Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/fda260-9bcf-4f67-bf7b-e522cae63470/1/y1lMM_br3GByWkvxxJYnigHr1R4.roa
File:                     y1lMM_br3GByWkvxxJYnigHr1R4.roa (raw, json)
Hash identifier:          ln2wKmTtx9TfldYZKxdvdrMI4VdJDtqKl7cnRZhpAbw=
Subject key identifier:   CB:59:4C:33:F6:EB:DC:60:72:5A:4B:F1:C4:96:27:8A:01:EB:D5:1E
Certificate issuer:       /CN=5f2be62be753ba9929355b4ce988bae12af7272a
Certificate serial:       018DFA255AD168DB54A0EC18925E04854719
Authority key identifier: 5F:2B:E6:2B:E7:53:BA:99:29:35:5B:4C:E9:88:BA:E1:2A:F7:27:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XyvmK-dTupkpNVtM6Yi64Sr3Jyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/fda260-9bcf-4f67-bf7b-e522cae63470/1/y1lMM_br3GByWkvxxJYnigHr1R4.roa
Signing time:             Fri 01 Mar 2024 13:12:48 +0000
ROA not before:           Fri 01 Mar 2024 13:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215718
IP address blocks:        185.206.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/fda260-9bcf-4f67-bf7b-e522cae63470/1/XyvmK-dTupkpNVtM6Yi64Sr3Jyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/fda260-9bcf-4f67-bf7b-e522cae63470/1/XyvmK-dTupkpNVtM6Yi64Sr3Jyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XyvmK-dTupkpNVtM6Yi64Sr3Jyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:25:5a:d1:68:db:54:a0:ec:18:92:5e:04:85:47:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f2be62be753ba9929355b4ce988bae12af7272a
        Validity
            Not Before: Mar  1 13:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb594c33f6ebdc60725a4bf1c496278a01ebd51e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9d:ac:82:2e:8f:01:bf:74:81:c4:1a:01:63:
                    26:24:b3:ef:67:a7:a4:48:b8:5d:60:29:79:03:4d:
                    19:49:21:48:e3:9b:9b:bc:1b:a8:3d:c1:88:32:0f:
                    17:3a:16:f1:6a:da:ec:30:13:b8:9a:0b:4d:6b:e3:
                    2c:6b:22:a8:0f:07:12:65:1a:9e:c6:8f:c7:13:ae:
                    05:8f:1f:73:fc:11:a2:3d:95:57:57:c8:33:2a:64:
                    74:f2:80:fa:89:9b:3e:2e:1c:20:9a:7d:99:62:91:
                    bc:dc:77:b1:aa:00:7d:aa:69:4f:73:b3:74:f6:8b:
                    76:72:7b:a2:61:db:dd:e3:b7:5d:c6:bb:f1:4a:39:
                    6e:a6:b1:96:5b:e5:b8:ac:88:d8:33:01:0e:39:6f:
                    0c:03:01:7d:b2:05:ad:13:38:b6:41:c0:8e:0c:1f:
                    bc:1a:0f:17:3e:7e:36:63:16:e6:93:8b:90:17:26:
                    74:d7:2b:38:21:b9:bc:43:09:3e:77:55:88:1c:c3:
                    7c:2a:77:f8:23:f6:a9:93:cc:9b:59:af:8f:2e:d8:
                    64:23:bd:ef:e1:65:fd:f0:b7:3c:d3:8c:77:c3:ae:
                    6d:66:2e:dd:b1:a2:45:2d:e6:02:7a:59:0c:b3:53:
                    35:b4:fc:c2:01:75:42:41:6e:60:39:e4:ec:d3:6e:
                    fd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:59:4C:33:F6:EB:DC:60:72:5A:4B:F1:C4:96:27:8A:01:EB:D5:1E
            X509v3 Authority Key Identifier:
                keyid:5F:2B:E6:2B:E7:53:BA:99:29:35:5B:4C:E9:88:BA:E1:2A:F7:27:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XyvmK-dTupkpNVtM6Yi64Sr3Jyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/fda260-9bcf-4f67-bf7b-e522cae63470/1/y1lMM_br3GByWkvxxJYnigHr1R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/fda260-9bcf-4f67-bf7b-e522cae63470/1/XyvmK-dTupkpNVtM6Yi64Sr3Jyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:2f:a8:cc:19:73:4e:cb:d0:33:f8:17:e5:1e:6f:a3:54:a9:
         f9:13:f3:40:2d:d8:00:d8:5d:62:51:60:10:42:7f:09:79:14:
         e0:8b:60:37:db:3b:28:10:1c:34:9d:d0:2d:bf:c8:0c:79:0d:
         1b:eb:a2:14:31:9d:52:f8:56:53:30:f2:9f:c8:fe:d4:61:62:
         17:60:5b:4a:08:2b:99:9a:0d:b9:c3:6f:48:60:67:ca:83:34:
         3e:f0:ec:c2:e8:4f:62:61:24:c2:75:1c:ca:cd:53:5c:5a:b3:
         4a:b4:eb:30:9f:5f:d8:24:4b:b4:82:78:55:b8:1e:a2:f4:77:
         ef:50:f2:e5:c7:f5:8c:9f:cd:2e:f3:c7:d7:98:d2:fc:13:91:
         58:c7:ac:0c:c7:b0:6e:78:9b:ff:a6:ff:5e:fc:9c:31:11:58:
         9d:d0:7d:d3:84:0d:3b:9f:8d:bf:a6:96:29:e0:72:b4:36:f2:
         c0:50:c1:f2:f4:17:8f:e9:2a:36:de:c8:c9:10:b2:58:73:5e:
         82:32:47:d4:91:c5:51:32:48:a9:69:d4:90:17:c0:21:d6:a9:
         9e:c6:f3:be:8f:62:11:f0:29:51:2f:1b:a4:75:92:e3:20:ae:
         f8:79:94:d9:75:1d:bb:2c:b1:b1:88:f7:9b:76:e3:47:9d:68:
         f7:d3:1a:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY36JVrRaNtUoOwYkl4EhUcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMmJlNjJiZTc1M2JhOTkyOTM1NWI0Y2U5ODhiYWUxMmFm
NzI3MmEwHhcNMjQwMzAxMTMxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjU5NGMzM2Y2ZWJkYzYwNzI1YTRiZjFjNDk2Mjc4YTAxZWJkNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp52sgi6PAb90gcQaAWMmJLPvZ6ek
SLhdYCl5A00ZSSFI45ubvBuoPcGIMg8XOhbxatrsMBO4mgtNa+MsayKoDwcSZRqe
xo/HE64Fjx9z/BGiPZVXV8gzKmR08oD6iZs+Lhwgmn2ZYpG83HexqgB9qmlPc7N0
9ot2cnuiYdvd47ddxrvxSjluprGWW+W4rIjYMwEOOW8MAwF9sgWtEzi2QcCODB+8
Gg8XPn42Yxbmk4uQFyZ01ys4Ibm8Qwk+d1WIHMN8Knf4I/apk8ybWa+PLthkI73v
4WX98Lc804x3w65tZi7dsaJFLeYCelkMs1M1tPzCAXVCQW5gOeTs02793wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtZTDP269xgclpL8cSWJ4oB69UeMB8GA1UdIwQY
MBaAFF8r5ivnU7qZKTVbTOmIuuEq9ycqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHl2bUstZFR1cGtwTlZ0TTZZaTY0U3IzSnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9mZGEyNjAtOWJjZi00ZjY3LWJmN2It
ZTUyMmNhZTYzNDcwLzEveTFsTU1fYnIzR0J5V2t2eHhKWW5pZ0hyMVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9mZGEyNjAtOWJjZi00ZjY3LWJmN2ItZTUyMmNhZTYzNDcw
LzEvWHl2bUstZFR1cGtwTlZ0TTZZaTY0U3IzSnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc7/MA0G
CSqGSIb3DQEBCwUAA4IBAQBcL6jMGXNOy9Az+BflHm+jVKn5E/NALdgA2F1iUWAQ
Qn8JeRTgi2A32zsoEBw0ndAtv8gMeQ0b66IUMZ1S+FZTMPKfyP7UYWIXYFtKCCuZ
mg25w29IYGfKgzQ+8OzC6E9iYSTCdRzKzVNcWrNKtOswn1/YJEu0gnhVuB6i9Hfv
UPLlx/WMn80u88fXmNL8E5FYx6wMx7BueJv/pv9e/JwxEVid0H3ThA07n42/ppYp
4HK0NvLAUMHy9BeP6So23sjJELJYc16CMkfUkcVRMkipadSQF8Ah1qmexvO+j2IR
8ClRLxukdZLjIK74eZTZdR27LLGxiPebduNHnWj30xrA
-----END CERTIFICATE-----