Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/x-Yrl-SFkik500bWrRDQb3oNSyE.roa
File:                     x-Yrl-SFkik500bWrRDQb3oNSyE.roa (raw, json)
Hash identifier:          H/EwVY9tCGLK9wuVkXsGdgdwSiael+yVYOPvQPnyiTQ=
Subject key identifier:   C7:E6:2B:97:E4:85:92:29:39:D3:46:D6:AD:10:D0:6F:7A:0D:4B:21
Certificate issuer:       /CN=865122c0e562e407976823d94e19e2a794f8cb62
Certificate serial:       018CC6B7A957652CA121A775EA603AD77BF7
Authority key identifier: 86:51:22:C0:E5:62:E4:07:97:68:23:D9:4E:19:E2:A7:94:F8:CB:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hlEiwOVi5AeXaCPZThnip5T4y2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/x-Yrl-SFkik500bWrRDQb3oNSyE.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205068
IP address blocks:        185.166.164.0/22 maxlen: 22
                          2a0d:3080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/hlEiwOVi5AeXaCPZThnip5T4y2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/hlEiwOVi5AeXaCPZThnip5T4y2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hlEiwOVi5AeXaCPZThnip5T4y2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a9:57:65:2c:a1:21:a7:75:ea:60:3a:d7:7b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=865122c0e562e407976823d94e19e2a794f8cb62
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7e62b97e485922939d346d6ad10d06f7a0d4b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7f:72:ca:d6:ad:97:8c:85:b4:97:55:3a:e3:
                    59:f4:b7:9a:ca:57:d9:9b:8d:f2:1b:27:b4:ba:40:
                    dd:54:96:59:9d:d8:1f:95:fb:49:14:3c:55:2b:f8:
                    dc:13:37:25:d2:da:22:9d:d8:29:f4:5a:ce:c2:67:
                    a1:80:04:8e:77:5e:6d:a4:14:a6:d5:ab:88:e5:79:
                    1a:ad:6d:33:3a:89:be:24:9a:c1:70:cf:6a:14:b7:
                    b8:ca:6d:fc:29:e7:62:51:10:3f:de:bb:12:6b:90:
                    21:20:d4:5c:15:b1:b6:ef:0e:80:40:73:21:80:40:
                    0e:c5:04:f9:ef:fb:ca:be:02:0b:8d:db:19:ab:63:
                    bd:4d:3b:ab:31:4c:25:65:5e:c4:e8:cc:7f:e4:2e:
                    9a:57:4c:4e:ba:64:3b:4c:7f:40:0d:6c:c8:61:8f:
                    94:b3:50:2b:e6:d2:e8:be:7d:80:0a:4a:8c:cf:1b:
                    67:31:5e:a7:6f:97:a4:11:01:c0:13:cc:b9:76:d8:
                    c6:f7:7d:9c:80:7e:54:9b:64:0a:13:bf:4a:59:69:
                    40:0f:2f:04:d1:9c:97:61:42:7c:a0:ea:d7:47:04:
                    fb:eb:d1:11:53:6c:93:34:4b:33:0f:17:a0:75:73:
                    5d:a3:9f:a2:5b:19:71:08:b7:12:2b:b3:b6:68:cc:
                    a4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E6:2B:97:E4:85:92:29:39:D3:46:D6:AD:10:D0:6F:7A:0D:4B:21
            X509v3 Authority Key Identifier:
                keyid:86:51:22:C0:E5:62:E4:07:97:68:23:D9:4E:19:E2:A7:94:F8:CB:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hlEiwOVi5AeXaCPZThnip5T4y2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/x-Yrl-SFkik500bWrRDQb3oNSyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/028b82-fe03-4025-9765-b8dd18e48e86/1/hlEiwOVi5AeXaCPZThnip5T4y2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.164.0/22
                IPv6:
                  2a0d:3080::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:14:03:dd:83:e8:46:f9:5b:c1:34:88:2c:90:f2:5f:b2:22:
         9c:93:0a:cf:99:ea:59:20:86:ae:66:dd:63:9c:a3:9e:1c:5b:
         34:70:a4:ed:6f:f6:04:f9:90:60:b1:0f:87:48:4a:04:a6:5e:
         3d:75:5e:ac:c0:c3:8a:fd:61:74:b9:86:22:13:23:53:9e:2c:
         42:78:61:d8:a8:22:64:1c:6c:a8:69:10:3c:4f:40:39:8a:68:
         96:9e:c5:79:c8:0d:f7:dd:25:68:e0:49:2c:30:cc:a8:82:bc:
         99:6f:a7:79:c0:72:83:c7:07:98:68:11:7e:74:5c:f7:59:34:
         a0:ea:c2:2d:8e:78:db:f8:4f:8b:af:6d:6f:ee:37:e2:e5:8f:
         b9:62:5e:33:cc:24:68:56:84:0c:7c:9b:a3:47:f6:e5:c0:e5:
         7a:b1:04:9a:b7:2c:5a:42:20:38:82:06:3f:fb:08:1c:90:b9:
         91:15:39:c9:09:77:65:34:f0:6f:47:95:21:50:ff:2e:af:ad:
         11:5e:5d:71:01:b4:4b:2b:7d:af:1f:08:a3:fd:a1:7e:74:d7:
         7c:ba:56:ab:20:4e:23:ea:14:a6:e5:1c:01:59:de:48:ac:dc:
         8b:1c:ce:8a:bf:39:d2:46:63:1d:c2:d8:4a:fa:f4:ea:7f:d9:
         98:b0:48:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt6lXZSyhIad16mA613v3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NTEyMmMwZTU2MmU0MDc5NzY4MjNkOTRlMTllMmE3OTRm
OGNiNjIwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2U2MmI5N2U0ODU5MjI5MzlkMzQ2ZDZhZDEwZDA2ZjdhMGQ0YjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX9yytatl4yFtJdVOuNZ9LeaylfZ
m43yGye0ukDdVJZZndgflftJFDxVK/jcEzcl0toindgp9FrOwmehgASOd15tpBSm
1auI5XkarW0zOom+JJrBcM9qFLe4ym38KediURA/3rsSa5AhINRcFbG27w6AQHMh
gEAOxQT57/vKvgILjdsZq2O9TTurMUwlZV7E6Mx/5C6aV0xOumQ7TH9ADWzIYY+U
s1Ar5tLovn2ACkqMzxtnMV6nb5ekEQHAE8y5dtjG932cgH5Um2QKE79KWWlADy8E
0ZyXYUJ8oOrXRwT769ERU2yTNEszDxegdXNdo5+iWxlxCLcSK7O2aMykKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMfmK5fkhZIpOdNG1q0Q0G96DUshMB8GA1UdIwQY
MBaAFIZRIsDlYuQHl2gj2U4Z4qeU+MtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGxFaXdPVmk1QWVYYUNQWlRobmlwNVQ0eTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8wMjhiODItZmUwMy00MDI1LTk3NjUt
YjhkZDE4ZTQ4ZTg2LzEveC1ZcmwtU0ZraWs1MDBiV3JSRFFiM29OU3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8wMjhiODItZmUwMy00MDI1LTk3NjUtYjhkZDE4ZTQ4ZTg2
LzEvaGxFaXdPVmk1QWVYYUNQWlRobmlwNVQ0eTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaakMA0E
AgACMAcDBQMqDTCAMA0GCSqGSIb3DQEBCwUAA4IBAQB5FAPdg+hG+VvBNIgskPJf
siKckwrPmepZIIauZt1jnKOeHFs0cKTtb/YE+ZBgsQ+HSEoEpl49dV6swMOK/WF0
uYYiEyNTnixCeGHYqCJkHGyoaRA8T0A5imiWnsV5yA333SVo4EksMMyogryZb6d5
wHKDxweYaBF+dFz3WTSg6sItjnjb+E+Lr21v7jfi5Y+5Yl4zzCRoVoQMfJujR/bl
wOV6sQSatyxaQiA4ggY/+wgckLmRFTnJCXdlNPBvR5UhUP8ur60RXl1xAbRLK32v
Hwij/aF+dNd8ularIE4j6hSm5RwBWd5IrNyLHM6KvznSRmMdwthK+vTqf9mYsEjA
-----END CERTIFICATE-----