Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/jY7oRuZfy9PeDRqh9U8yeyK7iFk.roa
File:                     jY7oRuZfy9PeDRqh9U8yeyK7iFk.roa (raw, json)
Hash identifier:          AoTIlQ5l0VVrMNIDzv1G3rKdc979k7vm8iRkHm/vox0=
Subject key identifier:   8D:8E:E8:46:E6:5F:CB:D3:DE:0D:1A:A1:F5:4F:32:7B:22:BB:88:59
Certificate issuer:       /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial:       018CCA2B64EE984394860A62595E13C12B11
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/jY7oRuZfy9PeDRqh9U8yeyK7iFk.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47602
IP address blocks:        185.131.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:64:ee:98:43:94:86:0a:62:59:5e:13:c1:2b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d8ee846e65fcbd3de0d1aa1f54f327b22bb8859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:29:64:f9:66:d0:3f:3d:e2:b8:25:1d:e1:a3:
                    88:fa:b6:de:8a:2b:1e:18:e9:95:4f:be:e2:6c:af:
                    c7:b2:7f:a9:b7:d2:e0:f7:78:fe:2e:cb:1e:10:a1:
                    38:ca:e3:0a:50:1a:b2:eb:58:74:b7:5a:9e:34:ba:
                    1f:a7:bb:01:c8:1f:e5:81:c9:e3:9b:c6:c8:09:4a:
                    00:fa:1e:1f:fa:d6:31:e8:6e:16:6d:ed:27:30:d0:
                    b4:bc:ff:43:1a:a4:d8:ed:a0:98:3f:19:30:90:51:
                    c0:16:46:1d:56:9e:c7:04:d5:73:bb:fc:2b:68:58:
                    c7:c8:00:1e:02:ed:9d:f3:83:7b:04:7b:2b:89:89:
                    ae:f4:c5:16:1f:35:83:1c:b2:03:97:a4:10:aa:15:
                    52:07:42:1b:ad:c7:ce:9f:c8:5e:2e:f7:89:9b:3c:
                    79:f5:18:1e:d8:e7:4e:d7:82:f4:0b:63:f8:b1:eb:
                    ae:bf:0a:ec:68:84:7a:53:43:f6:5b:f3:9f:25:86:
                    58:3e:d7:4e:3e:87:f1:3c:bb:6c:0b:67:54:f4:14:
                    d8:ff:08:b7:89:5b:7e:0e:75:e3:e7:26:78:39:9a:
                    80:c3:14:f9:71:e0:7a:a5:c5:a8:d3:b1:50:ac:2a:
                    78:23:43:4f:c9:cb:be:1e:ce:e1:c4:a9:a9:83:d3:
                    5b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8E:E8:46:E6:5F:CB:D3:DE:0D:1A:A1:F5:4F:32:7B:22:BB:88:59
            X509v3 Authority Key Identifier:
                keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/jY7oRuZfy9PeDRqh9U8yeyK7iFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:fc:ae:1b:56:b1:2f:3d:71:83:1c:a1:d6:dd:fe:19:fa:bb:
         6e:48:b6:cd:be:83:2b:49:e9:e9:c7:cd:44:79:24:d0:e2:e8:
         9b:da:86:cb:c8:c3:ba:56:ff:75:a3:18:06:5c:8b:88:cd:39:
         7c:c7:06:50:3c:b0:57:71:fc:28:a9:a0:f1:d0:51:2c:23:2d:
         23:0b:c1:0d:bb:ab:83:ae:69:1f:c5:c9:17:f9:c8:ef:47:5e:
         6e:b9:19:c6:99:4e:ed:fb:6b:c1:41:57:3e:70:13:a2:c6:ae:
         5c:1b:f4:18:87:5d:45:12:a3:41:62:4a:b3:b1:18:e5:72:c3:
         6e:50:75:87:55:6b:ed:20:40:89:dc:5e:19:c9:67:dc:c7:5d:
         08:50:20:bf:24:14:67:7e:dc:87:d5:96:8f:d1:42:cc:34:4c:
         ce:87:d6:cc:ad:75:53:ec:1d:58:c8:1c:03:cb:2e:61:57:6c:
         63:ad:20:43:70:39:98:65:8d:ab:33:40:39:2c:07:a4:8c:52:
         75:1e:5b:fc:b4:0f:69:24:c5:fe:32:1b:3c:58:ad:5b:8d:ce:
         1f:6c:a9:85:65:44:77:c7:a5:42:03:23:69:6a:65:07:63:b5:
         ef:2e:6a:4e:b6:6c:e2:bc:ad:a3:c3:1e:8b:df:98:01:77:3e:
         98:1d:1e:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2TumEOUhgpiWV4TwSsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDhlZTg0NmU2NWZjYmQzZGUwZDFhYTFmNTRmMzI3YjIyYmI4ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSlk+WbQPz3iuCUd4aOI+rbeiise
GOmVT77ibK/Hsn+pt9Lg93j+LsseEKE4yuMKUBqy61h0t1qeNLofp7sByB/lgcnj
m8bICUoA+h4f+tYx6G4Wbe0nMNC0vP9DGqTY7aCYPxkwkFHAFkYdVp7HBNVzu/wr
aFjHyAAeAu2d84N7BHsriYmu9MUWHzWDHLIDl6QQqhVSB0IbrcfOn8heLveJmzx5
9Rge2OdO14L0C2P4seuuvwrsaIR6U0P2W/OfJYZYPtdOPofxPLtsC2dU9BTY/wi3
iVt+DnXj5yZ4OZqAwxT5ceB6pcWo07FQrCp4I0NPycu+Hs7hxKmpg9Nb8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2O6EbmX8vT3g0aofVPMnsiu4hZMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvalk3b1J1WmZ5OVBlRFJxaDlVOHlleUs3aUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPfMA0G
CSqGSIb3DQEBCwUAA4IBAQBt/K4bVrEvPXGDHKHW3f4Z+rtuSLbNvoMrSenpx81E
eSTQ4uib2obLyMO6Vv91oxgGXIuIzTl8xwZQPLBXcfwoqaDx0FEsIy0jC8ENu6uD
rmkfxckX+cjvR15uuRnGmU7t+2vBQVc+cBOixq5cG/QYh11FEqNBYkqzsRjlcsNu
UHWHVWvtIECJ3F4ZyWfcx10IUCC/JBRnftyH1ZaP0ULMNEzOh9bMrXVT7B1YyBwD
yy5hV2xjrSBDcDmYZY2rM0A5LAekjFJ1Hlv8tA9pJMX+Mhs8WK1bjc4fbKmFZUR3
x6VCAyNpamUHY7XvLmpOtmzivK2jwx6L35gBdz6YHR7f
-----END CERTIFICATE-----