Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/CyempUs9G7crlKgEXGYkqL8B8wE.roa
File:                     CyempUs9G7crlKgEXGYkqL8B8wE.roa (raw, json)
Hash identifier:          VrZnY0CvalO1rmNCe7+yc0tWyM+fD+ePoUBAvdy5Pvo=
Subject key identifier:   0B:27:A6:A5:4B:3D:1B:B7:2B:94:A8:04:5C:66:24:A8:BF:01:F3:01
Certificate issuer:       /CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Certificate serial:       018CC3B74223DCBF6384D9FD6908C764716C
Authority key identifier: DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/CyempUs9G7crlKgEXGYkqL8B8wE.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200659
IP address blocks:        185.30.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:42:23:dc:bf:63:84:d9:fd:69:08:c7:64:71:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b27a6a54b3d1bb72b94a8045c6624a8bf01f301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:7b:17:55:00:7b:23:b1:b1:8c:54:61:8b:2e:
                    fe:00:9b:16:be:4c:a0:e8:59:1a:cf:99:e3:82:78:
                    61:c6:15:88:d3:fd:de:0e:7b:7d:33:e4:af:8d:04:
                    87:d2:01:aa:26:14:20:a3:73:7d:54:fb:e3:4c:e8:
                    76:b7:a0:7f:44:1a:79:55:d7:99:e7:49:bb:6e:4a:
                    41:e7:9f:a4:99:8f:d9:44:d7:d6:7b:00:d9:a3:a4:
                    0a:d4:7b:40:1f:01:a3:b8:be:b1:31:f6:16:8c:53:
                    92:80:ef:57:33:c8:45:4c:96:dd:8f:8b:8e:27:d7:
                    49:2d:44:84:31:45:0b:0d:7f:94:17:b1:8d:d3:ca:
                    b2:a9:98:c9:b4:44:a8:50:46:04:d1:2a:ac:6a:c3:
                    69:89:07:59:44:7c:9e:5d:76:0c:ea:2f:67:1e:89:
                    e8:42:96:0b:88:b1:c0:38:13:5d:6a:23:97:12:9e:
                    d0:45:42:4e:10:2a:d0:4a:c6:0f:6d:ab:dc:a0:09:
                    bb:1c:d1:ce:07:bd:7e:b1:6c:13:6e:9f:9d:70:26:
                    7d:3c:02:7b:59:e8:ce:64:f9:7f:30:1c:fd:c2:a8:
                    19:ef:b6:00:81:e4:6c:83:e1:14:d3:41:d3:6a:8c:
                    29:82:60:0c:5c:f9:84:89:a4:5e:8e:b2:74:1f:eb:
                    5a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:27:A6:A5:4B:3D:1B:B7:2B:94:A8:04:5C:66:24:A8:BF:01:F3:01
            X509v3 Authority Key Identifier:
                keyid:DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/CyempUs9G7crlKgEXGYkqL8B8wE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:7e:e7:8d:14:79:09:ce:bb:bc:f9:e7:a9:56:8e:38:b6:d8:
         9a:e4:99:40:4a:f3:59:06:18:a3:32:95:a2:47:d1:d0:2d:11:
         a5:d0:33:3a:0a:66:02:82:c5:5a:1d:52:77:20:de:5d:4b:b5:
         15:51:5b:82:06:a9:11:09:4d:e5:c4:1d:dc:b4:47:f5:be:f5:
         76:12:46:ac:33:a7:78:07:fb:02:c9:0e:54:cf:30:5b:dd:62:
         86:d0:b6:84:be:e4:2f:0f:22:2f:f7:28:53:12:e9:90:ac:8c:
         07:0e:eb:82:40:c2:a9:e2:fd:68:58:dd:54:29:f7:26:a2:f0:
         3b:b9:d1:cb:ab:13:d4:1f:3b:b7:65:fc:8e:b1:2a:af:20:a0:
         1e:0a:8a:4e:d1:69:b7:a4:1e:3b:85:74:d7:58:75:b7:b4:bc:
         94:8e:82:08:a5:df:1e:af:2f:fc:c9:78:32:6d:07:a6:f1:8d:
         00:9a:a0:0b:a6:2c:70:55:09:09:97:68:6e:96:33:e5:1d:d4:
         b1:b4:4b:9a:68:68:08:08:35:e2:89:39:18:7f:bb:a3:32:dd:
         fd:ed:0f:1b:96:97:86:ae:8d:bd:53:11:7b:11:c6:f8:56:d5:
         3d:b0:46:9b:db:1f:b4:ff:05:80:d3:d9:c6:25:e7:6f:9b:8d:
         4e:fc:6b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0Ij3L9jhNn9aQjHZHFsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzg4NDAyMWQxYjAyZThjMTZiNTU1NzQzZGZlYjlkYThl
NDhlMzEwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI3YTZhNTRiM2QxYmI3MmI5NGE4MDQ1YzY2MjRhOGJmMDFmMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XsXVQB7I7GxjFRhiy7+AJsWvkyg
6Fkaz5njgnhhxhWI0/3eDnt9M+SvjQSH0gGqJhQgo3N9VPvjTOh2t6B/RBp5VdeZ
50m7bkpB55+kmY/ZRNfWewDZo6QK1HtAHwGjuL6xMfYWjFOSgO9XM8hFTJbdj4uO
J9dJLUSEMUULDX+UF7GN08qyqZjJtESoUEYE0SqsasNpiQdZRHyeXXYM6i9nHono
QpYLiLHAOBNdaiOXEp7QRUJOECrQSsYPbavcoAm7HNHOB71+sWwTbp+dcCZ9PAJ7
WejOZPl/MBz9wqgZ77YAgeRsg+EU00HTaowpgmAMXPmEiaRejrJ0H+taQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsnpqVLPRu3K5SoBFxmJKi/AfMBMB8GA1UdIwQY
MBaAFNw4hAIdGwLowWtVV0Pf652o5I4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEt
ZDhiNGUwZDBkNmQ1LzEvQ3llbXBVczlHN2NybEtnRVhHWWtxTDhCOHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEtZDhiNGUwZDBkNmQ1
LzEvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR59MA0G
CSqGSIb3DQEBCwUAA4IBAQB8fueNFHkJzru8+eepVo44ttia5JlASvNZBhijMpWi
R9HQLRGl0DM6CmYCgsVaHVJ3IN5dS7UVUVuCBqkRCU3lxB3ctEf1vvV2EkasM6d4
B/sCyQ5UzzBb3WKG0LaEvuQvDyIv9yhTEumQrIwHDuuCQMKp4v1oWN1UKfcmovA7
udHLqxPUHzu3ZfyOsSqvIKAeCopO0Wm3pB47hXTXWHW3tLyUjoIIpd8ery/8yXgy
bQem8Y0AmqALpixwVQkJl2huljPlHdSxtEuaaGgICDXiiTkYf7ujMt397Q8blpeG
ro29UxF7Ecb4VtU9sEab2x+0/wWA09nGJedvm41O/Gvq
-----END CERTIFICATE-----