Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/y5j7zvcWLYE_UV0zTvXs5AtGDJg.roa
File:                     y5j7zvcWLYE_UV0zTvXs5AtGDJg.roa (raw, json)
Hash identifier:          7Miiw4DQqC2MPx2FDB9uAhN78esl7fcK40dky+TC/1o=
Subject key identifier:   CB:98:FB:CE:F7:16:2D:81:3F:51:5D:33:4E:F5:EC:E4:0B:46:0C:98
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC231930A4BA04B17219F94963C5C3
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/y5j7zvcWLYE_UV0zTvXs5AtGDJg.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207637
IP address blocks:        212.183.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:23:19:30:a4:ba:04:b1:72:19:f9:49:63:c5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb98fbcef7162d813f515d334ef5ece40b460c98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:43:6f:2c:c9:1d:79:fa:d7:16:a4:13:72:00:
                    ee:04:01:3e:c8:1b:38:70:f5:20:35:41:59:d8:c1:
                    94:62:6f:d4:ef:ae:33:af:6c:f1:d9:95:e2:78:d5:
                    e8:ff:43:8a:97:cc:a8:c8:6e:1b:00:b5:09:2e:08:
                    77:3e:05:cd:1b:c2:dd:18:26:75:ed:0f:7f:45:fc:
                    e6:54:c5:ea:71:c3:9a:ed:dc:e7:3d:d7:07:8e:62:
                    c5:5a:55:a4:d2:4d:83:65:79:ed:4f:cc:d4:a7:16:
                    16:eb:db:6e:f5:23:0f:09:c6:ed:8e:0f:c5:55:0e:
                    06:94:78:a3:b3:18:26:b9:e2:3d:1a:79:3b:31:00:
                    83:b8:09:a5:ec:6e:89:d6:6c:e0:f3:19:3c:91:1c:
                    56:8b:92:4b:30:2d:1d:9a:d2:62:57:5c:a8:c0:75:
                    9b:30:94:38:f3:8e:d2:e0:d0:2b:cf:05:9b:7c:10:
                    7e:e0:dd:c3:fa:9f:83:46:ac:a4:6d:2b:45:9c:52:
                    74:de:6d:a2:d0:98:2a:8c:c0:ff:7d:bf:35:53:77:
                    d0:57:3c:c2:2e:cd:c5:03:86:ff:82:5f:62:b8:16:
                    aa:e1:d1:f0:dc:f3:72:c8:26:78:18:50:59:b3:94:
                    6c:1d:8b:23:df:1a:d0:0a:ad:86:56:47:4a:9b:46:
                    40:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:98:FB:CE:F7:16:2D:81:3F:51:5D:33:4E:F5:EC:E4:0B:46:0C:98
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/y5j7zvcWLYE_UV0zTvXs5AtGDJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:3b:01:2f:1d:e1:fa:61:73:5b:4e:dc:c4:28:d0:f5:e6:01:
         52:71:f4:d5:e9:a4:ce:13:d2:6e:96:5d:05:20:1f:60:74:20:
         b7:88:54:35:40:b8:a0:2b:2f:c5:83:40:73:56:0d:06:dc:1c:
         9b:22:a0:25:d0:af:19:80:75:0f:c1:a2:5b:e6:ca:9f:b8:4d:
         d3:86:5b:bc:5c:be:7b:d5:a0:f4:86:97:dc:61:e9:21:39:f2:
         31:9f:06:ef:5c:b3:fd:7e:f4:c9:86:80:b8:84:82:f3:ae:6b:
         ed:a8:d5:db:0b:8a:f8:b9:55:9e:e4:ef:ef:32:83:85:5c:25:
         63:2c:08:d9:05:48:e2:52:68:1a:66:0d:cf:20:59:d0:79:d7:
         4a:af:c1:01:df:ba:ce:0f:73:f7:de:7e:5b:98:ce:90:6c:69:
         24:a0:4d:c2:b6:24:30:5d:b8:93:78:74:8b:15:94:02:24:55:
         c5:30:ca:9d:3a:f0:06:bb:9b:df:dc:35:f7:7d:76:8e:b2:bf:
         cf:14:66:e6:94:de:9b:b5:99:5a:eb:68:f7:5e:12:07:bf:8f:
         ce:d9:5f:e3:37:14:a5:26:e8:87:50:48:5a:30:e3:43:df:f3:
         06:9e:a1:1e:1e:1a:c5:ee:37:b9:1e:7b:04:57:11:96:7b:0e:
         70:4d:ce:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CMZMKS6BLFyGflJY8XDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk4ZmJjZWY3MTYyZDgxM2Y1MTVkMzM0ZWY1ZWNlNDBiNDYwYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkNvLMkdefrXFqQTcgDuBAE+yBs4
cPUgNUFZ2MGUYm/U764zr2zx2ZXieNXo/0OKl8yoyG4bALUJLgh3PgXNG8LdGCZ1
7Q9/RfzmVMXqccOa7dznPdcHjmLFWlWk0k2DZXntT8zUpxYW69tu9SMPCcbtjg/F
VQ4GlHijsxgmueI9Gnk7MQCDuAml7G6J1mzg8xk8kRxWi5JLMC0dmtJiV1yowHWb
MJQ4847S4NArzwWbfBB+4N3D+p+DRqykbStFnFJ03m2i0JgqjMD/fb81U3fQVzzC
Ls3FA4b/gl9iuBaq4dHw3PNyyCZ4GFBZs5RsHYsj3xrQCq2GVkdKm0ZA0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuY+873Fi2BP1FdM0717OQLRgyYMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEveTVqN3p2Y1dMWUVfVVYwelR2WHM1QXRHREpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LcwMA0G
CSqGSIb3DQEBCwUAA4IBAQAcOwEvHeH6YXNbTtzEKND15gFScfTV6aTOE9Jull0F
IB9gdCC3iFQ1QLigKy/Fg0BzVg0G3BybIqAl0K8ZgHUPwaJb5sqfuE3Thlu8XL57
1aD0hpfcYekhOfIxnwbvXLP9fvTJhoC4hILzrmvtqNXbC4r4uVWe5O/vMoOFXCVj
LAjZBUjiUmgaZg3PIFnQeddKr8EB37rOD3P33n5bmM6QbGkkoE3CtiQwXbiTeHSL
FZQCJFXFMMqdOvAGu5vf3DX3fXaOsr/PFGbmlN6btZla62j3XhIHv4/O2V/jNxSl
JuiHUEhaMOND3/MGnqEeHhrF7je5HnsEVxGWew5wTc5F
-----END CERTIFICATE-----