Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/yHnhP1AmUTTVVg_geQHx-nqESEw.roa
File:                     yHnhP1AmUTTVVg_geQHx-nqESEw.roa (raw, json)
Hash identifier:          AcpM+1spkfIwm5B87iNqHse1WNGJAEy1uspr8vqiZKE=
Subject key identifier:   C8:79:E1:3F:50:26:51:34:D5:56:0F:E0:79:01:F1:FA:7A:84:48:4C
Certificate issuer:       /CN=e88c04771e2bfac8f60f1b4c9cbd093aafea974e
Certificate serial:       018CC94E4137D90CF99D1D3C07B74BCAC736
Authority key identifier: E8:8C:04:77:1E:2B:FA:C8:F6:0F:1B:4C:9C:BD:09:3A:AF:EA:97:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6IwEdx4r-sj2DxtMnL0JOq_ql04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/yHnhP1AmUTTVVg_geQHx-nqESEw.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202551
IP address blocks:        185.160.208.0/22 maxlen: 22
                          2a07:c000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/6IwEdx4r-sj2DxtMnL0JOq_ql04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/6IwEdx4r-sj2DxtMnL0JOq_ql04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6IwEdx4r-sj2DxtMnL0JOq_ql04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:41:37:d9:0c:f9:9d:1d:3c:07:b7:4b:ca:c7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e88c04771e2bfac8f60f1b4c9cbd093aafea974e
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c879e13f50265134d5560fe07901f1fa7a84484c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:24:2f:75:0a:ad:8c:40:c6:cb:25:df:b1:98:
                    bb:2c:08:da:b9:98:2a:2d:cb:23:e1:57:f8:a1:1a:
                    b1:39:b5:9d:12:7e:f7:7f:df:ff:24:28:0a:67:e5:
                    b4:ea:a4:76:ef:06:53:9c:11:eb:14:0e:8e:2c:2b:
                    bc:f7:01:b7:e6:90:1d:ee:ea:3d:54:ce:22:a8:8b:
                    8c:9f:b2:97:e5:5d:a3:e4:9e:7f:30:5b:c9:a3:45:
                    1f:3a:74:3b:1e:56:5e:c8:e3:c3:fe:a5:7a:20:87:
                    13:3c:49:59:4e:ec:ab:51:74:ec:94:4d:37:19:1c:
                    2b:ff:a4:1c:5a:f1:09:83:bd:c3:d6:3d:fc:8a:e0:
                    da:de:9d:e6:b0:a3:a2:12:64:f9:80:1e:61:5b:b8:
                    72:5e:e2:31:ef:23:5a:27:22:e5:ea:67:c4:e8:4f:
                    e8:77:6e:85:fa:1b:b0:f9:30:d8:0a:56:0f:a9:51:
                    d9:b1:40:53:10:2a:b5:62:e3:9e:42:bb:02:aa:3d:
                    d4:e5:c4:bf:fd:73:ba:41:c0:7a:eb:5b:cc:e2:f3:
                    11:02:61:b2:75:c5:96:12:0f:2b:63:a9:a1:86:15:
                    82:7b:b2:6c:fa:26:18:80:23:5e:c4:f2:67:91:73:
                    f9:f6:97:27:22:56:cc:b3:31:2a:40:54:93:3f:55:
                    d5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:79:E1:3F:50:26:51:34:D5:56:0F:E0:79:01:F1:FA:7A:84:48:4C
            X509v3 Authority Key Identifier:
                keyid:E8:8C:04:77:1E:2B:FA:C8:F6:0F:1B:4C:9C:BD:09:3A:AF:EA:97:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6IwEdx4r-sj2DxtMnL0JOq_ql04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/yHnhP1AmUTTVVg_geQHx-nqESEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/6IwEdx4r-sj2DxtMnL0JOq_ql04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.208.0/22
                IPv6:
                  2a07:c000::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:7e:9f:f6:d0:40:c3:81:4e:0c:d2:86:de:f0:92:a4:0c:86:
         dd:36:56:5e:49:89:75:23:ed:1c:d6:90:d8:24:1f:6b:78:95:
         58:9b:3f:93:1e:f9:5b:5d:b8:4a:fb:15:3a:51:cf:25:0f:fc:
         08:e3:21:30:e0:7d:f4:ea:c8:1f:62:68:ea:20:93:48:6f:81:
         46:65:ac:cb:e4:b9:dd:72:a0:cb:b1:0b:14:19:ab:00:38:38:
         37:c6:51:0a:70:d1:1d:d7:3a:51:52:7b:f7:5b:fb:ea:83:dd:
         df:95:68:31:f6:4b:f7:6f:a7:4f:69:01:df:d1:83:6f:1b:ad:
         20:d9:61:f3:91:a2:c0:33:43:dc:c8:04:9b:f7:76:bb:da:a9:
         e4:05:3f:09:cf:fc:f5:d1:3a:b7:c3:7e:e9:32:db:88:c6:10:
         48:04:89:cc:f4:d1:8d:43:57:3e:67:e4:fe:21:04:f8:42:af:
         6d:62:08:4e:0a:05:82:63:a2:a9:ae:22:d3:0f:7f:93:eb:60:
         a1:13:f4:91:41:76:58:30:6d:fd:f8:9f:1a:57:b1:32:a2:88:
         61:be:cb:07:c2:29:0b:ad:46:12:1a:45:8b:6d:42:3a:44:f7:
         96:98:b7:57:6b:c1:de:b9:3e:2a:79:8f:e9:30:59:4b:d4:49:
         af:0b:e4:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTkE32Qz5nR08B7dLysc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4OGMwNDc3MWUyYmZhYzhmNjBmMWI0YzljYmQwOTNhYWZl
YTk3NGUwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODc5ZTEzZjUwMjY1MTM0ZDU1NjBmZTA3OTAxZjFmYTdhODQ0ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCQvdQqtjEDGyyXfsZi7LAjauZgq
Lcsj4Vf4oRqxObWdEn73f9//JCgKZ+W06qR27wZTnBHrFA6OLCu89wG35pAd7uo9
VM4iqIuMn7KX5V2j5J5/MFvJo0UfOnQ7HlZeyOPD/qV6IIcTPElZTuyrUXTslE03
GRwr/6QcWvEJg73D1j38iuDa3p3msKOiEmT5gB5hW7hyXuIx7yNaJyLl6mfE6E/o
d26F+huw+TDYClYPqVHZsUBTECq1YuOeQrsCqj3U5cS//XO6QcB661vM4vMRAmGy
dcWWEg8rY6mhhhWCe7Js+iYYgCNexPJnkXP59pcnIlbMszEqQFSTP1XVrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMh54T9QJlE01VYP4HkB8fp6hEhMMB8GA1UdIwQY
MBaAFOiMBHceK/rI9g8bTJy9CTqv6pdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkl3RWR4NHItc2oyRHh0TW5MMEpPcV9xbDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8yYWU3YzMtOThhNS00Y2RhLTliYWUt
YmE2NDVmMTk5MTVhLzEveUhuaFAxQW1VVFRWVmdfZ2VRSHgtbnFFU0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8yYWU3YzMtOThhNS00Y2RhLTliYWUtYmE2NDVmMTk5MTVh
LzEvNkl3RWR4NHItc2oyRHh0TW5MMEpPcV9xbDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaDQMA0E
AgACMAcDBQMqB8AAMA0GCSqGSIb3DQEBCwUAA4IBAQAEfp/20EDDgU4M0obe8JKk
DIbdNlZeSYl1I+0c1pDYJB9reJVYmz+THvlbXbhK+xU6Uc8lD/wI4yEw4H306sgf
YmjqIJNIb4FGZazL5LndcqDLsQsUGasAODg3xlEKcNEd1zpRUnv3W/vqg93flWgx
9kv3b6dPaQHf0YNvG60g2WHzkaLAM0PcyASb93a72qnkBT8Jz/z10Tq3w37pMtuI
xhBIBInM9NGNQ1c+Z+T+IQT4Qq9tYghOCgWCY6KpriLTD3+T62ChE/SRQXZYMG39
+J8aV7EyoohhvssHwikLrUYSGkWLbUI6RPeWmLdXa8HeuT4qeY/pMFlL1EmvC+QJ
-----END CERTIFICATE-----