Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yVfsfM7HHEGgyaon2DnFex68AeA.roa
File:                     yVfsfM7HHEGgyaon2DnFex68AeA.roa (raw, json)
Hash identifier:          xWx+TmEFxqj9kWbyjukwdgUfjfFCmfdLHsOdbL1w0SU=
Subject key identifier:   C9:57:EC:7C:CE:C7:1C:41:A0:C9:AA:27:D8:39:C5:7B:1E:BC:01:E0
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018F3A07BD061D79516A961330B573A7453D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yVfsfM7HHEGgyaon2DnFex68AeA.roa
Signing time:             Thu 02 May 2024 15:58:56 +0000
ROA not before:           Thu 02 May 2024 15:58:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60458
IP address blocks:        185.248.200.0/22 maxlen: 22
                          185.254.159.0/24 maxlen: 24
                          193.17.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3a:07:bd:06:1d:79:51:6a:96:13:30:b5:73:a7:45:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May  2 15:58:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c957ec7ccec71c41a0c9aa27d839c57b1ebc01e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f5:0d:57:e8:e0:a5:ff:fa:70:27:8a:c3:5c:
                    89:cf:aa:12:e7:ed:25:92:5b:ba:06:a4:4f:9b:22:
                    c0:16:61:91:01:01:7b:61:7c:23:50:92:fc:1c:4f:
                    2c:84:65:e1:3d:ae:4f:6f:53:cf:46:96:45:3b:6d:
                    27:d5:80:02:41:51:16:6a:88:de:6a:af:45:15:3c:
                    16:99:9a:ef:01:a3:ab:99:c0:96:92:0d:fc:11:56:
                    97:71:88:12:9f:20:e7:85:c9:93:58:24:4d:72:00:
                    19:eb:a9:e5:6a:a6:5c:fe:32:b3:93:76:d3:20:94:
                    b0:80:04:99:7b:e0:ce:ae:7e:5b:18:f0:fa:6f:5c:
                    7c:86:f5:1b:01:fe:35:7b:82:eb:e7:8d:d6:c1:58:
                    8d:23:65:e3:70:f7:33:0e:a5:ad:bc:4a:27:f6:9b:
                    e9:6a:52:5a:79:07:f0:02:11:b0:f5:e1:ce:02:d9:
                    07:31:cd:15:1c:60:3d:8e:be:94:04:f5:d0:48:b6:
                    23:e9:c8:72:b1:e4:6e:cc:0e:b7:bd:bd:69:27:41:
                    92:ff:1b:80:0b:c1:40:da:09:c1:3d:97:c3:d4:4e:
                    a3:34:e2:65:b1:1f:18:90:df:ac:50:0a:5c:58:09:
                    c0:86:8b:72:ae:50:f2:95:9f:a5:a1:29:d5:77:17:
                    d9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:57:EC:7C:CE:C7:1C:41:A0:C9:AA:27:D8:39:C5:7B:1E:BC:01:E0
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yVfsfM7HHEGgyaon2DnFex68AeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.200.0/22
                  185.254.159.0/24
                  193.17.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:20:58:3f:21:75:14:2a:e6:af:7b:15:44:1c:7c:5a:67:34:
         09:1d:e6:44:e5:bb:29:f3:a4:cf:53:73:2a:9f:c4:5d:79:6f:
         b7:ec:7c:18:89:8b:fb:e6:2f:8b:07:3a:72:95:0c:2a:c6:8e:
         3f:8e:e0:c7:42:89:55:cb:a7:0a:d9:1f:da:1a:d2:a4:2b:e3:
         d4:6e:2e:62:6f:a8:71:bf:d0:67:69:60:f8:d4:01:88:63:ec:
         92:37:16:d3:bf:98:ea:23:47:0b:92:5a:87:6b:f9:d5:32:a0:
         fb:e3:87:72:c0:d9:a1:02:60:07:e2:fb:63:f5:1c:77:81:af:
         74:d7:eb:6b:c0:df:87:0b:f2:0e:b5:e5:ae:b9:38:76:70:ee:
         5f:ed:f8:c3:c8:26:e6:a0:4a:4b:91:59:d0:d0:5f:f6:e5:26:
         5e:be:12:52:03:3e:d9:ac:41:91:a1:f7:8c:98:51:04:e3:55:
         1e:fe:6b:8c:81:22:2c:3d:08:e6:48:5d:56:aa:69:d5:22:a0:
         39:e5:b2:88:fc:11:7f:e3:fc:05:8a:4a:73:7c:6b:b2:6c:db:
         f0:97:7f:3c:fd:05:0d:b2:3d:b4:51:13:67:ee:1d:5a:4b:69:
         f3:7c:3e:49:a7:a5:92:0d:f3:ca:ff:fb:07:73:6b:a4:27:f6:
         22:97:d8:24
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY86B70GHXlRapYTMLVzp0U9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNTAyMTU1ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTU3ZWM3Y2NlYzcxYzQxYTBjOWFhMjdkODM5YzU3YjFlYmMwMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PUNV+jgpf/6cCeKw1yJz6oS5+0l
klu6BqRPmyLAFmGRAQF7YXwjUJL8HE8shGXhPa5Pb1PPRpZFO20n1YACQVEWaoje
aq9FFTwWmZrvAaOrmcCWkg38EVaXcYgSnyDnhcmTWCRNcgAZ66nlaqZc/jKzk3bT
IJSwgASZe+DOrn5bGPD6b1x8hvUbAf41e4Lr543WwViNI2XjcPczDqWtvEon9pvp
alJaeQfwAhGw9eHOAtkHMc0VHGA9jr6UBPXQSLYj6chyseRuzA63vb1pJ0GS/xuA
C8FA2gnBPZfD1E6jNOJlsR8YkN+sUApcWAnAhotyrlDylZ+loSnVdxfZDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMlX7HzOxxxBoMmqJ9g5xXsevAHgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveVZmc2ZNN0hIRUdneWFvbjJEbkZleDY4QWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCufjIAwQA
uf6fAwQAwRG1MA0GCSqGSIb3DQEBCwUAA4IBAQBxIFg/IXUUKuavexVEHHxaZzQJ
HeZE5bsp86TPU3Mqn8RdeW+37HwYiYv75i+LBzpylQwqxo4/juDHQolVy6cK2R/a
GtKkK+PUbi5ib6hxv9BnaWD41AGIY+ySNxbTv5jqI0cLklqHa/nVMqD744dywNmh
AmAH4vtj9Rx3ga901+trwN+HC/IOteWuuTh2cO5f7fjDyCbmoEpLkVnQ0F/25SZe
vhJSAz7ZrEGRofeMmFEE41Ue/muMgSIsPQjmSF1WqmnVIqA55bKI/BF/4/wFikpz
fGuybNvwl388/QUNsj20URNn7h1aS2nzfD5Jp6WSDfPK//sHc2ukJ/Yil9gk
-----END CERTIFICATE-----