Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/ymRn3rtfY_hnlGv_W21onSfXzvY.roa
File:                     ymRn3rtfY_hnlGv_W21onSfXzvY.roa (raw, json)
Hash identifier:          juBziVXiwCr30fkwgOU5b7qXJ7WspsZQZ+C1/xGacJE=
Subject key identifier:   CA:64:67:DE:BB:5F:63:F8:67:94:6B:FF:5B:6D:68:9D:27:D7:CE:F6
Certificate issuer:       /CN=5dd23c7ac6e682fbc53be1a0e9318f6ccae7193d
Certificate serial:       018CC2DAB9FDEC9702A893A70E50FD2EADC1
Authority key identifier: 5D:D2:3C:7A:C6:E6:82:FB:C5:3B:E1:A0:E9:31:8F:6C:CA:E7:19:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/ymRn3rtfY_hnlGv_W21onSfXzvY.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216313
IP address blocks:        185.129.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b9:fd:ec:97:02:a8:93:a7:0e:50:fd:2e:ad:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd23c7ac6e682fbc53be1a0e9318f6ccae7193d
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca6467debb5f63f867946bff5b6d689d27d7cef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:82:c7:ba:08:94:85:c6:17:01:21:a2:b6:
                    44:4d:b5:4d:3e:c3:dc:d0:f9:6b:b4:cd:73:1e:e0:
                    67:8e:c4:2f:93:d4:d4:d4:6d:a1:56:84:91:c0:79:
                    9a:0b:c2:98:51:74:55:21:cd:65:17:0a:ea:7d:96:
                    f1:cc:8c:2f:e2:fb:22:21:a0:51:41:3c:6d:d0:1c:
                    ef:5d:18:48:77:67:fe:bf:30:d2:b1:eb:3f:97:f8:
                    cd:61:5d:f1:56:2d:63:e9:ff:b5:68:16:a9:fb:27:
                    b1:10:24:94:50:b2:4a:a3:a5:7a:b3:15:17:89:98:
                    f2:84:9a:da:85:0e:0c:de:82:22:f9:04:b5:31:6d:
                    63:8b:01:2d:b0:aa:36:03:4b:a8:02:99:22:48:00:
                    bc:f5:cb:39:e0:6d:c4:46:80:de:b3:7e:b0:02:3f:
                    42:73:40:d1:4f:31:29:4a:43:5f:a7:64:c2:48:da:
                    e6:06:43:35:f2:fd:3a:06:93:d1:17:41:87:ad:74:
                    61:46:9e:79:eb:ab:f1:41:51:ab:bc:44:96:8e:16:
                    6d:05:e5:a0:2d:54:f5:21:bd:99:54:d0:27:e5:6e:
                    6a:22:58:1e:58:aa:f5:47:2c:55:07:82:57:16:0d:
                    d0:c6:2f:d5:91:f6:70:8e:3b:8a:48:bc:fd:57:46:
                    c8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:64:67:DE:BB:5F:63:F8:67:94:6B:FF:5B:6D:68:9D:27:D7:CE:F6
            X509v3 Authority Key Identifier:
                keyid:5D:D2:3C:7A:C6:E6:82:FB:C5:3B:E1:A0:E9:31:8F:6C:CA:E7:19:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/ymRn3rtfY_hnlGv_W21onSfXzvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:78:cd:7a:a0:9e:4b:9a:9c:88:62:55:59:77:4f:e6:c4:f9:
         35:3d:92:26:44:e5:99:80:e9:7e:16:be:d7:1d:a7:a8:19:4b:
         56:4f:0a:9d:42:42:28:8c:18:78:83:11:49:14:7e:01:04:a0:
         f4:5b:7a:fc:96:53:cf:af:4d:0b:91:89:f7:8b:18:7b:75:b1:
         31:cb:6d:64:d9:fd:d9:ee:cc:0c:9e:6a:6a:9d:05:c0:2b:9e:
         d9:ca:b5:c5:f6:a3:90:f8:31:93:89:bb:2b:cb:f2:95:4c:de:
         bb:44:8a:5d:0b:6d:83:73:b0:fb:4c:80:9d:ab:87:04:7e:0c:
         a5:a5:10:39:da:52:cc:1a:1f:1f:08:93:41:d3:9c:ac:46:24:
         41:71:36:f2:43:c7:7b:00:34:cd:c6:bd:fb:6e:7e:77:60:08:
         8c:2a:4a:26:3b:fb:d7:e8:b8:b4:94:40:e3:65:1f:a9:32:9f:
         b0:ad:5a:f4:f9:2a:96:92:d0:e6:92:e6:c8:ae:0b:59:7c:36:
         4f:8f:9d:13:17:fa:d8:44:0f:02:fe:90:4e:fb:ff:80:fe:11:
         e4:6a:89:96:3d:e2:f1:a2:79:5a:a9:13:88:04:40:40:0d:98:
         b2:00:11:b7:d6:16:8b:a0:f6:7f:08:7b:99:f6:92:b3:4d:19:
         2d:be:b8:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rn97JcCqJOnDlD9Lq3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDIzYzdhYzZlNjgyZmJjNTNiZTFhMGU5MzE4ZjZjY2Fl
NzE5M2QwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY0NjdkZWJiNWY2M2Y4Njc5NDZiZmY1YjZkNjg5ZDI3ZDdjZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH6Cx7oIlIXGFwEhorZETbVNPsPc
0PlrtM1zHuBnjsQvk9TU1G2hVoSRwHmaC8KYUXRVIc1lFwrqfZbxzIwv4vsiIaBR
QTxt0BzvXRhId2f+vzDSses/l/jNYV3xVi1j6f+1aBap+yexECSUULJKo6V6sxUX
iZjyhJrahQ4M3oIi+QS1MW1jiwEtsKo2A0uoApkiSAC89cs54G3ERoDes36wAj9C
c0DRTzEpSkNfp2TCSNrmBkM18v06BpPRF0GHrXRhRp5566vxQVGrvESWjhZtBeWg
LVT1Ib2ZVNAn5W5qIlgeWKr1RyxVB4JXFg3Qxi/VkfZwjjuKSLz9V0bImQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpkZ967X2P4Z5Rr/1ttaJ0n1872MB8GA1UdIwQY
MBaAFF3SPHrG5oL7xTvhoOkxj2zK5xk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRJOGVzYm1ndnZGTy1HZzZUR1BiTXJuR1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hNDJlOWMtZDkyZC00YjIwLWE1ZWIt
ZWJlMjMzMmNhZjFjLzEveW1SbjNydGZZX2hubEd2X1cyMW9uU2ZYenZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hNDJlOWMtZDkyZC00YjIwLWE1ZWItZWJlMjMzMmNhZjFj
LzEvWGRJOGVzYm1ndnZGTy1HZzZUR1BiTXJuR1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYE8MA0G
CSqGSIb3DQEBCwUAA4IBAQA/eM16oJ5LmpyIYlVZd0/mxPk1PZImROWZgOl+Fr7X
HaeoGUtWTwqdQkIojBh4gxFJFH4BBKD0W3r8llPPr00LkYn3ixh7dbExy21k2f3Z
7swMnmpqnQXAK57ZyrXF9qOQ+DGTibsry/KVTN67RIpdC22Dc7D7TICdq4cEfgyl
pRA52lLMGh8fCJNB05ysRiRBcTbyQ8d7ADTNxr37bn53YAiMKkomO/vX6Li0lEDj
ZR+pMp+wrVr0+SqWktDmkubIrgtZfDZPj50TF/rYRA8C/pBO+/+A/hHkaomWPeLx
onlaqROIBEBADZiyABG31haLoPZ/CHuZ9pKzTRktvrja
-----END CERTIFICATE-----