Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/RzYuQpvXAjsOJtv88YkQPlLLoYw.roa
File:                     RzYuQpvXAjsOJtv88YkQPlLLoYw.roa (raw, json)
Hash identifier:          YNS6rQZq5TBfSnVNVW+2kwQLqrbCihaGi/6IBnTPSlA=
Subject key identifier:   47:36:2E:42:9B:D7:02:3B:0E:26:DB:FC:F1:89:10:3E:52:CB:A1:8C
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       018CC79431911B0372AE357DBDAE68CA0DF7
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/RzYuQpvXAjsOJtv88YkQPlLLoYw.roa
Signing time:             Tue 02 Jan 2024 00:30:27 +0000
ROA not before:           Tue 02 Jan 2024 00:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206998
IP address blocks:        185.221.85.0/24 maxlen: 24
                          185.221.86.0/24 maxlen: 24
                          2a0d:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:31:91:1b:03:72:ae:35:7d:bd:ae:68:ca:0d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Jan  2 00:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47362e429bd7023b0e26dbfcf189103e52cba18c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e0:6e:05:02:c4:7b:77:b1:24:f1:4b:f0:52:
                    25:d1:89:57:b5:47:2a:c1:1f:bc:a6:2b:d9:d5:de:
                    ed:86:e5:33:93:cc:5c:ab:8e:ca:7c:ed:49:be:09:
                    1a:a3:f6:44:40:aa:e7:db:77:45:c9:66:71:31:2d:
                    47:61:55:1e:ba:b5:09:62:9c:37:c6:4c:7d:a3:89:
                    77:43:e1:a5:b6:c6:10:4c:44:86:8f:85:b1:89:55:
                    35:b4:19:95:3f:f9:ab:16:68:63:37:de:c3:45:62:
                    12:52:e2:1a:31:29:cd:f7:40:60:74:0a:6a:02:e9:
                    1f:7b:a1:44:cd:b5:1d:f4:8f:99:26:b0:13:a5:91:
                    53:bb:25:f8:dc:4d:e8:47:4c:e9:0d:f3:d9:cd:89:
                    ce:20:ef:d5:13:41:a3:1e:91:e0:4d:a6:17:26:f1:
                    74:f1:af:61:9c:a3:c2:e1:87:92:8a:21:c0:d1:ab:
                    c0:6e:85:6d:17:47:d4:5f:28:9f:13:ea:2e:27:07:
                    08:27:fc:b8:f0:2a:d1:84:3c:3c:8d:de:9f:07:a7:
                    2b:71:2b:87:97:69:bd:9e:2f:8f:e3:61:7d:fa:16:
                    e1:3d:99:8c:41:c8:bf:d6:46:b7:06:2e:83:ba:1e:
                    8e:5a:31:e8:52:20:5e:31:03:31:e9:72:53:b0:ab:
                    e4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:36:2E:42:9B:D7:02:3B:0E:26:DB:FC:F1:89:10:3E:52:CB:A1:8C
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/RzYuQpvXAjsOJtv88YkQPlLLoYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.85.0-185.221.86.255
                IPv6:
                  2a0d:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:5d:68:07:39:d5:54:7d:50:00:15:38:92:7b:26:6b:ca:e0:
         20:70:9b:89:c5:98:27:c9:16:b2:e9:a0:aa:30:ee:29:11:49:
         34:01:5a:22:eb:b7:83:f7:27:09:7d:e8:e2:33:a5:4f:3b:f6:
         e2:4a:1d:47:e0:1b:d0:ab:8f:2e:b0:71:b1:3a:c1:cb:9d:61:
         16:44:ab:4b:35:bb:93:53:f7:08:b3:d2:f5:5a:8d:7b:a1:d6:
         8a:be:d3:dc:36:34:eb:32:7a:16:a2:7c:a5:32:32:6c:39:45:
         41:9c:e0:39:96:51:09:fc:29:a7:e3:eb:58:74:6e:b5:4e:af:
         97:10:b5:53:11:9d:c7:ea:3f:e8:a1:3d:76:8b:45:d5:05:a6:
         f9:80:b0:a3:51:c9:d0:6e:56:b8:72:e8:62:23:f7:33:d4:49:
         2f:e4:c2:70:81:73:d9:0c:a6:0d:c8:9d:d5:c8:2f:63:93:ec:
         68:9e:7b:1f:68:0a:9d:5a:70:38:4d:9a:dd:7a:6d:29:43:f2:
         5f:f2:fd:68:b0:4f:a6:e6:72:7a:04:fa:80:57:5c:4d:d4:84:
         60:b6:c8:b2:b6:87:63:3c:e0:72:35:60:63:10:03:c6:54:95:
         d4:a5:30:2d:16:cc:39:5f:7c:c2:3f:96:c9:17:e5:4b:aa:76:
         89:84:d6:00
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzHlDGRGwNyrjV9va5oyg33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjQwMTAyMDAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM2MmU0MjliZDcwMjNiMGUyNmRiZmNmMTg5MTAzZTUyY2JhMThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+BuBQLEe3exJPFL8FIl0YlXtUcq
wR+8pivZ1d7thuUzk8xcq47KfO1Jvgkao/ZEQKrn23dFyWZxMS1HYVUeurUJYpw3
xkx9o4l3Q+GltsYQTESGj4WxiVU1tBmVP/mrFmhjN97DRWISUuIaMSnN90BgdApq
Aukfe6FEzbUd9I+ZJrATpZFTuyX43E3oR0zpDfPZzYnOIO/VE0GjHpHgTaYXJvF0
8a9hnKPC4YeSiiHA0avAboVtF0fUXyifE+ouJwcIJ/y48CrRhDw8jd6fB6crcSuH
l2m9ni+P42F9+hbhPZmMQci/1ka3Bi6Duh6OWjHoUiBeMQMx6XJTsKvkPQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEc2LkKb1wI7Dibb/PGJED5Sy6GMMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvUnpZdVFwdlhBanNPSnR2ODhZa1FQbExMb1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAC53VUD
BAC53VYwDwQCAAIwCQMHACoNgAAAADANBgkqhkiG9w0BAQsFAAOCAQEAD11oBznV
VH1QABU4knsma8rgIHCbicWYJ8kWsumgqjDuKRFJNAFaIuu3g/cnCX3o4jOlTzv2
4kodR+Ab0KuPLrBxsTrBy51hFkSrSzW7k1P3CLPS9VqNe6HWir7T3DY06zJ6FqJ8
pTIybDlFQZzgOZZRCfwpp+PrWHRutU6vlxC1UxGdx+o/6KE9dotF1QWm+YCwo1HJ
0G5WuHLoYiP3M9RJL+TCcIFz2QymDcid1cgvY5PsaJ57H2gKnVpwOE2a3XptKUPy
X/L9aLBPpuZyegT6gFdcTdSEYLbIsraHYzzgcjVgYxADxlSV1KUwLRbMOV98wj+W
yRflS6p2iYTWAA==
-----END CERTIFICATE-----