Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/CygjlYjt9JDZOuRGT_RW5T-u-IQ.roa
File:                     CygjlYjt9JDZOuRGT_RW5T-u-IQ.roa (raw, json)
Hash identifier:          1gIXFNGqnDblnsQWYsTHHAg1nmft3BPAnbK2GrMenc8=
Subject key identifier:   0B:28:23:95:88:ED:F4:90:D9:3A:E4:46:4F:F4:56:E5:3F:AE:F8:84
Certificate issuer:       /CN=70847f8221897d6e952e86ea2c339abaacc131f5
Certificate serial:       018CC6B795E8FB7AB4354C0D76DB7DD3D7CB
Authority key identifier: 70:84:7F:82:21:89:7D:6E:95:2E:86:EA:2C:33:9A:BA:AC:C1:31:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/CygjlYjt9JDZOuRGT_RW5T-u-IQ.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43056
IP address blocks:        185.38.28.0/22 maxlen: 24
                          185.95.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:95:e8:fb:7a:b4:35:4c:0d:76:db:7d:d3:d7:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70847f8221897d6e952e86ea2c339abaacc131f5
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b28239588edf490d93ae4464ff456e53faef884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:82:9f:90:47:29:77:d2:b6:99:4b:12:fc:56:
                    8d:e2:82:e7:ac:9b:54:c8:ef:da:aa:8e:cb:11:7c:
                    02:a8:d4:7d:07:3d:2d:84:00:50:ea:3b:56:9d:55:
                    ff:88:8f:65:40:17:fb:0c:c1:84:c7:25:90:8a:c7:
                    a7:ef:9d:42:f2:9e:96:51:47:81:3c:53:4e:fb:67:
                    9e:b8:57:bb:7a:1c:9b:c9:9d:6c:9a:8d:6e:7d:77:
                    de:93:23:9d:bf:ce:82:a6:f7:dc:36:75:a0:a0:bb:
                    fd:f1:2c:b4:1e:40:74:eb:f1:d5:66:e9:87:1e:b0:
                    99:6f:50:ac:3a:83:83:fd:1f:cf:c5:ed:7a:41:cd:
                    7d:bc:f6:61:c7:61:a9:11:76:9b:92:d8:63:7b:3f:
                    5b:c1:30:ed:86:62:96:f3:7f:47:96:60:37:90:ee:
                    64:3c:ff:5e:92:93:5d:f2:e7:6a:62:66:24:cc:20:
                    16:ed:3e:1d:06:7b:d2:26:18:db:91:0b:da:f9:3b:
                    bf:65:a1:e9:8d:22:bb:3b:2c:d4:c5:e9:e6:87:0e:
                    75:36:d9:83:e6:40:ff:8b:27:ab:47:8b:fe:c9:95:
                    9b:29:c7:0a:c4:3f:fe:ca:f9:38:2c:2e:b3:22:ff:
                    41:a9:e0:f5:f8:22:84:ce:c8:6a:80:30:93:a1:b0:
                    22:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:28:23:95:88:ED:F4:90:D9:3A:E4:46:4F:F4:56:E5:3F:AE:F8:84
            X509v3 Authority Key Identifier:
                keyid:70:84:7F:82:21:89:7D:6E:95:2E:86:EA:2C:33:9A:BA:AC:C1:31:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/CygjlYjt9JDZOuRGT_RW5T-u-IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.28.0/22
                  185.95.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:9e:4d:c8:d1:19:a2:55:eb:0d:20:f8:56:94:be:35:20:68:
         f2:13:26:9e:b8:37:50:f2:ab:5c:14:10:b0:94:7c:14:d1:93:
         b4:72:15:bf:c9:c1:14:5f:f6:74:f6:fd:43:c6:ae:c7:a6:6c:
         d9:9c:98:d7:9a:61:f8:fc:84:2e:d5:42:6e:4c:3d:62:1a:cd:
         d5:9e:b8:27:b8:dd:27:06:7b:d5:dd:21:42:04:17:92:5c:58:
         bc:62:89:6e:10:18:34:91:6a:38:9f:9f:c8:c1:56:12:64:24:
         ef:17:55:76:9a:38:af:c2:2f:4c:49:9d:0f:6b:bd:8e:16:d5:
         c4:af:b5:48:c1:62:c8:7e:e8:0a:64:28:29:15:5a:25:2b:2b:
         5e:63:10:88:ee:16:45:a2:a3:d9:a8:22:19:33:91:27:cc:9a:
         b6:43:02:b8:4a:c1:39:e2:a3:41:a0:46:10:b6:0a:59:2f:c0:
         91:d8:da:3a:f6:f6:44:b6:d4:4c:d4:79:9b:53:53:b8:3e:f8:
         c6:f6:75:50:ef:8b:74:5f:fe:18:a8:d8:91:ce:d0:81:b6:c8:
         b5:49:5d:32:ef:ba:17:32:20:2b:8b:f5:32:62:e5:ff:fd:17:
         a7:57:54:8c:24:6d:05:24:fa:7f:ac:2f:b1:cd:be:1c:2e:85:
         0a:44:1f:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt5Xo+3q0NUwNdtt909fLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODQ3ZjgyMjE4OTdkNmU5NTJlODZlYTJjMzM5YWJhYWNj
MTMxZjUwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI4MjM5NTg4ZWRmNDkwZDkzYWU0NDY0ZmY0NTZlNTNmYWVmODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYKfkEcpd9K2mUsS/FaN4oLnrJtU
yO/aqo7LEXwCqNR9Bz0thABQ6jtWnVX/iI9lQBf7DMGExyWQisen751C8p6WUUeB
PFNO+2eeuFe7ehybyZ1smo1ufXfekyOdv86CpvfcNnWgoLv98Sy0HkB06/HVZumH
HrCZb1CsOoOD/R/Pxe16Qc19vPZhx2GpEXabkthjez9bwTDthmKW839HlmA3kO5k
PP9ekpNd8udqYmYkzCAW7T4dBnvSJhjbkQva+Tu/ZaHpjSK7OyzUxenmhw51NtmD
5kD/iyerR4v+yZWbKccKxD/+yvk4LC6zIv9BqeD1+CKEzshqgDCTobAidQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAsoI5WI7fSQ2TrkRk/0VuU/rviEMB8GA1UdIwQY
MBaAFHCEf4IhiX1ulS6G6iwzmrqswTH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lSX2dpR0pmVzZWTG9icUxET2F1cXpCTWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83MDZjMDMtN2QzNS00OTEzLThhMTgt
NmU4Nzg0YTdhZDA5LzEvQ3lnamxZanQ5SkRaT3VSR1RfUlc1VC11LUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83MDZjMDMtN2QzNS00OTEzLThhMTgtNmU4Nzg0YTdhZDA5
LzEvY0lSX2dpR0pmVzZWTG9icUxET2F1cXpCTWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSYcAwQC
uV/8MA0GCSqGSIb3DQEBCwUAA4IBAQCBnk3I0RmiVesNIPhWlL41IGjyEyaeuDdQ
8qtcFBCwlHwU0ZO0chW/ycEUX/Z09v1Dxq7HpmzZnJjXmmH4/IQu1UJuTD1iGs3V
nrgnuN0nBnvV3SFCBBeSXFi8YoluEBg0kWo4n5/IwVYSZCTvF1V2mjivwi9MSZ0P
a72OFtXEr7VIwWLIfugKZCgpFVolKyteYxCI7hZFoqPZqCIZM5EnzJq2QwK4SsE5
4qNBoEYQtgpZL8CR2No69vZEttRM1HmbU1O4PvjG9nVQ74t0X/4YqNiRztCBtsi1
SV0y77oXMiAri/UyYuX//RenV1SMJG0FJPp/rC+xzb4cLoUKRB/w
-----END CERTIFICATE-----