Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/Jy8zLWhwAFIzaW-yLXVw8RIZwz0.roa
File:                     Jy8zLWhwAFIzaW-yLXVw8RIZwz0.roa (raw, json)
Hash identifier:          LHAOEeEA4Q63bnSFIIdnhUepUUtlwTjNf49Sh3MJRjw=
Subject key identifier:   27:2F:33:2D:68:70:00:52:33:69:6F:B2:2D:75:70:F1:12:19:C3:3D
Certificate issuer:       /CN=85b611a0b7d4334b7a2395e8cce7b0e3c9b838e8
Certificate serial:       018CC94E34DA1B970CDFA9012E9BFCED7EB8
Authority key identifier: 85:B6:11:A0:B7:D4:33:4B:7A:23:95:E8:CC:E7:B0:E3:C9:B8:38:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/Jy8zLWhwAFIzaW-yLXVw8RIZwz0.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211717
IP address blocks:        185.51.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:34:da:1b:97:0c:df:a9:01:2e:9b:fc:ed:7e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b611a0b7d4334b7a2395e8cce7b0e3c9b838e8
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=272f332d6870005233696fb22d7570f11219c33d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3f:59:06:5c:30:85:1d:84:dd:5d:98:87:81:
                    ca:31:7c:a7:6e:e9:37:82:1b:85:05:ec:62:31:fd:
                    26:f7:39:65:d5:f4:d5:36:a1:5f:68:b9:9c:fb:0a:
                    e2:d4:15:83:1d:66:52:23:8e:e8:8f:ad:2e:44:ca:
                    6a:0c:e1:bc:72:8d:7e:d0:7b:d7:b0:22:7b:5b:88:
                    91:d4:91:f6:de:f0:5a:94:3d:38:11:2e:4f:8d:e2:
                    f1:6c:b0:23:ed:d2:52:1f:fc:f2:38:4a:53:26:f5:
                    ae:c4:fe:64:3f:8b:0d:36:a2:2d:12:fe:9a:a1:b6:
                    24:5a:67:9a:40:e2:48:05:ba:a5:52:0b:c4:90:b9:
                    7a:b1:59:e0:5a:d1:63:97:ff:7c:c1:96:be:79:95:
                    da:59:8f:b3:73:63:e3:d7:c3:2b:c0:a3:ce:88:56:
                    9c:e5:b6:ba:55:0b:ba:aa:7e:7f:58:da:3c:8a:e9:
                    6c:0d:2a:0a:60:b5:88:f6:27:9e:d2:df:76:83:da:
                    08:a2:47:52:a2:c8:70:a7:18:6a:d5:15:b6:1a:6e:
                    28:1d:f4:1d:25:7e:0d:1f:95:08:00:4b:28:14:97:
                    48:5f:6b:65:7c:4d:70:32:d6:bc:48:30:b3:a3:24:
                    23:5b:a3:50:47:c6:5e:22:6b:ff:78:42:e5:ea:23:
                    d9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2F:33:2D:68:70:00:52:33:69:6F:B2:2D:75:70:F1:12:19:C3:3D
            X509v3 Authority Key Identifier:
                keyid:85:B6:11:A0:B7:D4:33:4B:7A:23:95:E8:CC:E7:B0:E3:C9:B8:38:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbYRoLfUM0t6I5XozOew48m4OOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/Jy8zLWhwAFIzaW-yLXVw8RIZwz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9d563d-c470-43b3-82bb-88cb4e7106ea/1/hbYRoLfUM0t6I5XozOew48m4OOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:ec:41:b8:01:00:4f:0b:59:ed:d6:54:14:0a:93:3c:e3:ec:
         fd:ca:3e:0f:24:c3:af:c5:13:f5:d2:6f:bd:be:d9:0a:c7:47:
         ca:cd:72:2a:f1:cf:7d:69:51:02:43:75:8b:ec:15:c4:3f:76:
         8d:60:22:5b:a1:cf:74:1a:38:c8:3a:54:9d:47:d3:5f:d7:23:
         6e:50:b8:04:98:c0:cd:0a:14:05:23:87:8f:82:a7:20:76:e4:
         d1:ae:13:71:1b:15:4a:f2:9e:1c:1c:69:09:74:8c:b6:6f:e0:
         cf:d7:11:40:98:d8:2c:4c:b4:34:d1:49:d5:ec:24:c6:1e:61:
         8e:dc:00:89:81:7d:8c:92:67:c7:55:13:63:72:0b:dc:98:c8:
         db:4e:db:e9:af:30:6e:01:69:ec:ba:75:21:a0:89:b4:e2:49:
         ec:38:c2:ea:df:b8:aa:9a:bf:f3:33:1a:b9:25:9f:30:63:df:
         b9:21:d2:45:00:ad:c4:e2:2c:c9:ef:38:20:bf:1b:ae:67:a8:
         6e:de:78:c0:39:51:cd:4c:c3:2f:e2:d4:fd:fb:31:66:aa:1e:
         5a:eb:56:fb:d4:71:82:f0:a7:22:fe:62:43:65:ad:1d:55:de:
         fe:fc:fb:57:0a:eb:3e:bb:b9:03:e9:f7:e2:6f:73:dd:36:db:
         4c:b0:c1:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjTaG5cM36kBLpv87X64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YjYxMWEwYjdkNDMzNGI3YTIzOTVlOGNjZTdiMGUzYzli
ODM4ZTgwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJmMzMyZDY4NzAwMDUyMzM2OTZmYjIyZDc1NzBmMTEyMTljMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoD9ZBlwwhR2E3V2Yh4HKMXynbuk3
ghuFBexiMf0m9zll1fTVNqFfaLmc+wri1BWDHWZSI47oj60uRMpqDOG8co1+0HvX
sCJ7W4iR1JH23vBalD04ES5PjeLxbLAj7dJSH/zyOEpTJvWuxP5kP4sNNqItEv6a
obYkWmeaQOJIBbqlUgvEkLl6sVngWtFjl/98wZa+eZXaWY+zc2Pj18MrwKPOiFac
5ba6VQu6qn5/WNo8iulsDSoKYLWI9iee0t92g9oIokdSoshwpxhq1RW2Gm4oHfQd
JX4NH5UIAEsoFJdIX2tlfE1wMta8SDCzoyQjW6NQR8ZeImv/eELl6iPZLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcvMy1ocABSM2lvsi11cPESGcM9MB8GA1UdIwQY
MBaAFIW2EaC31DNLeiOV6MznsOPJuDjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJZUm9MZlVNMHQ2STVYb3pPZXc0OG00T09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85ZDU2M2QtYzQ3MC00M2IzLTgyYmIt
ODhjYjRlNzEwNmVhLzEvSnk4ekxXaHdBRkl6YVcteUxYVnc4Uklad3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85ZDU2M2QtYzQ3MC00M2IzLTgyYmItODhjYjRlNzEwNmVh
LzEvaGJZUm9MZlVNMHQ2STVYb3pPZXc0OG00T09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTMsMA0G
CSqGSIb3DQEBCwUAA4IBAQBO7EG4AQBPC1nt1lQUCpM84+z9yj4PJMOvxRP10m+9
vtkKx0fKzXIq8c99aVECQ3WL7BXEP3aNYCJboc90GjjIOlSdR9Nf1yNuULgEmMDN
ChQFI4ePgqcgduTRrhNxGxVK8p4cHGkJdIy2b+DP1xFAmNgsTLQ00UnV7CTGHmGO
3ACJgX2MkmfHVRNjcgvcmMjbTtvprzBuAWnsunUhoIm04knsOMLq37iqmr/zMxq5
JZ8wY9+5IdJFAK3E4izJ7zggvxuuZ6hu3njAOVHNTMMv4tT9+zFmqh5a61b71HGC
8Kci/mJDZa0dVd7+/PtXCus+u7kD6ffib3PdNttMsMED
-----END CERTIFICATE-----