Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/265d3a-aed6-4be2-b42e-eb62e8c4dfa9/1/SAYL3DX7uosAKv3GFJvHhCmyt7o.roa
File:                     SAYL3DX7uosAKv3GFJvHhCmyt7o.roa (raw, json)
Hash identifier:          4x0g6f8hmt+vTW9utSy/i81UbXAN1OT3WOj5rZI5VjA=
Subject key identifier:   48:06:0B:DC:35:FB:BA:8B:00:2A:FD:C6:14:9B:C7:84:29:B2:B7:BA
Certificate issuer:       /CN=206f6808e0604697270faa3c3db159f7fe98ecdd
Certificate serial:       018CC5DD04A23487B50A4B2DBEC413415078
Authority key identifier: 20:6F:68:08:E0:60:46:97:27:0F:AA:3C:3D:B1:59:F7:FE:98:EC:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG9oCOBgRpcnD6o8PbFZ9_6Y7N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/265d3a-aed6-4be2-b42e-eb62e8c4dfa9/1/SAYL3DX7uosAKv3GFJvHhCmyt7o.roa
Signing time:             Mon 01 Jan 2024 16:30:45 +0000
ROA not before:           Mon 01 Jan 2024 16:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24867
IP address blocks:        185.180.216.0/22 maxlen: 22
                          2a0a:af80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/265d3a-aed6-4be2-b42e-eb62e8c4dfa9/1/IG9oCOBgRpcnD6o8PbFZ9_6Y7N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/265d3a-aed6-4be2-b42e-eb62e8c4dfa9/1/IG9oCOBgRpcnD6o8PbFZ9_6Y7N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG9oCOBgRpcnD6o8PbFZ9_6Y7N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:04:a2:34:87:b5:0a:4b:2d:be:c4:13:41:50:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f6808e0604697270faa3c3db159f7fe98ecdd
        Validity
            Not Before: Jan  1 16:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48060bdc35fbba8b002afdc6149bc78429b2b7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a3:a3:f7:78:5d:a9:b0:47:e7:93:5b:8a:ae:
                    fb:80:7b:7c:95:85:18:34:82:f9:8a:06:d0:46:39:
                    e8:5d:42:f6:b7:a8:d0:c2:b8:ca:ab:58:14:ad:35:
                    0a:53:e5:ba:5f:db:c6:fa:95:4c:ab:11:01:86:29:
                    cc:ac:4c:69:5a:d0:76:f7:48:00:56:59:f0:e8:28:
                    5b:40:eb:af:32:95:e5:33:2e:53:cf:48:a0:b5:7f:
                    5e:87:5a:86:36:87:7f:93:f1:56:45:aa:1f:7f:8e:
                    b5:78:ff:4b:e4:25:6d:e9:6a:a3:05:05:75:42:fa:
                    3d:9f:a0:82:05:7f:97:08:2e:7f:cd:fe:9d:dc:58:
                    01:b5:ca:1d:c3:6f:1d:67:a5:e1:58:1d:3a:19:6d:
                    0f:9e:31:ee:db:19:21:1e:73:86:4b:b3:9e:1c:4a:
                    3a:eb:e9:6f:5b:b1:29:a0:15:f9:6a:3b:20:da:ca:
                    40:52:70:54:a1:1e:34:27:79:92:64:9a:16:4c:59:
                    ed:32:d0:d6:9d:2b:7c:dc:07:72:86:ec:29:11:77:
                    10:a9:41:4a:d1:5e:2f:c8:f8:9d:e0:35:fc:73:18:
                    74:59:4b:5b:1f:10:49:e6:cb:d0:c6:88:0f:84:32:
                    c9:74:35:6b:11:d4:a9:55:0c:eb:b6:81:0f:8b:5f:
                    ae:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:06:0B:DC:35:FB:BA:8B:00:2A:FD:C6:14:9B:C7:84:29:B2:B7:BA
            X509v3 Authority Key Identifier:
                keyid:20:6F:68:08:E0:60:46:97:27:0F:AA:3C:3D:B1:59:F7:FE:98:EC:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG9oCOBgRpcnD6o8PbFZ9_6Y7N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/265d3a-aed6-4be2-b42e-eb62e8c4dfa9/1/SAYL3DX7uosAKv3GFJvHhCmyt7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/265d3a-aed6-4be2-b42e-eb62e8c4dfa9/1/IG9oCOBgRpcnD6o8PbFZ9_6Y7N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.216.0/22
                IPv6:
                  2a0a:af80::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:d6:39:a7:db:44:88:71:e8:45:ac:1f:f7:ff:ef:91:2a:12:
         70:20:7f:f6:2a:d8:62:61:32:48:c2:bf:a0:09:30:10:03:e3:
         05:c0:a5:48:1e:5d:df:fb:00:8a:0e:a3:68:dd:57:ec:b2:80:
         49:48:d2:12:23:4c:2f:61:b9:90:90:fc:9e:3d:23:e8:ca:bf:
         aa:45:d7:ea:e8:e6:bb:1f:09:3a:cd:8d:e5:72:14:19:06:14:
         06:e1:72:5c:17:99:65:16:c3:7f:ca:e4:ca:e1:04:e8:fc:d4:
         b1:24:a0:4f:61:f1:f2:2b:b1:cc:f2:59:6e:70:71:49:c3:60:
         2f:99:dd:a4:5b:56:8a:6f:50:97:8b:e3:28:37:ec:81:d0:18:
         9b:14:a1:32:30:15:63:01:2b:f1:6c:32:a0:42:ca:4a:62:21:
         cc:9b:b5:e6:7f:4f:18:a7:24:80:78:bf:11:ab:d2:11:fe:ca:
         d8:7a:50:65:5e:f9:10:54:9b:14:36:d5:bf:d9:35:ba:19:95:
         5c:c4:43:7c:74:98:b8:68:b1:c5:33:f8:3d:9e:16:b2:cc:8a:
         8d:3f:8e:83:66:05:1b:5b:7f:bc:bb:21:5b:e4:84:f5:99:63:
         27:60:6b:cc:a7:f7:2b:65:61:9d:00:31:8b:03:9b:1f:b0:3a:
         83:36:46:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3QSiNIe1CkstvsQTQVB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmY2ODA4ZTA2MDQ2OTcyNzBmYWEzYzNkYjE1OWY3ZmU5
OGVjZGQwHhcNMjQwMTAxMTYzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODA2MGJkYzM1ZmJiYThiMDAyYWZkYzYxNDliYzc4NDI5YjJiN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6Oj93hdqbBH55Nbiq77gHt8lYUY
NIL5igbQRjnoXUL2t6jQwrjKq1gUrTUKU+W6X9vG+pVMqxEBhinMrExpWtB290gA
Vlnw6ChbQOuvMpXlMy5Tz0igtX9eh1qGNod/k/FWRaoff461eP9L5CVt6WqjBQV1
Qvo9n6CCBX+XCC5/zf6d3FgBtcodw28dZ6XhWB06GW0PnjHu2xkhHnOGS7OeHEo6
6+lvW7EpoBX5ajsg2spAUnBUoR40J3mSZJoWTFntMtDWnSt83AdyhuwpEXcQqUFK
0V4vyPid4DX8cxh0WUtbHxBJ5svQxogPhDLJdDVrEdSpVQzrtoEPi1+uWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEgGC9w1+7qLACr9xhSbx4Qpsre6MB8GA1UdIwQY
MBaAFCBvaAjgYEaXJw+qPD2xWff+mOzdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc5b0NPQmdScGNuRDZvOFBiRlo5XzZZN04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8yNjVkM2EtYWVkNi00YmUyLWI0MmUt
ZWI2MmU4YzRkZmE5LzEvU0FZTDNEWDd1b3NBS3YzR0ZKdkhoQ215dDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8yNjVkM2EtYWVkNi00YmUyLWI0MmUtZWI2MmU4YzRkZmE5
LzEvSUc5b0NPQmdScGNuRDZvOFBiRlo5XzZZN04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubTYMA0E
AgACMAcDBQMqCq+AMA0GCSqGSIb3DQEBCwUAA4IBAQB41jmn20SIcehFrB/3/++R
KhJwIH/2KthiYTJIwr+gCTAQA+MFwKVIHl3f+wCKDqNo3VfssoBJSNISI0wvYbmQ
kPyePSPoyr+qRdfq6Oa7Hwk6zY3lchQZBhQG4XJcF5llFsN/yuTK4QTo/NSxJKBP
YfHyK7HM8llucHFJw2Avmd2kW1aKb1CXi+MoN+yB0BibFKEyMBVjASvxbDKgQspK
YiHMm7Xmf08YpySAeL8Rq9IR/srYelBlXvkQVJsUNtW/2TW6GZVcxEN8dJi4aLHF
M/g9nhayzIqNP46DZgUbW3+8uyFb5IT1mWMnYGvMp/crZWGdADGLA5sfsDqDNkaT
-----END CERTIFICATE-----