Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/3496a4-cc9f-4419-ad81-aaa2380982bc/1/bYuykGnfzpsdmLdIsc87u24XRQI.roa
File:                     bYuykGnfzpsdmLdIsc87u24XRQI.roa (raw, json)
Hash identifier:          DLiVio68o7ffcLioMRMQAZvO5G1jod2sLRFTPzDrmEw=
Subject key identifier:   6D:8B:B2:90:69:DF:CE:9B:1D:98:B7:48:B1:CF:3B:BB:6E:17:45:02
Certificate issuer:       /CN=79d437584abdb48213630dcaa5f00c9d2c3cc179
Certificate serial:       018CC7950B670D6F3E209E1CCC5506C83E84
Authority key identifier: 79:D4:37:58:4A:BD:B4:82:13:63:0D:CA:A5:F0:0C:9D:2C:3C:C1:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edQ3WEq9tIITYw3KpfAMnSw8wXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/3496a4-cc9f-4419-ad81-aaa2380982bc/1/bYuykGnfzpsdmLdIsc87u24XRQI.roa
Signing time:             Tue 02 Jan 2024 00:31:22 +0000
ROA not before:           Tue 02 Jan 2024 00:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203183
IP address blocks:        185.143.92.0/22 maxlen: 24
                          144.2.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/3496a4-cc9f-4419-ad81-aaa2380982bc/1/edQ3WEq9tIITYw3KpfAMnSw8wXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/3496a4-cc9f-4419-ad81-aaa2380982bc/1/edQ3WEq9tIITYw3KpfAMnSw8wXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edQ3WEq9tIITYw3KpfAMnSw8wXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:0b:67:0d:6f:3e:20:9e:1c:cc:55:06:c8:3e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d437584abdb48213630dcaa5f00c9d2c3cc179
        Validity
            Not Before: Jan  2 00:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d8bb29069dfce9b1d98b748b1cf3bbb6e174502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d0:8d:32:e7:c8:7a:f4:d8:ab:23:55:eb:1a:
                    b9:59:22:7e:4c:15:84:6f:9e:c1:d1:9d:cc:e2:93:
                    1b:61:cb:b7:55:4e:d8:67:78:48:31:50:3e:d9:dd:
                    bf:b9:91:84:21:19:fd:8f:a6:da:73:1d:b2:19:94:
                    f0:21:12:77:68:d7:d6:dd:20:1b:41:35:91:17:cb:
                    55:5b:67:9a:23:32:e6:cf:42:d9:18:8b:a9:1a:c6:
                    38:02:a5:fe:39:26:ce:4e:f8:d7:ac:76:a3:6f:31:
                    2a:9c:71:7a:3c:43:da:c7:a7:1d:42:07:33:ea:3e:
                    0c:8d:10:05:e0:d0:3a:e2:05:fd:f9:c9:d7:58:32:
                    ba:0f:b5:92:2f:14:e4:4a:42:7c:e5:f2:64:67:b5:
                    19:ea:9f:a2:7e:63:48:75:ad:24:3d:ae:e2:5b:14:
                    15:90:3c:db:81:78:e6:38:3e:3f:ad:d9:05:b6:eb:
                    e3:b0:11:a0:99:32:4a:55:89:70:b9:58:8c:c9:71:
                    6c:02:9a:83:92:3c:32:52:58:58:53:df:91:d0:23:
                    72:28:bd:c0:ff:81:dc:63:3c:79:80:4c:2a:b5:00:
                    43:b6:62:da:12:4e:29:93:d1:0d:d5:c2:ce:72:f9:
                    25:8d:22:03:98:89:bf:b4:e8:6b:c5:24:41:3d:b8:
                    66:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:8B:B2:90:69:DF:CE:9B:1D:98:B7:48:B1:CF:3B:BB:6E:17:45:02
            X509v3 Authority Key Identifier:
                keyid:79:D4:37:58:4A:BD:B4:82:13:63:0D:CA:A5:F0:0C:9D:2C:3C:C1:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edQ3WEq9tIITYw3KpfAMnSw8wXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3496a4-cc9f-4419-ad81-aaa2380982bc/1/bYuykGnfzpsdmLdIsc87u24XRQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3496a4-cc9f-4419-ad81-aaa2380982bc/1/edQ3WEq9tIITYw3KpfAMnSw8wXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.160.0/22
                  185.143.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:8b:ed:4b:a8:19:43:9a:c4:a8:5d:7a:44:ff:f2:9c:3b:1d:
         7e:77:ce:8a:81:85:0a:e5:8e:7a:ca:5b:a6:8a:27:16:d9:dc:
         e4:e6:b8:04:f0:cf:76:28:0c:04:ca:d3:18:24:a4:75:fe:18:
         d5:6f:1d:a9:76:2e:2a:72:c2:19:27:40:c2:75:ed:58:58:5d:
         97:46:8b:96:15:11:70:3a:de:0b:ec:7e:10:d7:5e:69:dc:4f:
         e7:0e:12:6f:34:6f:e5:d2:5d:7f:19:1e:3e:5c:81:e2:5b:85:
         87:5c:a2:f9:01:75:dc:64:b9:7a:21:b0:9d:91:91:bf:a7:5c:
         1f:2e:82:b2:ee:bc:fb:b7:0c:60:ed:22:6d:4e:03:d2:0e:17:
         7a:9b:7f:f6:40:94:4f:6b:2a:cf:1a:8d:3a:c4:9b:e5:42:1a:
         84:06:5a:f6:ff:b7:c5:0b:ab:79:3b:ac:63:e3:25:50:38:72:
         80:23:de:d5:e1:2a:cf:83:51:cf:04:43:a1:2f:02:95:72:de:
         2b:61:b9:63:22:9b:c2:49:36:6b:ae:1e:17:a2:f4:0d:4c:8d:
         59:b7:28:cb:1c:71:f6:ac:93:4a:8f:c6:42:bc:1a:01:7a:36:
         85:e5:ca:37:46:9d:9d:8c:28:2a:8c:c0:09:43:e1:6b:7c:e6:
         ad:82:25:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlQtnDW8+IJ4czFUGyD6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDQzNzU4NGFiZGI0ODIxMzYzMGRjYWE1ZjAwYzlkMmMz
Y2MxNzkwHhcNMjQwMTAyMDAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDhiYjI5MDY5ZGZjZTliMWQ5OGI3NDhiMWNmM2JiYjZlMTc0NTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9CNMufIevTYqyNV6xq5WSJ+TBWE
b57B0Z3M4pMbYcu3VU7YZ3hIMVA+2d2/uZGEIRn9j6bacx2yGZTwIRJ3aNfW3SAb
QTWRF8tVW2eaIzLmz0LZGIupGsY4AqX+OSbOTvjXrHajbzEqnHF6PEPax6cdQgcz
6j4MjRAF4NA64gX9+cnXWDK6D7WSLxTkSkJ85fJkZ7UZ6p+ifmNIda0kPa7iWxQV
kDzbgXjmOD4/rdkFtuvjsBGgmTJKVYlwuViMyXFsApqDkjwyUlhYU9+R0CNyKL3A
/4HcYzx5gEwqtQBDtmLaEk4pk9EN1cLOcvkljSIDmIm/tOhrxSRBPbhmRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG2LspBp386bHZi3SLHPO7tuF0UCMB8GA1UdIwQY
MBaAFHnUN1hKvbSCE2MNyqXwDJ0sPMF5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWRRM1dFcTl0SUlUWXczS3BmQU1uU3c4d1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zNDk2YTQtY2M5Zi00NDE5LWFkODEt
YWFhMjM4MDk4MmJjLzEvYll1eWtHbmZ6cHNkbUxkSXNjODd1MjRYUlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zNDk2YTQtY2M5Zi00NDE5LWFkODEtYWFhMjM4MDk4MmJj
LzEvZWRRM1dFcTl0SUlUWXczS3BmQU1uU3c4d1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCkAKgAwQC
uY9cMA0GCSqGSIb3DQEBCwUAA4IBAQBai+1LqBlDmsSoXXpE//KcOx1+d86KgYUK
5Y56ylumiicW2dzk5rgE8M92KAwEytMYJKR1/hjVbx2pdi4qcsIZJ0DCde1YWF2X
RouWFRFwOt4L7H4Q115p3E/nDhJvNG/l0l1/GR4+XIHiW4WHXKL5AXXcZLl6IbCd
kZG/p1wfLoKy7rz7twxg7SJtTgPSDhd6m3/2QJRPayrPGo06xJvlQhqEBlr2/7fF
C6t5O6xj4yVQOHKAI97V4SrPg1HPBEOhLwKVct4rYbljIpvCSTZrrh4XovQNTI1Z
tyjLHHH2rJNKj8ZCvBoBejaF5co3Rp2djCgqjMAJQ+FrfOatgiXK
-----END CERTIFICATE-----