:cb:ad:ab:94:6d:c1:ea:69:f1:
         46:79:df:6e:df:9f:7a:ba:fe:85:06:45:37:4a:6d:39:f5:ce:
         b4:2b:51:43:74:2c:50:02:8a:b9:4c:3c:7b:8c:b3:6b:e8:0d:
         30:38:0c:de:d9:16:65:5f:81:ee:c4:4f:6b:41:a7:49:7f:06:
         dc:6a:ae:dd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJS94j8q/iQvmmDepOl2EZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOGJkYzljMTI3ZmI3MThlMjQwZGZiMjc1NmY1MjAyMDM2
ZmUzZDUwHhcNMjQwMTAyMDgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjIxMTU0MGY4ZWQyZDk3NzBhYTk3MWZmY2I2ZjY5MTJjYjljOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimX+eIclpE7AcetVpd+e37IrDTPH
pxE1bY3dxvzswu/lnwZzMuWhND8MVg/iPkKqDPNZu5AX3KOEzsdEJJz5nHdivS/n
ZznXuOYtFikyV/g2+3WNK+tqUAlM7d5338N3M8OgBlhK9Aujj92NBkz3PaXdkMAz
1cvD2g4PGne78xoXw4z0hvkEGdeAoQtID1QO/vHtWdzx8X+O11LuhdpoDX+ziS7s
dt13//JNWCVCb/cVAGxLtJ3921MtbQ1kJ5Wt7bN+xn8KKQBxSYIJ/3mnwAjvSIIC
U4CccGJI3WVJqLzHMNmXG0CiVZM0zWAKHGWnKyyfYIPW+DgmIL10O7jS6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE8hFUD47S2XcKqXH/y29pEsucn/MB8GA1UdIwQY
MBaAFCqL3JwSf7cY4kDfsnVvUgIDb+PVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS292Y25CSl90eGppUU4teWRXOVNBZ052NDlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8zMjJjZGUtNWQ3NS00ZjUwLWE5NDUt
OGY1OWEzOTEwYmRkLzEvVHlFVlFQanRMWmR3cXBjZl9MYjJrU3k1eWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8zMjJjZGUtNWQ3NS00ZjUwLWE5NDUtOGY1OWEzOTEwYmRk
LzEvS292Y25CSl90eGppUU4teWRXOVNBZ052NDlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZf4MA0E
AgACMAcDBQMqB3hAMA0GCSqGSIb3DQEBCwUAA4IBAQAGjGqWweNe0MurI7sdq6Cv
kAw81f7D027dX5q7/uJLS6fD0CToRLaTd2PveKL9kfF2btwzJy9eZU76BojEC1X2
HJ9SaUtJWggotDLELQHoSz9c+U/F9gEqsgEcIqa/AYkGy9tcdUsfrogyO1NCyP7c
iZSFWT/eu/wqvR79Z3ZkeayqiB/1yZIZpuIGzN6iyWRuGmI4vHDSo7IPoibUv/CL
EeKAsAy7XVBS690/XJpqD1BchKvabk/VJepD/TLLrauUbcHqafFGed9u3596uv6F
BkU3Sm059c60K1FDdCxQAoq5TDx7jLNr6A0wOAze2RZlX4HuxE9rQadJfwbcaq7d
-----END CERTIFICATE-----