Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/fy0nO-pYHe8vvUe8EH4-ooRdKBU.roa
File:                     fy0nO-pYHe8vvUe8EH4-ooRdKBU.roa (raw, json)
Hash identifier:          wwE/JdWznZIhmONJOi7Ve/RtEgYkXT3sGliqfryp2Qw=
Subject key identifier:   7F:2D:27:3B:EA:58:1D:EF:2F:BD:47:BC:10:7E:3E:A2:84:5D:28:15
Certificate issuer:       /CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
Certificate serial:       018CC8DEE9870CD6AF641D99E49BC2F4E727
Authority key identifier: E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/fy0nO-pYHe8vvUe8EH4-ooRdKBU.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.191.0/24 maxlen: 24
                          2001:7f8:105::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e9:87:0c:d6:af:64:1d:99:e4:9b:c2:f4:e7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f2d273bea581def2fbd47bc107e3ea2845d2815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:55:40:85:0d:d5:8f:44:4c:67:d7:fe:80:4b:
                    44:87:75:72:57:90:43:f8:c8:5d:c6:25:1f:d4:3b:
                    d7:1f:83:42:28:be:c4:84:ee:66:0a:81:bc:6d:86:
                    3a:fb:84:f7:84:24:76:03:28:05:c4:70:16:ad:b1:
                    c6:1f:a2:e7:f2:22:cd:61:f0:ae:cf:21:df:7f:27:
                    84:96:cf:f6:b1:d3:a5:cd:08:73:78:e1:65:d1:3d:
                    07:84:f1:26:fd:69:ee:fb:93:d8:0d:90:60:01:8b:
                    b2:7a:93:64:fd:28:3f:83:0d:5c:36:60:b8:be:20:
                    96:68:a5:bf:66:30:5e:e2:02:79:be:f9:7b:ad:d6:
                    24:ff:10:16:b6:75:11:4a:52:9e:b0:b7:ac:5d:b3:
                    28:e4:46:35:5e:70:31:04:bb:b6:4b:aa:cd:09:ca:
                    af:0b:6f:d2:a1:72:be:36:0e:17:35:45:78:32:7e:
                    bb:61:9e:7f:ac:4e:25:ed:0a:95:33:8f:6d:90:de:
                    09:4d:72:1e:77:a0:63:35:4d:bf:fe:5c:ce:f5:02:
                    ed:19:e5:4e:50:fe:33:9b:bf:e3:ec:01:c3:06:68:
                    92:06:f2:0b:f8:f0:3f:36:9d:9b:b8:a7:ef:bd:a5:
                    b4:2d:48:25:fd:b0:a9:8c:46:bd:bf:66:da:3c:8a:
                    af:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2D:27:3B:EA:58:1D:EF:2F:BD:47:BC:10:7E:3E:A2:84:5D:28:15
            X509v3 Authority Key Identifier:
                keyid:E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/fy0nO-pYHe8vvUe8EH4-ooRdKBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.191.0/24
                IPv6:
                  2001:7f8:105::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:38:b9:e5:51:a8:e6:c5:57:a3:23:fd:b1:1f:c3:e4:cd:e7:
         fd:6c:2a:00:6a:7b:cd:72:eb:76:99:0f:9c:e1:98:c5:aa:83:
         c0:68:9d:b6:9f:82:f4:84:6b:6f:b0:7a:cd:4f:92:f6:8c:7a:
         16:7e:2f:2e:04:37:dc:82:1f:59:5d:66:b0:9b:8b:0f:7f:9c:
         55:2b:a5:f0:02:78:82:81:7a:1f:ab:e2:e2:22:b8:94:cd:c3:
         7d:46:e6:67:e7:8c:dd:26:b0:fd:5c:b4:3d:96:ed:8d:e6:e2:
         18:6b:c1:bf:39:28:aa:5d:c0:e9:d1:e2:db:91:57:b9:78:8a:
         6a:44:f9:fc:de:62:d8:b4:45:ad:c3:46:a8:5a:bd:a1:63:e5:
         51:ee:ed:24:85:2c:bf:70:6e:b2:2f:a0:8b:28:d8:96:b0:bb:
         8d:d0:0e:1c:9a:6d:1c:d8:ab:76:6b:2c:6a:c2:91:11:59:e9:
         b0:7b:a2:e9:84:11:30:e3:c2:d1:5e:b3:a6:91:70:99:5d:bb:
         f7:e2:06:65:20:72:70:4a:33:61:a0:55:44:60:a1:e9:b3:7a:
         06:86:18:ce:2d:e4:08:e7:b0:a5:11:2c:5f:b3:f6:19:4f:a2:
         fe:83:06:80:22:d5:7b:9d:cc:2c:a7:d6:38:5c:a0:07:61:25:
         8e:1e:1b:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3umHDNavZB2Z5JvC9OcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzQ2MTZlZGJkNjAxNTRmYTNkYWM3N2VhOTBkYmQ3YzY4
YTEzMmQwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjJkMjczYmVhNTgxZGVmMmZiZDQ3YmMxMDdlM2VhMjg0NWQyODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlVAhQ3Vj0RMZ9f+gEtEh3VyV5BD
+MhdxiUf1DvXH4NCKL7EhO5mCoG8bYY6+4T3hCR2AygFxHAWrbHGH6Ln8iLNYfCu
zyHffyeEls/2sdOlzQhzeOFl0T0HhPEm/Wnu+5PYDZBgAYuyepNk/Sg/gw1cNmC4
viCWaKW/ZjBe4gJ5vvl7rdYk/xAWtnURSlKesLesXbMo5EY1XnAxBLu2S6rNCcqv
C2/SoXK+Ng4XNUV4Mn67YZ5/rE4l7QqVM49tkN4JTXIed6BjNU2//lzO9QLtGeVO
UP4zm7/j7AHDBmiSBvIL+PA/Np2buKfvvaW0LUgl/bCpjEa9v2baPIqv6wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH8tJzvqWB3vL71HvBB+PqKEXSgVMB8GA1UdIwQY
MBaAFOY0YW7b1gFU+j2sd+qQ29fGihMtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQt
ZDk5MjMxZTQ2NDU3LzEvZnkwbk8tcFlIZTh2dlVlOEVINC1vb1JkS0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQtZDk5MjMxZTQ2NDU3
LzEvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQG/MA8E
AgACMAkDBwAgAQf4AQUwDQYJKoZIhvcNAQELBQADggEBAHo4ueVRqObFV6Mj/bEf
w+TN5/1sKgBqe81y63aZD5zhmMWqg8BonbafgvSEa2+wes1PkvaMehZ+Ly4EN9yC
H1ldZrCbiw9/nFUrpfACeIKBeh+r4uIiuJTNw31G5mfnjN0msP1ctD2W7Y3m4hhr
wb85KKpdwOnR4tuRV7l4impE+fzeYti0Ra3DRqhavaFj5VHu7SSFLL9wbrIvoIso
2Jawu43QDhyabRzYq3ZrLGrCkRFZ6bB7oumEETDjwtFes6aRcJldu/fiBmUgcnBK
M2GgVURgoemzegaGGM4t5AjnsKURLF+z9hlPov6DBoAi1XudzCyn1jhcoAdhJY4e
G1I=
-----END CERTIFICATE-----