Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/226be8-c7b7-47f0-b0d5-d14af2cb8fde/1/Yyt36k7JtSXYqg9c2wJbMDlRViE.roa
File:                     Yyt36k7JtSXYqg9c2wJbMDlRViE.roa (raw, json)
Hash identifier:          cDTj7aUJHOzTfo2JuPMnt2z61FD/8BUwXRrjBVj2RDc=
Subject key identifier:   63:2B:77:EA:4E:C9:B5:25:D8:AA:0F:5C:DB:02:5B:30:39:51:56:21
Certificate issuer:       /CN=49240b59bbf6906a555e1074c5ae73ec62dffc5f
Certificate serial:       018CC26D098DAE9C4D536D6DF93E4436C82B
Authority key identifier: 49:24:0B:59:BB:F6:90:6A:55:5E:10:74:C5:AE:73:EC:62:DF:FC:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSQLWbv2kGpVXhB0xa5z7GLf_F8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/226be8-c7b7-47f0-b0d5-d14af2cb8fde/1/Yyt36k7JtSXYqg9c2wJbMDlRViE.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59708
IP address blocks:        185.4.107.0/24 maxlen: 24
                          185.4.106.0/24 maxlen: 24
                          185.4.104.0/22 maxlen: 24
                          185.4.104.0/24 maxlen: 24
                          185.4.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/226be8-c7b7-47f0-b0d5-d14af2cb8fde/1/SSQLWbv2kGpVXhB0xa5z7GLf_F8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/226be8-c7b7-47f0-b0d5-d14af2cb8fde/1/SSQLWbv2kGpVXhB0xa5z7GLf_F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSQLWbv2kGpVXhB0xa5z7GLf_F8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Oct 2024 14:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:09:8d:ae:9c:4d:53:6d:6d:f9:3e:44:36:c8:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49240b59bbf6906a555e1074c5ae73ec62dffc5f
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=632b77ea4ec9b525d8aa0f5cdb025b3039515621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7f:f7:d4:a9:1e:58:4a:87:cf:9b:fc:93:7c:
                    1c:c4:7b:b1:53:0f:e1:af:97:70:a8:fb:d5:c5:8d:
                    ac:d5:2d:34:fd:89:53:38:da:bd:e6:26:73:0d:12:
                    c3:9e:07:d1:68:39:b9:a0:e5:47:00:b6:e7:35:29:
                    65:0e:10:fa:10:de:46:24:a0:4b:ea:da:67:96:19:
                    ed:7a:d7:85:24:53:0c:ff:a1:ed:43:1d:5e:49:e3:
                    0b:59:f5:0c:95:05:99:f9:4f:27:2f:22:18:79:a2:
                    4f:f0:13:5f:a6:60:ad:b1:c1:95:d7:ee:a6:a5:4d:
                    c0:e9:e5:29:2f:6c:93:6f:3a:f5:18:2c:5f:ed:02:
                    14:e1:2a:40:83:83:af:20:f7:bd:6b:5f:92:13:04:
                    59:c0:d7:a6:fd:94:1f:df:e1:7a:27:05:2e:4c:e0:
                    50:54:b9:46:7a:9f:63:5b:a0:0d:7a:a1:ed:45:cc:
                    9e:49:31:e1:05:95:a2:e8:e3:c9:a7:81:d2:bc:d1:
                    de:6d:89:4a:90:08:09:40:ee:50:12:99:2c:e4:4b:
                    0d:70:83:32:56:48:e0:f4:61:bb:23:09:cb:a1:8b:
                    b8:dc:68:cb:07:b5:0b:92:a8:a5:7e:0c:e1:77:a7:
                    0c:99:6d:b4:37:f6:40:82:a6:6b:2b:d4:5b:2c:a1:
                    d9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:2B:77:EA:4E:C9:B5:25:D8:AA:0F:5C:DB:02:5B:30:39:51:56:21
            X509v3 Authority Key Identifier:
                keyid:49:24:0B:59:BB:F6:90:6A:55:5E:10:74:C5:AE:73:EC:62:DF:FC:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSQLWbv2kGpVXhB0xa5z7GLf_F8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/226be8-c7b7-47f0-b0d5-d14af2cb8fde/1/Yyt36k7JtSXYqg9c2wJbMDlRViE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/226be8-c7b7-47f0-b0d5-d14af2cb8fde/1/SSQLWbv2kGpVXhB0xa5z7GLf_F8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:bf:52:7e:60:66:96:61:25:5c:af:d1:5e:f4:35:60:03:35:
         4f:9d:c4:e2:35:6e:2c:42:bf:b6:30:b9:f5:02:88:bd:6c:af:
         09:1b:e1:bb:a7:f1:12:43:7a:c2:05:59:f6:ce:4a:09:89:28:
         f9:6f:3f:62:ad:e8:4f:6c:d0:a5:1d:20:96:a1:8e:c2:36:1d:
         55:0c:55:81:68:a4:e5:83:2d:a9:ed:3f:8c:e0:fe:89:ba:8b:
         e8:d0:d5:81:4f:70:74:bd:b6:02:da:15:c3:c3:ae:20:fe:5f:
         b2:cf:ed:23:14:92:4b:0c:cf:ce:2c:d6:39:a9:3d:1a:98:d5:
         b1:3e:35:e5:fe:41:bb:50:19:dc:e3:ff:e8:69:cf:9a:01:32:
         0c:77:15:08:36:a5:44:16:68:ad:c5:fe:09:91:29:3a:ac:63:
         cf:52:4a:27:3d:28:cf:5b:8a:59:26:a7:92:b8:79:4f:60:f7:
         2c:06:4e:34:ad:00:10:85:1d:5b:35:f6:ec:9d:0a:e5:58:2b:
         8d:a2:cf:72:1a:40:bc:dd:db:61:1c:6f:50:b8:89:db:f9:f8:
         40:aa:0c:1c:cf:3b:b2:91:2f:02:96:88:6e:44:83:c0:46:37:
         87:40:24:48:58:45:8c:5f:b3:ac:41:e8:2a:28:96:3a:1f:67:
         7a:6f:6d:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQmNrpxNU21t+T5ENsgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjQwYjU5YmJmNjkwNmE1NTVlMTA3NGM1YWU3M2VjNjJk
ZmZjNWYwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzJiNzdlYTRlYzliNTI1ZDhhYTBmNWNkYjAyNWIzMDM5NTE1NjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33/31KkeWEqHz5v8k3wcxHuxUw/h
r5dwqPvVxY2s1S00/YlTONq95iZzDRLDngfRaDm5oOVHALbnNSllDhD6EN5GJKBL
6tpnlhnteteFJFMM/6HtQx1eSeMLWfUMlQWZ+U8nLyIYeaJP8BNfpmCtscGV1+6m
pU3A6eUpL2yTbzr1GCxf7QIU4SpAg4OvIPe9a1+SEwRZwNem/ZQf3+F6JwUuTOBQ
VLlGep9jW6ANeqHtRcyeSTHhBZWi6OPJp4HSvNHebYlKkAgJQO5QEpks5EsNcIMy
Vkjg9GG7IwnLoYu43GjLB7ULkqilfgzhd6cMmW20N/ZAgqZrK9RbLKHZuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMrd+pOybUl2KoPXNsCWzA5UVYhMB8GA1UdIwQY
MBaAFEkkC1m79pBqVV4QdMWuc+xi3/xfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NRTFdidjJrR3BWWGhCMHhhNXo3R0xmX0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yMjZiZTgtYzdiNy00N2YwLWIwZDUt
ZDE0YWYyY2I4ZmRlLzEvWXl0MzZrN0p0U1hZcWc5YzJ3SmJNRGxSVmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yMjZiZTgtYzdiNy00N2YwLWIwZDUtZDE0YWYyY2I4ZmRl
LzEvU1NRTFdidjJrR3BWWGhCMHhhNXo3R0xmX0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQRoMA0G
CSqGSIb3DQEBCwUAA4IBAQAOv1J+YGaWYSVcr9Fe9DVgAzVPncTiNW4sQr+2MLn1
Aoi9bK8JG+G7p/ESQ3rCBVn2zkoJiSj5bz9irehPbNClHSCWoY7CNh1VDFWBaKTl
gy2p7T+M4P6Juovo0NWBT3B0vbYC2hXDw64g/l+yz+0jFJJLDM/OLNY5qT0amNWx
PjXl/kG7UBnc4//oac+aATIMdxUINqVEFmitxf4JkSk6rGPPUkonPSjPW4pZJqeS
uHlPYPcsBk40rQAQhR1bNfbsnQrlWCuNos9yGkC83dthHG9QuInb+fhAqgwczzuy
kS8ClohuRIPARjeHQCRIWEWMX7OsQegqKJY6H2d6b21c
-----END CERTIFICATE-----