Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/lWYayBKD4usRGQ6Y-Qs13Rlb-sU.roa
File:                     lWYayBKD4usRGQ6Y-Qs13Rlb-sU.roa (raw, json)
Hash identifier:          sPtqGnyKiDp5ELKZM2GjMcUXJnNFzaNh6m2uVRvJ5lg=
Subject key identifier:   95:66:1A:C8:12:83:E2:EB:11:19:0E:98:F9:0B:35:DD:19:5B:FA:C5
Certificate issuer:       /CN=6bd19d69701f13a5977cd2296fa87a252fbf05f7
Certificate serial:       018CC9BB9D3B43E9E2434C1EC411C9F59C63
Authority key identifier: 6B:D1:9D:69:70:1F:13:A5:97:7C:D2:29:6F:A8:7A:25:2F:BF:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/lWYayBKD4usRGQ6Y-Qs13Rlb-sU.roa
Signing time:             Tue 02 Jan 2024 10:32:45 +0000
ROA not before:           Tue 02 Jan 2024 10:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203361
IP address blocks:        185.42.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:9d:3b:43:e9:e2:43:4c:1e:c4:11:c9:f5:9c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bd19d69701f13a5977cd2296fa87a252fbf05f7
        Validity
            Not Before: Jan  2 10:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95661ac81283e2eb11190e98f90b35dd195bfac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:53:ed:79:22:18:d8:80:38:ef:6c:88:13:d1:
                    10:6a:8d:ba:b2:27:a2:b1:e9:28:9f:22:d7:8e:ac:
                    16:48:5d:c8:ba:b6:ac:bb:f3:b3:6a:84:23:f5:cf:
                    d7:f0:13:57:99:0b:cf:01:15:90:d3:cc:cc:2d:7c:
                    e9:08:10:9b:d2:3e:e1:3f:4e:1f:69:13:57:96:08:
                    76:35:a9:74:ff:18:70:75:41:62:a6:c2:ba:0d:47:
                    92:8f:9f:51:b4:71:a0:21:ef:a0:af:78:65:25:b6:
                    8a:29:70:16:6a:ac:de:3c:83:f3:2a:78:75:4a:09:
                    b7:50:f4:8d:7c:6f:bf:6d:21:4f:9a:59:8f:fc:6d:
                    83:77:26:cf:f0:cb:cc:96:19:ec:ee:2b:6c:2f:6a:
                    15:31:06:e9:f6:b3:24:83:ff:9d:80:fe:ab:54:5e:
                    9c:3f:79:21:bd:93:d3:07:81:ae:a6:fd:14:b5:43:
                    5f:28:ad:0e:34:f2:b8:6f:04:1b:0e:49:a0:7f:52:
                    8f:78:7f:4a:e7:99:90:da:b0:51:9e:bb:3c:7c:74:
                    6d:84:05:4c:cf:45:27:f6:b5:36:49:aa:39:c8:52:
                    83:5a:d5:8b:c2:56:4f:15:4d:65:4a:48:85:4f:34:
                    09:d7:b4:40:17:2e:07:d9:70:2c:68:12:aa:6a:b4:
                    75:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:66:1A:C8:12:83:E2:EB:11:19:0E:98:F9:0B:35:DD:19:5B:FA:C5
            X509v3 Authority Key Identifier:
                keyid:6B:D1:9D:69:70:1F:13:A5:97:7C:D2:29:6F:A8:7A:25:2F:BF:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/lWYayBKD4usRGQ6Y-Qs13Rlb-sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:21:11:14:1a:50:bb:e4:89:d6:48:bd:23:c6:7b:cd:ab:d9:
         46:57:37:eb:7e:4e:5a:06:c9:9b:fa:69:d8:6b:f4:dc:28:24:
         75:05:fa:ef:ef:23:17:d8:c6:55:af:88:b1:ae:d6:95:a3:c1:
         21:bc:e1:5c:c8:0c:2e:f1:73:dd:f8:3d:8e:1a:08:08:89:bf:
         bb:84:50:5e:35:ef:b1:ad:8f:c4:34:d2:28:bd:71:c5:d6:00:
         4b:bd:83:ae:32:e5:72:2e:ac:29:97:db:b5:ff:ea:09:09:93:
         6a:ec:99:5c:b6:db:c0:c6:b6:10:84:ff:29:82:a3:52:ea:cc:
         65:47:75:e7:3f:0e:48:16:08:3f:fd:45:d3:ed:f3:49:f9:d7:
         e4:4e:36:b5:ee:21:80:10:13:10:8a:27:ce:7e:89:de:de:22:
         fe:a9:a4:80:fd:3e:7d:ab:c1:f7:c0:f4:2b:2f:8f:08:ab:5c:
         31:d6:ba:f0:68:ba:f0:79:c2:53:bb:41:2c:7e:d1:94:ee:54:
         57:b4:fb:8b:3f:fe:3d:bc:24:e5:28:42:51:45:e5:75:f5:bb:
         65:ce:3d:53:92:0b:30:d5:35:7a:dc:ad:9b:27:58:65:48:73:
         b6:07:14:46:d0:2d:a1:4c:73:84:61:ed:90:2d:80:f8:42:c3:
         2e:6a:e0:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu507Q+niQ0wexBHJ9ZxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiZDE5ZDY5NzAxZjEzYTU5NzdjZDIyOTZmYTg3YTI1MmZi
ZjA1ZjcwHhcNMjQwMTAyMTAzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTY2MWFjODEyODNlMmViMTExOTBlOThmOTBiMzVkZDE5NWJmYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVPteSIY2IA472yIE9EQao26siei
sekonyLXjqwWSF3Iurasu/OzaoQj9c/X8BNXmQvPARWQ08zMLXzpCBCb0j7hP04f
aRNXlgh2Nal0/xhwdUFipsK6DUeSj59RtHGgIe+gr3hlJbaKKXAWaqzePIPzKnh1
Sgm3UPSNfG+/bSFPmlmP/G2DdybP8MvMlhns7itsL2oVMQbp9rMkg/+dgP6rVF6c
P3khvZPTB4Gupv0UtUNfKK0ONPK4bwQbDkmgf1KPeH9K55mQ2rBRnrs8fHRthAVM
z0Un9rU2Sao5yFKDWtWLwlZPFU1lSkiFTzQJ17RAFy4H2XAsaBKqarR1eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVmGsgSg+LrERkOmPkLNd0ZW/rFMB8GA1UdIwQY
MBaAFGvRnWlwHxOll3zSKW+oeiUvvwX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTlHZGFYQWZFNldYZk5JcGI2aDZKUy1fQmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny80ZGFlYmEtMzZiNC00OTQ5LTgzODUt
OGYwZDRlZWY2YWI1LzEvbFdZYXlCS0Q0dXNSR1E2WS1RczEzUmxiLXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny80ZGFlYmEtMzZiNC00OTQ5LTgzODUtOGYwZDRlZWY2YWI1
LzEvYTlHZGFYQWZFNldYZk5JcGI2aDZKUy1fQmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSpkMA0G
CSqGSIb3DQEBCwUAA4IBAQDCIREUGlC75InWSL0jxnvNq9lGVzfrfk5aBsmb+mnY
a/TcKCR1Bfrv7yMX2MZVr4ixrtaVo8EhvOFcyAwu8XPd+D2OGggIib+7hFBeNe+x
rY/ENNIovXHF1gBLvYOuMuVyLqwpl9u1/+oJCZNq7JlcttvAxrYQhP8pgqNS6sxl
R3XnPw5IFgg//UXT7fNJ+dfkTja17iGAEBMQiifOfone3iL+qaSA/T59q8H3wPQr
L48Iq1wx1rrwaLrwecJTu0EsftGU7lRXtPuLP/49vCTlKEJRReV19btlzj1Tkgsw
1TV63K2bJ1hlSHO2BxRG0C2hTHOEYe2QLYD4QsMuauCf
-----END CERTIFICATE-----