Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/65bcff-ba01-498c-b54d-84026bc852f0/1/NY4KxZ8vyUr1Ch65ld8eEFbAMdM.roa
File:                     NY4KxZ8vyUr1Ch65ld8eEFbAMdM.roa (raw, json)
Hash identifier:          VXfVuP+JLWGSDG2vsj0O903ywTcVoraAGy0Oa7pVdzs=
Subject key identifier:   35:8E:0A:C5:9F:2F:C9:4A:F5:0A:1E:B9:95:DF:1E:10:56:C0:31:D3
Certificate issuer:       /CN=b54ddf6f03331cd773c7e7abb15429ba8d20bd78
Certificate serial:       018D7EB7D7B703AEDE20F4A1BE7C0514D88D
Authority key identifier: B5:4D:DF:6F:03:33:1C:D7:73:C7:E7:AB:B1:54:29:BA:8D:20:BD:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tU3fbwMzHNdzx-ersVQpuo0gvXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/65bcff-ba01-498c-b54d-84026bc852f0/1/NY4KxZ8vyUr1Ch65ld8eEFbAMdM.roa
Signing time:             Tue 06 Feb 2024 13:59:53 +0000
ROA not before:           Tue 06 Feb 2024 13:59:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210197
IP address blocks:        85.204.38.0/24 maxlen: 24
                          2a13:f400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/65bcff-ba01-498c-b54d-84026bc852f0/1/tU3fbwMzHNdzx-ersVQpuo0gvXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/65bcff-ba01-498c-b54d-84026bc852f0/1/tU3fbwMzHNdzx-ersVQpuo0gvXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tU3fbwMzHNdzx-ersVQpuo0gvXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:b7:d7:b7:03:ae:de:20:f4:a1:be:7c:05:14:d8:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b54ddf6f03331cd773c7e7abb15429ba8d20bd78
        Validity
            Not Before: Feb  6 13:59:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=358e0ac59f2fc94af50a1eb995df1e1056c031d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b9:f1:7e:af:ce:5a:91:fd:4a:71:2b:32:0e:
                    8e:77:3a:2c:a2:9f:c7:a3:29:17:bc:2e:5b:af:6d:
                    5b:d2:98:76:4b:c0:77:ea:da:ed:cf:6d:21:4a:ff:
                    c3:23:e6:ce:04:bc:94:c0:15:e2:70:e2:34:21:bb:
                    cd:c8:f6:f2:c9:5b:05:12:b3:c1:0b:11:92:be:83:
                    27:da:a4:99:15:73:e2:10:e3:e0:a3:0f:46:af:79:
                    b4:7a:91:1d:cb:09:bf:ee:fb:5e:8c:2c:6d:ef:06:
                    66:61:b2:4f:97:76:6a:e9:87:76:9f:2c:c7:b9:ae:
                    dd:fd:00:32:b8:b7:aa:16:26:d5:13:e2:e0:81:bb:
                    b8:00:5f:18:a2:5d:4c:73:76:8a:a3:c8:a1:bf:21:
                    22:d9:5a:69:d6:20:d9:90:78:0e:2e:41:b0:75:9f:
                    24:bf:3a:f3:3c:65:a7:05:97:8d:f3:84:7c:85:37:
                    06:fd:91:f4:c3:ff:eb:3e:63:82:f1:14:2f:fb:9b:
                    34:b9:92:08:07:aa:60:ad:a1:90:40:53:65:7f:26:
                    6c:4b:36:ba:31:ee:1e:46:55:9e:c6:34:6a:7a:e5:
                    d0:25:68:3f:91:bc:8f:4f:f0:ac:cc:a1:f9:15:35:
                    63:cc:0b:aa:5c:ae:8f:2f:4a:06:a9:aa:76:b1:d4:
                    64:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8E:0A:C5:9F:2F:C9:4A:F5:0A:1E:B9:95:DF:1E:10:56:C0:31:D3
            X509v3 Authority Key Identifier:
                keyid:B5:4D:DF:6F:03:33:1C:D7:73:C7:E7:AB:B1:54:29:BA:8D:20:BD:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tU3fbwMzHNdzx-ersVQpuo0gvXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/65bcff-ba01-498c-b54d-84026bc852f0/1/NY4KxZ8vyUr1Ch65ld8eEFbAMdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/65bcff-ba01-498c-b54d-84026bc852f0/1/tU3fbwMzHNdzx-ersVQpuo0gvXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.38.0/24
                IPv6:
                  2a13:f400::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:b7:7c:b3:46:6c:18:01:1c:5c:04:77:e7:65:8d:3a:3d:06:
         f3:a4:05:b7:75:39:a3:7b:96:78:c3:da:c6:42:26:a0:de:b7:
         05:d9:bf:03:16:9d:5a:48:63:55:0a:11:d0:31:63:e7:8e:51:
         e6:10:22:ad:1d:17:f5:12:c3:db:e8:8b:46:3a:c9:65:9a:b4:
         60:36:cc:72:c8:37:9d:c0:43:de:32:d0:41:ff:69:a5:5b:97:
         64:ee:ee:02:72:64:89:62:ab:62:59:50:1e:6f:75:29:a0:1b:
         83:b7:9c:86:67:09:89:a4:bc:b3:18:17:61:d5:6c:13:cf:51:
         d0:4d:95:0c:b0:1c:9a:4c:52:c8:03:e9:bc:2b:bd:29:86:f9:
         69:03:48:61:f1:22:ad:26:1c:f3:21:fb:ec:79:35:7b:ed:dd:
         4a:a6:f3:9a:f2:d6:92:bc:a1:7d:33:60:e7:1b:50:42:0a:3e:
         b6:3a:4c:83:37:33:c7:32:ac:8b:ec:68:4e:19:5f:57:24:e1:
         e1:bc:c9:d1:79:7b:07:5c:96:4f:3f:83:de:49:ca:52:b3:7f:
         a5:58:da:3c:55:c7:fd:42:7a:0c:4a:7e:a9:88:bb:70:66:74:
         ef:e4:2e:46:2d:37:70:d5:3a:e2:1c:24:a4:13:67:53:53:aa:
         09:25:89:13
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1+t9e3A67eIPShvnwFFNiNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NGRkZjZmMDMzMzFjZDc3M2M3ZTdhYmIxNTQyOWJhOGQy
MGJkNzgwHhcNMjQwMjA2MTM1OTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNThlMGFjNTlmMmZjOTRhZjUwYTFlYjk5NWRmMWUxMDU2YzAzMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLnxfq/OWpH9SnErMg6Odzosop/H
oykXvC5br21b0ph2S8B36trtz20hSv/DI+bOBLyUwBXicOI0IbvNyPbyyVsFErPB
CxGSvoMn2qSZFXPiEOPgow9Gr3m0epEdywm/7vtejCxt7wZmYbJPl3Zq6Yd2nyzH
ua7d/QAyuLeqFibVE+Lggbu4AF8Yol1Mc3aKo8ihvyEi2Vpp1iDZkHgOLkGwdZ8k
vzrzPGWnBZeN84R8hTcG/ZH0w//rPmOC8RQv+5s0uZIIB6pgraGQQFNlfyZsSza6
Me4eRlWexjRqeuXQJWg/kbyPT/CszKH5FTVjzAuqXK6PL0oGqap2sdRkTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDWOCsWfL8lK9QoeuZXfHhBWwDHTMB8GA1UdIwQY
MBaAFLVN328DMxzXc8fnq7FUKbqNIL14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFUzZmJ3TXpITmR6eC1lcnNWUXB1bzBndlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82NWJjZmYtYmEwMS00OThjLWI1NGQt
ODQwMjZiYzg1MmYwLzEvTlk0S3haOHZ5VXIxQ2g2NWxkOGVFRmJBTWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82NWJjZmYtYmEwMS00OThjLWI1NGQtODQwMjZiYzg1MmYw
LzEvdFUzZmJ3TXpITmR6eC1lcnNWUXB1bzBndlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVcwmMA0E
AgACMAcDBQMqE/QAMA0GCSqGSIb3DQEBCwUAA4IBAQBDt3yzRmwYARxcBHfnZY06
PQbzpAW3dTmje5Z4w9rGQiag3rcF2b8DFp1aSGNVChHQMWPnjlHmECKtHRf1EsPb
6ItGOsllmrRgNsxyyDedwEPeMtBB/2mlW5dk7u4CcmSJYqtiWVAeb3UpoBuDt5yG
ZwmJpLyzGBdh1WwTz1HQTZUMsByaTFLIA+m8K70phvlpA0hh8SKtJhzzIfvseTV7
7d1KpvOa8taSvKF9M2DnG1BCCj62OkyDNzPHMqyL7GhOGV9XJOHhvMnReXsHXJZP
P4PeScpSs3+lWNo8Vcf9QnoMSn6piLtwZnTv5C5GLTdw1TriHCSkE2dTU6oJJYkT
-----END CERTIFICATE-----