Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/2YarzvTI8YLoR4sbgzsQFPIJWmY.roa
File:                     2YarzvTI8YLoR4sbgzsQFPIJWmY.roa (raw, json)
Hash identifier:          KrkZmkqvaiTQKeeBInoP7lmxUhlwq2RxS7z2LooiPqg=
Subject key identifier:   D9:86:AB:CE:F4:C8:F1:82:E8:47:8B:1B:83:3B:10:14:F2:09:5A:66
Certificate issuer:       /CN=6735a8295a30d7dfcac2a570b8decb25c4652140
Certificate serial:       018E80E574D491C04798C901491A74579A16
Authority key identifier: 67:35:A8:29:5A:30:D7:DF:CA:C2:A5:70:B8:DE:CB:25:C4:65:21:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/2YarzvTI8YLoR4sbgzsQFPIJWmY.roa
Signing time:             Wed 27 Mar 2024 17:11:45 +0000
ROA not before:           Wed 27 Mar 2024 17:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        85.208.16.0/22 maxlen: 24
                          185.233.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:e5:74:d4:91:c0:47:98:c9:01:49:1a:74:57:9a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6735a8295a30d7dfcac2a570b8decb25c4652140
        Validity
            Not Before: Mar 27 17:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d986abcef4c8f182e8478b1b833b1014f2095a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:89:3f:fd:aa:57:35:49:26:2f:1d:7c:df:83:
                    51:d2:3a:22:8e:c2:32:72:93:1c:df:e3:05:33:80:
                    aa:2c:0b:68:92:0f:52:5e:ee:8c:99:ed:a5:ff:fc:
                    c9:72:74:bb:12:d6:d5:80:6d:7b:04:4d:ae:70:7d:
                    82:94:dc:d1:97:01:d1:57:c1:d0:9c:3a:34:a1:0d:
                    7b:f3:4c:fe:52:26:91:77:60:4b:26:11:5e:5c:4b:
                    5e:25:82:12:22:f8:fa:e3:52:71:9f:b1:bd:3d:bb:
                    78:20:97:55:ea:d6:70:89:6c:27:c8:98:fb:f8:f3:
                    99:da:51:5a:96:84:0c:db:c6:9b:a3:6f:3b:44:ad:
                    b9:4c:52:c5:5d:93:92:5d:06:2b:65:d0:6f:c2:b0:
                    6e:96:6b:79:f3:28:70:ae:9d:83:e7:21:f5:02:c9:
                    8a:4d:54:f6:3e:b7:e6:d7:aa:e5:98:9c:12:19:f4:
                    7a:19:4d:8b:cd:93:16:c7:a6:09:83:a9:85:c4:87:
                    cc:93:70:d5:02:40:73:f8:7e:74:56:20:c7:4c:35:
                    16:9d:48:7c:17:1d:10:6b:b4:94:a5:af:18:b3:16:
                    36:96:81:9e:f4:f9:ce:f1:1e:d0:fb:a2:57:55:4f:
                    86:46:08:f9:44:0e:a0:a7:c6:0c:c7:f6:b7:0f:3c:
                    48:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:86:AB:CE:F4:C8:F1:82:E8:47:8B:1B:83:3B:10:14:F2:09:5A:66
            X509v3 Authority Key Identifier:
                keyid:67:35:A8:29:5A:30:D7:DF:CA:C2:A5:70:B8:DE:CB:25:C4:65:21:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/2YarzvTI8YLoR4sbgzsQFPIJWmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.16.0/22
                  185.233.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:77:cc:8c:bd:8f:30:4c:b2:7f:38:56:55:4b:7e:22:11:8c:
         d7:57:4f:7d:5c:45:78:2b:ac:b9:56:44:0a:4d:e4:38:2b:38:
         38:ac:e2:52:99:a7:71:7e:0d:55:3d:41:ba:17:f3:d0:24:8f:
         03:ab:63:2a:b7:ac:86:54:42:5c:c5:70:92:34:52:5f:df:b7:
         c7:27:e5:d2:ec:ac:06:ac:74:a7:82:37:f7:d0:21:f7:27:5d:
         32:62:8c:90:62:a6:b6:ac:d7:d6:43:64:eb:bd:e0:87:cd:e3:
         6f:51:9a:27:f8:33:84:5c:14:86:b8:6d:0d:3e:72:fa:35:f8:
         c0:ce:22:67:b5:a7:a6:b8:e4:07:7e:76:80:fd:c6:e4:10:5a:
         d1:0d:f9:de:2b:d9:67:82:41:bc:01:4b:e9:af:86:2c:30:6c:
         04:2c:1f:94:d3:59:32:ba:85:4a:cf:01:bb:0d:ad:d2:b7:fc:
         fe:50:ba:af:80:e2:d8:d0:3c:4d:97:5c:27:91:08:73:79:6b:
         b8:ef:35:66:cd:14:d0:ce:cb:d0:1f:b9:84:bf:99:da:37:a9:
         45:1c:b0:0f:5a:21:13:7f:75:12:c1:c8:95:30:05:45:6c:f9:
         79:83:37:4a:ef:99:c4:92:c0:a0:1c:53:71:d4:df:78:8b:48:
         47:2d:ba:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6A5XTUkcBHmMkBSRp0V5oWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MzVhODI5NWEzMGQ3ZGZjYWMyYTU3MGI4ZGVjYjI1YzQ2
NTIxNDAwHhcNMjQwMzI3MTcxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg2YWJjZWY0YzhmMTgyZTg0NzhiMWI4MzNiMTAxNGYyMDk1YTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Yk//apXNUkmLx1834NR0joijsIy
cpMc3+MFM4CqLAtokg9SXu6Mme2l//zJcnS7EtbVgG17BE2ucH2ClNzRlwHRV8HQ
nDo0oQ1780z+UiaRd2BLJhFeXEteJYISIvj641Jxn7G9Pbt4IJdV6tZwiWwnyJj7
+POZ2lFaloQM28abo287RK25TFLFXZOSXQYrZdBvwrBulmt58yhwrp2D5yH1AsmK
TVT2Prfm16rlmJwSGfR6GU2LzZMWx6YJg6mFxIfMk3DVAkBz+H50ViDHTDUWnUh8
Fx0Qa7SUpa8YsxY2loGe9PnO8R7Q+6JXVU+GRgj5RA6gp8YMx/a3DzxIcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNmGq870yPGC6EeLG4M7EBTyCVpmMB8GA1UdIwQY
MBaAFGc1qClaMNffysKlcLjeyyXEZSFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnpXb0tWb3cxOV9Ld3FWd3VON0xKY1JsSVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMGIwZWMtNzA1NS00ZWJjLTk2ZmMt
MThlMThkNjU5ZDhmLzEvMllhcnp2VEk4WUxvUjRzYmd6c1FGUElKV21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMGIwZWMtNzA1NS00ZWJjLTk2ZmMtMThlMThkNjU5ZDhm
LzEvWnpXb0tWb3cxOV9Ld3FWd3VON0xKY1JsSVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVdAQAwQB
uenqMA0GCSqGSIb3DQEBCwUAA4IBAQB5d8yMvY8wTLJ/OFZVS34iEYzXV099XEV4
K6y5VkQKTeQ4Kzg4rOJSmadxfg1VPUG6F/PQJI8Dq2Mqt6yGVEJcxXCSNFJf37fH
J+XS7KwGrHSngjf30CH3J10yYoyQYqa2rNfWQ2TrveCHzeNvUZon+DOEXBSGuG0N
PnL6NfjAziJntaemuOQHfnaA/cbkEFrRDfneK9lngkG8AUvpr4YsMGwELB+U01ky
uoVKzwG7Da3St/z+ULqvgOLY0DxNl1wnkQhzeWu47zVmzRTQzsvQH7mEv5naN6lF
HLAPWiETf3USwciVMAVFbPl5gzdK75nEksCgHFNx1N94i0hHLbp6
-----END CERTIFICATE-----