Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e6a554-d974-4377-becc-cbf343deb7bc/1/yHoTODAZaLPXqTnBHtGue1K7-_U.roa
File:                     yHoTODAZaLPXqTnBHtGue1K7-_U.roa (raw, json)
Hash identifier:          gB/0Ud75+9L5LrNzxLiNJZ3yYNaPG3DHTbTbgpemxqI=
Subject key identifier:   C8:7A:13:38:30:19:68:B3:D7:A9:39:C1:1E:D1:AE:7B:52:BB:FB:F5
Certificate issuer:       /CN=ec5fdf6a51b98091e9ec7bdfaf483ec7743a5a25
Certificate serial:       018CC2DB15A9A4AC2284599B979AB6FEDA32
Authority key identifier: EC:5F:DF:6A:51:B9:80:91:E9:EC:7B:DF:AF:48:3E:C7:74:3A:5A:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7F_falG5gJHp7Hvfr0g-x3Q6WiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/e6a554-d974-4377-becc-cbf343deb7bc/1/yHoTODAZaLPXqTnBHtGue1K7-_U.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42000
IP address blocks:        185.216.220.0/22 maxlen: 22
                          2a0b:bdc0::/29 maxlen: 29
                          2a0b:bdc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/e6a554-d974-4377-becc-cbf343deb7bc/1/7F_falG5gJHp7Hvfr0g-x3Q6WiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/e6a554-d974-4377-becc-cbf343deb7bc/1/7F_falG5gJHp7Hvfr0g-x3Q6WiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7F_falG5gJHp7Hvfr0g-x3Q6WiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:15:a9:a4:ac:22:84:59:9b:97:9a:b6:fe:da:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec5fdf6a51b98091e9ec7bdfaf483ec7743a5a25
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c87a1338301968b3d7a939c11ed1ae7b52bbfbf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4c:4c:0b:7e:6d:6d:6c:72:94:3d:ce:eb:e5:
                    44:f8:e3:9a:7b:5d:33:f9:55:89:05:2d:6c:e5:a5:
                    4e:2a:17:b7:10:90:69:f2:9e:21:0a:a1:c7:e5:2e:
                    45:20:cd:6e:da:ec:9a:bc:84:7e:88:98:93:8d:d7:
                    a3:9a:42:6e:8e:16:b1:aa:53:b5:fe:cb:17:22:36:
                    50:91:ba:59:25:2e:1a:b2:99:96:12:16:6d:5f:5c:
                    64:ab:3b:da:36:da:64:e4:3c:21:89:0a:8c:27:d1:
                    01:68:c1:2d:3c:31:fb:34:9e:b9:5d:49:a4:f8:66:
                    54:bd:1b:5c:a0:e8:c5:2a:33:5a:63:ac:54:a7:5b:
                    1e:32:52:b2:b4:dd:e1:54:b2:93:82:61:ec:4d:ed:
                    bd:ff:81:c6:3d:92:7c:c4:19:23:21:fa:da:0a:74:
                    7d:48:fb:09:05:90:c8:56:ed:18:b7:0a:0b:24:79:
                    ec:5d:b0:c8:28:8e:bb:79:a7:1a:ed:a4:11:15:3f:
                    db:2a:cc:33:27:c5:0b:f7:ae:d4:0a:98:df:ee:a3:
                    86:9b:c6:d2:d8:21:65:63:73:4c:84:9b:d1:23:a7:
                    fc:3d:bd:10:8a:68:66:f9:26:37:86:de:b0:f4:bd:
                    62:a8:c9:af:1a:0a:fb:05:51:c5:ea:a8:f7:10:4f:
                    3f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:7A:13:38:30:19:68:B3:D7:A9:39:C1:1E:D1:AE:7B:52:BB:FB:F5
            X509v3 Authority Key Identifier:
                keyid:EC:5F:DF:6A:51:B9:80:91:E9:EC:7B:DF:AF:48:3E:C7:74:3A:5A:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7F_falG5gJHp7Hvfr0g-x3Q6WiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e6a554-d974-4377-becc-cbf343deb7bc/1/yHoTODAZaLPXqTnBHtGue1K7-_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e6a554-d974-4377-becc-cbf343deb7bc/1/7F_falG5gJHp7Hvfr0g-x3Q6WiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.220.0/22
                IPv6:
                  2a0b:bdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:b4:96:de:48:12:24:66:50:86:7f:d8:aa:65:c5:49:e7:5b:
         d6:80:21:8d:38:08:ac:40:73:a2:10:46:04:12:f4:82:68:38:
         cf:9c:f7:a6:ef:49:ef:81:a3:a3:57:13:d7:31:59:8d:5b:68:
         78:21:09:07:61:1c:b9:fb:bb:ed:84:75:cf:48:40:1d:4f:8b:
         a2:2c:85:da:6d:24:58:cb:25:41:98:aa:4e:86:a2:95:72:76:
         e4:1b:1b:28:1c:96:35:7a:19:c4:1e:5b:ea:51:b2:75:5c:e4:
         12:1d:2e:5b:34:17:0a:cc:f5:7b:86:28:8a:14:04:26:fd:92:
         e4:64:28:63:04:80:f7:90:ab:14:f7:31:ed:2f:4c:6c:b3:3e:
         3f:2e:5e:9d:f5:fa:de:b5:18:d9:28:fb:8b:97:6b:a7:b8:b9:
         d7:3e:13:aa:d6:5e:59:99:16:c9:82:e9:ac:8f:2f:c7:77:3c:
         09:f1:c0:dd:fb:e6:1c:f7:de:f8:aa:3b:2e:79:0d:67:3b:da:
         89:64:66:58:b5:c1:ab:39:5c:47:84:05:58:3a:47:8d:fb:a3:
         16:a6:43:a8:9d:2d:9f:ac:68:e4:8d:9a:97:0a:9f:01:e1:59:
         f0:0b:84:d0:d1:64:78:2c:3f:44:1d:57:99:0f:c8:ca:9a:9e:
         0c:ba:49:b3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2xWppKwihFmbl5q2/toyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNWZkZjZhNTFiOTgwOTFlOWVjN2JkZmFmNDgzZWM3NzQz
YTVhMjUwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdhMTMzODMwMTk2OGIzZDdhOTM5YzExZWQxYWU3YjUyYmJmYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUxMC35tbWxylD3O6+VE+OOae10z
+VWJBS1s5aVOKhe3EJBp8p4hCqHH5S5FIM1u2uyavIR+iJiTjdejmkJujhaxqlO1
/ssXIjZQkbpZJS4aspmWEhZtX1xkqzvaNtpk5DwhiQqMJ9EBaMEtPDH7NJ65XUmk
+GZUvRtcoOjFKjNaY6xUp1seMlKytN3hVLKTgmHsTe29/4HGPZJ8xBkjIfraCnR9
SPsJBZDIVu0YtwoLJHnsXbDIKI67eaca7aQRFT/bKswzJ8UL967UCpjf7qOGm8bS
2CFlY3NMhJvRI6f8Pb0Qimhm+SY3ht6w9L1iqMmvGgr7BVHF6qj3EE8/EwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMh6EzgwGWiz16k5wR7RrntSu/v1MB8GA1UdIwQY
MBaAFOxf32pRuYCR6ex7369IPsd0OlolMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0ZfZmFsRzVnSkhwN0h2ZnIwZy14M1E2V2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lNmE1NTQtZDk3NC00Mzc3LWJlY2Mt
Y2JmMzQzZGViN2JjLzEveUhvVE9EQVphTFBYcVRuQkh0R3VlMUs3LV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lNmE1NTQtZDk3NC00Mzc3LWJlY2MtY2JmMzQzZGViN2Jj
LzEvN0ZfZmFsRzVnSkhwN0h2ZnIwZy14M1E2V2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudjcMA0E
AgACMAcDBQMqC73AMA0GCSqGSIb3DQEBCwUAA4IBAQBXtJbeSBIkZlCGf9iqZcVJ
51vWgCGNOAisQHOiEEYEEvSCaDjPnPem70nvgaOjVxPXMVmNW2h4IQkHYRy5+7vt
hHXPSEAdT4uiLIXabSRYyyVBmKpOhqKVcnbkGxsoHJY1ehnEHlvqUbJ1XOQSHS5b
NBcKzPV7hiiKFAQm/ZLkZChjBID3kKsU9zHtL0xssz4/Ll6d9fretRjZKPuLl2un
uLnXPhOq1l5ZmRbJgumsjy/HdzwJ8cDd++Yc9974qjsueQ1nO9qJZGZYtcGrOVxH
hAVYOkeN+6MWpkOonS2frGjkjZqXCp8B4VnwC4TQ0WR4LD9EHVeZD8jKmp4Mukmz
-----END CERTIFICATE-----