Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/yIz44nerC_06-U3VOWczImFjDP0.roa
File:                     yIz44nerC_06-U3VOWczImFjDP0.roa (raw, json)
Hash identifier:          JvCq0O8YNeC3U1KKkYjuatbvSj8ruP0vO2SSNhaPnOI=
Subject key identifier:   C8:8C:F8:E2:77:AB:0B:FD:3A:F9:4D:D5:39:67:33:22:61:63:0C:FD
Certificate issuer:       /CN=0a5ec6e0660db6f625b978be0d5ee71c2dcd465a
Certificate serial:       018CC8017909928714AFE77E4360E06DA21C
Authority key identifier: 0A:5E:C6:E0:66:0D:B6:F6:25:B9:78:BE:0D:5E:E7:1C:2D:CD:46:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cl7G4GYNtvYluXi-DV7nHC3NRlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/yIz44nerC_06-U3VOWczImFjDP0.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210101
IP address blocks:        85.117.224.0/22 maxlen: 22
                          2a0d:b4c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/Cl7G4GYNtvYluXi-DV7nHC3NRlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/Cl7G4GYNtvYluXi-DV7nHC3NRlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cl7G4GYNtvYluXi-DV7nHC3NRlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 04:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:79:09:92:87:14:af:e7:7e:43:60:e0:6d:a2:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a5ec6e0660db6f625b978be0d5ee71c2dcd465a
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c88cf8e277ab0bfd3af94dd53967332261630cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f8:9d:a9:a5:c7:83:46:6c:85:b7:fe:44:c8:
                    8b:9e:51:8d:a2:ec:ec:3f:20:df:37:bd:71:b5:47:
                    5f:39:03:c4:53:03:b2:86:e8:37:5c:e2:6f:14:5b:
                    0a:58:e9:60:38:84:d7:67:f8:46:00:55:ce:1a:c6:
                    8a:c7:d7:9f:07:d2:6a:2c:26:5d:e3:92:a8:c1:fb:
                    01:20:bf:1a:ec:d2:0e:93:d3:62:70:e2:79:31:92:
                    03:08:e3:e0:47:68:32:1b:f5:f9:89:c8:69:fb:b9:
                    e4:22:41:8b:0f:b7:b3:8b:0c:a0:86:d2:82:a7:e8:
                    fa:ce:b5:06:bc:ce:a1:12:7f:95:ae:97:28:45:16:
                    d1:59:d3:d5:07:95:1e:84:11:95:d4:e0:4d:44:06:
                    e1:31:68:a3:8b:e5:a9:d3:b6:88:24:01:d0:4e:10:
                    4f:f1:d6:68:08:78:51:80:6f:21:5d:96:4e:e4:e2:
                    cd:2c:3d:5d:25:bc:c7:2e:e4:0a:af:0e:c7:2d:e3:
                    99:dc:dd:21:23:42:7b:12:01:55:85:39:b4:a4:cb:
                    a3:cb:9a:7b:ad:2d:71:cf:c1:cb:ea:82:3a:61:89:
                    43:9b:86:45:e6:48:74:61:5e:50:8a:59:08:38:ec:
                    7c:83:37:58:9e:60:4d:2e:e3:4e:d0:a6:0b:cc:c2:
                    86:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:8C:F8:E2:77:AB:0B:FD:3A:F9:4D:D5:39:67:33:22:61:63:0C:FD
            X509v3 Authority Key Identifier:
                keyid:0A:5E:C6:E0:66:0D:B6:F6:25:B9:78:BE:0D:5E:E7:1C:2D:CD:46:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cl7G4GYNtvYluXi-DV7nHC3NRlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/yIz44nerC_06-U3VOWczImFjDP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/Cl7G4GYNtvYluXi-DV7nHC3NRlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.224.0/22
                IPv6:
                  2a0d:b4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:7f:bf:5f:75:79:32:bf:88:36:0c:6e:18:1b:13:0a:7f:a8:
         1b:22:d2:10:5f:8f:51:b2:3c:47:da:d4:b8:91:19:b0:f7:a6:
         8b:f7:74:61:24:82:95:b6:78:f2:8b:b8:d7:93:4e:6b:1f:5f:
         26:6c:27:e4:80:4e:fc:e0:47:da:45:c3:4c:0f:81:2c:fc:df:
         41:ad:30:89:a5:c3:1c:2a:f1:35:e1:57:e7:13:12:1b:d8:6c:
         97:63:ce:5b:27:cb:f3:20:9d:41:31:dd:52:d8:37:58:fd:60:
         e8:65:d9:cd:15:2b:28:43:56:c2:80:92:df:01:a8:a0:71:b7:
         3d:6c:4e:1e:f2:4b:aa:f0:bf:7b:74:4b:89:3f:d3:7f:47:7f:
         3a:3c:e7:c5:c7:8f:62:bc:65:e8:28:8f:38:31:65:40:e5:a4:
         f6:23:9a:02:87:96:6d:36:86:76:3f:d1:51:e0:97:c7:2f:90:
         bc:9b:f4:c2:64:f3:2d:db:ca:7c:db:73:a4:2f:40:25:41:27:
         a6:07:89:90:96:ac:06:99:6f:54:6d:2e:18:c3:62:9f:19:93:
         ac:e0:8c:aa:93:28:2e:18:aa:31:bd:9a:3d:25:6d:bb:0d:4c:
         67:5f:ed:36:78:00:43:6f:a8:5c:2b:7f:fc:0b:8f:af:8e:86:
         38:4f:f0:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAXkJkocUr+d+Q2DgbaIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNWVjNmUwNjYwZGI2ZjYyNWI5NzhiZTBkNWVlNzFjMmRj
ZDQ2NWEwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhjZjhlMjc3YWIwYmZkM2FmOTRkZDUzOTY3MzMyMjYxNjMwY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovidqaXHg0Zshbf+RMiLnlGNouzs
PyDfN71xtUdfOQPEUwOyhug3XOJvFFsKWOlgOITXZ/hGAFXOGsaKx9efB9JqLCZd
45KowfsBIL8a7NIOk9NicOJ5MZIDCOPgR2gyG/X5ichp+7nkIkGLD7eziwyghtKC
p+j6zrUGvM6hEn+VrpcoRRbRWdPVB5UehBGV1OBNRAbhMWiji+Wp07aIJAHQThBP
8dZoCHhRgG8hXZZO5OLNLD1dJbzHLuQKrw7HLeOZ3N0hI0J7EgFVhTm0pMujy5p7
rS1xz8HL6oI6YYlDm4ZF5kh0YV5QilkIOOx8gzdYnmBNLuNO0KYLzMKGLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMiM+OJ3qwv9OvlN1TlnMyJhYwz9MB8GA1UdIwQY
MBaAFApexuBmDbb2Jbl4vg1e5xwtzUZaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2w3RzRHWU50dllsdVhpLURWN25IQzNOUmxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy81Nzc2YTMtMDZkZC00OTgwLThmNmYt
ZDNlM2M3OGU3YzQ0LzEveUl6NDRuZXJDXzA2LVUzVk9XY3pJbUZqRFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy81Nzc2YTMtMDZkZC00OTgwLThmNmYtZDNlM2M3OGU3YzQ0
LzEvQ2w3RzRHWU50dllsdVhpLURWN25IQzNOUmxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVXXgMA0E
AgACMAcDBQMqDbTAMA0GCSqGSIb3DQEBCwUAA4IBAQCxf79fdXkyv4g2DG4YGxMK
f6gbItIQX49RsjxH2tS4kRmw96aL93RhJIKVtnjyi7jXk05rH18mbCfkgE784Efa
RcNMD4Es/N9BrTCJpcMcKvE14VfnExIb2GyXY85bJ8vzIJ1BMd1S2DdY/WDoZdnN
FSsoQ1bCgJLfAaigcbc9bE4e8kuq8L97dEuJP9N/R386POfFx49ivGXoKI84MWVA
5aT2I5oCh5ZtNoZ2P9FR4JfHL5C8m/TCZPMt28p823OkL0AlQSemB4mQlqwGmW9U
bS4Yw2KfGZOs4IyqkyguGKoxvZo9JW27DUxnX+02eABDb6hcK3/8C4+vjoY4T/D+
-----END CERTIFICATE-----