Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/6fd5d2-b7ce-4b3d-8f2c-138bbaac7fe2/1/ymRWWWzQY_E7IlYQWXdejg4uh2k.roa
File:                     ymRWWWzQY_E7IlYQWXdejg4uh2k.roa (raw, json)
Hash identifier:          ZOGqxxqY6sdmZU3wdYz6Zh+5OqwObURa5Imri+j02hw=
Subject key identifier:   CA:64:56:59:6C:D0:63:F1:3B:22:56:10:59:77:5E:8E:0E:2E:87:69
Certificate issuer:       /CN=e6e4687ab8b1eb6de1abd04a07617c86d118518d
Certificate serial:       018CC5DC2D8E67C6A76E614650AA444EBA69
Authority key identifier: E6:E4:68:7A:B8:B1:EB:6D:E1:AB:D0:4A:07:61:7C:86:D1:18:51:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5uRoerix623hq9BKB2F8htEYUY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/6fd5d2-b7ce-4b3d-8f2c-138bbaac7fe2/1/ymRWWWzQY_E7IlYQWXdejg4uh2k.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        185.217.166.0/24 maxlen: 24
                          2a10:d504::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/6fd5d2-b7ce-4b3d-8f2c-138bbaac7fe2/1/5uRoerix623hq9BKB2F8htEYUY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/6fd5d2-b7ce-4b3d-8f2c-138bbaac7fe2/1/5uRoerix623hq9BKB2F8htEYUY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5uRoerix623hq9BKB2F8htEYUY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2d:8e:67:c6:a7:6e:61:46:50:aa:44:4e:ba:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6e4687ab8b1eb6de1abd04a07617c86d118518d
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca6456596cd063f13b22561059775e8e0e2e8769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:56:ee:38:60:21:23:c1:ed:5f:b8:84:d8:a3:
                    80:11:dc:f2:c7:5d:dd:b2:91:7d:22:3a:9c:5f:45:
                    2a:60:38:da:22:a5:5a:f9:e4:f2:97:01:21:c9:b9:
                    4e:16:0c:cc:41:93:01:1f:34:b7:23:02:05:b2:28:
                    fe:96:39:c0:b7:d0:78:c5:67:37:02:b8:04:c9:2c:
                    99:63:1c:15:91:0a:6c:53:2b:ec:6f:73:5c:b0:7b:
                    19:3d:a4:17:ca:38:ea:c9:67:a1:8c:13:6c:80:af:
                    6f:ff:aa:61:03:1c:64:c5:38:ba:53:16:b4:57:f9:
                    24:b5:35:cb:00:40:0f:d3:e9:da:a0:20:1a:a1:58:
                    65:32:4e:bc:d2:0b:33:da:7a:d4:4c:1c:f6:3f:f1:
                    56:5e:70:6d:98:08:e3:36:3f:30:1a:d3:30:b7:b3:
                    b0:3a:67:f5:aa:3a:42:15:6b:57:df:79:a6:6c:80:
                    44:39:f5:d0:01:ad:6d:46:4d:f3:04:37:29:27:7b:
                    58:c3:a5:2a:18:eb:d7:60:4f:3a:96:6a:44:51:2b:
                    fb:c8:94:b3:27:c9:a5:2c:82:08:1e:96:17:fa:89:
                    d8:5e:ce:b5:d5:cc:52:be:12:3d:49:05:c5:6f:9b:
                    9e:48:ce:fa:a4:68:fc:1b:98:ec:c1:05:47:3f:5b:
                    72:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:64:56:59:6C:D0:63:F1:3B:22:56:10:59:77:5E:8E:0E:2E:87:69
            X509v3 Authority Key Identifier:
                keyid:E6:E4:68:7A:B8:B1:EB:6D:E1:AB:D0:4A:07:61:7C:86:D1:18:51:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5uRoerix623hq9BKB2F8htEYUY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/6fd5d2-b7ce-4b3d-8f2c-138bbaac7fe2/1/ymRWWWzQY_E7IlYQWXdejg4uh2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/6fd5d2-b7ce-4b3d-8f2c-138bbaac7fe2/1/5uRoerix623hq9BKB2F8htEYUY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.166.0/24
                IPv6:
                  2a10:d504::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:89:61:06:1e:67:66:34:78:8b:37:e7:0c:9c:34:62:6e:79:
         82:4a:32:ee:8e:d1:7d:e7:53:33:0d:f6:56:c0:73:0c:a5:b8:
         bd:b0:b8:81:66:e8:a8:fc:d1:cd:1b:98:72:29:02:22:7e:ca:
         63:6d:76:69:e6:38:6d:e1:9c:6a:bd:59:1d:8b:9c:15:14:4f:
         ae:5f:ba:0e:44:a7:01:1a:47:2d:7f:48:16:8b:0f:87:03:2c:
         b9:cf:df:f9:c2:59:b9:8a:3c:7b:9a:02:fc:eb:81:6a:37:44:
         f9:b3:55:86:b9:a9:b2:8e:c3:49:0b:3c:19:da:95:92:ba:fc:
         9d:9c:4d:b6:61:47:21:2b:3e:e9:21:d2:a0:5e:8b:f1:14:cb:
         96:85:0f:11:af:83:3e:df:36:c5:b8:6c:74:e6:1b:8f:88:45:
         7f:93:03:7b:ee:c1:e0:78:ee:ae:4b:9b:13:94:d3:67:4e:a0:
         b7:4f:66:f5:db:3b:36:cf:b9:ef:4f:0b:5b:8b:04:89:d2:4d:
         36:a8:3f:00:12:00:1b:c3:b3:2d:c4:89:97:90:69:b1:a2:f6:
         60:57:9f:ba:99:60:ff:0d:a8:c4:02:11:dc:a9:4b:f8:54:0f:
         7e:40:7c:7b:4f:a8:99:1f:7e:09:b5:97:d2:54:4f:64:2b:68:
         82:dd:19:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3C2OZ8anbmFGUKpETrppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZTQ2ODdhYjhiMWViNmRlMWFiZDA0YTA3NjE3Yzg2ZDEx
ODUxOGQwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY0NTY1OTZjZDA2M2YxM2IyMjU2MTA1OTc3NWU4ZTBlMmU4NzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1buOGAhI8HtX7iE2KOAEdzyx13d
spF9IjqcX0UqYDjaIqVa+eTylwEhyblOFgzMQZMBHzS3IwIFsij+ljnAt9B4xWc3
ArgEySyZYxwVkQpsUyvsb3NcsHsZPaQXyjjqyWehjBNsgK9v/6phAxxkxTi6Uxa0
V/kktTXLAEAP0+naoCAaoVhlMk680gsz2nrUTBz2P/FWXnBtmAjjNj8wGtMwt7Ow
Omf1qjpCFWtX33mmbIBEOfXQAa1tRk3zBDcpJ3tYw6UqGOvXYE86lmpEUSv7yJSz
J8mlLIIIHpYX+onYXs611cxSvhI9SQXFb5ueSM76pGj8G5jswQVHP1tygQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMpkVlls0GPxOyJWEFl3Xo4OLodpMB8GA1UdIwQY
MBaAFObkaHq4sett4avQSgdhfIbRGFGNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXVSb2VyaXg2MjNocTlCS0IyRjhodEVZVVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS82ZmQ1ZDItYjdjZS00YjNkLThmMmMt
MTM4YmJhYWM3ZmUyLzEveW1SV1dXelFZX0U3SWxZUVdYZGVqZzR1aDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS82ZmQ1ZDItYjdjZS00YjNkLThmMmMtMTM4YmJhYWM3ZmUy
LzEvNXVSb2VyaXg2MjNocTlCS0IyRjhodEVZVVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAudmmMA8E
AgACMAkDBwAqENUEAAAwDQYJKoZIhvcNAQELBQADggEBALSJYQYeZ2Y0eIs35wyc
NGJueYJKMu6O0X3nUzMN9lbAcwyluL2wuIFm6Kj80c0bmHIpAiJ+ymNtdmnmOG3h
nGq9WR2LnBUUT65fug5EpwEaRy1/SBaLD4cDLLnP3/nCWbmKPHuaAvzrgWo3RPmz
VYa5qbKOw0kLPBnalZK6/J2cTbZhRyErPukh0qBei/EUy5aFDxGvgz7fNsW4bHTm
G4+IRX+TA3vuweB47q5LmxOU02dOoLdPZvXbOzbPue9PC1uLBInSTTaoPwASABvD
sy3EiZeQabGi9mBXn7qZYP8NqMQCEdypS/hUD35AfHtPqJkffgm1l9JUT2QraILd
GWs=
-----END CERTIFICATE-----