Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/bcbd03-d231-4d33-b3c5-98fa827186a9/1/YWcTUXTaaDUrcT8ndZWBFIi6J2A.roa
File:                     YWcTUXTaaDUrcT8ndZWBFIi6J2A.roa (raw, json)
Hash identifier:          MxaNmAkD/5NuZqERNxLkBznbN+cOGKZVRBT0mNPNIwQ=
Subject key identifier:   61:67:13:51:74:DA:68:35:2B:71:3F:27:75:95:81:14:88:BA:27:60
Certificate issuer:       /CN=162d78249b721b4d2ce8cf6dfcfbc4422213ac9d
Certificate serial:       018CC9BAA9558D8E62C23FE63BECAB0DAF36
Authority key identifier: 16:2D:78:24:9B:72:1B:4D:2C:E8:CF:6D:FC:FB:C4:42:22:13:AC:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fi14JJtyG00s6M9t_PvEQiITrJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/bcbd03-d231-4d33-b3c5-98fa827186a9/1/YWcTUXTaaDUrcT8ndZWBFIi6J2A.roa
Signing time:             Tue 02 Jan 2024 10:31:42 +0000
ROA not before:           Tue 02 Jan 2024 10:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203944
IP address blocks:        185.118.218.0/23 maxlen: 23
                          185.118.216.0/22 maxlen: 22
                          185.118.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/bcbd03-d231-4d33-b3c5-98fa827186a9/1/Fi14JJtyG00s6M9t_PvEQiITrJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/bcbd03-d231-4d33-b3c5-98fa827186a9/1/Fi14JJtyG00s6M9t_PvEQiITrJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fi14JJtyG00s6M9t_PvEQiITrJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:a9:55:8d:8e:62:c2:3f:e6:3b:ec:ab:0d:af:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=162d78249b721b4d2ce8cf6dfcfbc4422213ac9d
        Validity
            Not Before: Jan  2 10:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6167135174da68352b713f277595811488ba2760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:73:b5:2e:ac:71:37:91:1e:ca:c4:b8:b9:c8:
                    58:a5:a6:13:e8:dc:91:f8:b7:4c:41:f3:49:c1:a3:
                    0c:17:ef:54:0e:dd:c1:56:73:a5:8d:e8:32:20:65:
                    d4:0f:ea:ec:c6:f0:1f:88:3e:80:52:f5:11:db:70:
                    c0:3b:57:69:c7:12:7f:5a:9b:89:66:b1:96:3a:d6:
                    2c:b1:2c:82:9d:f8:15:d1:02:d8:cc:bd:d0:7c:16:
                    91:6e:09:f2:3c:83:e7:21:80:61:7d:69:c2:e9:4b:
                    49:73:be:31:d8:d2:2a:e9:00:41:57:04:a5:e5:60:
                    87:82:28:89:41:1b:fc:b5:0e:a7:4d:ef:e5:46:b0:
                    a7:c0:8d:cd:14:07:7c:31:7e:d6:40:c8:1d:9f:a1:
                    7d:d8:ee:22:95:75:74:17:01:3a:fc:9d:a0:0f:bb:
                    2f:75:b2:cc:c2:02:35:f5:57:80:94:95:e7:4f:d0:
                    8f:b0:d7:dd:9b:25:89:61:78:32:f9:90:94:c4:d2:
                    96:e4:35:73:03:01:8f:9c:03:8b:60:ef:5c:9a:43:
                    51:38:cd:cd:d1:6f:45:f5:19:d4:f9:ff:1b:e4:d4:
                    f4:5c:66:24:21:a8:56:1e:8c:b1:e4:e1:2a:a1:0a:
                    6d:69:cb:80:83:86:b6:c1:58:d9:ca:97:f3:54:3e:
                    71:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:67:13:51:74:DA:68:35:2B:71:3F:27:75:95:81:14:88:BA:27:60
            X509v3 Authority Key Identifier:
                keyid:16:2D:78:24:9B:72:1B:4D:2C:E8:CF:6D:FC:FB:C4:42:22:13:AC:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fi14JJtyG00s6M9t_PvEQiITrJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/bcbd03-d231-4d33-b3c5-98fa827186a9/1/YWcTUXTaaDUrcT8ndZWBFIi6J2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/bcbd03-d231-4d33-b3c5-98fa827186a9/1/Fi14JJtyG00s6M9t_PvEQiITrJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:bc:2e:a0:d4:a6:77:67:9a:60:04:17:8e:31:3c:db:d9:f6:
         f7:0c:8d:3d:6d:16:4c:a7:11:6a:51:fe:64:4f:d7:7b:f4:65:
         95:6f:35:f0:82:f9:1f:eb:f1:6a:39:e8:63:96:3b:d3:3f:0d:
         71:2f:f5:a5:1a:41:55:b2:92:bd:26:d5:70:85:93:e4:4b:0b:
         e2:82:3e:96:93:4a:a5:64:67:f5:29:29:a6:57:f7:42:2c:10:
         19:d2:53:1e:81:54:ba:72:a2:fb:4b:32:54:1b:12:37:4f:f9:
         4f:81:27:88:7d:0a:e5:45:95:e4:ed:33:da:eb:e1:de:cc:54:
         94:3b:46:f5:67:c1:85:6b:27:7d:13:5c:56:bc:6d:6c:9a:c8:
         57:ce:49:d4:41:74:e7:8f:b0:7e:30:f4:2f:5f:9f:6e:fd:31:
         5e:3e:4f:07:55:57:e5:c8:31:66:6c:e2:8e:a2:d5:fb:82:c9:
         99:c9:f1:a8:59:bd:ea:9c:6f:6a:5c:41:f1:dd:69:98:f5:3e:
         61:db:4a:05:5b:e0:32:95:e6:dd:81:58:fb:bc:ac:30:90:73:
         21:eb:b7:79:6d:3e:7e:2e:5d:7c:7f:6c:91:72:24:a6:3f:86:
         1a:5f:48:9c:bf:f7:96:74:2c:ee:3e:22:f7:e0:c4:82:b0:29:
         8a:ac:9d:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuqlVjY5iwj/mO+yrDa82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MmQ3ODI0OWI3MjFiNGQyY2U4Y2Y2ZGZjZmJjNDQyMjIx
M2FjOWQwHhcNMjQwMTAyMTAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTY3MTM1MTc0ZGE2ODM1MmI3MTNmMjc3NTk1ODExNDg4YmEyNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHO1LqxxN5EeysS4uchYpaYT6NyR
+LdMQfNJwaMMF+9UDt3BVnOljegyIGXUD+rsxvAfiD6AUvUR23DAO1dpxxJ/WpuJ
ZrGWOtYssSyCnfgV0QLYzL3QfBaRbgnyPIPnIYBhfWnC6UtJc74x2NIq6QBBVwSl
5WCHgiiJQRv8tQ6nTe/lRrCnwI3NFAd8MX7WQMgdn6F92O4ilXV0FwE6/J2gD7sv
dbLMwgI19VeAlJXnT9CPsNfdmyWJYXgy+ZCUxNKW5DVzAwGPnAOLYO9cmkNROM3N
0W9F9RnU+f8b5NT0XGYkIahWHoyx5OEqoQptacuAg4a2wVjZypfzVD5xKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFnE1F02mg1K3E/J3WVgRSIuidgMB8GA1UdIwQY
MBaAFBYteCSbchtNLOjPbfz7xEIiE6ydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmkxNEpKdHlHMDBzNk05dF9QdkVRaUlUckowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iY2JkMDMtZDIzMS00ZDMzLWIzYzUt
OThmYTgyNzE4NmE5LzEvWVdjVFVYVGFhRFVyY1Q4bmRaV0JGSWk2SjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iY2JkMDMtZDIzMS00ZDMzLWIzYzUtOThmYTgyNzE4NmE5
LzEvRmkxNEpKdHlHMDBzNk05dF9QdkVRaUlUckowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXbYMA0G
CSqGSIb3DQEBCwUAA4IBAQAAvC6g1KZ3Z5pgBBeOMTzb2fb3DI09bRZMpxFqUf5k
T9d79GWVbzXwgvkf6/FqOehjljvTPw1xL/WlGkFVspK9JtVwhZPkSwvigj6Wk0ql
ZGf1KSmmV/dCLBAZ0lMegVS6cqL7SzJUGxI3T/lPgSeIfQrlRZXk7TPa6+HezFSU
O0b1Z8GFayd9E1xWvG1smshXzknUQXTnj7B+MPQvX59u/TFePk8HVVflyDFmbOKO
otX7gsmZyfGoWb3qnG9qXEHx3WmY9T5h20oFW+AylebdgVj7vKwwkHMh67d5bT5+
Ll18f2yRciSmP4YaX0icv/eWdCzuPiL34MSCsCmKrJ14
-----END CERTIFICATE-----