Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/36253f-cd8e-4fd0-ae37-e937099733c3/1/sOuy05KIPShzrBWXNGn-sVkjv-k.roa
File:                     sOuy05KIPShzrBWXNGn-sVkjv-k.roa (raw, json)
Hash identifier:          Yf+IKYPVVdd7RIscw2W42QUeSqZIN7VaSFfYzAynAtM=
Subject key identifier:   B0:EB:B2:D3:92:88:3D:28:73:AC:15:97:34:69:FE:B1:59:23:BF:E9
Certificate issuer:       /CN=de8b8549e8cf71e91faa63b40791e6bfbbfdac04
Certificate serial:       018CC8DEC5852268C02254688D1EF2670662
Authority key identifier: DE:8B:85:49:E8:CF:71:E9:1F:AA:63:B4:07:91:E6:BF:BB:FD:AC:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ouFSejPcekfqmO0B5Hmv7v9rAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/36253f-cd8e-4fd0-ae37-e937099733c3/1/sOuy05KIPShzrBWXNGn-sVkjv-k.roa
Signing time:             Tue 02 Jan 2024 06:31:31 +0000
ROA not before:           Tue 02 Jan 2024 06:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204429
IP address blocks:        185.217.84.0/24 maxlen: 24
                          185.217.84.0/22 maxlen: 22
                          185.217.85.0/24 maxlen: 24
                          185.217.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/36253f-cd8e-4fd0-ae37-e937099733c3/1/3ouFSejPcekfqmO0B5Hmv7v9rAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/36253f-cd8e-4fd0-ae37-e937099733c3/1/3ouFSejPcekfqmO0B5Hmv7v9rAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ouFSejPcekfqmO0B5Hmv7v9rAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c5:85:22:68:c0:22:54:68:8d:1e:f2:67:06:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de8b8549e8cf71e91faa63b40791e6bfbbfdac04
        Validity
            Not Before: Jan  2 06:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0ebb2d392883d2873ac15973469feb15923bfe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0c:2b:a3:6a:aa:1c:bf:4b:82:6b:12:0e:1d:
                    9a:52:72:1d:c1:19:77:06:6d:85:fb:ef:a2:66:78:
                    b9:5b:7a:9f:8b:7f:35:70:71:3a:03:1b:29:6d:6a:
                    3c:25:04:41:5e:c6:8b:e9:23:d0:0d:e5:73:40:94:
                    03:fc:4f:84:b9:4e:a3:0c:15:79:ac:26:aa:ae:47:
                    5a:da:e8:89:70:d6:fe:69:3b:cc:67:10:fa:98:b9:
                    67:02:31:ff:c4:1e:af:f0:a4:52:8f:d0:33:9a:21:
                    54:08:37:26:b3:4d:a5:71:79:9b:d7:cb:4a:5d:1f:
                    d0:e1:69:c3:31:3c:b3:06:a0:28:3b:f3:48:54:4d:
                    90:e4:c6:f5:d8:03:05:32:20:d2:08:b2:90:75:67:
                    b1:90:e4:e5:44:3d:4e:ff:51:b3:8a:7f:c0:70:5f:
                    10:49:a3:68:d5:19:63:0c:1f:2a:92:ae:20:3d:d6:
                    8d:96:06:c0:c0:b2:8b:c3:d4:7c:90:48:1a:dc:30:
                    fd:e0:91:d8:94:4f:4e:2b:4f:a1:d3:03:76:bf:3d:
                    e6:0f:79:72:01:d3:b5:97:2b:0a:2e:af:cf:70:d9:
                    fe:d0:65:5a:ed:57:f3:d5:2d:e0:5b:d8:5f:f5:36:
                    33:f5:05:35:71:e9:85:9d:6b:ff:76:2e:67:4b:60:
                    e8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:EB:B2:D3:92:88:3D:28:73:AC:15:97:34:69:FE:B1:59:23:BF:E9
            X509v3 Authority Key Identifier:
                keyid:DE:8B:85:49:E8:CF:71:E9:1F:AA:63:B4:07:91:E6:BF:BB:FD:AC:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ouFSejPcekfqmO0B5Hmv7v9rAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/36253f-cd8e-4fd0-ae37-e937099733c3/1/sOuy05KIPShzrBWXNGn-sVkjv-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/36253f-cd8e-4fd0-ae37-e937099733c3/1/3ouFSejPcekfqmO0B5Hmv7v9rAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:ee:5e:c2:df:c7:ea:97:cd:ee:56:10:59:91:bf:55:7f:c1:
         96:81:44:c2:63:be:c5:fa:1c:ba:14:96:99:39:e0:bd:f1:87:
         a7:1f:b6:f6:fa:7b:bb:04:b7:85:44:0c:6f:df:b5:b0:0b:f8:
         2b:90:82:14:3b:b5:8d:2c:f2:d6:c8:6f:10:35:f3:cd:7f:38:
         0f:2d:0e:dd:8b:93:4c:4a:99:88:e6:b8:e4:9e:ba:55:11:b1:
         0a:8a:91:21:55:1a:dd:da:1f:aa:a8:19:db:27:3e:07:e6:6e:
         23:69:e1:e4:98:8f:6c:46:6b:91:e0:54:5c:d4:5f:2b:8e:a0:
         6e:30:43:56:c9:15:5b:1c:bc:8d:34:17:bc:22:70:87:cc:40:
         65:31:75:d0:cb:25:3e:5a:ed:94:94:ee:03:9b:7b:77:14:96:
         4a:35:3c:ad:ae:e9:69:ae:57:0d:68:37:fb:8f:fc:2c:ee:c1:
         55:0d:ea:77:44:4a:84:3b:2a:20:38:19:3c:3d:8d:34:7f:82:
         72:db:93:86:11:3c:ef:79:69:ec:c3:f3:37:fd:50:ac:17:6a:
         5a:7e:75:15:cf:3f:c6:e8:56:b0:21:34:23:af:bf:ce:08:fe:
         4f:5e:36:0b:92:04:3e:28:b9:f8:a5:c6:18:4d:12:df:d5:a2:
         ea:e2:bc:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sWFImjAIlRojR7yZwZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOGI4NTQ5ZThjZjcxZTkxZmFhNjNiNDA3OTFlNmJmYmJm
ZGFjMDQwHhcNMjQwMTAyMDYzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGViYjJkMzkyODgzZDI4NzNhYzE1OTczNDY5ZmViMTU5MjNiZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgwro2qqHL9LgmsSDh2aUnIdwRl3
Bm2F+++iZni5W3qfi381cHE6AxspbWo8JQRBXsaL6SPQDeVzQJQD/E+EuU6jDBV5
rCaqrkda2uiJcNb+aTvMZxD6mLlnAjH/xB6v8KRSj9AzmiFUCDcms02lcXmb18tK
XR/Q4WnDMTyzBqAoO/NIVE2Q5Mb12AMFMiDSCLKQdWexkOTlRD1O/1Gzin/AcF8Q
SaNo1RljDB8qkq4gPdaNlgbAwLKLw9R8kEga3DD94JHYlE9OK0+h0wN2vz3mD3ly
AdO1lysKLq/PcNn+0GVa7Vfz1S3gW9hf9TYz9QU1cemFnWv/di5nS2DodwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDrstOSiD0oc6wVlzRp/rFZI7/pMB8GA1UdIwQY
MBaAFN6LhUnoz3HpH6pjtAeR5r+7/awEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM291RlNlalBjZWtmcW1PMEI1SG12N3Y5ckFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8zNjI1M2YtY2Q4ZS00ZmQwLWFlMzct
ZTkzNzA5OTczM2MzLzEvc091eTA1S0lQU2h6ckJXWE5Hbi1zVmtqdi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8zNjI1M2YtY2Q4ZS00ZmQwLWFlMzctZTkzNzA5OTczM2Mz
LzEvM291RlNlalBjZWtmcW1PMEI1SG12N3Y5ckFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudlUMA0G
CSqGSIb3DQEBCwUAA4IBAQCm7l7C38fql83uVhBZkb9Vf8GWgUTCY77F+hy6FJaZ
OeC98YenH7b2+nu7BLeFRAxv37WwC/grkIIUO7WNLPLWyG8QNfPNfzgPLQ7di5NM
SpmI5rjknrpVEbEKipEhVRrd2h+qqBnbJz4H5m4jaeHkmI9sRmuR4FRc1F8rjqBu
MENWyRVbHLyNNBe8InCHzEBlMXXQyyU+Wu2UlO4Dm3t3FJZKNTytrulprlcNaDf7
j/ws7sFVDep3REqEOyogOBk8PY00f4Jy25OGETzveWnsw/M3/VCsF2pafnUVzz/G
6FawITQjr7/OCP5PXjYLkgQ+KLn4pcYYTRLf1aLq4rz/
-----END CERTIFICATE-----