Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/zYMN4huP6UijyKWcOl6FrpiKP6g.roa
File:                     zYMN4huP6UijyKWcOl6FrpiKP6g.roa (raw, json)
Hash identifier:          knE4ObbHUMGlKVCnnIyOZE0Cu/bLz2Dbshs/MB4vigA=
Subject key identifier:   CD:83:0D:E2:1B:8F:E9:48:A3:C8:A5:9C:3A:5E:85:AE:98:8A:3F:A8
Certificate issuer:       /CN=97c4bcdd5312f8a7c33de4b7d75c15b4cbbc1dda
Certificate serial:       018FC88407920F270D08ECB2CE9DFA9D7114
Authority key identifier: 97:C4:BC:DD:53:12:F8:A7:C3:3D:E4:B7:D7:5C:15:B4:CB:BC:1D:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8S83VMS-KfDPeS311wVtMu8Hdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/zYMN4huP6UijyKWcOl6FrpiKP6g.roa
Signing time:             Thu 30 May 2024 08:00:46 +0000
ROA not before:           Thu 30 May 2024 08:00:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.161.204.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/l8S83VMS-KfDPeS311wVtMu8Hdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/l8S83VMS-KfDPeS311wVtMu8Hdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8S83VMS-KfDPeS311wVtMu8Hdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 20:41:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c8:84:07:92:0f:27:0d:08:ec:b2:ce:9d:fa:9d:71:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97c4bcdd5312f8a7c33de4b7d75c15b4cbbc1dda
        Validity
            Not Before: May 30 08:00:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd830de21b8fe948a3c8a59c3a5e85ae988a3fa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:06:19:22:e2:f7:b4:75:9a:c3:b1:40:55:3d:
                    15:41:ab:cf:38:17:9f:a8:f3:27:86:9e:03:c2:67:
                    36:fd:2f:33:a6:8e:9d:01:90:e9:2a:b5:02:34:71:
                    55:21:59:1b:89:7c:6a:d0:5f:98:4c:0c:8d:47:17:
                    9f:af:eb:a1:60:6a:9e:79:d3:01:15:31:eb:fe:46:
                    43:91:5b:ab:6c:36:ec:84:04:4c:88:f6:00:e2:07:
                    72:b7:ee:ca:44:26:e5:16:2b:2c:09:7a:c5:8e:88:
                    1c:3a:8f:ae:14:50:ca:d2:80:a3:86:eb:91:27:f7:
                    56:a4:a8:b6:33:e4:0b:89:39:9c:e5:fa:ea:38:d0:
                    9d:fc:8d:04:16:43:a6:76:24:b5:8e:5b:61:bd:c1:
                    d6:2b:76:f7:fb:28:a2:bf:02:c2:05:07:05:1a:a4:
                    55:21:2b:c9:11:2e:9b:57:96:13:1b:f4:d9:4e:da:
                    07:42:c8:26:55:20:e0:b2:0b:4d:7a:7a:4d:7b:cf:
                    89:cf:fa:6e:85:15:4a:ab:4e:0e:c3:3a:68:ef:0e:
                    f3:f8:bc:6e:8c:d8:8f:ff:b2:51:21:3d:16:cf:dd:
                    73:36:ba:9e:85:56:47:a2:76:22:81:a1:e8:7d:d8:
                    fc:6d:b0:34:13:08:ce:bc:30:d9:8c:9e:c4:23:0c:
                    d6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:83:0D:E2:1B:8F:E9:48:A3:C8:A5:9C:3A:5E:85:AE:98:8A:3F:A8
            X509v3 Authority Key Identifier:
                keyid:97:C4:BC:DD:53:12:F8:A7:C3:3D:E4:B7:D7:5C:15:B4:CB:BC:1D:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8S83VMS-KfDPeS311wVtMu8Hdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/zYMN4huP6UijyKWcOl6FrpiKP6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/l8S83VMS-KfDPeS311wVtMu8Hdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:d6:db:db:04:a8:5e:7c:cd:4b:c4:a6:69:db:e2:3b:97:fd:
         a8:1b:59:c9:eb:d9:21:cc:40:52:b7:05:ff:7a:97:7f:fa:db:
         e1:66:cc:b9:5e:1a:0a:de:20:37:90:f8:dd:65:eb:e2:72:76:
         9e:f8:3d:29:39:0e:85:fb:87:28:50:47:6d:40:08:ee:ad:89:
         dd:12:d8:ab:da:d3:6e:d7:c9:24:77:e0:3b:d4:a4:82:92:94:
         5a:fa:42:7a:f8:cf:1d:02:ed:2c:a9:39:53:a6:0e:b0:83:80:
         6f:ea:07:66:1e:2d:ed:84:0e:2a:fb:3f:c5:c0:1d:0b:e0:b9:
         ea:c0:7b:67:92:da:f2:48:0b:34:ec:84:a6:11:52:be:d0:d4:
         25:6e:23:aa:c8:ee:59:7d:71:ea:22:69:7a:77:d5:44:91:3c:
         b4:b5:b7:30:5a:d8:6f:a4:f5:5c:03:ec:ba:21:a7:c4:17:0d:
         ed:9c:2f:8c:ad:ac:44:38:6b:c4:9a:78:bd:54:78:db:74:44:
         d5:3b:24:9c:c3:33:2a:61:c2:53:dd:20:4f:54:f0:e4:6a:a2:
         75:f2:e2:43:67:2f:12:2e:e7:74:b2:5f:a7:55:c3:da:08:4d:
         5d:63:ab:3d:9c:a3:f4:d7:9d:2a:be:66:37:c5:58:ac:db:f0:
         84:b8:ad:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/IhAeSDycNCOyyzp36nXEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YzRiY2RkNTMxMmY4YTdjMzNkZTRiN2Q3NWMxNWI0Y2Ji
YzFkZGEwHhcNMjQwNTMwMDgwMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDgzMGRlMjFiOGZlOTQ4YTNjOGE1OWMzYTVlODVhZTk4OGEzZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwYZIuL3tHWaw7FAVT0VQavPOBef
qPMnhp4Dwmc2/S8zpo6dAZDpKrUCNHFVIVkbiXxq0F+YTAyNRxefr+uhYGqeedMB
FTHr/kZDkVurbDbshARMiPYA4gdyt+7KRCblFissCXrFjogcOo+uFFDK0oCjhuuR
J/dWpKi2M+QLiTmc5frqONCd/I0EFkOmdiS1jlthvcHWK3b3+yiivwLCBQcFGqRV
ISvJES6bV5YTG/TZTtoHQsgmVSDgsgtNenpNe8+Jz/puhRVKq04Owzpo7w7z+Lxu
jNiP/7JRIT0Wz91zNrqehVZHonYigaHofdj8bbA0EwjOvDDZjJ7EIwzWbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2DDeIbj+lIo8ilnDpeha6Yij+oMB8GA1UdIwQY
MBaAFJfEvN1TEvinwz3kt9dcFbTLvB3aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDhTODNWTVMtS2ZEUGVTMzExd1Z0TXU4SGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80NDc3NWYtMzdhNi00YTg2LTlmZTUt
ZTkzYmRiOGQ5Yzg1LzEvellNTjRodVA2VWlqeUtXY09sNkZycGlLUDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80NDc3NWYtMzdhNi00YTg2LTlmZTUtZTkzYmRiOGQ5Yzg1
LzEvbDhTODNWTVMtS2ZEUGVTMzExd1Z0TXU4SGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaHMMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ1tvbBKhefM1LxKZp2+I7l/2oG1nJ69khzEBStwX/
epd/+tvhZsy5XhoK3iA3kPjdZevicnae+D0pOQ6F+4coUEdtQAjurYndEtir2tNu
18kkd+A71KSCkpRa+kJ6+M8dAu0sqTlTpg6wg4Bv6gdmHi3thA4q+z/FwB0L4Lnq
wHtnktrySAs07ISmEVK+0NQlbiOqyO5ZfXHqIml6d9VEkTy0tbcwWthvpPVcA+y6
IafEFw3tnC+MraxEOGvEmni9VHjbdETVOyScwzMqYcJT3SBPVPDkaqJ18uJDZy8S
Lud0sl+nVcPaCE1dY6s9nKP0150qvmY3xVis2/CEuK0d
-----END CERTIFICATE-----