Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/6cac50-3f13-4ef9-8b6d-decec41a71d1/1/YAV1PaTamXh1PE_2bXOK63aVD-Q.roa
File:                     YAV1PaTamXh1PE_2bXOK63aVD-Q.roa (raw, json)
Hash identifier:          6uy84JuA6cq0A9tbw3vW5dnkj2REtLPqFVI4WTMtPz0=
Subject key identifier:   60:05:75:3D:A4:DA:99:78:75:3C:4F:F6:6D:73:8A:EB:76:95:0F:E4
Certificate issuer:       /CN=db489fbe98994cbc098c876ba63e560ac17e5b2f
Certificate serial:       018CC726E736EDE9D9DB023257512621F15D
Authority key identifier: DB:48:9F:BE:98:99:4C:BC:09:8C:87:6B:A6:3E:56:0A:C1:7E:5B:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/20ifvpiZTLwJjIdrpj5WCsF-Wy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/6cac50-3f13-4ef9-8b6d-decec41a71d1/1/YAV1PaTamXh1PE_2bXOK63aVD-Q.roa
Signing time:             Mon 01 Jan 2024 22:31:04 +0000
ROA not before:           Mon 01 Jan 2024 22:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20746
IP address blocks:        185.63.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/6cac50-3f13-4ef9-8b6d-decec41a71d1/1/20ifvpiZTLwJjIdrpj5WCsF-Wy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/6cac50-3f13-4ef9-8b6d-decec41a71d1/1/20ifvpiZTLwJjIdrpj5WCsF-Wy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/20ifvpiZTLwJjIdrpj5WCsF-Wy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e7:36:ed:e9:d9:db:02:32:57:51:26:21:f1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db489fbe98994cbc098c876ba63e560ac17e5b2f
        Validity
            Not Before: Jan  1 22:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6005753da4da9978753c4ff66d738aeb76950fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b5:2e:04:35:d4:f0:f8:e6:27:9a:ef:d2:d5:
                    df:80:dc:d5:bf:06:0c:dd:1c:64:06:09:02:dd:f8:
                    3b:38:c2:bb:04:7c:72:4b:89:d9:cb:19:6e:fb:d1:
                    37:d4:6f:8d:b5:d1:b2:ee:20:ea:ff:29:a0:5d:8c:
                    82:45:28:47:3e:69:dd:ea:d0:16:33:b1:d9:f4:28:
                    c0:21:97:37:3c:08:7c:13:05:3c:ce:8a:cb:a3:c5:
                    85:0e:b2:d5:01:72:47:c3:51:4c:d4:7d:b2:11:8c:
                    1a:bf:9d:e1:8a:32:ad:30:b7:f2:4c:c0:67:eb:5b:
                    68:39:2c:a2:7e:cc:ab:46:f5:c4:e0:64:4f:9b:ed:
                    76:27:7d:0d:ed:81:8a:78:d6:83:4b:e8:fb:51:1a:
                    2d:fc:28:f0:01:06:25:47:a5:ff:f4:fd:b8:96:c0:
                    7d:07:f8:10:4f:f5:a3:5c:a9:af:d8:7f:7a:91:cb:
                    81:9e:b7:93:1a:bc:c1:0b:f1:65:90:79:dc:09:00:
                    d1:88:08:1c:e4:5f:53:5b:67:1c:d6:25:d2:a2:e6:
                    91:1f:49:d7:36:a7:b5:66:75:2d:43:2d:33:41:92:
                    c1:0e:50:00:84:b9:4e:02:16:e8:79:f1:67:51:bd:
                    57:f4:b2:4d:48:05:cf:20:cb:69:92:1f:d1:b7:7f:
                    22:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:05:75:3D:A4:DA:99:78:75:3C:4F:F6:6D:73:8A:EB:76:95:0F:E4
            X509v3 Authority Key Identifier:
                keyid:DB:48:9F:BE:98:99:4C:BC:09:8C:87:6B:A6:3E:56:0A:C1:7E:5B:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/20ifvpiZTLwJjIdrpj5WCsF-Wy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6cac50-3f13-4ef9-8b6d-decec41a71d1/1/YAV1PaTamXh1PE_2bXOK63aVD-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6cac50-3f13-4ef9-8b6d-decec41a71d1/1/20ifvpiZTLwJjIdrpj5WCsF-Wy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:7a:09:61:c1:ed:9d:b3:25:3c:55:bd:14:2a:49:28:00:7c:
         77:48:38:30:2b:4b:99:10:5c:f4:92:da:1b:40:67:89:dd:eb:
         6f:4d:f0:67:8b:eb:7a:d0:2d:86:74:14:f2:b8:c1:31:a2:ec:
         b9:63:a1:70:a0:ff:e2:49:1f:b9:7d:73:87:7e:f8:d0:75:dc:
         9a:7c:1b:c7:6d:0a:1f:71:7e:4a:b1:17:1e:9c:dd:10:f6:49:
         66:1e:26:a6:73:ce:52:94:e5:6d:cb:ac:0a:9b:1f:22:b0:74:
         b1:79:b7:21:b2:ba:b2:bd:23:04:29:f7:4d:12:82:94:e4:99:
         e2:08:f1:0f:20:1f:e2:52:d7:bd:f1:16:97:e2:d7:e7:02:f7:
         83:37:c7:23:bd:f2:91:77:a1:aa:c2:84:8a:c3:8b:96:7f:df:
         61:62:f9:7d:40:2d:78:79:2e:86:39:9f:bf:f3:27:8e:7b:69:
         c1:40:11:48:e5:0d:5c:7a:ce:fd:0c:ea:f6:52:98:67:4c:04:
         c9:b2:4a:d9:b4:e4:1d:b2:73:c0:30:d1:37:f1:88:ba:59:71:
         47:0c:fd:11:c1:f8:a7:59:a1:27:98:d3:80:9e:33:3b:53:b9:
         8c:d4:52:ca:ad:f6:6f:f8:d4:64:bf:c0:1b:80:10:19:59:d3:
         1d:eb:b8:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuc27enZ2wIyV1EmIfFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNDg5ZmJlOTg5OTRjYmMwOThjODc2YmE2M2U1NjBhYzE3
ZTViMmYwHhcNMjQwMTAxMjIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDA1NzUzZGE0ZGE5OTc4NzUzYzRmZjY2ZDczOGFlYjc2OTUwZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7UuBDXU8PjmJ5rv0tXfgNzVvwYM
3RxkBgkC3fg7OMK7BHxyS4nZyxlu+9E31G+NtdGy7iDq/ymgXYyCRShHPmnd6tAW
M7HZ9CjAIZc3PAh8EwU8zorLo8WFDrLVAXJHw1FM1H2yEYwav53hijKtMLfyTMBn
61toOSyifsyrRvXE4GRPm+12J30N7YGKeNaDS+j7URot/CjwAQYlR6X/9P24lsB9
B/gQT/WjXKmv2H96kcuBnreTGrzBC/FlkHncCQDRiAgc5F9TW2cc1iXSouaRH0nX
Nqe1ZnUtQy0zQZLBDlAAhLlOAhboefFnUb1X9LJNSAXPIMtpkh/Rt38itwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAFdT2k2pl4dTxP9m1ziut2lQ/kMB8GA1UdIwQY
MBaAFNtIn76YmUy8CYyHa6Y+VgrBflsvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjBpZnZwaVpUTHdKaklkcnBqNVdDc0YtV3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS82Y2FjNTAtM2YxMy00ZWY5LThiNmQt
ZGVjZWM0MWE3MWQxLzEvWUFWMVBhVGFtWGgxUEVfMmJYT0s2M2FWRC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS82Y2FjNTAtM2YxMy00ZWY5LThiNmQtZGVjZWM0MWE3MWQx
LzEvMjBpZnZwaVpUTHdKaklkcnBqNVdDc0YtV3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT/kMA0G
CSqGSIb3DQEBCwUAA4IBAQAzeglhwe2dsyU8Vb0UKkkoAHx3SDgwK0uZEFz0ktob
QGeJ3etvTfBni+t60C2GdBTyuMExouy5Y6FwoP/iSR+5fXOHfvjQddyafBvHbQof
cX5KsRcenN0Q9klmHiamc85SlOVty6wKmx8isHSxebchsrqyvSMEKfdNEoKU5Jni
CPEPIB/iUte98RaX4tfnAveDN8cjvfKRd6GqwoSKw4uWf99hYvl9QC14eS6GOZ+/
8yeOe2nBQBFI5Q1ces79DOr2UphnTATJskrZtOQdsnPAMNE38Yi6WXFHDP0Rwfin
WaEnmNOAnjM7U7mM1FLKrfZv+NRkv8AbgBAZWdMd67ht
-----END CERTIFICATE-----