Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/yeMtsV-1QyCOcuxsxSTNqhbigso.roa
File:                     yeMtsV-1QyCOcuxsxSTNqhbigso.roa (raw, json)
Hash identifier:          qGZfp2jczBrGFtQL4XbO7v6ZlVUStk7JSwLvYxt6B3g=
Subject key identifier:   C9:E3:2D:B1:5F:B5:43:20:8E:72:EC:6C:C5:24:CD:AA:16:E2:82:CA
Certificate issuer:       /CN=1ffa7f772b323b24dbe69d3f3acf755e69d601cd
Certificate serial:       018CC34893F53E52A2F32D12F0F9A935985F
Authority key identifier: 1F:FA:7F:77:2B:32:3B:24:DB:E6:9D:3F:3A:CF:75:5E:69:D6:01:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H_p_dysyOyTb5p0_Os91XmnWAc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/yeMtsV-1QyCOcuxsxSTNqhbigso.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202936
IP address blocks:        185.241.232.0/22 maxlen: 23
                          185.148.64.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/H_p_dysyOyTb5p0_Os91XmnWAc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/H_p_dysyOyTb5p0_Os91XmnWAc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H_p_dysyOyTb5p0_Os91XmnWAc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:f5:3e:52:a2:f3:2d:12:f0:f9:a9:35:98:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ffa7f772b323b24dbe69d3f3acf755e69d601cd
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9e32db15fb543208e72ec6cc524cdaa16e282ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:3e:88:ec:13:86:09:c3:80:8a:67:73:52:
                    a2:8f:de:a3:13:77:9d:77:10:f9:89:c2:c9:9b:be:
                    bb:74:5c:f7:6e:4e:80:aa:7e:4c:e9:07:5e:7f:9b:
                    65:8d:0c:05:be:af:2f:ff:bd:0e:ab:2e:0d:a9:52:
                    11:8d:5e:4b:25:30:2f:7a:12:62:5d:3e:51:bf:8b:
                    1a:b4:6b:dd:8f:96:5f:07:be:fb:8c:87:a9:8b:8f:
                    63:c9:99:09:a1:ba:70:05:f2:1e:91:7b:21:c4:76:
                    1b:8d:a3:9c:a6:23:db:ec:b5:09:1a:02:c1:35:c0:
                    e1:b4:31:ac:d9:2f:c0:9a:5e:40:c8:9f:f4:bd:b4:
                    3b:f0:5f:1c:e1:28:50:26:fc:aa:ed:c0:eb:04:e2:
                    43:69:38:42:57:0c:21:0c:2c:cd:e3:91:5b:0b:c5:
                    1d:28:3b:cc:39:0c:12:8a:13:c3:10:98:74:78:0b:
                    2c:db:55:71:16:fe:6d:81:b5:8a:15:25:1c:56:70:
                    6b:73:69:bc:70:7a:ba:8e:9f:33:78:69:df:bf:75:
                    c2:81:08:92:4e:c0:9a:3e:89:c0:b3:86:5b:9a:64:
                    8a:a7:29:2e:5f:2b:bf:77:c5:a5:1a:8e:2e:13:12:
                    ac:2c:bc:d3:19:06:f6:78:54:9d:17:2f:79:65:8e:
                    ca:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E3:2D:B1:5F:B5:43:20:8E:72:EC:6C:C5:24:CD:AA:16:E2:82:CA
            X509v3 Authority Key Identifier:
                keyid:1F:FA:7F:77:2B:32:3B:24:DB:E6:9D:3F:3A:CF:75:5E:69:D6:01:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H_p_dysyOyTb5p0_Os91XmnWAc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/yeMtsV-1QyCOcuxsxSTNqhbigso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/H_p_dysyOyTb5p0_Os91XmnWAc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.64.0/22
                  185.241.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:44:7c:c0:a2:2e:26:2f:42:3f:1e:8e:41:fa:07:bb:34:30:
         04:07:03:17:be:ca:56:49:f6:04:42:f7:0e:39:73:09:03:a6:
         d0:a7:40:87:d4:a6:7b:7f:49:a0:0b:14:35:ab:17:4a:80:c3:
         bf:37:96:73:44:39:38:0c:78:1c:62:70:95:77:94:81:7a:16:
         d4:e8:52:5b:29:9e:0f:63:be:91:e1:d2:63:11:e6:06:6d:09:
         9b:6f:a1:5e:bd:c1:78:c1:e2:1d:30:17:b7:8b:de:69:45:b6:
         75:29:9d:3c:82:0f:15:31:e9:bb:4f:71:64:1e:fd:fa:13:3d:
         af:59:1c:77:c0:24:7f:3c:7b:8a:b4:ca:f5:b5:a9:df:1b:74:
         95:5e:da:5f:c0:42:26:5b:63:4b:48:74:19:b0:a5:57:bb:98:
         97:e8:f4:fb:45:b3:21:3c:86:3d:d5:62:1a:f8:57:7b:ba:34:
         9e:3d:56:46:9a:a2:f6:4d:3a:49:f5:22:ed:54:6f:20:c5:f3:
         2b:a0:5e:27:3d:18:b4:67:0d:88:6b:ff:f2:bc:e3:08:ee:d9:
         bd:0e:a1:c3:24:03:68:02:1f:44:94:9a:74:db:4e:bc:72:21:
         18:16:a6:64:1d:7f:ed:3b:c7:cf:9e:92:34:de:2e:29:10:15:
         51:28:c0:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSJP1PlKi8y0S8PmpNZhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZmE3Zjc3MmIzMjNiMjRkYmU2OWQzZjNhY2Y3NTVlNjlk
NjAxY2QwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWUzMmRiMTVmYjU0MzIwOGU3MmVjNmNjNTI0Y2RhYTE2ZTI4MmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfA+iOwThgnDgIpnc1Kij96jE3ed
dxD5icLJm767dFz3bk6Aqn5M6Qdef5tljQwFvq8v/70Oqy4NqVIRjV5LJTAvehJi
XT5Rv4satGvdj5ZfB777jIepi49jyZkJobpwBfIekXshxHYbjaOcpiPb7LUJGgLB
NcDhtDGs2S/Aml5AyJ/0vbQ78F8c4ShQJvyq7cDrBOJDaThCVwwhDCzN45FbC8Ud
KDvMOQwSihPDEJh0eAss21VxFv5tgbWKFSUcVnBrc2m8cHq6jp8zeGnfv3XCgQiS
TsCaPonAs4ZbmmSKpykuXyu/d8WlGo4uExKsLLzTGQb2eFSdFy95ZY7K4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMnjLbFftUMgjnLsbMUkzaoW4oLKMB8GA1UdIwQY
MBaAFB/6f3crMjsk2+adPzrPdV5p1gHNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSF9wX2R5c3lPeVRiNXAwX09zOTFYbW5XQWMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81MDZiMzgtNzZlYy00NzJlLWE5NGIt
ODcwMzRmOWZjZTYxLzEveWVNdHNWLTFReUNPY3V4c3hTVE5xaGJpZ3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81MDZiMzgtNzZlYy00NzJlLWE5NGItODcwMzRmOWZjZTYx
LzEvSF9wX2R5c3lPeVRiNXAwX09zOTFYbW5XQWMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZRAAwQC
ufHoMA0GCSqGSIb3DQEBCwUAA4IBAQB7RHzAoi4mL0I/Ho5B+ge7NDAEBwMXvspW
SfYEQvcOOXMJA6bQp0CH1KZ7f0mgCxQ1qxdKgMO/N5ZzRDk4DHgcYnCVd5SBehbU
6FJbKZ4PY76R4dJjEeYGbQmbb6FevcF4weIdMBe3i95pRbZ1KZ08gg8VMem7T3Fk
Hv36Ez2vWRx3wCR/PHuKtMr1tanfG3SVXtpfwEImW2NLSHQZsKVXu5iX6PT7RbMh
PIY91WIa+Fd7ujSePVZGmqL2TTpJ9SLtVG8gxfMroF4nPRi0Zw2Ia//yvOMI7tm9
DqHDJANoAh9ElJp02068ciEYFqZkHX/tO8fPnpI03i4pEBVRKMC4
-----END CERTIFICATE-----