Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/7d66de-5f0c-4765-a0f6-67fbf2155e4e/1/yeU9Jf8iVS9FtuAXF2BSclsouLs.roa
File:                     yeU9Jf8iVS9FtuAXF2BSclsouLs.roa (raw, json)
Hash identifier:          t2xp+rbEnXYwtlv+MVg4MUycEtLYglcE4QhNLMG8Z5Q=
Subject key identifier:   C9:E5:3D:25:FF:22:55:2F:45:B6:E0:17:17:60:52:72:5B:28:B8:BB
Certificate issuer:       /CN=607e5caff4f47b2b8dc81cc36c8e346662639898
Certificate serial:       018CC5DC137251081FEA2987A5780B809897
Authority key identifier: 60:7E:5C:AF:F4:F4:7B:2B:8D:C8:1C:C3:6C:8E:34:66:62:63:98:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YH5cr_T0eyuNyBzDbI40ZmJjmJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/7d66de-5f0c-4765-a0f6-67fbf2155e4e/1/yeU9Jf8iVS9FtuAXF2BSclsouLs.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211953
IP address blocks:        185.189.52.0/24 maxlen: 24
                          185.189.53.0/24 maxlen: 24
                          185.189.54.0/24 maxlen: 24
                          185.189.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/7d66de-5f0c-4765-a0f6-67fbf2155e4e/1/YH5cr_T0eyuNyBzDbI40ZmJjmJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/7d66de-5f0c-4765-a0f6-67fbf2155e4e/1/YH5cr_T0eyuNyBzDbI40ZmJjmJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YH5cr_T0eyuNyBzDbI40ZmJjmJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:13:72:51:08:1f:ea:29:87:a5:78:0b:80:98:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607e5caff4f47b2b8dc81cc36c8e346662639898
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9e53d25ff22552f45b6e017176052725b28b8bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:92:91:7c:93:a0:2b:7b:4b:b8:15:4d:da:67:
                    1a:f3:5e:da:08:35:81:41:f7:99:0a:e4:6c:f0:44:
                    03:14:8f:31:52:7a:8e:d8:a1:eb:7a:95:62:31:be:
                    3c:d8:57:12:7b:4b:aa:75:6b:f5:ed:ed:27:90:b4:
                    a9:b2:78:a7:1c:67:0b:1e:d5:39:b6:32:0e:45:5d:
                    7e:21:1e:20:7c:fe:7e:4d:c0:97:c9:ea:2c:0e:6a:
                    18:6a:64:ea:26:e5:d8:e0:01:56:b9:8b:95:b5:e9:
                    3f:b8:7c:0f:08:d9:0d:1d:12:ea:76:89:be:5f:ed:
                    06:b2:5a:a2:9d:9a:d3:a2:72:ba:9d:5c:a0:e6:8a:
                    bb:84:05:0c:8b:50:d1:0f:94:69:94:3b:ed:7a:74:
                    67:35:fd:a3:04:bb:5b:45:d5:ce:e0:1f:c7:f2:df:
                    78:1b:9a:e4:75:01:ce:7f:d4:43:bb:6f:bd:74:9f:
                    7d:75:34:60:b8:6b:d3:1e:ee:41:44:25:23:44:60:
                    e9:c4:c3:15:82:3a:c4:9e:9a:7d:0d:56:16:28:fa:
                    cd:f8:2e:20:96:e0:6f:ef:de:01:b8:fe:a2:d8:09:
                    dd:78:35:e5:07:a5:45:e1:b5:f1:c9:1c:04:6a:ee:
                    ab:7f:6d:5b:cf:42:7e:64:22:0f:e6:f9:66:f9:4b:
                    d9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E5:3D:25:FF:22:55:2F:45:B6:E0:17:17:60:52:72:5B:28:B8:BB
            X509v3 Authority Key Identifier:
                keyid:60:7E:5C:AF:F4:F4:7B:2B:8D:C8:1C:C3:6C:8E:34:66:62:63:98:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YH5cr_T0eyuNyBzDbI40ZmJjmJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/7d66de-5f0c-4765-a0f6-67fbf2155e4e/1/yeU9Jf8iVS9FtuAXF2BSclsouLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/7d66de-5f0c-4765-a0f6-67fbf2155e4e/1/YH5cr_T0eyuNyBzDbI40ZmJjmJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:3f:90:93:18:cb:bb:bb:8b:b9:6a:b6:38:30:e2:8d:b3:e2:
         0b:4a:fa:9a:65:8e:0a:97:4a:83:40:e7:92:8a:63:72:83:96:
         6e:8e:de:b4:d6:42:c6:41:59:32:64:3a:f9:05:c6:17:db:20:
         e2:db:08:fe:35:4f:2d:1e:1a:74:a6:de:65:d4:2e:b6:30:ff:
         cd:78:b0:1c:fd:b9:af:3b:be:13:57:7a:c7:9b:8e:dd:e5:1c:
         1f:55:c6:30:af:9b:25:2b:7a:db:8b:fc:33:a3:3b:bc:3e:93:
         ad:ab:98:ec:54:f2:62:87:64:e1:fb:92:64:ce:83:4a:82:53:
         0c:02:0f:e1:1a:53:0f:bd:f0:b8:4d:36:e1:ca:6d:0c:dc:8b:
         ca:0b:e9:47:56:cd:6e:20:ac:6b:3a:e8:aa:20:a1:d0:13:63:
         0c:cb:73:0a:04:19:6c:77:b4:ff:a9:db:8c:0e:71:ca:35:62:
         f8:67:a2:0b:1b:24:8d:44:70:c1:29:5c:04:6d:ab:49:23:a4:
         80:94:7a:1b:7d:2a:b0:10:93:15:c5:8c:03:a9:82:67:d9:4f:
         ca:dc:68:1b:f1:33:f9:1f:9d:2a:ab:e0:ad:36:22:1f:f8:cf:
         57:3c:67:7b:97:f3:e8:05:cc:4e:50:62:46:6d:93:2d:11:87:
         bc:47:cf:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BNyUQgf6imHpXgLgJiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2U1Y2FmZjRmNDdiMmI4ZGM4MWNjMzZjOGUzNDY2NjI2
Mzk4OTgwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU1M2QyNWZmMjI1NTJmNDViNmUwMTcxNzYwNTI3MjViMjhiOGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJKRfJOgK3tLuBVN2mca817aCDWB
QfeZCuRs8EQDFI8xUnqO2KHrepViMb482FcSe0uqdWv17e0nkLSpsninHGcLHtU5
tjIORV1+IR4gfP5+TcCXyeosDmoYamTqJuXY4AFWuYuVtek/uHwPCNkNHRLqdom+
X+0GslqinZrTonK6nVyg5oq7hAUMi1DRD5RplDvtenRnNf2jBLtbRdXO4B/H8t94
G5rkdQHOf9RDu2+9dJ99dTRguGvTHu5BRCUjRGDpxMMVgjrEnpp9DVYWKPrN+C4g
luBv794BuP6i2AndeDXlB6VF4bXxyRwEau6rf21bz0J+ZCIP5vlm+UvZKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnlPSX/IlUvRbbgFxdgUnJbKLi7MB8GA1UdIwQY
MBaAFGB+XK/09Hsrjcgcw2yONGZiY5iYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUg1Y3JfVDBleXVOeUJ6RGJJNDBabUpqbUpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi83ZDY2ZGUtNWYwYy00NzY1LWEwZjYt
NjdmYmYyMTU1ZTRlLzEveWVVOUpmOGlWUzlGdHVBWEYyQlNjbHNvdUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi83ZDY2ZGUtNWYwYy00NzY1LWEwZjYtNjdmYmYyMTU1ZTRl
LzEvWUg1Y3JfVDBleXVOeUJ6RGJJNDBabUpqbUpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub00MA0G
CSqGSIb3DQEBCwUAA4IBAQAhP5CTGMu7u4u5arY4MOKNs+ILSvqaZY4Kl0qDQOeS
imNyg5Zujt601kLGQVkyZDr5BcYX2yDi2wj+NU8tHhp0pt5l1C62MP/NeLAc/bmv
O74TV3rHm47d5RwfVcYwr5slK3rbi/wzozu8PpOtq5jsVPJih2Th+5JkzoNKglMM
Ag/hGlMPvfC4TTbhym0M3IvKC+lHVs1uIKxrOuiqIKHQE2MMy3MKBBlsd7T/qduM
DnHKNWL4Z6ILGySNRHDBKVwEbatJI6SAlHobfSqwEJMVxYwDqYJn2U/K3Ggb8TP5
H50qq+CtNiIf+M9XPGd7l/PoBcxOUGJGbZMtEYe8R89Q
-----END CERTIFICATE-----