Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ydQPYs6w1Y-c2KMFUpgOeEv1VTQ.roa
File:                     ydQPYs6w1Y-c2KMFUpgOeEv1VTQ.roa (raw, json)
Hash identifier:          eBRIcdLtq/CwrQ1zw5bJwOe32fDm4YwDUBA2XHxvy8g=
Subject key identifier:   C9:D4:0F:62:CE:B0:D5:8F:9C:D8:A3:05:52:98:0E:78:4B:F5:55:34
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01907814ACD6992C4D79FD77B1B571E9DAD5
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ydQPYs6w1Y-c2KMFUpgOeEv1VTQ.roa
Signing time:             Wed 03 Jul 2024 10:12:19 +0000
ROA not before:           Wed 03 Jul 2024 10:12:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205872
IP address blocks:        83.222.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:14:ac:d6:99:2c:4d:79:fd:77:b1:b5:71:e9:da:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jul  3 10:12:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9d40f62ceb0d58f9cd8a30552980e784bf55534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:50:a3:70:25:ba:5c:7d:d5:7d:97:d3:cf:6c:
                    88:1d:8f:c6:38:d8:9f:7c:8c:46:26:eb:83:02:48:
                    42:60:64:39:01:b4:c9:96:d9:76:c6:a0:f3:29:12:
                    cb:29:aa:33:5c:1f:bc:63:00:73:74:7f:e5:75:df:
                    56:e8:02:bf:59:ee:1d:59:a5:9d:b5:a4:e8:5d:57:
                    78:bf:45:22:9c:ee:c6:e5:95:60:4a:13:4f:bb:18:
                    06:57:bc:9d:e3:9f:6a:6b:28:01:ce:c3:ff:8f:b9:
                    96:25:c0:a7:42:19:10:db:bd:71:03:ea:ef:c5:34:
                    21:a1:bb:5b:9d:db:58:38:a3:2a:86:4f:b7:4c:a7:
                    fd:de:75:fb:8c:20:85:53:97:e6:47:80:0a:35:f3:
                    39:ea:05:60:49:b9:eb:0d:a0:17:9b:fa:e8:9e:7e:
                    b7:cb:50:30:a1:1e:15:5b:cf:98:3a:84:e1:e5:90:
                    47:21:ab:56:13:df:b4:8f:fe:67:63:9f:68:1c:39:
                    a6:8d:5b:8a:58:62:38:c8:a8:18:94:b2:b6:fa:7c:
                    03:85:bb:82:52:4c:89:90:da:a1:a2:c5:46:3f:23:
                    ae:2f:a3:21:89:ec:39:6f:21:ab:12:d1:4a:45:1d:
                    f8:5a:18:00:9d:23:5f:8a:74:f8:ed:65:ed:c6:8c:
                    97:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D4:0F:62:CE:B0:D5:8F:9C:D8:A3:05:52:98:0E:78:4B:F5:55:34
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ydQPYs6w1Y-c2KMFUpgOeEv1VTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.222.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:99:05:47:49:d0:3b:8d:6e:ca:ad:5c:ad:77:36:4b:c8:7c:
         da:70:79:b2:97:5e:8d:01:6d:f0:09:39:fc:6c:5a:02:b1:06:
         b6:96:eb:d7:18:d2:58:30:12:11:43:0c:69:74:a2:39:a3:c6:
         c7:3c:30:96:85:b6:4d:04:d6:d6:da:38:e4:58:56:09:9c:24:
         99:eb:a8:8b:ed:78:dc:6e:67:08:5f:6c:b1:b4:ac:25:80:b5:
         6c:31:32:01:6e:28:f1:da:a9:ca:fe:3c:bd:42:70:72:c0:60:
         be:1b:49:b4:8f:01:1e:8e:a6:bc:e3:22:d3:8d:fc:c2:9f:33:
         2f:95:f6:22:b1:1e:1f:bb:0f:a1:66:8e:8d:03:4e:d5:28:49:
         ee:e6:92:f1:a4:e2:79:48:6a:dd:3c:ed:bf:d3:18:61:ba:2a:
         9c:2d:57:fb:25:7a:e4:24:88:60:f6:15:93:51:cb:6b:e7:dc:
         33:80:15:34:41:fb:6c:76:e8:d4:c6:43:9f:28:e4:8f:96:b0:
         8b:c7:6d:a9:72:ab:f5:e5:b0:f2:c8:5e:48:ac:44:cd:f7:62:
         bb:c9:62:de:d1:f8:fb:19:aa:18:1e:ea:5d:39:46:24:1c:d5:
         f6:de:be:a9:6c:17:39:14:fd:22:35:7d:86:d4:00:cc:fc:fb:
         8a:da:f1:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB4FKzWmSxNef13sbVx6drVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwNzAzMTAxMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ0MGY2MmNlYjBkNThmOWNkOGEzMDU1Mjk4MGU3ODRiZjU1NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVCjcCW6XH3VfZfTz2yIHY/GONif
fIxGJuuDAkhCYGQ5AbTJltl2xqDzKRLLKaozXB+8YwBzdH/ldd9W6AK/We4dWaWd
taToXVd4v0UinO7G5ZVgShNPuxgGV7yd459qaygBzsP/j7mWJcCnQhkQ271xA+rv
xTQhobtbndtYOKMqhk+3TKf93nX7jCCFU5fmR4AKNfM56gVgSbnrDaAXm/ronn63
y1AwoR4VW8+YOoTh5ZBHIatWE9+0j/5nY59oHDmmjVuKWGI4yKgYlLK2+nwDhbuC
UkyJkNqhosVGPyOuL6Mhiew5byGrEtFKRR34WhgAnSNfinT47WXtxoyXLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnUD2LOsNWPnNijBVKYDnhL9VU0MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEveWRRUFlzNncxWS1jMktNRlVwZ09lRXYxVlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU969MA0G
CSqGSIb3DQEBCwUAA4IBAQCbmQVHSdA7jW7KrVytdzZLyHzacHmyl16NAW3wCTn8
bFoCsQa2luvXGNJYMBIRQwxpdKI5o8bHPDCWhbZNBNbW2jjkWFYJnCSZ66iL7Xjc
bmcIX2yxtKwlgLVsMTIBbijx2qnK/jy9QnBywGC+G0m0jwEejqa84yLTjfzCnzMv
lfYisR4fuw+hZo6NA07VKEnu5pLxpOJ5SGrdPO2/0xhhuiqcLVf7JXrkJIhg9hWT
Uctr59wzgBU0QftsdujUxkOfKOSPlrCLx22pcqv15bDyyF5IrETN92K7yWLe0fj7
GaoYHupdOUYkHNX23r6pbBc5FP0iNX2G1ADM/PuK2vGL
-----END CERTIFICATE-----