Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/c5e498-c895-4354-be85-704eab6ca3e8/1/y6wVn52TeuqtSylWb-MNfUgmZa4.roa
File:                     y6wVn52TeuqtSylWb-MNfUgmZa4.roa (raw, json)
Hash identifier:          a3mxnwSq+ygHxGtDjB0NG792lTe63yVxE+SsRw1a6hE=
Subject key identifier:   CB:AC:15:9F:9D:93:7A:EA:AD:4B:29:56:6F:E3:0D:7D:48:26:65:AE
Certificate issuer:       /CN=20c7eac45c8dbb5e5efdd65c18814498603f0209
Certificate serial:       018CC6B7A11C432B602D56CE17FA144A43E0
Authority key identifier: 20:C7:EA:C4:5C:8D:BB:5E:5E:FD:D6:5C:18:81:44:98:60:3F:02:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMfqxFyNu15e_dZcGIFEmGA_Agk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/c5e498-c895-4354-be85-704eab6ca3e8/1/y6wVn52TeuqtSylWb-MNfUgmZa4.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203402
IP address blocks:        185.134.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/c5e498-c895-4354-be85-704eab6ca3e8/1/IMfqxFyNu15e_dZcGIFEmGA_Agk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/c5e498-c895-4354-be85-704eab6ca3e8/1/IMfqxFyNu15e_dZcGIFEmGA_Agk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMfqxFyNu15e_dZcGIFEmGA_Agk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a1:1c:43:2b:60:2d:56:ce:17:fa:14:4a:43:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c7eac45c8dbb5e5efdd65c18814498603f0209
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbac159f9d937aeaad4b29566fe30d7d482665ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:77:6e:da:c6:80:a4:11:a3:45:15:25:0a:da:
                    3c:a1:c8:19:90:31:c6:08:e7:36:48:62:20:5d:c9:
                    c0:bc:59:1c:64:93:c2:63:00:8b:03:ad:ae:c1:82:
                    ee:80:d3:3b:bd:4b:65:92:03:c4:9d:82:b3:9a:3e:
                    cc:a1:e7:dc:eb:15:97:73:cf:15:04:a6:08:e9:04:
                    cb:e9:39:ab:cc:56:d0:a4:24:9c:03:fe:79:f6:3c:
                    59:d6:c0:7b:fa:48:27:44:33:a1:c1:cb:29:07:00:
                    16:1c:8b:d2:34:7a:7c:18:74:da:55:66:be:6f:61:
                    c5:fb:0f:87:f0:3b:53:97:4c:39:b0:11:6b:4c:2f:
                    f4:25:1c:4f:32:24:25:38:0a:34:47:1e:85:71:b7:
                    73:55:69:f4:c7:81:65:4c:05:b7:80:21:d5:7f:31:
                    11:15:41:d1:2a:5e:dd:89:db:7b:08:9f:fc:f6:f2:
                    2b:6a:68:ee:f9:c1:d7:16:01:25:ec:ac:09:32:8d:
                    3e:7a:bf:1b:69:85:1d:6e:65:f3:04:93:c3:f1:e2:
                    71:76:54:2b:8d:a7:1e:14:d2:2f:5a:ab:ba:43:35:
                    b3:9c:57:e6:c1:e7:7f:a3:3e:58:9b:1c:ec:eb:33:
                    f2:42:45:bb:2c:79:b2:b4:63:6a:62:0c:ce:10:29:
                    86:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:AC:15:9F:9D:93:7A:EA:AD:4B:29:56:6F:E3:0D:7D:48:26:65:AE
            X509v3 Authority Key Identifier:
                keyid:20:C7:EA:C4:5C:8D:BB:5E:5E:FD:D6:5C:18:81:44:98:60:3F:02:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMfqxFyNu15e_dZcGIFEmGA_Agk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c5e498-c895-4354-be85-704eab6ca3e8/1/y6wVn52TeuqtSylWb-MNfUgmZa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c5e498-c895-4354-be85-704eab6ca3e8/1/IMfqxFyNu15e_dZcGIFEmGA_Agk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:95:fe:20:d8:89:91:14:ed:25:64:43:bd:ee:bc:db:c0:ae:
         db:71:6d:91:d0:ba:ad:c6:fe:85:0a:97:97:86:16:fd:f4:fd:
         92:5b:59:f3:5a:2a:3c:fd:70:f0:94:50:36:5d:88:9c:95:b6:
         6f:e3:d9:24:a9:f7:ee:f2:bb:e2:f4:a9:94:36:16:9b:67:5c:
         fd:24:db:6f:f9:43:df:6f:51:87:e9:9c:1c:ea:d9:c2:0b:fd:
         3e:57:e8:43:1b:d9:71:9b:51:df:6e:5a:9e:50:d6:49:0b:56:
         60:29:86:cf:28:62:3a:d1:f8:f0:65:e1:f0:53:39:b5:64:28:
         b0:42:06:77:36:7c:fd:08:f6:27:a9:3f:32:b6:3e:87:43:99:
         66:c5:5b:17:03:77:7d:a8:bd:23:21:82:45:a2:63:ac:fc:af:
         3e:4b:0b:49:32:65:76:84:f3:de:f6:69:0e:83:8f:3a:20:25:
         3b:6d:ae:13:c2:b0:b2:fc:81:7a:5e:2d:74:cc:4b:1d:6d:cc:
         70:f5:6e:74:cb:74:50:fd:12:e8:af:64:70:48:2c:71:81:89:
         67:e8:9c:15:0d:be:59:bf:c4:17:71:30:c8:f8:d8:ff:83:30:
         6b:d7:ab:65:db:c3:a6:f6:de:a4:37:25:5f:81:4e:cc:b2:c3:
         16:68:e7:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6EcQytgLVbOF/oUSkPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzdlYWM0NWM4ZGJiNWU1ZWZkZDY1YzE4ODE0NDk4NjAz
ZjAyMDkwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFjMTU5ZjlkOTM3YWVhYWQ0YjI5NTY2ZmUzMGQ3ZDQ4MjY2NWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHdu2saApBGjRRUlCto8ocgZkDHG
COc2SGIgXcnAvFkcZJPCYwCLA62uwYLugNM7vUtlkgPEnYKzmj7Moefc6xWXc88V
BKYI6QTL6TmrzFbQpCScA/559jxZ1sB7+kgnRDOhwcspBwAWHIvSNHp8GHTaVWa+
b2HF+w+H8DtTl0w5sBFrTC/0JRxPMiQlOAo0Rx6FcbdzVWn0x4FlTAW3gCHVfzER
FUHRKl7didt7CJ/89vIramju+cHXFgEl7KwJMo0+er8baYUdbmXzBJPD8eJxdlQr
jaceFNIvWqu6QzWznFfmwed/oz5Ymxzs6zPyQkW7LHmytGNqYgzOECmGtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMusFZ+dk3rqrUspVm/jDX1IJmWuMB8GA1UdIwQY
MBaAFCDH6sRcjbteXv3WXBiBRJhgPwIJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1mcXhGeU51MTVlX2RaY0dJRkVtR0FfQWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jNWU0OTgtYzg5NS00MzU0LWJlODUt
NzA0ZWFiNmNhM2U4LzEveTZ3Vm41MlRldXF0U3lsV2ItTU5mVWdtWmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jNWU0OTgtYzg5NS00MzU0LWJlODUtNzA0ZWFiNmNhM2U4
LzEvSU1mcXhGeU51MTVlX2RaY0dJRkVtR0FfQWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQAOlf4g2ImRFO0lZEO97rzbwK7bcW2R0Lqtxv6FCpeX
hhb99P2SW1nzWio8/XDwlFA2XYiclbZv49kkqffu8rvi9KmUNhabZ1z9JNtv+UPf
b1GH6Zwc6tnCC/0+V+hDG9lxm1HfblqeUNZJC1ZgKYbPKGI60fjwZeHwUzm1ZCiw
QgZ3Nnz9CPYnqT8ytj6HQ5lmxVsXA3d9qL0jIYJFomOs/K8+SwtJMmV2hPPe9mkO
g486ICU7ba4TwrCy/IF6Xi10zEsdbcxw9W50y3RQ/RLor2RwSCxxgYln6JwVDb5Z
v8QXcTDI+Nj/gzBr16tl28Om9t6kNyVfgU7MssMWaOeU
-----END CERTIFICATE-----