Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/yCZlVliol25kNDspmKTwkEKwb8Y.roa
File:                     yCZlVliol25kNDspmKTwkEKwb8Y.roa (raw, json)
Hash identifier:          X9C9Eqtr7lwcD57bw7sTfOwpa8+ji4uCCx556S6Eo/4=
Subject key identifier:   C8:26:65:56:58:A8:97:6E:64:34:3B:29:98:A4:F0:90:42:B0:6F:C6
Certificate issuer:       /CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
Certificate serial:       018CC348A7BEA35DEDE6A7CF17A00922D871
Authority key identifier: 93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/yCZlVliol25kNDspmKTwkEKwb8Y.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51201
IP address blocks:        185.231.5.0/24 maxlen: 24
                          2a0c:3500:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a7:be:a3:5d:ed:e6:a7:cf:17:a0:09:22:d8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c826655658a8976e64343b2998a4f09042b06fc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:20:89:c0:dc:13:23:23:07:9a:ed:fa:d9:bf:
                    2a:6c:35:ed:a2:c0:3f:31:d9:65:bf:4a:ff:3f:a9:
                    f7:5a:77:02:ef:c8:01:d7:a7:66:cf:8d:0a:f6:8d:
                    13:9e:f6:b7:d2:ad:e0:af:31:45:be:0c:f7:d6:99:
                    6b:6b:0d:07:a7:d4:47:95:b4:70:23:e9:ad:28:c4:
                    b4:1e:05:2e:a2:f8:37:09:1d:59:bd:3d:bd:cf:e5:
                    8b:11:b9:ef:36:02:e3:34:ba:8f:5e:ae:0e:19:25:
                    f2:0c:6b:64:68:60:2d:69:9f:89:b4:99:54:d4:c2:
                    38:6f:36:11:b8:4f:1b:ca:36:0e:c1:4a:79:c1:55:
                    50:b6:8e:cd:dd:3b:fa:98:7b:83:e5:12:54:a7:7f:
                    d8:1e:e8:77:5c:c5:a8:bd:82:86:57:49:0a:17:8f:
                    74:be:52:f4:3f:b7:71:45:72:40:34:99:9c:a5:31:
                    68:1d:e3:a5:9e:de:40:3e:92:1b:63:27:c9:57:f3:
                    b3:e1:04:d4:3a:31:13:9d:10:20:ea:4f:78:3a:5d:
                    04:aa:51:7d:c3:f1:b1:14:e5:44:06:05:03:a7:1c:
                    27:eb:2d:45:c8:a7:cf:2e:c3:0c:27:87:8d:ae:01:
                    34:6a:fa:bc:cd:81:07:2b:70:70:a6:50:1e:a8:32:
                    2e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:26:65:56:58:A8:97:6E:64:34:3B:29:98:A4:F0:90:42:B0:6F:C6
            X509v3 Authority Key Identifier:
                keyid:93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/yCZlVliol25kNDspmKTwkEKwb8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.5.0/24
                IPv6:
                  2a0c:3500:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:dd:73:7e:92:af:ac:38:10:5a:56:b2:e4:7f:73:7d:54:37:
         a5:36:58:86:73:90:d8:b4:70:01:0d:db:e8:a0:b3:ec:4d:7f:
         b2:31:08:19:6c:0e:52:81:5e:04:16:0a:53:0e:94:8d:7c:49:
         6b:b6:2b:51:b2:dd:9e:ec:d5:d7:66:14:d1:c1:44:34:8d:81:
         fd:fe:47:77:e0:77:29:fc:90:a4:12:a2:6e:8d:b9:75:98:af:
         8a:89:26:e2:5c:07:7a:c4:30:50:7b:ec:84:be:a7:9d:05:ee:
         97:1f:9e:03:c4:d4:f8:c6:45:36:8b:3c:6c:d1:0b:df:9d:a3:
         33:f6:d0:6a:c3:03:26:b5:60:56:13:0a:90:1b:b1:f8:d9:6f:
         91:16:98:74:b8:75:20:12:e4:60:4e:80:f3:af:f9:b2:e3:d9:
         da:55:72:80:62:ca:19:df:8d:06:da:49:b7:29:e1:83:d6:1a:
         aa:dc:8b:c6:df:96:71:21:c7:f5:72:f2:75:0e:08:c0:4c:0e:
         95:23:90:15:cd:68:49:d9:6d:a0:40:d4:31:ca:04:af:ef:b3:
         15:d9:69:da:37:e1:fd:e6:50:f8:37:55:1d:92:d8:54:1a:4a:
         f0:29:3b:b8:fb:50:24:c3:3d:ee:f0:06:82:02:cb:cb:ba:84:
         a3:4b:27:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSKe+o13t5qfPF6AJIthxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMmU4MDc4ZWE0MjBhZmMxYTc4YmY5MjJhOWEyZjI3NDY3
OWM4YTgwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI2NjU1NjU4YTg5NzZlNjQzNDNiMjk5OGE0ZjA5MDQyYjA2ZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSCJwNwTIyMHmu362b8qbDXtosA/
Mdllv0r/P6n3WncC78gB16dmz40K9o0Tnva30q3grzFFvgz31plraw0Hp9RHlbRw
I+mtKMS0HgUuovg3CR1ZvT29z+WLEbnvNgLjNLqPXq4OGSXyDGtkaGAtaZ+JtJlU
1MI4bzYRuE8byjYOwUp5wVVQto7N3Tv6mHuD5RJUp3/YHuh3XMWovYKGV0kKF490
vlL0P7dxRXJANJmcpTFoHeOlnt5APpIbYyfJV/Oz4QTUOjETnRAg6k94Ol0EqlF9
w/GxFOVEBgUDpxwn6y1FyKfPLsMMJ4eNrgE0avq8zYEHK3BwplAeqDIuywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMgmZVZYqJduZDQ7KZik8JBCsG/GMB8GA1UdIwQY
MBaAFJMugHjqQgr8Gni/kiqaLydGecioMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODkt
MzRiYTA3MzhhMzQxLzEveUNabFZsaW9sMjVrTkRzcG1LVHdrRUt3YjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODktMzRiYTA3MzhhMzQx
LzEva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuecFMA8E
AgACMAkDBwAqDDUAAAEwDQYJKoZIhvcNAQELBQADggEBADjdc36Sr6w4EFpWsuR/
c31UN6U2WIZzkNi0cAEN2+igs+xNf7IxCBlsDlKBXgQWClMOlI18SWu2K1Gy3Z7s
1ddmFNHBRDSNgf3+R3fgdyn8kKQSom6NuXWYr4qJJuJcB3rEMFB77IS+p50F7pcf
ngPE1PjGRTaLPGzRC9+dozP20GrDAya1YFYTCpAbsfjZb5EWmHS4dSAS5GBOgPOv
+bLj2dpVcoBiyhnfjQbaSbcp4YPWGqrci8bflnEhx/Vy8nUOCMBMDpUjkBXNaEnZ
baBA1DHKBK/vsxXZado34f3mUPg3VR2S2FQaSvApO7j7UCTDPe7wBoICy8u6hKNL
J/Y=
-----END CERTIFICATE-----