Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/932fb7-db05-409c-a16a-97a4283b6292/1/sydrlevRphbcTtcO-Vx2HDSFuLI.roa
File:                     sydrlevRphbcTtcO-Vx2HDSFuLI.roa (raw, json)
Hash identifier:          g5a+157SCEAmmqvNqn/HxyRTIdjUtOmXiWw/E3vIgks=
Subject key identifier:   B3:27:6B:95:EB:D1:A6:16:DC:4E:D7:0E:F9:5C:76:1C:34:85:B8:B2
Certificate issuer:       /CN=52f629f34cd083bc68054069b1cc5ee7971f8bbb
Certificate serial:       018F38F34017418B8200349C05AE601CCAD2
Authority key identifier: 52:F6:29:F3:4C:D0:83:BC:68:05:40:69:B1:CC:5E:E7:97:1F:8B:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UvYp80zQg7xoBUBpscxe55cfi7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/932fb7-db05-409c-a16a-97a4283b6292/1/sydrlevRphbcTtcO-Vx2HDSFuLI.roa
Signing time:             Thu 02 May 2024 10:56:56 +0000
ROA not before:           Thu 02 May 2024 10:56:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200432
IP address blocks:        185.107.60.0/22 maxlen: 22
                          185.107.60.0/24 maxlen: 24
                          185.107.61.0/24 maxlen: 24
                          185.107.62.0/24 maxlen: 24
                          185.107.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/932fb7-db05-409c-a16a-97a4283b6292/1/UvYp80zQg7xoBUBpscxe55cfi7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/932fb7-db05-409c-a16a-97a4283b6292/1/UvYp80zQg7xoBUBpscxe55cfi7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UvYp80zQg7xoBUBpscxe55cfi7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:f3:40:17:41:8b:82:00:34:9c:05:ae:60:1c:ca:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52f629f34cd083bc68054069b1cc5ee7971f8bbb
        Validity
            Not Before: May  2 10:56:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3276b95ebd1a616dc4ed70ef95c761c3485b8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:dc:a4:9d:35:91:ac:ae:7e:26:e0:70:b3:fb:
                    60:00:41:fa:3c:ea:23:bd:0e:85:16:95:88:05:23:
                    cc:33:b7:c9:15:be:25:17:7a:84:68:d4:f0:6a:df:
                    58:e6:6b:fe:2d:d7:da:4c:37:07:3f:a2:e1:59:3c:
                    1a:58:df:f8:8d:64:23:5d:45:64:46:a6:39:15:2a:
                    f0:02:69:6f:33:62:b8:50:01:0d:49:66:eb:e1:45:
                    10:cf:c8:10:6f:f6:5d:30:44:cb:36:0e:7a:92:bd:
                    55:61:48:9d:66:61:22:9a:25:3d:42:fc:02:e4:8f:
                    d0:a5:f3:8d:7c:8e:d9:46:99:fc:be:68:12:ec:c3:
                    96:4e:48:5e:45:1a:b3:36:3b:e3:c7:a6:f5:c5:3f:
                    61:65:6c:a3:93:f5:68:cf:d2:29:4b:a2:4b:ef:5d:
                    5f:bf:01:b5:35:88:44:f1:e6:15:77:b4:97:77:96:
                    1c:14:4c:f9:69:7c:0b:e4:1d:9f:02:b3:13:80:c0:
                    dc:27:38:46:3a:a8:5d:22:26:a9:9e:ef:da:a8:96:
                    9d:d9:5c:57:06:08:d2:c2:b6:96:db:5c:cc:0c:da:
                    c5:a8:f0:f0:e0:e6:9f:b8:50:7b:aa:cf:95:f9:fa:
                    28:df:1e:75:66:6b:d9:a9:e7:d1:81:3c:a2:14:ba:
                    46:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:27:6B:95:EB:D1:A6:16:DC:4E:D7:0E:F9:5C:76:1C:34:85:B8:B2
            X509v3 Authority Key Identifier:
                keyid:52:F6:29:F3:4C:D0:83:BC:68:05:40:69:B1:CC:5E:E7:97:1F:8B:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UvYp80zQg7xoBUBpscxe55cfi7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/932fb7-db05-409c-a16a-97a4283b6292/1/sydrlevRphbcTtcO-Vx2HDSFuLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/932fb7-db05-409c-a16a-97a4283b6292/1/UvYp80zQg7xoBUBpscxe55cfi7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:01:98:c5:fb:8e:5f:01:63:74:25:23:17:5e:6e:d9:b9:a1:
         9d:b7:c2:79:3c:d6:8e:87:22:23:c6:23:c7:66:44:55:e5:93:
         13:e2:59:28:33:f7:ec:eb:93:4b:d9:9e:88:bc:8c:ba:23:54:
         64:d0:e5:bd:0e:0a:e3:42:33:01:39:18:6c:d4:c6:77:b1:3c:
         24:c8:d1:6a:f3:06:e7:b7:7d:ea:4d:fc:16:fe:8f:c0:fa:5e:
         ad:ec:79:d6:ca:d9:78:a0:02:10:00:13:f4:48:9e:31:bf:f8:
         1d:1c:5e:b1:97:19:7a:d1:42:98:4c:40:00:7b:f1:66:3c:ef:
         3f:74:92:d4:49:3c:66:3b:93:91:7d:00:f4:b8:69:69:e6:a3:
         66:14:66:36:5d:3f:2c:d7:f7:94:c1:94:49:04:ae:d1:f0:e9:
         eb:d0:c8:7b:12:24:83:3b:ba:86:0b:a1:28:26:14:f1:ac:22:
         7e:58:53:be:f1:f0:0d:b5:99:6f:91:be:a9:0a:b2:78:1c:b2:
         81:d8:5a:de:a7:ce:d4:61:56:da:76:8b:0e:5d:21:8c:35:53:
         c2:dc:c2:81:c4:de:dc:45:16:97:37:75:de:2a:46:8e:8f:a8:
         82:9c:09:6e:0b:ed:01:82:88:1e:a5:a4:de:24:bb:1a:43:fc:
         f7:15:b8:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8480AXQYuCADScBa5gHMrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZjYyOWYzNGNkMDgzYmM2ODA1NDA2OWIxY2M1ZWU3OTcx
ZjhiYmIwHhcNMjQwNTAyMTA1NjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI3NmI5NWViZDFhNjE2ZGM0ZWQ3MGVmOTVjNzYxYzM0ODViOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotyknTWRrK5+JuBws/tgAEH6POoj
vQ6FFpWIBSPMM7fJFb4lF3qEaNTwat9Y5mv+LdfaTDcHP6LhWTwaWN/4jWQjXUVk
RqY5FSrwAmlvM2K4UAENSWbr4UUQz8gQb/ZdMETLNg56kr1VYUidZmEimiU9QvwC
5I/QpfONfI7ZRpn8vmgS7MOWTkheRRqzNjvjx6b1xT9hZWyjk/Voz9IpS6JL711f
vwG1NYhE8eYVd7SXd5YcFEz5aXwL5B2fArMTgMDcJzhGOqhdIiapnu/aqJad2VxX
BgjSwraW21zMDNrFqPDw4OafuFB7qs+V+foo3x51ZmvZqefRgTyiFLpGlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMna5Xr0aYW3E7XDvlcdhw0hbiyMB8GA1UdIwQY
MBaAFFL2KfNM0IO8aAVAabHMXueXH4u7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXZZcDgwelFnN3hvQlVCcHNjeGU1NWNmaTdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85MzJmYjctZGIwNS00MDljLWExNmEt
OTdhNDI4M2I2MjkyLzEvc3lkcmxldlJwaGJjVHRjTy1WeDJIRFNGdUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85MzJmYjctZGIwNS00MDljLWExNmEtOTdhNDI4M2I2Mjky
LzEvVXZZcDgwelFnN3hvQlVCcHNjeGU1NWNmaTdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWs8MA0G
CSqGSIb3DQEBCwUAA4IBAQCUAZjF+45fAWN0JSMXXm7ZuaGdt8J5PNaOhyIjxiPH
ZkRV5ZMT4lkoM/fs65NL2Z6IvIy6I1Rk0OW9DgrjQjMBORhs1MZ3sTwkyNFq8wbn
t33qTfwW/o/A+l6t7HnWytl4oAIQABP0SJ4xv/gdHF6xlxl60UKYTEAAe/FmPO8/
dJLUSTxmO5ORfQD0uGlp5qNmFGY2XT8s1/eUwZRJBK7R8Onr0Mh7EiSDO7qGC6Eo
JhTxrCJ+WFO+8fANtZlvkb6pCrJ4HLKB2Frep87UYVbadosOXSGMNVPC3MKBxN7c
RRaXN3XeKkaOj6iCnAluC+0BgogepaTeJLsaQ/z3FbgX
-----END CERTIFICATE-----