Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b34642-c7ec-4d47-9d6f-271a155eeb92/1/DTYyZuafFj4qXWfudssAoo7YyUc.roa
File:                     DTYyZuafFj4qXWfudssAoo7YyUc.roa (raw, json)
Hash identifier:          XFaAmLI0e2ldAKL+t4MvCZW7ieWrsLzA21ljUa5d0Uc=
Subject key identifier:   0D:36:32:66:E6:9F:16:3E:2A:5D:67:EE:76:CB:00:A2:8E:D8:C9:47
Certificate issuer:       /CN=ac6cc8603353d732e4b1ccba7eaca0b6cee4c4cf
Certificate serial:       0194258F87A7569B2A5F4D80EEBD7A44216B
Authority key identifier: AC:6C:C8:60:33:53:D7:32:E4:B1:CC:BA:7E:AC:A0:B6:CE:E4:C4:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rGzIYDNT1zLkscy6fqygts7kxM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b34642-c7ec-4d47-9d6f-271a155eeb92/1/DTYyZuafFj4qXWfudssAoo7YyUc.roa
Signing time:             Thu 02 Jan 2025 05:49:10 +0000
ROA not before:           Thu 02 Jan 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50629
IP address blocks:        185.223.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b34642-c7ec-4d47-9d6f-271a155eeb92/1/rGzIYDNT1zLkscy6fqygts7kxM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b34642-c7ec-4d47-9d6f-271a155eeb92/1/rGzIYDNT1zLkscy6fqygts7kxM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rGzIYDNT1zLkscy6fqygts7kxM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:87:a7:56:9b:2a:5f:4d:80:ee:bd:7a:44:21:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac6cc8603353d732e4b1ccba7eaca0b6cee4c4cf
        Validity
            Not Before: Jan  2 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d363266e69f163e2a5d67ee76cb00a28ed8c947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6e:29:e1:44:89:cb:55:f1:74:6e:4f:72:e7:
                    7b:f1:25:60:56:0b:12:0a:6a:2f:2e:86:4a:c4:d9:
                    1f:8b:21:a0:f3:34:a2:37:27:0f:aa:1d:b0:b1:ca:
                    17:81:b7:b0:1b:0d:72:91:0b:3a:8b:c4:5a:7a:94:
                    ea:31:62:8a:7a:e6:69:4c:11:0c:52:62:cf:ae:29:
                    67:ec:f1:5e:54:01:ca:1a:1f:4a:37:e5:bf:30:59:
                    bc:35:59:60:73:3b:b3:0f:ee:97:9f:8c:d8:ac:ff:
                    ca:0e:d8:24:77:67:a6:8e:62:42:f2:a0:df:21:3c:
                    38:8a:1a:d4:ba:ed:3d:e6:2d:e7:5b:49:9b:00:c9:
                    03:4d:5e:f2:de:5d:6f:b8:90:db:88:fd:10:de:34:
                    8f:ee:49:1f:47:cf:1a:4b:99:64:1f:04:00:e1:50:
                    70:08:cf:f4:3c:80:a3:cf:cb:aa:22:47:3e:c8:bb:
                    44:92:66:39:d2:52:17:16:26:fc:21:c5:4e:65:f7:
                    35:ac:6e:b2:0e:43:ec:67:f0:5a:ae:90:7e:21:83:
                    f0:87:e4:07:1f:e1:d7:1a:66:ba:a0:ad:5d:bd:25:
                    c1:30:b3:77:f2:ce:b5:c7:ad:84:0f:3c:38:86:9e:
                    8b:70:6e:bf:e5:e4:6e:2f:65:ce:c3:b5:24:a7:68:
                    73:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:36:32:66:E6:9F:16:3E:2A:5D:67:EE:76:CB:00:A2:8E:D8:C9:47
            X509v3 Authority Key Identifier:
                keyid:AC:6C:C8:60:33:53:D7:32:E4:B1:CC:BA:7E:AC:A0:B6:CE:E4:C4:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rGzIYDNT1zLkscy6fqygts7kxM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b34642-c7ec-4d47-9d6f-271a155eeb92/1/DTYyZuafFj4qXWfudssAoo7YyUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b34642-c7ec-4d47-9d6f-271a155eeb92/1/rGzIYDNT1zLkscy6fqygts7kxM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:bd:01:a9:83:3c:d2:54:d3:cc:42:b5:ca:fd:13:0c:f7:af:
         24:d8:5c:7c:fd:81:b5:2e:07:e2:e1:a7:59:65:7a:97:5b:31:
         7d:3c:57:ab:ee:70:4f:ea:63:2c:e8:90:d9:d6:5e:5c:50:ef:
         bd:aa:d3:6c:ee:d3:43:06:8e:cf:2a:8a:da:4e:72:81:f8:40:
         e1:b7:65:f6:83:cc:07:8a:12:a9:42:76:6a:5d:b8:4a:e0:ce:
         af:54:5a:4a:44:71:3b:e8:64:9d:22:65:52:81:7f:b2:a7:fa:
         fc:50:95:62:45:2f:2e:2a:53:b6:84:43:ed:a1:84:69:99:b3:
         43:8f:05:ad:c4:e1:5e:37:0a:61:c1:23:a1:74:f8:d4:04:8e:
         db:05:a2:e0:0f:85:1d:85:c9:f2:30:83:fa:33:28:5a:80:d7:
         fd:37:dd:7e:89:7f:96:01:2a:2a:df:7e:15:f8:d7:0e:1f:35:
         bf:1f:ce:72:10:06:59:1f:84:07:c6:6a:c6:98:bc:eb:7b:cd:
         84:04:92:65:71:ab:d0:77:d6:91:be:05:8a:f3:63:c0:77:d5:
         af:42:ae:6b:1b:d5:62:8d:c5:ab:d6:f6:09:d6:03:6a:e3:cf:
         45:d6:c9:fc:df:8f:84:91:76:f0:0d:b3:62:17:e5:40:8e:44:
         80:fc:cd:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4enVpsqX02A7r16RCFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNmNjODYwMzM1M2Q3MzJlNGIxY2NiYTdlYWNhMGI2Y2Vl
NGM0Y2YwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM2MzI2NmU2OWYxNjNlMmE1ZDY3ZWU3NmNiMDBhMjhlZDhjOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW4p4USJy1XxdG5Pcud78SVgVgsS
CmovLoZKxNkfiyGg8zSiNycPqh2wscoXgbewGw1ykQs6i8RaepTqMWKKeuZpTBEM
UmLPriln7PFeVAHKGh9KN+W/MFm8NVlgczuzD+6Xn4zYrP/KDtgkd2emjmJC8qDf
ITw4ihrUuu095i3nW0mbAMkDTV7y3l1vuJDbiP0Q3jSP7kkfR88aS5lkHwQA4VBw
CM/0PICjz8uqIkc+yLtEkmY50lIXFib8IcVOZfc1rG6yDkPsZ/BarpB+IYPwh+QH
H+HXGma6oK1dvSXBMLN38s61x62EDzw4hp6LcG6/5eRuL2XOw7Ukp2hzKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA02MmbmnxY+Kl1n7nbLAKKO2MlHMB8GA1UdIwQY
MBaAFKxsyGAzU9cy5LHMun6soLbO5MTPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckd6SVlETlQxekxrc2N5NmZxeWd0czdreE04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iMzQ2NDItYzdlYy00ZDQ3LTlkNmYt
MjcxYTE1NWVlYjkyLzEvRFRZeVp1YWZGajRxWFdmdWRzc0FvbzdZeVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iMzQ2NDItYzdlYy00ZDQ3LTlkNmYtMjcxYTE1NWVlYjky
LzEvckd6SVlETlQxekxrc2N5NmZxeWd0czdreE04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBdvQGpgzzSVNPMQrXK/RMM968k2Fx8/YG1Lgfi4adZ
ZXqXWzF9PFer7nBP6mMs6JDZ1l5cUO+9qtNs7tNDBo7PKoraTnKB+EDht2X2g8wH
ihKpQnZqXbhK4M6vVFpKRHE76GSdImVSgX+yp/r8UJViRS8uKlO2hEPtoYRpmbND
jwWtxOFeNwphwSOhdPjUBI7bBaLgD4UdhcnyMIP6MyhagNf9N91+iX+WASoq334V
+NcOHzW/H85yEAZZH4QHxmrGmLzre82EBJJlcavQd9aRvgWK82PAd9WvQq5rG9Vi
jcWr1vYJ1gNq489F1sn834+EkXbwDbNiF+VAjkSA/M1m
-----END CERTIFICATE-----