Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/yzCOqY9vHwbqac4sMHT2ZAWKKjU.roa
File:                     yzCOqY9vHwbqac4sMHT2ZAWKKjU.roa (raw, json)
Hash identifier:          QhqtGL5U/rRTgxJlvWvkLChPBK9eUdmcrIi80xNB4DU=
Subject key identifier:   CB:30:8E:A9:8F:6F:1F:06:EA:69:CE:2C:30:74:F6:64:05:8A:2A:35
Certificate issuer:       /CN=d959676fe138d4eb2aae19bb6731fee6292d793d
Certificate serial:       018E6A6B5DEC83CAD10858E1E06F47AB03C6
Authority key identifier: D9:59:67:6F:E1:38:D4:EB:2A:AE:19:BB:67:31:FE:E6:29:2D:79:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/yzCOqY9vHwbqac4sMHT2ZAWKKjU.roa
Signing time:             Sat 23 Mar 2024 08:26:45 +0000
ROA not before:           Sat 23 Mar 2024 08:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.103.188.0/24 maxlen: 24
                          185.103.189.0/24 maxlen: 24
                          185.103.190.0/24 maxlen: 24
                          185.103.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6a:6b:5d:ec:83:ca:d1:08:58:e1:e0:6f:47:ab:03:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d959676fe138d4eb2aae19bb6731fee6292d793d
        Validity
            Not Before: Mar 23 08:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb308ea98f6f1f06ea69ce2c3074f664058a2a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c5:62:a6:ad:9b:44:1f:a8:12:5b:26:25:0d:
                    cb:28:83:23:77:df:3f:3d:a4:5e:94:3c:e4:7c:a1:
                    be:57:a3:f3:1f:d2:d8:3a:9d:35:08:40:db:95:fb:
                    b6:02:41:24:32:19:6b:b8:36:28:d3:f6:5c:6e:27:
                    70:ee:07:18:87:a9:16:a2:2d:db:ae:ae:bd:63:50:
                    74:a5:f6:a3:a0:0f:5a:99:3a:3b:f4:4c:c5:d6:bb:
                    a8:0e:d4:71:24:fd:53:de:2c:be:44:2d:4f:60:b4:
                    54:2e:7d:07:4d:43:66:93:3f:02:56:3d:48:c5:55:
                    c8:58:7d:93:8c:9a:20:e5:5f:d5:31:2f:5b:17:6c:
                    d9:b8:94:f5:57:f8:d6:f6:e0:08:e0:e1:46:b9:36:
                    09:e8:fa:59:4a:01:31:a1:1f:c3:1b:08:ff:23:a5:
                    8b:70:01:df:5e:83:1c:a0:b2:64:d7:62:b3:ed:2a:
                    ab:06:cd:ae:9f:51:ff:6e:f2:65:0e:a2:05:f8:a5:
                    d1:61:3a:b9:ec:af:56:df:a7:a2:53:9b:fc:db:11:
                    34:c2:f2:0a:83:76:47:7a:17:78:88:ae:a1:a5:31:
                    ab:5d:fa:ef:69:45:f8:26:06:3c:de:57:a4:98:0b:
                    12:30:bc:fa:b6:46:07:53:82:63:91:98:c8:71:ac:
                    76:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:30:8E:A9:8F:6F:1F:06:EA:69:CE:2C:30:74:F6:64:05:8A:2A:35
            X509v3 Authority Key Identifier:
                keyid:D9:59:67:6F:E1:38:D4:EB:2A:AE:19:BB:67:31:FE:E6:29:2D:79:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/yzCOqY9vHwbqac4sMHT2ZAWKKjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:41:87:9c:1b:fd:8a:7f:18:a9:a6:b5:d6:0b:7f:5b:6a:c7:
         c6:82:f3:60:2a:06:bd:20:8e:57:02:da:e4:59:b6:9d:5d:67:
         ce:b5:7e:30:1c:b8:5d:1d:e9:1e:f0:60:87:af:ed:50:61:0d:
         7b:f9:40:02:4c:3d:4e:1e:b7:91:95:ef:2b:fa:c2:f5:58:ed:
         6e:3c:e4:14:e4:c0:be:13:8a:90:0d:60:4d:26:b5:03:bd:b8:
         bc:75:05:80:af:5f:d1:ab:b8:8e:1e:fc:08:34:ff:c2:3c:6f:
         5b:71:de:8a:10:dd:12:e7:36:3e:b1:d2:03:4a:cc:f0:63:40:
         b7:d4:cf:8b:f2:10:4a:1c:f8:a7:da:cc:b1:ad:1a:e6:66:f2:
         25:03:d2:cb:5f:b7:77:29:0b:80:6d:8d:bc:7f:87:41:aa:00:
         5a:63:8c:9f:88:15:7d:ad:67:8f:0f:0b:90:09:d5:6b:64:f4:
         c8:21:cb:ac:03:dd:fd:e8:44:49:1b:11:12:c6:ca:1d:71:59:
         25:e4:6d:d4:47:f5:cf:62:3c:cd:13:32:64:60:5b:fa:70:00:
         00:5d:04:6a:d7:99:f5:3f:1b:39:6a:ed:6d:ff:42:22:9c:3f:
         8c:c6:22:c7:78:fc:e0:ca:c2:bb:e2:7e:29:d8:b6:5f:b2:4a:
         34:ff:c3:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5qa13sg8rRCFjh4G9HqwPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTk2NzZmZTEzOGQ0ZWIyYWFlMTliYjY3MzFmZWU2Mjky
ZDc5M2QwHhcNMjQwMzIzMDgyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMwOGVhOThmNmYxZjA2ZWE2OWNlMmMzMDc0ZjY2NDA1OGEyYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsVipq2bRB+oElsmJQ3LKIMjd98/
PaRelDzkfKG+V6PzH9LYOp01CEDblfu2AkEkMhlruDYo0/Zcbidw7gcYh6kWoi3b
rq69Y1B0pfajoA9amTo79EzF1ruoDtRxJP1T3iy+RC1PYLRULn0HTUNmkz8CVj1I
xVXIWH2TjJog5V/VMS9bF2zZuJT1V/jW9uAI4OFGuTYJ6PpZSgExoR/DGwj/I6WL
cAHfXoMcoLJk12Kz7SqrBs2un1H/bvJlDqIF+KXRYTq57K9W36eiU5v82xE0wvIK
g3ZHehd4iK6hpTGrXfrvaUX4JgY83lekmAsSMLz6tkYHU4JjkZjIcax2uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMswjqmPbx8G6mnOLDB09mQFiio1MB8GA1UdIwQY
MBaAFNlZZ2/hONTrKq4Zu2cx/uYpLXk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZsbmItRTQxT3NxcmhtN1p6SC01aWt0ZVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9jZjAyOGUtNzU3ZS00ODQzLWExZWEt
NGM3NGQzMzJlYTU4LzEveXpDT3FZOXZId2JxYWM0c01IVDJaQVdLS2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9jZjAyOGUtNzU3ZS00ODQzLWExZWEtNGM3NGQzMzJlYTU4
LzEvMlZsbmItRTQxT3NxcmhtN1p6SC01aWt0ZVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWe8MA0G
CSqGSIb3DQEBCwUAA4IBAQBcQYecG/2KfxipprXWC39basfGgvNgKga9II5XAtrk
WbadXWfOtX4wHLhdHeke8GCHr+1QYQ17+UACTD1OHreRle8r+sL1WO1uPOQU5MC+
E4qQDWBNJrUDvbi8dQWAr1/Rq7iOHvwINP/CPG9bcd6KEN0S5zY+sdIDSszwY0C3
1M+L8hBKHPin2syxrRrmZvIlA9LLX7d3KQuAbY28f4dBqgBaY4yfiBV9rWePDwuQ
CdVrZPTIIcusA9396ERJGxESxsodcVkl5G3UR/XPYjzNEzJkYFv6cAAAXQRq15n1
Pxs5au1t/0IinD+MxiLHePzgysK74n4p2LZfsko0/8My
-----END CERTIFICATE-----