Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e9b173-92b6-4210-a8e0-b797a4406f30/1/1dy_5oIRfBH9jr9Uq32oCI5RVuU.roa
File:                     1dy_5oIRfBH9jr9Uq32oCI5RVuU.roa (raw, json)
Hash identifier:          HvySJI6uPNMO/1yxbVmVpr+dOkUrN9gdiuvoQ5zhefs=
Subject key identifier:   D5:DC:BF:E6:82:11:7C:11:FD:8E:BF:54:AB:7D:A8:08:8E:51:56:E5
Certificate issuer:       /CN=295b6a34a2109ba7c4d97f76c74466f14c3333e0
Certificate serial:       018CC8DEF4B7B35D07CF35FA92A2024CA74B
Authority key identifier: 29:5B:6A:34:A2:10:9B:A7:C4:D9:7F:76:C7:44:66:F1:4C:33:33:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVtqNKIQm6fE2X92x0Rm8UwzM-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/e9b173-92b6-4210-a8e0-b797a4406f30/1/1dy_5oIRfBH9jr9Uq32oCI5RVuU.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205371
IP address blocks:        185.220.112.0/24 maxlen: 24
                          185.220.115.0/24 maxlen: 24
                          185.220.113.0/24 maxlen: 24
                          185.220.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/e9b173-92b6-4210-a8e0-b797a4406f30/1/KVtqNKIQm6fE2X92x0Rm8UwzM-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/e9b173-92b6-4210-a8e0-b797a4406f30/1/KVtqNKIQm6fE2X92x0Rm8UwzM-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVtqNKIQm6fE2X92x0Rm8UwzM-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f4:b7:b3:5d:07:cf:35:fa:92:a2:02:4c:a7:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295b6a34a2109ba7c4d97f76c74466f14c3333e0
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5dcbfe682117c11fd8ebf54ab7da8088e5156e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:0a:e8:16:41:f8:24:ae:bf:c0:2a:93:38:
                    ec:5a:9c:b0:e5:c6:7e:d7:ee:aa:54:67:4b:59:b5:
                    6a:cb:c3:30:af:56:59:07:74:31:77:16:84:26:31:
                    b6:b0:c0:8e:15:73:44:7b:3c:ce:0a:13:2a:2d:80:
                    b2:d1:64:40:22:48:ca:1b:ef:2a:c2:95:9a:a5:58:
                    1e:95:83:0c:22:83:77:98:a3:31:63:f1:de:6c:6b:
                    26:80:1b:08:02:7e:5f:a0:e7:90:e9:91:68:b3:95:
                    03:51:3e:6a:ae:72:f7:a6:41:76:87:29:a5:8f:c6:
                    da:f4:67:f0:93:4c:d1:94:03:29:76:70:c5:96:e3:
                    b2:b8:e5:40:6d:2d:b0:d0:b2:65:2e:28:dd:17:0e:
                    39:5d:8d:f8:d7:65:59:12:67:9d:ff:00:ba:01:ff:
                    d5:a9:bd:00:47:67:5f:41:bc:6c:6d:e0:da:fc:ec:
                    97:ac:f3:a5:56:16:84:4e:1e:87:12:31:21:1a:b3:
                    3c:40:74:bd:be:35:80:5a:ce:8c:f5:f7:57:57:85:
                    79:6a:08:0a:a6:9f:22:f6:20:d9:02:6b:6f:aa:07:
                    72:c4:e9:b5:99:a4:9b:51:64:ea:ba:4b:7f:65:7b:
                    b7:f6:10:9a:0f:3e:3b:67:64:06:3e:c7:b3:6f:74:
                    b1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:DC:BF:E6:82:11:7C:11:FD:8E:BF:54:AB:7D:A8:08:8E:51:56:E5
            X509v3 Authority Key Identifier:
                keyid:29:5B:6A:34:A2:10:9B:A7:C4:D9:7F:76:C7:44:66:F1:4C:33:33:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVtqNKIQm6fE2X92x0Rm8UwzM-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e9b173-92b6-4210-a8e0-b797a4406f30/1/1dy_5oIRfBH9jr9Uq32oCI5RVuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e9b173-92b6-4210-a8e0-b797a4406f30/1/KVtqNKIQm6fE2X92x0Rm8UwzM-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:32:34:59:51:7f:94:a5:d3:59:8c:94:a6:91:47:83:b8:19:
         2f:28:8b:60:b2:63:01:30:82:70:8c:d1:53:b2:c4:c4:3b:2a:
         76:34:16:af:b9:44:d0:c3:68:0d:1c:fb:d2:21:1a:90:ed:1b:
         20:2b:46:33:b0:3f:c6:01:50:b3:78:91:55:90:50:65:86:d3:
         e4:a7:3e:3d:71:a2:5c:00:ad:d8:71:8f:8b:5f:09:46:e1:dd:
         04:16:b4:b2:69:ed:09:72:bd:69:c7:fb:5d:29:e3:e7:b4:08:
         7e:79:e3:78:57:db:f4:ac:f6:21:75:02:fc:95:73:a7:98:0a:
         4f:00:5d:92:3c:07:f6:b3:5b:73:ed:aa:c2:4e:53:56:c1:e0:
         41:db:d6:c1:a8:c3:18:05:28:49:f9:49:dc:bb:41:e5:d8:c3:
         4a:41:09:e4:3f:b6:b9:67:87:a2:3f:f2:28:68:c1:e2:aa:4a:
         fd:cc:c8:7c:0f:7b:2d:5a:73:c3:c1:af:52:6e:c6:92:30:e9:
         df:b2:3e:80:a9:ff:3c:a5:0c:15:b2:f3:c1:16:54:dd:74:80:
         12:e6:8a:2c:ce:66:9f:e1:86:15:f1:d2:c5:a0:c2:c8:8c:a9:
         d1:67:ad:89:3c:44:00:16:4c:a0:84:8c:8e:37:a0:a2:e3:b0:
         53:f6:8a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vS3s10HzzX6kqICTKdLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NWI2YTM0YTIxMDliYTdjNGQ5N2Y3NmM3NDQ2NmYxNGMz
MzMzZTAwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWRjYmZlNjgyMTE3YzExZmQ4ZWJmNTRhYjdkYTgwODhlNTE1NmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8wK6BZB+CSuv8AqkzjsWpyw5cZ+
1+6qVGdLWbVqy8Mwr1ZZB3QxdxaEJjG2sMCOFXNEezzOChMqLYCy0WRAIkjKG+8q
wpWapVgelYMMIoN3mKMxY/HebGsmgBsIAn5foOeQ6ZFos5UDUT5qrnL3pkF2hyml
j8ba9Gfwk0zRlAMpdnDFluOyuOVAbS2w0LJlLijdFw45XY3412VZEmed/wC6Af/V
qb0AR2dfQbxsbeDa/OyXrPOlVhaETh6HEjEhGrM8QHS9vjWAWs6M9fdXV4V5aggK
pp8i9iDZAmtvqgdyxOm1maSbUWTqukt/ZXu39hCaDz47Z2QGPsezb3SxlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXcv+aCEXwR/Y6/VKt9qAiOUVblMB8GA1UdIwQY
MBaAFClbajSiEJunxNl/dsdEZvFMMzPgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Z0cU5LSVFtNmZFMlg5MngwUm04VXd6TS1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lOWIxNzMtOTJiNi00MjEwLWE4ZTAt
Yjc5N2E0NDA2ZjMwLzEvMWR5XzVvSVJmQkg5anI5VXEzMm9DSTVSVnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9lOWIxNzMtOTJiNi00MjEwLWE4ZTAtYjc5N2E0NDA2ZjMw
LzEvS1Z0cU5LSVFtNmZFMlg5MngwUm04VXd6TS1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudxwMA0G
CSqGSIb3DQEBCwUAA4IBAQB0MjRZUX+UpdNZjJSmkUeDuBkvKItgsmMBMIJwjNFT
ssTEOyp2NBavuUTQw2gNHPvSIRqQ7RsgK0YzsD/GAVCzeJFVkFBlhtPkpz49caJc
AK3YcY+LXwlG4d0EFrSyae0Jcr1px/tdKePntAh+eeN4V9v0rPYhdQL8lXOnmApP
AF2SPAf2s1tz7arCTlNWweBB29bBqMMYBShJ+Uncu0Hl2MNKQQnkP7a5Z4eiP/Io
aMHiqkr9zMh8D3stWnPDwa9SbsaSMOnfsj6Aqf88pQwVsvPBFlTddIAS5ooszmaf
4YYV8dLFoMLIjKnRZ62JPEQAFkyghIyON6Ci47BT9oqx
-----END CERTIFICATE-----