Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/y3b_Ryw3ZVWyAqwmyXJHbBI-V7E.roa
File:                     y3b_Ryw3ZVWyAqwmyXJHbBI-V7E.roa (raw, json)
Hash identifier:          ZSr/KPYqH1P2d9+YfGve2AmTcGyeAoKLHR1FhVlkEE8=
Subject key identifier:   CB:76:FF:47:2C:37:65:55:B2:02:AC:26:C9:72:47:6C:12:3E:57:B1
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       018CC64B26AD96649A10CAA7C26EDC9E964F
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/y3b_Ryw3ZVWyAqwmyXJHbBI-V7E.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34078
IP address blocks:        185.112.148.0/22 maxlen: 22
                          185.112.148.0/23 maxlen: 23
                          185.112.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:26:ad:96:64:9a:10:ca:a7:c2:6e:dc:9e:96:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb76ff472c376555b202ac26c972476c123e57b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cd:01:1f:7f:7b:7e:55:6a:72:fe:6d:bb:32:
                    af:e8:ee:4f:9c:a4:f7:cd:a9:3f:8f:9e:96:f6:5c:
                    ef:a3:b6:5d:b3:02:03:41:0e:ce:b6:b9:ac:66:58:
                    62:a0:14:3c:d8:08:07:aa:5f:b8:3e:a2:ed:a0:61:
                    1a:f9:5e:fa:2c:43:07:b2:42:2d:b6:f3:d0:1d:93:
                    0a:70:6e:be:57:14:65:8f:fe:a5:87:64:d4:9a:a1:
                    99:60:92:13:90:8c:56:8f:82:89:6b:7b:e2:e8:d8:
                    bc:33:54:ef:bb:5f:ff:b9:0b:05:9b:c7:bd:fd:e4:
                    1a:94:d4:ce:2f:76:89:ce:b3:df:42:c0:bc:31:77:
                    ba:a1:3a:3b:3b:d0:58:c0:31:b4:d2:0c:19:f8:c6:
                    2f:fa:67:63:bb:4c:91:a7:d4:a9:31:b2:70:af:b4:
                    bb:72:1a:bf:29:42:f7:1f:47:09:81:db:87:46:44:
                    30:87:d2:47:d6:8a:67:b2:5c:cd:c0:0b:1a:b5:03:
                    36:4d:fc:c6:ee:73:fc:74:f2:07:9d:56:93:79:a5:
                    b6:cc:4a:3a:7d:6c:7d:bc:76:ff:35:9a:72:46:70:
                    cb:b9:e7:27:d6:43:b6:91:5b:8c:8f:9d:d3:ff:63:
                    78:8e:ab:a4:79:a1:8f:64:f6:74:c5:66:2a:f7:35:
                    4a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:76:FF:47:2C:37:65:55:B2:02:AC:26:C9:72:47:6C:12:3E:57:B1
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/y3b_Ryw3ZVWyAqwmyXJHbBI-V7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:a6:9c:aa:25:e2:3a:81:ed:1b:c6:60:81:2a:29:06:91:8c:
         55:d2:92:39:25:d7:26:31:18:34:71:f1:4d:ce:0b:b7:5b:02:
         4a:f2:09:c3:94:b9:7a:ba:6b:a1:e0:01:d0:cc:b6:2d:a4:55:
         f3:36:59:94:a8:ea:ca:6c:7b:48:5b:45:8f:a9:f8:41:33:43:
         7b:3c:d0:f4:ba:a8:fa:4f:49:76:cb:41:d8:fa:95:71:21:ec:
         25:cc:51:81:80:b7:0c:ea:be:84:16:26:38:f0:ba:a6:a2:97:
         58:59:36:d4:99:a5:0d:fe:b7:51:07:6d:42:5f:ea:e1:d8:c9:
         55:18:81:0d:e2:12:6b:e5:66:55:a7:8f:6c:dc:8b:8d:9e:1e:
         cc:2f:20:1e:f1:36:4f:91:ff:91:0e:84:34:f5:56:79:ce:83:
         37:18:83:34:6f:62:fa:54:fb:f4:d7:ec:ae:3b:58:21:75:fe:
         48:61:cc:79:59:2f:e2:e0:66:90:bd:1a:a3:f1:ba:df:96:cf:
         c5:d4:08:73:c1:8c:c8:4c:a3:55:f7:c4:c7:d2:4d:0c:02:90:
         8e:02:65:95:30:06:2d:81:b9:fc:f2:f4:7e:9e:29:f9:38:16:
         12:ce:2b:49:8b:72:ca:a3:9c:d2:e4:8d:b9:01:06:b5:27:12:
         a8:ce:ae:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyatlmSaEMqnwm7cnpZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjc2ZmY0NzJjMzc2NTU1YjIwMmFjMjZjOTcyNDc2YzEyM2U1N2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM0BH397flVqcv5tuzKv6O5PnKT3
zak/j56W9lzvo7ZdswIDQQ7OtrmsZlhioBQ82AgHql+4PqLtoGEa+V76LEMHskIt
tvPQHZMKcG6+VxRlj/6lh2TUmqGZYJITkIxWj4KJa3vi6Ni8M1Tvu1//uQsFm8e9
/eQalNTOL3aJzrPfQsC8MXe6oTo7O9BYwDG00gwZ+MYv+mdju0yRp9SpMbJwr7S7
chq/KUL3H0cJgduHRkQwh9JH1opnslzNwAsatQM2TfzG7nP8dPIHnVaTeaW2zEo6
fWx9vHb/NZpyRnDLuecn1kO2kVuMj53T/2N4jqukeaGPZPZ0xWYq9zVKGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMt2/0csN2VVsgKsJslyR2wSPlexMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEveTNiX1J5dzNaVld5QXF3bXlYSkhiQkktVjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXCUMA0G
CSqGSIb3DQEBCwUAA4IBAQBkppyqJeI6ge0bxmCBKikGkYxV0pI5JdcmMRg0cfFN
zgu3WwJK8gnDlLl6umuh4AHQzLYtpFXzNlmUqOrKbHtIW0WPqfhBM0N7PND0uqj6
T0l2y0HY+pVxIewlzFGBgLcM6r6EFiY48LqmopdYWTbUmaUN/rdRB21CX+rh2MlV
GIEN4hJr5WZVp49s3IuNnh7MLyAe8TZPkf+RDoQ09VZ5zoM3GIM0b2L6VPv01+yu
O1ghdf5IYcx5WS/i4GaQvRqj8brfls/F1AhzwYzITKNV98TH0k0MApCOAmWVMAYt
gbn88vR+nin5OBYSzitJi3LKo5zS5I25AQa1JxKozq6F
-----END CERTIFICATE-----