Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/zY7iC5zFHLsClnKNjNpKb-vypK4.roa
File:                     zY7iC5zFHLsClnKNjNpKb-vypK4.roa (raw, json)
Hash identifier:          +IRhR7Li/Z9AtzOWrfEZrzuPfSVc1yDiOxoOO0Q02V4=
Subject key identifier:   CD:8E:E2:0B:9C:C5:1C:BB:02:96:72:8D:8C:DA:4A:6F:EB:F2:A4:AE
Certificate issuer:       /CN=8777b5b36f66e13c4388c9934da507856515d073
Certificate serial:       018CC801F2C0795D8A915DC78C56767A90C9
Authority key identifier: 87:77:B5:B3:6F:66:E1:3C:43:88:C9:93:4D:A5:07:85:65:15:D0:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/zY7iC5zFHLsClnKNjNpKb-vypK4.roa
Signing time:             Tue 02 Jan 2024 02:30:19 +0000
ROA not before:           Tue 02 Jan 2024 02:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206883
IP address blocks:        188.212.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f2:c0:79:5d:8a:91:5d:c7:8c:56:76:7a:90:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8777b5b36f66e13c4388c9934da507856515d073
        Validity
            Not Before: Jan  2 02:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd8ee20b9cc51cbb0296728d8cda4a6febf2a4ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ab:5d:96:08:fb:b6:8f:78:bf:b8:f9:fb:c4:
                    93:4f:d7:b5:99:3c:39:ef:6f:42:61:74:30:7c:70:
                    f7:43:37:23:46:c9:03:70:5e:43:c3:cc:b1:db:e8:
                    2a:98:0f:fc:28:25:24:fd:96:a5:0d:5b:b1:17:ad:
                    32:89:e1:96:43:1d:52:b6:8a:54:b8:4b:4f:28:c7:
                    6c:bc:4e:ce:5f:46:09:10:9c:80:15:20:a1:ee:ed:
                    77:96:c1:f1:e3:51:66:e5:3e:05:d6:40:e3:18:62:
                    98:80:76:59:b4:8c:dc:23:13:21:55:13:1f:cb:52:
                    24:8c:15:96:df:3a:f3:8e:72:dc:23:8e:95:03:94:
                    76:12:fc:db:f0:59:6b:4f:dc:da:b8:70:68:ea:c9:
                    85:63:29:49:e1:ee:ce:e4:a2:42:3d:3a:37:a4:9c:
                    13:6b:2c:08:e7:b2:5f:49:40:6d:8e:86:c3:d6:bc:
                    02:67:c2:b4:5a:32:78:26:f6:1f:1d:fd:a1:a8:5d:
                    22:e5:31:63:a3:fb:7c:18:7d:56:90:b5:d3:80:b1:
                    de:70:f8:7f:1b:9c:89:6f:a6:e9:2b:15:86:84:db:
                    32:46:34:b8:2a:89:97:c8:08:db:d2:dc:f2:67:f4:
                    e7:a0:1d:66:da:96:f8:60:77:56:9c:18:26:c1:4b:
                    ea:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:8E:E2:0B:9C:C5:1C:BB:02:96:72:8D:8C:DA:4A:6F:EB:F2:A4:AE
            X509v3 Authority Key Identifier:
                keyid:87:77:B5:B3:6F:66:E1:3C:43:88:C9:93:4D:A5:07:85:65:15:D0:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/zY7iC5zFHLsClnKNjNpKb-vypK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:52:f8:53:5a:4b:dd:5d:40:ba:7b:4d:94:f7:a0:e5:cc:dd:
         37:30:e1:b5:b9:0f:08:fc:45:ba:32:83:75:9d:15:e4:ed:b0:
         db:a5:41:72:a7:07:4d:3b:cb:9b:97:9f:b5:61:a9:de:45:2e:
         17:d9:8d:e9:90:a6:01:60:44:0c:fc:98:75:13:30:eb:f4:d0:
         73:fa:b2:7a:6e:d6:d2:0d:47:2b:ce:af:bb:c5:92:85:db:12:
         e4:8a:74:a5:95:1f:5a:35:01:6c:03:4d:8b:a3:48:5a:97:33:
         74:df:4d:08:45:f5:ee:01:f9:c0:b3:bb:e7:d7:fc:20:dc:8d:
         75:6b:11:1f:ba:3b:67:84:a9:57:34:f0:7e:58:15:66:69:19:
         fc:8c:46:e3:54:a7:eb:08:f1:94:7b:45:1c:9a:73:a6:88:39:
         c2:d2:9e:3d:48:9b:ba:e2:6f:62:d6:59:5b:4d:9a:dc:2d:f5:
         c4:b4:b6:b0:8d:bf:a3:87:05:50:b3:6c:6d:dd:c7:b4:28:b3:
         bb:d3:f7:a6:f2:bd:5b:8d:d5:da:fe:49:b4:03:ef:85:31:d9:
         6f:44:97:45:40:50:05:22:bb:bb:01:95:e9:d5:6c:1c:32:dc:
         85:69:b9:1e:00:fb:a3:4b:67:c4:db:ad:16:b8:fd:31:28:e0:
         7a:68:35:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfLAeV2KkV3HjFZ2epDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzdiNWIzNmY2NmUxM2M0Mzg4Yzk5MzRkYTUwNzg1NjUx
NWQwNzMwHhcNMjQwMTAyMDIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDhlZTIwYjljYzUxY2JiMDI5NjcyOGQ4Y2RhNGE2ZmViZjJhNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKtdlgj7to94v7j5+8STT9e1mTw5
729CYXQwfHD3QzcjRskDcF5Dw8yx2+gqmA/8KCUk/ZalDVuxF60yieGWQx1StopU
uEtPKMdsvE7OX0YJEJyAFSCh7u13lsHx41Fm5T4F1kDjGGKYgHZZtIzcIxMhVRMf
y1IkjBWW3zrzjnLcI46VA5R2Evzb8FlrT9zauHBo6smFYylJ4e7O5KJCPTo3pJwT
aywI57JfSUBtjobD1rwCZ8K0WjJ4JvYfHf2hqF0i5TFjo/t8GH1WkLXTgLHecPh/
G5yJb6bpKxWGhNsyRjS4KomXyAjb0tzyZ/TnoB1m2pb4YHdWnBgmwUvqPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2O4gucxRy7ApZyjYzaSm/r8qSuMB8GA1UdIwQY
MBaAFId3tbNvZuE8Q4jJk02lB4VlFdBzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNlMXMyOW00VHhEaU1tVFRhVUhoV1VWMEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9mOTJlMmEtZTFlNC00ODdkLTlhY2Mt
ZWQxZjMwY2MxYzU3LzEvelk3aUM1ekZITHNDbG5LTmpOcEtiLXZ5cEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9mOTJlMmEtZTFlNC00ODdkLTlhY2MtZWQxZjMwY2MxYzU3
LzEvaDNlMXMyOW00VHhEaU1tVFRhVUhoV1VWMEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNR0MA0G
CSqGSIb3DQEBCwUAA4IBAQCsUvhTWkvdXUC6e02U96DlzN03MOG1uQ8I/EW6MoN1
nRXk7bDbpUFypwdNO8ubl5+1YaneRS4X2Y3pkKYBYEQM/Jh1EzDr9NBz+rJ6btbS
DUcrzq+7xZKF2xLkinSllR9aNQFsA02Lo0halzN0300IRfXuAfnAs7vn1/wg3I11
axEfujtnhKlXNPB+WBVmaRn8jEbjVKfrCPGUe0UcmnOmiDnC0p49SJu64m9i1llb
TZrcLfXEtLawjb+jhwVQs2xt3ce0KLO70/em8r1bjdXa/km0A++FMdlvRJdFQFAF
Iru7AZXp1WwcMtyFabkeAPujS2fE260WuP0xKOB6aDX0
-----END CERTIFICATE-----