Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/yS9yBVDVszST8rQA4uk00lfuLs8.roa
File:                     yS9yBVDVszST8rQA4uk00lfuLs8.roa (raw, json)
Hash identifier:          0biJy2X9t3iqI6Dl3UbpLARfg5grD44R4O9QTIV5Wqc=
Subject key identifier:   C9:2F:72:05:50:D5:B3:34:93:F2:B4:00:E2:E9:34:D2:57:EE:2E:CF
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD65A7465C86251B753AF6EEF8E93
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/yS9yBVDVszST8rQA4uk00lfuLs8.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210097
IP address blocks:        81.22.40.0/22 maxlen: 24
                          185.179.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d6:5a:74:65:c8:62:51:b7:53:af:6e:ef:8e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c92f720550d5b33493f2b400e2e934d257ee2ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fb:0c:f6:7c:d0:61:e0:96:f1:24:5e:0b:d4:
                    5c:ba:03:bf:7c:bf:4d:aa:28:e0:9c:ad:47:d9:98:
                    20:a4:ce:bf:7d:01:43:9c:21:0b:48:1a:8c:f7:71:
                    4e:b1:08:ad:20:be:af:ee:dc:05:e1:8f:34:c5:59:
                    c2:d1:f4:20:85:41:43:de:7e:81:0c:65:f4:42:f6:
                    53:88:ee:b1:b7:c8:23:99:07:f1:d8:e1:cf:70:f0:
                    f2:99:46:a1:e2:bf:1f:d0:9e:1c:0a:40:5a:40:0b:
                    1d:ba:4d:f4:fc:bd:f9:da:15:a9:99:5c:31:34:79:
                    a6:d8:09:21:22:bb:da:cd:56:3c:c2:19:e0:62:0d:
                    a4:6b:45:87:86:b8:e9:34:b2:c7:59:87:db:9a:af:
                    3e:d7:29:41:f8:55:52:0d:49:34:eb:d5:6b:9b:51:
                    7b:b1:a5:e8:1a:b8:df:08:88:1c:b6:cb:a6:bb:cd:
                    3a:8f:da:b2:9a:08:f8:eb:3f:a9:38:d7:59:9d:4d:
                    bd:34:46:cc:b1:6d:ec:ae:0e:79:ac:c0:6e:09:28:
                    12:3a:57:c6:b7:7c:95:c0:aa:93:3e:47:cc:de:9d:
                    3b:f6:2b:12:23:75:d7:1d:88:2a:71:f0:67:a7:fb:
                    81:46:42:4f:59:60:42:53:4c:90:75:b9:fc:6c:90:
                    ea:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:2F:72:05:50:D5:B3:34:93:F2:B4:00:E2:E9:34:D2:57:EE:2E:CF
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/yS9yBVDVszST8rQA4uk00lfuLs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.40.0/22
                  185.179.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:df:91:b1:c8:5a:e5:d4:bd:60:85:28:64:22:36:88:3c:22:
         94:ff:a4:5f:fe:8e:7f:38:d0:7a:69:44:c4:a6:44:c7:80:25:
         f5:9d:62:52:62:64:3f:6a:c6:ea:7b:1d:dc:83:83:4f:fd:8e:
         8c:98:d7:2e:36:2d:62:e7:05:8f:17:f9:46:23:6a:0c:e2:a7:
         eb:f7:bb:55:bf:61:c6:32:13:50:69:3f:b8:a6:c4:c6:13:5f:
         96:cc:35:8f:65:54:82:50:aa:34:d7:cb:65:90:53:4b:6d:7e:
         f6:ea:83:27:fc:e6:66:d3:34:db:96:1d:28:79:04:c4:f7:f8:
         2b:9a:6d:be:c9:60:33:20:55:c2:40:ed:ee:f1:dd:03:40:1a:
         8b:36:94:1f:13:b7:0a:f8:63:5d:8e:72:3d:ca:2b:e2:39:18:
         8f:50:3c:35:94:95:e0:6b:e8:6e:69:e3:e2:75:85:fe:e5:fb:
         f8:00:86:0b:95:da:87:c4:6e:23:65:1c:63:7b:92:77:a5:b5:
         36:f0:28:43:91:f9:17:70:eb:9e:40:3d:59:68:92:22:95:ca:
         5c:a6:ba:e4:40:23:a0:02:98:9a:f8:d4:10:f3:25:82:bb:45:
         3b:91:2e:2f:36:36:a9:0d:0b:13:3c:5d:32:a5:92:ce:25:70:
         b2:94:a0:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tZadGXIYlG3U69u746TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTJmNzIwNTUwZDViMzM0OTNmMmI0MDBlMmU5MzRkMjU3ZWUyZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPsM9nzQYeCW8SReC9RcugO/fL9N
qijgnK1H2ZggpM6/fQFDnCELSBqM93FOsQitIL6v7twF4Y80xVnC0fQghUFD3n6B
DGX0QvZTiO6xt8gjmQfx2OHPcPDymUah4r8f0J4cCkBaQAsduk30/L352hWpmVwx
NHmm2AkhIrvazVY8whngYg2ka0WHhrjpNLLHWYfbmq8+1ylB+FVSDUk069Vrm1F7
saXoGrjfCIgctsumu806j9qymgj46z+pONdZnU29NEbMsW3srg55rMBuCSgSOlfG
t3yVwKqTPkfM3p079isSI3XXHYgqcfBnp/uBRkJPWWBCU0yQdbn8bJDqbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMkvcgVQ1bM0k/K0AOLpNNJX7i7PMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEveVM5eUJWRFZzelNUOHJRQTR1azAwbGZ1THM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCURYoAwQA
ubP0MA0GCSqGSIb3DQEBCwUAA4IBAQBE35GxyFrl1L1ghShkIjaIPCKU/6Rf/o5/
ONB6aUTEpkTHgCX1nWJSYmQ/asbqex3cg4NP/Y6MmNcuNi1i5wWPF/lGI2oM4qfr
97tVv2HGMhNQaT+4psTGE1+WzDWPZVSCUKo018tlkFNLbX726oMn/OZm0zTblh0o
eQTE9/grmm2+yWAzIFXCQO3u8d0DQBqLNpQfE7cK+GNdjnI9yiviORiPUDw1lJXg
a+huaePidYX+5fv4AIYLldqHxG4jZRxje5J3pbU28ChDkfkXcOueQD1ZaJIilcpc
prrkQCOgApia+NQQ8yWCu0U7kS4vNjapDQsTPF0ypZLOJXCylKBc
-----END CERTIFICATE-----