Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/6ca852-ed4b-41d1-a7b6-84a71cc32d48/1/Yl82_yuABys3Q7OmxfIa5XeJCB4.roa
File:                     Yl82_yuABys3Q7OmxfIa5XeJCB4.roa (raw, json)
Hash identifier:          iqoz8Q7Cd3PNPYhD8f5fjvrRHRSJ8uRYOyW68FCJE2A=
Subject key identifier:   62:5F:36:FF:2B:80:07:2B:37:43:B3:A6:C5:F2:1A:E5:77:89:08:1E
Certificate issuer:       /CN=35e84c063a2180b23f5f6d3162a75b3092f5c18d
Certificate serial:       018CC6B799EC770AC5349640CD15C18AD36B
Authority key identifier: 35:E8:4C:06:3A:21:80:B2:3F:5F:6D:31:62:A7:5B:30:92:F5:C1:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NehMBjohgLI_X20xYqdbMJL1wY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/6ca852-ed4b-41d1-a7b6-84a71cc32d48/1/Yl82_yuABys3Q7OmxfIa5XeJCB4.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201085
IP address blocks:        157.97.136.0/21 maxlen: 21
                          185.86.168.0/22 maxlen: 22
                          2a03:77a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/6ca852-ed4b-41d1-a7b6-84a71cc32d48/1/NehMBjohgLI_X20xYqdbMJL1wY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/6ca852-ed4b-41d1-a7b6-84a71cc32d48/1/NehMBjohgLI_X20xYqdbMJL1wY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NehMBjohgLI_X20xYqdbMJL1wY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:99:ec:77:0a:c5:34:96:40:cd:15:c1:8a:d3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35e84c063a2180b23f5f6d3162a75b3092f5c18d
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=625f36ff2b80072b3743b3a6c5f21ae57789081e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9d:ff:03:da:49:64:b9:d2:0d:86:da:92:d3:
                    65:61:d8:e8:b5:0c:5e:aa:8d:a6:4f:bb:b7:96:5b:
                    08:71:07:63:14:83:93:c2:ad:78:c4:a8:01:d9:30:
                    78:d2:8f:ee:3d:52:0b:9b:73:9b:ed:86:58:78:ba:
                    78:48:f2:93:18:1d:d2:8c:d2:8d:20:ff:63:aa:8b:
                    5e:ae:f6:aa:82:f7:a1:02:ff:94:62:8d:19:00:60:
                    97:e8:d2:75:6a:95:6e:b6:db:0d:2a:fd:73:08:31:
                    fc:98:09:f1:de:05:1f:70:1c:ca:43:7c:8f:a0:3d:
                    06:ca:5c:8e:dd:6b:7b:8f:be:df:e1:6c:f4:42:b2:
                    53:a7:2a:5e:c1:f1:ad:9d:78:cc:f0:ce:eb:f4:94:
                    94:ba:b6:0a:62:fd:85:aa:55:0d:ec:4e:74:e2:35:
                    29:2e:2c:f3:0a:e4:72:02:38:9c:f2:72:aa:b0:b5:
                    dd:06:ef:40:a0:ad:48:d2:c1:28:1c:a1:5b:76:be:
                    4b:ce:47:6b:56:f3:dd:f4:c3:d4:10:8b:f7:f7:27:
                    75:7d:00:d4:66:83:c0:2f:1a:ff:f0:d5:0f:4f:c6:
                    3e:d4:75:3e:1b:60:bb:63:c1:56:a7:fe:e7:3d:c4:
                    f8:13:03:c1:7c:75:cf:86:dc:17:7a:a2:ae:58:2d:
                    4d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5F:36:FF:2B:80:07:2B:37:43:B3:A6:C5:F2:1A:E5:77:89:08:1E
            X509v3 Authority Key Identifier:
                keyid:35:E8:4C:06:3A:21:80:B2:3F:5F:6D:31:62:A7:5B:30:92:F5:C1:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NehMBjohgLI_X20xYqdbMJL1wY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/6ca852-ed4b-41d1-a7b6-84a71cc32d48/1/Yl82_yuABys3Q7OmxfIa5XeJCB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/6ca852-ed4b-41d1-a7b6-84a71cc32d48/1/NehMBjohgLI_X20xYqdbMJL1wY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.136.0/21
                  185.86.168.0/22
                IPv6:
                  2a03:77a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:f4:d0:45:55:55:b5:61:f3:a4:2f:6a:b0:4c:7e:ec:29:2a:
         7b:78:b0:c6:98:47:a1:1c:73:e5:eb:f7:a6:53:c4:20:dc:bc:
         f8:f2:b0:94:a2:dd:2b:45:6e:5f:58:22:2c:e6:c8:fd:48:89:
         db:49:6c:6b:46:4c:9a:ee:2c:9b:e0:fb:b4:09:dd:b7:df:26:
         cc:47:0e:c8:e5:ce:3e:97:ec:d0:74:b9:2c:75:93:7c:7f:5a:
         97:4f:4b:2f:7b:6a:06:51:20:5c:5f:d5:84:97:95:0c:a0:de:
         be:2a:a4:a0:ee:e3:c2:5f:35:4d:34:4d:04:a3:0b:0e:0c:b3:
         6d:40:df:06:cd:67:e6:0a:0e:2e:27:27:f7:cc:98:51:9c:4b:
         f1:b5:f9:7d:9a:20:4f:e4:2e:21:5c:dd:0c:31:35:15:18:f5:
         79:46:19:6c:b0:3b:67:bf:3f:dd:79:3a:0a:96:fc:06:0a:e6:
         d8:b5:ae:cf:6d:24:87:81:b7:1c:3d:3c:1f:64:f8:30:c8:5e:
         67:9e:52:5f:d5:84:3b:d5:09:e2:6f:ea:b9:00:9f:1d:e5:1a:
         71:03:5f:c2:00:5f:52:41:f9:6d:4d:a2:c3:c7:c4:54:96:64:
         2f:37:c6:08:f7:3d:bf:6c:64:df:f3:05:bc:5f:cd:23:6e:77:
         e2:0e:76:dc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGt5nsdwrFNJZAzRXBitNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZTg0YzA2M2EyMTgwYjIzZjVmNmQzMTYyYTc1YjMwOTJm
NWMxOGQwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVmMzZmZjJiODAwNzJiMzc0M2IzYTZjNWYyMWFlNTc3ODkwODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJ3/A9pJZLnSDYbaktNlYdjotQxe
qo2mT7u3llsIcQdjFIOTwq14xKgB2TB40o/uPVILm3Ob7YZYeLp4SPKTGB3SjNKN
IP9jqotervaqgvehAv+UYo0ZAGCX6NJ1apVuttsNKv1zCDH8mAnx3gUfcBzKQ3yP
oD0GylyO3Wt7j77f4Wz0QrJTpypewfGtnXjM8M7r9JSUurYKYv2FqlUN7E504jUp
LizzCuRyAjic8nKqsLXdBu9AoK1I0sEoHKFbdr5LzkdrVvPd9MPUEIv39yd1fQDU
ZoPALxr/8NUPT8Y+1HU+G2C7Y8FWp/7nPcT4EwPBfHXPhtwXeqKuWC1NkwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGJfNv8rgAcrN0OzpsXyGuV3iQgeMB8GA1UdIwQY
MBaAFDXoTAY6IYCyP19tMWKnWzCS9cGNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmVoTUJqb2hnTElfWDIweFlxZGJNSkwxd1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82Y2E4NTItZWQ0Yi00MWQxLWE3YjYt
ODRhNzFjYzMyZDQ4LzEvWWw4Ml95dUFCeXMzUTdPbXhmSWE1WGVKQ0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82Y2E4NTItZWQ0Yi00MWQxLWE3YjYtODRhNzFjYzMyZDQ4
LzEvTmVoTUJqb2hnTElfWDIweFlxZGJNSkwxd1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDnWGIAwQC
uVaoMA0EAgACMAcDBQAqA3egMA0GCSqGSIb3DQEBCwUAA4IBAQBq9NBFVVW1YfOk
L2qwTH7sKSp7eLDGmEehHHPl6/emU8Qg3Lz48rCUot0rRW5fWCIs5sj9SInbSWxr
Rkya7iyb4Pu0Cd233ybMRw7I5c4+l+zQdLksdZN8f1qXT0sve2oGUSBcX9WEl5UM
oN6+KqSg7uPCXzVNNE0EowsODLNtQN8GzWfmCg4uJyf3zJhRnEvxtfl9miBP5C4h
XN0MMTUVGPV5RhlssDtnvz/deToKlvwGCubYta7PbSSHgbccPTwfZPgwyF5nnlJf
1YQ71Qnib+q5AJ8d5RpxA1/CAF9SQfltTaLDx8RUlmQvN8YI9z2/bGTf8wW8X80j
bnfiDnbc
-----END CERTIFICATE-----