Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/52bea4-0abd-4719-a64b-e47c58ce533c/1/ycxE79kaHLKmf4sw_GJEQD05C5M.roa
File:                     ycxE79kaHLKmf4sw_GJEQD05C5M.roa (raw, json)
Hash identifier:          9DLAikha+FPzyhQm1kVdtnHUyUYkM4kI7+N7qBTeUFg=
Subject key identifier:   C9:CC:44:EF:D9:1A:1C:B2:A6:7F:8B:30:FC:62:44:40:3D:39:0B:93
Certificate issuer:       /CN=01867d98b05217af1afaca7226bbd613370749f0
Certificate serial:       0192B43FDD294157761339F58996F0A38E1C
Authority key identifier: 01:86:7D:98:B0:52:17:AF:1A:FA:CA:72:26:BB:D6:13:37:07:49:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AYZ9mLBSF68a-spyJrvWEzcHSfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/52bea4-0abd-4719-a64b-e47c58ce533c/1/ycxE79kaHLKmf4sw_GJEQD05C5M.roa
Signing time:             Tue 22 Oct 2024 12:42:17 +0000
ROA not before:           Tue 22 Oct 2024 12:42:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42217
IP address blocks:        185.206.40.0/22 maxlen: 24
                          2a0b:fc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/52bea4-0abd-4719-a64b-e47c58ce533c/1/AYZ9mLBSF68a-spyJrvWEzcHSfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/52bea4-0abd-4719-a64b-e47c58ce533c/1/AYZ9mLBSF68a-spyJrvWEzcHSfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AYZ9mLBSF68a-spyJrvWEzcHSfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b4:3f:dd:29:41:57:76:13:39:f5:89:96:f0:a3:8e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01867d98b05217af1afaca7226bbd613370749f0
        Validity
            Not Before: Oct 22 12:42:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9cc44efd91a1cb2a67f8b30fc6244403d390b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:f7:90:48:1a:36:f9:15:7d:e7:ec:1d:52:
                    ea:32:75:fe:dd:0f:0a:18:3d:96:ce:5f:5a:5a:48:
                    81:98:b4:92:e1:be:81:15:cb:b6:95:52:37:1a:de:
                    84:dd:bd:33:e3:bd:1e:1a:e6:42:de:93:4a:25:c7:
                    3a:0f:06:c3:1c:81:3f:89:1e:db:43:f3:5c:a9:ea:
                    c2:b4:b5:41:c1:01:6f:2a:af:4c:9e:93:03:19:df:
                    43:33:9f:61:c6:9f:30:ed:58:b3:4b:3e:d9:f9:57:
                    ec:66:ba:25:c6:b1:e7:fe:3d:cd:fb:d6:04:fe:ae:
                    13:78:2d:b1:de:7e:10:4e:e0:3e:2d:3b:05:57:55:
                    77:aa:17:47:a4:e6:f9:dd:4e:f4:fb:39:71:ef:9a:
                    7e:8f:cf:ea:b2:43:ac:20:21:9d:72:cd:03:18:f8:
                    62:52:72:da:fb:09:33:52:3e:52:03:bf:ce:52:43:
                    2e:bb:5b:f4:84:36:91:4c:02:15:a7:d4:32:2f:57:
                    5f:74:fa:22:48:1c:b4:45:9f:d5:26:40:cd:bc:38:
                    bd:31:61:62:09:3c:e1:0b:10:67:b9:94:ff:04:32:
                    49:3a:1e:32:6c:41:5b:fa:23:85:5c:4d:ab:e6:ac:
                    6b:00:de:f5:2f:9b:4f:fd:45:54:5a:be:47:3a:9a:
                    d5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CC:44:EF:D9:1A:1C:B2:A6:7F:8B:30:FC:62:44:40:3D:39:0B:93
            X509v3 Authority Key Identifier:
                keyid:01:86:7D:98:B0:52:17:AF:1A:FA:CA:72:26:BB:D6:13:37:07:49:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AYZ9mLBSF68a-spyJrvWEzcHSfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/52bea4-0abd-4719-a64b-e47c58ce533c/1/ycxE79kaHLKmf4sw_GJEQD05C5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/52bea4-0abd-4719-a64b-e47c58ce533c/1/AYZ9mLBSF68a-spyJrvWEzcHSfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.40.0/22
                IPv6:
                  2a0b:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:0c:42:f6:a0:40:6a:ed:3b:89:1c:e9:ed:99:6d:e6:ad:3b:
         86:13:a9:1e:0a:7e:ef:21:d2:97:9b:63:a6:51:6c:41:85:0b:
         2b:06:9a:47:6f:60:4b:ac:74:f2:44:98:4c:02:63:2d:89:6e:
         10:2a:10:b1:4c:7d:b1:af:76:75:d5:c1:24:10:ef:04:06:5c:
         f7:8f:b3:83:9e:5f:1e:99:1d:8d:c9:a5:cd:2f:90:a0:9a:28:
         a4:2c:c2:5e:56:2c:ac:d5:b8:03:2f:1f:1d:27:1c:3a:29:fc:
         65:c5:e7:de:04:6b:1f:9e:93:02:eb:3a:20:97:c6:2e:1c:80:
         23:91:7b:ef:62:dd:c8:a7:db:be:55:57:d6:b1:9d:1a:87:34:
         4a:0d:ab:43:e0:d0:f3:e8:dd:95:4b:37:cf:0b:f7:6f:c7:69:
         06:fa:7d:c3:e8:32:18:d7:cc:e2:99:1a:c2:da:fb:2a:08:9c:
         3f:aa:ce:46:90:a7:c7:f2:f3:ab:11:37:09:f9:c3:e4:39:e3:
         02:d8:6a:be:60:92:87:aa:26:44:72:17:1f:9b:b5:f5:d3:71:
         d9:7f:bd:bf:6c:72:61:f9:61:90:74:22:eb:29:b2:a0:7c:db:
         86:ac:99:11:9f:76:2b:e1:40:a9:30:d3:1e:c3:f8:8b:31:cf:
         d6:d2:c5:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZK0P90pQVd2Ezn1iZbwo44cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxODY3ZDk4YjA1MjE3YWYxYWZhY2E3MjI2YmJkNjEzMzcw
NzQ5ZjAwHhcNMjQxMDIyMTI0MjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNjNDRlZmQ5MWExY2IyYTY3ZjhiMzBmYzYyNDQ0MDNkMzkwYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBn3kEgaNvkVfefsHVLqMnX+3Q8K
GD2Wzl9aWkiBmLSS4b6BFcu2lVI3Gt6E3b0z470eGuZC3pNKJcc6DwbDHIE/iR7b
Q/NcqerCtLVBwQFvKq9MnpMDGd9DM59hxp8w7VizSz7Z+VfsZrolxrHn/j3N+9YE
/q4TeC2x3n4QTuA+LTsFV1V3qhdHpOb53U70+zlx75p+j8/qskOsICGdcs0DGPhi
UnLa+wkzUj5SA7/OUkMuu1v0hDaRTAIVp9QyL1dfdPoiSBy0RZ/VJkDNvDi9MWFi
CTzhCxBnuZT/BDJJOh4ybEFb+iOFXE2r5qxrAN71L5tP/UVUWr5HOprV1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMnMRO/ZGhyypn+LMPxiREA9OQuTMB8GA1UdIwQY
MBaAFAGGfZiwUhevGvrKcia71hM3B0nwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVlaOW1MQlNGNjhhLXNweUpydldFemNIU2ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC81MmJlYTQtMGFiZC00NzE5LWE2NGIt
ZTQ3YzU4Y2U1MzNjLzEveWN4RTc5a2FITEttZjRzd19HSkVRRDA1QzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC81MmJlYTQtMGFiZC00NzE5LWE2NGItZTQ3YzU4Y2U1MzNj
LzEvQVlaOW1MQlNGNjhhLXNweUpydldFemNIU2ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc4oMA0E
AgACMAcDBQMqCw/AMA0GCSqGSIb3DQEBCwUAA4IBAQBHDEL2oEBq7TuJHOntmW3m
rTuGE6keCn7vIdKXm2OmUWxBhQsrBppHb2BLrHTyRJhMAmMtiW4QKhCxTH2xr3Z1
1cEkEO8EBlz3j7ODnl8emR2NyaXNL5CgmiikLMJeViys1bgDLx8dJxw6Kfxlxefe
BGsfnpMC6zogl8YuHIAjkXvvYt3Ip9u+VVfWsZ0ahzRKDatD4NDz6N2VSzfPC/dv
x2kG+n3D6DIY18zimRrC2vsqCJw/qs5GkKfH8vOrETcJ+cPkOeMC2Gq+YJKHqiZE
chcfm7X103HZf72/bHJh+WGQdCLrKbKgfNuGrJkRn3Yr4UCpMNMew/iLMc/W0sVV
-----END CERTIFICATE-----