Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/4f1087-2f1b-4ab5-ae71-26cdc55644d4/1/ylc1atWmIuLqEtnHvOSjs3dgoAo.roa
File:                     ylc1atWmIuLqEtnHvOSjs3dgoAo.roa (raw, json)
Hash identifier:          Uaxd0CTbQlph2UuJKh+ZAn0HLh9oWRvTn8l9pHlgtRs=
Subject key identifier:   CA:57:35:6A:D5:A6:22:E2:EA:12:D9:C7:BC:E4:A3:B3:77:60:A0:0A
Certificate issuer:       /CN=ef0ec81b9c653b8e340508ff848db066e36772b0
Certificate serial:       018DA3CAA0B36AD98C04B9C9395DC5884081
Authority key identifier: EF:0E:C8:1B:9C:65:3B:8E:34:05:08:FF:84:8D:B0:66:E3:67:72:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7w7IG5xlO440BQj_hI2wZuNncrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/4f1087-2f1b-4ab5-ae71-26cdc55644d4/1/ylc1atWmIuLqEtnHvOSjs3dgoAo.roa
Signing time:             Tue 13 Feb 2024 18:46:22 +0000
ROA not before:           Tue 13 Feb 2024 18:46:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203641
IP address blocks:        5.182.160.0/22 maxlen: 24
                          185.107.160.0/22 maxlen: 24
                          193.111.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/4f1087-2f1b-4ab5-ae71-26cdc55644d4/1/7w7IG5xlO440BQj_hI2wZuNncrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/4f1087-2f1b-4ab5-ae71-26cdc55644d4/1/7w7IG5xlO440BQj_hI2wZuNncrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7w7IG5xlO440BQj_hI2wZuNncrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a3:ca:a0:b3:6a:d9:8c:04:b9:c9:39:5d:c5:88:40:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef0ec81b9c653b8e340508ff848db066e36772b0
        Validity
            Not Before: Feb 13 18:46:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca57356ad5a622e2ea12d9c7bce4a3b37760a00a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:49:1e:a8:0e:6b:15:16:2a:13:b7:d6:13:25:
                    ed:63:2f:29:8d:a3:28:aa:cd:6a:1a:e2:a5:d3:65:
                    be:9e:bf:08:56:52:4a:8c:3a:18:8a:b3:31:4e:d4:
                    82:e0:f6:1b:62:d3:1d:ba:b8:a6:84:33:0b:f4:39:
                    35:be:86:45:ec:d9:2a:46:d9:56:f8:ef:a0:49:5e:
                    e2:e3:f1:78:5d:64:e4:92:3e:4c:1b:8a:72:f3:b2:
                    fa:dd:ef:00:8a:93:b0:c8:d0:1a:6f:eb:65:a7:99:
                    ca:6a:a6:4c:7e:b1:fd:db:9c:5e:66:4a:c8:ba:b3:
                    94:f9:88:00:00:b1:b3:64:ab:cf:08:32:11:bc:c3:
                    14:66:8f:cb:10:18:d6:a2:cf:6d:f8:d6:21:32:6e:
                    57:63:a4:d8:b9:d4:a8:47:28:d0:3e:f1:f4:f1:31:
                    aa:c0:04:5d:36:1b:3a:57:b5:33:f5:39:d9:f7:a4:
                    d1:57:12:7b:25:74:f0:de:6b:db:e0:9d:e8:27:a7:
                    db:99:28:0e:55:9c:ac:82:14:6e:50:97:f7:75:99:
                    81:88:dd:52:b9:18:93:e6:bf:82:ce:db:7a:38:72:
                    6f:c6:5c:45:bc:22:17:0e:ae:ed:9b:bc:78:ae:6b:
                    d3:e8:12:53:a2:bd:45:24:5c:38:e2:5a:5c:af:e8:
                    b6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:57:35:6A:D5:A6:22:E2:EA:12:D9:C7:BC:E4:A3:B3:77:60:A0:0A
            X509v3 Authority Key Identifier:
                keyid:EF:0E:C8:1B:9C:65:3B:8E:34:05:08:FF:84:8D:B0:66:E3:67:72:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7w7IG5xlO440BQj_hI2wZuNncrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4f1087-2f1b-4ab5-ae71-26cdc55644d4/1/ylc1atWmIuLqEtnHvOSjs3dgoAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4f1087-2f1b-4ab5-ae71-26cdc55644d4/1/7w7IG5xlO440BQj_hI2wZuNncrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.160.0/22
                  185.107.160.0/22
                  193.111.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:02:8b:77:fb:c2:59:6a:bc:94:cb:a2:a9:e0:23:fe:6e:98:
         92:30:86:25:cc:ca:d2:17:a3:51:cb:09:d5:cc:7b:6c:bb:e8:
         9d:70:c9:a2:cd:1c:ba:0f:d7:a4:5c:38:30:3b:a1:18:76:15:
         b1:a0:eb:e6:df:06:e2:11:62:49:d3:27:bd:c8:82:d5:5b:79:
         4c:a7:46:15:1c:39:28:e2:8f:db:20:bd:86:52:00:ea:a0:57:
         d7:af:c2:c2:4e:21:00:5e:e9:15:ca:bd:7b:ea:54:da:0a:2e:
         95:df:6e:76:38:18:1d:64:31:95:dd:9d:f4:83:99:da:7e:a3:
         25:c2:c6:cd:a8:84:1c:93:50:3b:01:86:8d:1a:82:7f:a1:2f:
         f8:ce:10:8b:e0:10:68:03:b8:0b:05:a3:d5:77:d3:16:c4:e1:
         9b:df:65:b6:62:d2:af:91:bb:f5:ca:71:38:91:a9:12:f5:1b:
         ee:01:9f:57:3b:0a:9c:c5:1e:7d:18:12:fe:3b:33:64:82:a8:
         fd:fa:f8:16:c0:e0:26:04:1e:d5:7f:d6:bf:b3:f1:fa:3b:92:
         81:02:91:0d:58:9d:2b:d7:c5:61:b1:80:5e:86:b4:de:da:75:
         36:6d:43:93:d4:98:39:89:92:77:96:fb:f0:93:ff:27:81:43:
         30:eb:37:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2jyqCzatmMBLnJOV3FiECBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMGVjODFiOWM2NTNiOGUzNDA1MDhmZjg0OGRiMDY2ZTM2
NzcyYjAwHhcNMjQwMjEzMTg0NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTU3MzU2YWQ1YTYyMmUyZWExMmQ5YzdiY2U0YTNiMzc3NjBhMDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0keqA5rFRYqE7fWEyXtYy8pjaMo
qs1qGuKl02W+nr8IVlJKjDoYirMxTtSC4PYbYtMdurimhDML9Dk1voZF7NkqRtlW
+O+gSV7i4/F4XWTkkj5MG4py87L63e8AipOwyNAab+tlp5nKaqZMfrH925xeZkrI
urOU+YgAALGzZKvPCDIRvMMUZo/LEBjWos9t+NYhMm5XY6TYudSoRyjQPvH08TGq
wARdNhs6V7Uz9TnZ96TRVxJ7JXTw3mvb4J3oJ6fbmSgOVZysghRuUJf3dZmBiN1S
uRiT5r+Cztt6OHJvxlxFvCIXDq7tm7x4rmvT6BJTor1FJFw44lpcr+i27QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMpXNWrVpiLi6hLZx7zko7N3YKAKMB8GA1UdIwQY
MBaAFO8OyBucZTuONAUI/4SNsGbjZ3KwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3c3SUc1eGxPNDQwQlFqX2hJMndadU5uY3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80ZjEwODctMmYxYi00YWI1LWFlNzEt
MjZjZGM1NTY0NGQ0LzEveWxjMWF0V21JdUxxRXRuSHZPU2pzM2Rnb0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80ZjEwODctMmYxYi00YWI1LWFlNzEtMjZjZGM1NTY0NGQ0
LzEvN3c3SUc1eGxPNDQwQlFqX2hJMndadU5uY3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBbagAwQC
uWugAwQAwW+qMA0GCSqGSIb3DQEBCwUAA4IBAQAbAot3+8JZaryUy6Kp4CP+bpiS
MIYlzMrSF6NRywnVzHtsu+idcMmizRy6D9ekXDgwO6EYdhWxoOvm3wbiEWJJ0ye9
yILVW3lMp0YVHDko4o/bIL2GUgDqoFfXr8LCTiEAXukVyr176lTaCi6V3252OBgd
ZDGV3Z30g5nafqMlwsbNqIQck1A7AYaNGoJ/oS/4zhCL4BBoA7gLBaPVd9MWxOGb
32W2YtKvkbv1ynE4kakS9RvuAZ9XOwqcxR59GBL+OzNkgqj9+vgWwOAmBB7Vf9a/
s/H6O5KBApENWJ0r18VhsYBehrTe2nU2bUOT1Jg5iZJ3lvvwk/8ngUMw6zcZ
-----END CERTIFICATE-----