Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/80001d-b581-45fb-9138-89c6420d6f36/1/y6p4xW3Xie1W2jAf56LqsANMC3c.roa
File:                     y6p4xW3Xie1W2jAf56LqsANMC3c.roa (raw, json)
Hash identifier:          8oH6+SCXQZshK3TFrPLSAZ6TR3Z9eryd6ZvGMHmTobU=
Subject key identifier:   CB:AA:78:C5:6D:D7:89:ED:56:DA:30:1F:E7:A2:EA:B0:03:4C:0B:77
Certificate issuer:       /CN=e7185120e7a3b962b9ffe4abed16d0aa3a320518
Certificate serial:       018CC8715655527B9B4D5CFC365DE739D11B
Authority key identifier: E7:18:51:20:E7:A3:B9:62:B9:FF:E4:AB:ED:16:D0:AA:3A:32:05:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xhRIOejuWK5_-Sr7RbQqjoyBRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/80001d-b581-45fb-9138-89c6420d6f36/1/y6p4xW3Xie1W2jAf56LqsANMC3c.roa
Signing time:             Tue 02 Jan 2024 04:32:00 +0000
ROA not before:           Tue 02 Jan 2024 04:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25514
IP address blocks:        195.34.90.0/23 maxlen: 23
                          91.218.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/80001d-b581-45fb-9138-89c6420d6f36/1/5xhRIOejuWK5_-Sr7RbQqjoyBRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/80001d-b581-45fb-9138-89c6420d6f36/1/5xhRIOejuWK5_-Sr7RbQqjoyBRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5xhRIOejuWK5_-Sr7RbQqjoyBRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:56:55:52:7b:9b:4d:5c:fc:36:5d:e7:39:d1:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7185120e7a3b962b9ffe4abed16d0aa3a320518
        Validity
            Not Before: Jan  2 04:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbaa78c56dd789ed56da301fe7a2eab0034c0b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ea:5b:f0:7e:ff:c7:12:a4:a8:d5:1f:d9:a1:
                    b1:af:21:91:a2:dd:f6:cc:82:fb:70:8a:6f:c1:2e:
                    24:ee:87:81:10:75:e4:86:78:24:c2:55:19:33:27:
                    1a:fc:4c:3f:8f:10:cc:2a:a5:d1:05:1a:70:d6:5b:
                    63:47:4c:95:84:c2:a4:5d:cd:08:82:14:4e:e6:76:
                    d2:90:1e:06:a9:08:7e:65:26:f2:6f:79:35:10:1f:
                    81:60:55:f5:01:9f:6a:12:5c:4a:ae:74:59:5e:41:
                    a3:00:87:de:c8:1b:77:38:9d:7f:2f:bf:c1:89:1c:
                    5e:a1:78:a3:90:f4:6c:92:7e:57:96:c7:6b:7c:aa:
                    04:1f:fa:98:c0:d3:a5:01:82:4a:27:af:3d:c2:de:
                    da:31:05:54:f7:91:ca:d7:1b:2a:87:82:05:87:5b:
                    78:e1:0d:fa:c0:b1:bf:8c:e7:90:7f:ae:ef:ba:11:
                    c1:9b:96:c8:f6:8c:d4:90:87:e4:9a:b1:a1:c8:d8:
                    a6:34:39:b8:fe:b9:7c:5a:d2:15:e9:ce:af:91:82:
                    ae:1c:75:99:88:7d:71:7a:e3:3f:b4:f5:1c:e1:ba:
                    b6:f9:f3:30:b4:7d:58:eb:a7:40:d9:a4:36:1c:7e:
                    01:f7:b9:6c:01:3f:ae:3a:02:77:28:d7:11:51:02:
                    31:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:AA:78:C5:6D:D7:89:ED:56:DA:30:1F:E7:A2:EA:B0:03:4C:0B:77
            X509v3 Authority Key Identifier:
                keyid:E7:18:51:20:E7:A3:B9:62:B9:FF:E4:AB:ED:16:D0:AA:3A:32:05:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xhRIOejuWK5_-Sr7RbQqjoyBRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/80001d-b581-45fb-9138-89c6420d6f36/1/y6p4xW3Xie1W2jAf56LqsANMC3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/80001d-b581-45fb-9138-89c6420d6f36/1/5xhRIOejuWK5_-Sr7RbQqjoyBRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.12.0/22
                  195.34.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:a1:09:d1:b9:35:3c:16:b2:6b:a0:f6:d7:be:cd:56:69:53:
         e0:90:83:97:5c:37:4e:ed:fd:e9:41:d6:5e:a8:56:08:3e:61:
         04:3f:a2:fd:21:4c:06:fe:f1:43:c5:a4:30:08:e6:70:5a:38:
         22:64:d4:44:d0:6e:d0:33:b2:33:14:2c:f0:db:78:4f:54:41:
         fc:57:6c:9f:22:73:8b:e6:af:f2:3f:ab:e1:be:31:68:7f:f8:
         fb:76:9f:11:02:ce:a2:8a:36:cd:76:ba:0a:ca:23:03:fa:15:
         12:5f:7a:60:a7:be:4b:66:39:54:15:56:a9:09:64:3e:7a:fa:
         8a:9f:0f:33:17:5c:2c:08:8d:12:f1:94:a6:14:53:2c:0e:b5:
         90:cf:b6:20:e7:af:65:06:7d:1e:12:77:b8:ea:9f:9b:a2:74:
         38:56:4a:e3:cb:c9:18:0d:56:3e:74:8f:99:b3:bc:6d:73:3c:
         d1:a5:a0:ee:e0:72:ec:a4:a2:82:ae:67:70:97:2c:58:b7:b3:
         aa:b6:b8:44:b2:92:d9:1c:30:e7:bb:30:d4:2e:40:dd:bd:d6:
         e7:1d:b3:39:67:b8:d3:56:70:14:dc:1e:4a:3c:1e:eb:51:c2:
         84:31:69:7a:66:e3:eb:8e:71:02:49:b7:be:b8:3d:79:48:cd:
         11:b3:d9:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcVZVUnubTVz8Nl3nOdEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTg1MTIwZTdhM2I5NjJiOWZmZTRhYmVkMTZkMGFhM2Ez
MjA1MTgwHhcNMjQwMTAyMDQzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFhNzhjNTZkZDc4OWVkNTZkYTMwMWZlN2EyZWFiMDAzNGMwYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOpb8H7/xxKkqNUf2aGxryGRot32
zIL7cIpvwS4k7oeBEHXkhngkwlUZMyca/Ew/jxDMKqXRBRpw1ltjR0yVhMKkXc0I
ghRO5nbSkB4GqQh+ZSbyb3k1EB+BYFX1AZ9qElxKrnRZXkGjAIfeyBt3OJ1/L7/B
iRxeoXijkPRskn5XlsdrfKoEH/qYwNOlAYJKJ689wt7aMQVU95HK1xsqh4IFh1t4
4Q36wLG/jOeQf67vuhHBm5bI9ozUkIfkmrGhyNimNDm4/rl8WtIV6c6vkYKuHHWZ
iH1xeuM/tPUc4bq2+fMwtH1Y66dA2aQ2HH4B97lsAT+uOgJ3KNcRUQIxXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMuqeMVt14ntVtowH+ei6rADTAt3MB8GA1UdIwQY
MBaAFOcYUSDno7liuf/kq+0W0Ko6MgUYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhoUklPZWp1V0s1Xy1TcjdSYlFxam95QlJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84MDAwMWQtYjU4MS00NWZiLTkxMzgt
ODljNjQyMGQ2ZjM2LzEveTZwNHhXM1hpZTFXMmpBZjU2THFzQU5NQzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84MDAwMWQtYjU4MS00NWZiLTkxMzgtODljNjQyMGQ2ZjM2
LzEvNXhoUklPZWp1V0s1Xy1TcjdSYlFxam95QlJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9oMAwQB
wyJaMA0GCSqGSIb3DQEBCwUAA4IBAQBBoQnRuTU8FrJroPbXvs1WaVPgkIOXXDdO
7f3pQdZeqFYIPmEEP6L9IUwG/vFDxaQwCOZwWjgiZNRE0G7QM7IzFCzw23hPVEH8
V2yfInOL5q/yP6vhvjFof/j7dp8RAs6iijbNdroKyiMD+hUSX3pgp75LZjlUFVap
CWQ+evqKnw8zF1wsCI0S8ZSmFFMsDrWQz7Yg569lBn0eEne46p+bonQ4Vkrjy8kY
DVY+dI+Zs7xtczzRpaDu4HLspKKCrmdwlyxYt7OqtrhEspLZHDDnuzDULkDdvdbn
HbM5Z7jTVnAU3B5KPB7rUcKEMWl6ZuPrjnECSbe+uD15SM0Rs9nv
-----END CERTIFICATE-----