Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/3453b2-9773-455e-8b08-d92dae861a7d/1/iY-8NCJKA0Ki5rekGtjq9ddZEBY.roa
File:                     iY-8NCJKA0Ki5rekGtjq9ddZEBY.roa (raw, json)
Hash identifier:          85S0R0vmySYtyyLfEk/Pfu8mZhTEtCcg37Mc+kUVOB8=
Subject key identifier:   89:8F:BC:34:22:4A:03:42:A2:E6:B7:A4:1A:D8:EA:F5:D7:59:10:16
Certificate issuer:       /CN=622f517b08182c6eda1b3f988ee01816ee264dc0
Certificate serial:       0192430FE7CBF708BD2D75A1E216C3A4EE4E
Authority key identifier: 62:2F:51:7B:08:18:2C:6E:DA:1B:3F:98:8E:E0:18:16:EE:26:4D:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi9RewgYLG7aGz-YjuAYFu4mTcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/3453b2-9773-455e-8b08-d92dae861a7d/1/iY-8NCJKA0Ki5rekGtjq9ddZEBY.roa
Signing time:             Mon 30 Sep 2024 13:12:48 +0000
ROA not before:           Mon 30 Sep 2024 13:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214104
IP address blocks:        185.56.115.0/24 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/3453b2-9773-455e-8b08-d92dae861a7d/1/Yi9RewgYLG7aGz-YjuAYFu4mTcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/3453b2-9773-455e-8b08-d92dae861a7d/1/Yi9RewgYLG7aGz-YjuAYFu4mTcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yi9RewgYLG7aGz-YjuAYFu4mTcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 19:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:43:0f:e7:cb:f7:08:bd:2d:75:a1:e2:16:c3:a4:ee:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622f517b08182c6eda1b3f988ee01816ee264dc0
        Validity
            Not Before: Sep 30 13:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=898fbc34224a0342a2e6b7a41ad8eaf5d7591016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cb:f5:78:9e:bd:a1:94:b5:4f:84:d3:8c:b1:
                    88:15:fe:a4:97:d8:c3:35:a6:25:ea:12:c6:42:7b:
                    09:d5:ab:05:80:99:88:77:61:5b:87:a8:78:b8:dc:
                    6f:a4:8a:15:0c:15:18:1f:1e:19:36:10:95:0d:11:
                    a6:ba:c5:5f:3e:61:62:c5:93:8b:0c:5c:cc:b8:65:
                    81:29:a2:f6:fa:c5:95:a7:6e:5a:4e:bf:cd:50:4e:
                    99:db:18:af:4c:f9:8c:1a:94:a4:17:d8:4a:8d:d8:
                    74:88:a9:32:84:f6:5d:9a:60:03:a6:be:49:1e:78:
                    ec:94:f0:67:36:4c:03:1d:9b:89:a9:fe:a9:3f:74:
                    ee:6e:7b:8f:29:a7:5f:0e:c9:af:5e:16:52:3e:22:
                    1d:8e:ae:a3:46:67:f2:46:82:22:6e:b7:be:b1:97:
                    db:ad:38:13:40:50:d4:57:ed:c9:90:d9:10:cf:7c:
                    b4:27:13:66:24:67:bf:ef:47:55:bc:85:af:48:79:
                    cc:f7:ed:87:e7:f2:d2:4a:f4:42:64:4f:25:6d:e8:
                    cd:5e:79:cb:fb:c3:58:f7:e5:71:b8:32:bd:ce:16:
                    23:19:17:ce:6b:c8:96:70:d6:69:78:3b:c2:09:64:
                    44:86:78:36:a7:96:20:dd:f3:7a:cb:62:df:b1:4e:
                    88:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8F:BC:34:22:4A:03:42:A2:E6:B7:A4:1A:D8:EA:F5:D7:59:10:16
            X509v3 Authority Key Identifier:
                keyid:62:2F:51:7B:08:18:2C:6E:DA:1B:3F:98:8E:E0:18:16:EE:26:4D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi9RewgYLG7aGz-YjuAYFu4mTcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/3453b2-9773-455e-8b08-d92dae861a7d/1/iY-8NCJKA0Ki5rekGtjq9ddZEBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/3453b2-9773-455e-8b08-d92dae861a7d/1/Yi9RewgYLG7aGz-YjuAYFu4mTcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:23:35:c2:27:9b:0b:22:e9:4d:36:8a:cd:74:d0:ed:36:b9:
         45:f0:36:6e:12:06:65:44:74:1f:eb:2c:e7:09:6e:f3:4b:c8:
         3c:fc:a5:1b:d9:6f:59:f1:be:b5:07:dd:d7:1d:bf:87:b0:c8:
         da:4e:cb:9e:45:c7:55:90:2e:2f:7d:f1:e5:2e:ca:63:f8:7b:
         6a:d3:15:f2:13:ac:dc:c9:9d:12:f2:e4:c3:eb:75:69:98:8d:
         1c:e8:8c:77:13:58:df:82:c5:7c:0c:2c:13:af:cb:a3:d8:e9:
         90:cf:e6:b2:9a:ce:52:65:97:c7:a6:b8:8b:32:79:71:7f:b3:
         8f:c3:32:0f:13:69:19:b0:1c:d1:47:b3:a3:cf:5e:f9:3a:33:
         97:cc:e2:76:fd:e6:ec:ad:8f:90:47:6a:35:15:4b:a9:88:20:
         5d:c7:55:fe:7a:57:41:db:25:30:48:63:f9:75:56:45:93:69:
         f2:1c:d3:f9:e3:3e:c0:1c:0b:1d:13:b8:62:2d:f7:15:a8:7d:
         2c:63:2a:7e:05:82:4b:03:6a:7d:b9:6c:3b:5a:8b:4a:a2:65:
         d3:ba:24:9f:4b:e1:47:f2:2b:eb:1f:ff:63:d3:40:89:38:9a:
         1c:fa:f5:9b:68:58:6f:ac:b0:4b:6c:9e:42:c7:c7:2c:64:db:
         0c:21:a2:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJDD+fL9wi9LXWh4hbDpO5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmY1MTdiMDgxODJjNmVkYTFiM2Y5ODhlZTAxODE2ZWUy
NjRkYzAwHhcNMjQwOTMwMTMxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThmYmMzNDIyNGEwMzQyYTJlNmI3YTQxYWQ4ZWFmNWQ3NTkxMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8v1eJ69oZS1T4TTjLGIFf6kl9jD
NaYl6hLGQnsJ1asFgJmId2Fbh6h4uNxvpIoVDBUYHx4ZNhCVDRGmusVfPmFixZOL
DFzMuGWBKaL2+sWVp25aTr/NUE6Z2xivTPmMGpSkF9hKjdh0iKkyhPZdmmADpr5J
HnjslPBnNkwDHZuJqf6pP3TubnuPKadfDsmvXhZSPiIdjq6jRmfyRoIibre+sZfb
rTgTQFDUV+3JkNkQz3y0JxNmJGe/70dVvIWvSHnM9+2H5/LSSvRCZE8lbejNXnnL
+8NY9+VxuDK9zhYjGRfOa8iWcNZpeDvCCWREhng2p5Yg3fN6y2LfsU6IRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImPvDQiSgNCoua3pBrY6vXXWRAWMB8GA1UdIwQY
MBaAFGIvUXsIGCxu2hs/mI7gGBbuJk3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk5UmV3Z1lMRzdhR3otWWp1QVlGdTRtVGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNDUzYjItOTc3My00NTVlLThiMDgt
ZDkyZGFlODYxYTdkLzEvaVktOE5DSktBMEtpNXJla0d0anE5ZGRaRUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNDUzYjItOTc3My00NTVlLThiMDgtZDkyZGFlODYxYTdk
LzEvWWk5UmV3Z1lMRzdhR3otWWp1QVlGdTRtVGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuThzMA0G
CSqGSIb3DQEBCwUAA4IBAQBiIzXCJ5sLIulNNorNdNDtNrlF8DZuEgZlRHQf6yzn
CW7zS8g8/KUb2W9Z8b61B93XHb+HsMjaTsueRcdVkC4vffHlLspj+Htq0xXyE6zc
yZ0S8uTD63VpmI0c6Ix3E1jfgsV8DCwTr8uj2OmQz+ayms5SZZfHpriLMnlxf7OP
wzIPE2kZsBzRR7Ojz175OjOXzOJ2/ebsrY+QR2o1FUupiCBdx1X+eldB2yUwSGP5
dVZFk2nyHNP54z7AHAsdE7hiLfcVqH0sYyp+BYJLA2p9uWw7WotKomXTuiSfS+FH
8ivrH/9j00CJOJoc+vWbaFhvrLBLbJ5Cx8csZNsMIaLO
-----END CERTIFICATE-----