Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/KiupYUW20XBXPrfTN0-sbIBKeJY.roa
File:                     KiupYUW20XBXPrfTN0-sbIBKeJY.roa (raw, json)
Hash identifier:          JqGeo8Y5+M8Skucib1cjqp99ZrrMG/jvvQaKrnrU9Qw=
Subject key identifier:   2A:2B:A9:61:45:B6:D1:70:57:3E:B7:D3:37:4F:AC:6C:80:4A:78:96
Certificate issuer:       /CN=bfeaab1ba68e87c9f7ab0d9050bff9f20a6267da
Certificate serial:       018CC2DB39E18A72C4C0FCA2A1F595570358
Authority key identifier: BF:EA:AB:1B:A6:8E:87:C9:F7:AB:0D:90:50:BF:F9:F2:0A:62:67:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-qrG6aOh8n3qw2QUL_58gpiZ9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/KiupYUW20XBXPrfTN0-sbIBKeJY.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206310
IP address blocks:        185.209.184.0/22 maxlen: 22
                          185.187.216.0/22 maxlen: 22
                          2a0b:af80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/v-qrG6aOh8n3qw2QUL_58gpiZ9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/v-qrG6aOh8n3qw2QUL_58gpiZ9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-qrG6aOh8n3qw2QUL_58gpiZ9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:39:e1:8a:72:c4:c0:fc:a2:a1:f5:95:57:03:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfeaab1ba68e87c9f7ab0d9050bff9f20a6267da
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a2ba96145b6d170573eb7d3374fac6c804a7896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:84:5e:d4:64:a6:9e:f6:ed:74:05:ea:c8:24:
                    d8:8d:a7:b9:07:4d:26:1c:ff:e7:e4:da:e5:15:ea:
                    71:7c:c7:df:58:f9:23:42:fb:cc:d3:e8:35:18:b8:
                    61:f7:fc:3c:00:ea:49:ff:e4:ed:86:6d:e9:6b:9c:
                    77:4a:f0:08:32:2e:ed:92:7d:82:88:74:eb:e2:13:
                    05:f1:f4:82:92:3e:c4:c9:39:46:67:2f:7a:2f:a4:
                    9a:e5:1c:b7:91:de:e1:95:31:2d:bf:fc:84:6b:25:
                    05:ac:c9:18:48:eb:15:91:f8:f8:8e:1f:79:2c:ef:
                    ec:34:08:8d:43:8e:67:b0:b9:e2:3f:27:99:ee:2a:
                    3e:19:0a:42:90:21:92:42:c4:19:c7:a6:69:92:b8:
                    a4:85:21:36:a3:2c:46:28:cb:d2:84:7a:ce:c8:f8:
                    9a:75:34:6c:55:74:24:62:3c:42:70:32:9a:08:a0:
                    05:34:a8:7c:1a:c3:2e:91:49:92:1a:28:7b:9d:91:
                    11:39:6c:73:8c:05:7a:69:55:46:81:48:0c:3c:29:
                    75:93:f2:35:77:3e:33:27:71:4d:ae:9e:df:f7:56:
                    85:db:e7:3c:44:90:db:c3:bd:ad:3a:0a:da:36:43:
                    a3:e8:f4:01:b5:c5:ab:b5:c9:31:b9:19:ce:e1:d6:
                    9c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2B:A9:61:45:B6:D1:70:57:3E:B7:D3:37:4F:AC:6C:80:4A:78:96
            X509v3 Authority Key Identifier:
                keyid:BF:EA:AB:1B:A6:8E:87:C9:F7:AB:0D:90:50:BF:F9:F2:0A:62:67:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-qrG6aOh8n3qw2QUL_58gpiZ9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/KiupYUW20XBXPrfTN0-sbIBKeJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/v-qrG6aOh8n3qw2QUL_58gpiZ9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.216.0/22
                  185.209.184.0/22
                IPv6:
                  2a0b:af80::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:59:aa:63:bc:48:8c:c5:2a:8e:41:bf:da:d7:4f:55:fc:39:
         4e:fa:3e:c2:b7:8e:d6:23:bb:79:19:ae:9c:b5:4f:2b:81:fe:
         c4:65:92:15:1b:bb:95:c9:02:88:bd:52:8a:36:ee:30:d6:47:
         92:4c:d3:e9:cd:00:bb:81:0e:16:ef:b6:22:06:0e:e5:42:dc:
         bc:cf:17:cd:a2:61:35:c4:3b:b7:6a:f9:09:29:6d:1d:64:2f:
         a5:76:5b:20:d5:36:6e:30:78:85:55:71:74:a7:a8:74:1c:71:
         10:8b:6f:ab:16:c4:7f:01:9f:4b:1b:c0:97:37:03:ff:1a:24:
         48:e8:bf:2d:4e:49:c6:d0:db:27:78:ca:e9:af:52:d1:06:45:
         78:0e:cc:94:ab:ab:1f:3a:19:14:58:e4:6a:d7:ac:c8:53:94:
         fa:d5:d5:29:9c:8a:54:72:a5:e7:9b:6c:01:2a:d2:74:75:f3:
         f2:3a:04:d8:d5:a6:25:69:f5:44:7f:50:10:ef:cf:57:0d:08:
         b4:83:11:ec:7e:3f:07:69:63:db:e6:b9:42:68:f9:64:40:c0:
         d3:c9:e9:0d:81:30:03:52:ba:d2:83:9d:c1:34:f8:29:23:70:
         b8:e1:e3:58:50:8e:d6:0c:72:3a:bc:e4:31:4b:49:28:bc:c6:
         38:cd:de:92
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2znhinLEwPyiofWVVwNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZWFhYjFiYTY4ZTg3YzlmN2FiMGQ5MDUwYmZmOWYyMGE2
MjY3ZGEwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTJiYTk2MTQ1YjZkMTcwNTczZWI3ZDMzNzRmYWM2YzgwNGE3ODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoRe1GSmnvbtdAXqyCTYjae5B00m
HP/n5NrlFepxfMffWPkjQvvM0+g1GLhh9/w8AOpJ/+Tthm3pa5x3SvAIMi7tkn2C
iHTr4hMF8fSCkj7EyTlGZy96L6Sa5Ry3kd7hlTEtv/yEayUFrMkYSOsVkfj4jh95
LO/sNAiNQ45nsLniPyeZ7io+GQpCkCGSQsQZx6ZpkrikhSE2oyxGKMvShHrOyPia
dTRsVXQkYjxCcDKaCKAFNKh8GsMukUmSGih7nZEROWxzjAV6aVVGgUgMPCl1k/I1
dz4zJ3FNrp7f91aF2+c8RJDbw72tOgraNkOj6PQBtcWrtckxuRnO4dacswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCorqWFFttFwVz630zdPrGyASniWMB8GA1UdIwQY
MBaAFL/qqxumjofJ96sNkFC/+fIKYmfaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1xckc2YU9oOG4zcXcyUVVMXzU4Z3BpWjlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8xMzc3ODYtNDY2Yy00YjU4LWE3YWYt
ZjMzNzQxMjk1MTAxLzEvS2l1cFlVVzIwWEJYUHJmVE4wLXNiSUJLZUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8xMzc3ODYtNDY2Yy00YjU4LWE3YWYtZjMzNzQxMjk1MTAx
LzEvdi1xckc2YU9oOG4zcXcyUVVMXzU4Z3BpWjlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCubvYAwQC
udG4MA0EAgACMAcDBQMqC6+AMA0GCSqGSIb3DQEBCwUAA4IBAQCQWapjvEiMxSqO
Qb/a109V/DlO+j7Ct47WI7t5Ga6ctU8rgf7EZZIVG7uVyQKIvVKKNu4w1keSTNPp
zQC7gQ4W77YiBg7lQty8zxfNomE1xDu3avkJKW0dZC+ldlsg1TZuMHiFVXF0p6h0
HHEQi2+rFsR/AZ9LG8CXNwP/GiRI6L8tTknG0NsneMrpr1LRBkV4DsyUq6sfOhkU
WORq16zIU5T61dUpnIpUcqXnm2wBKtJ0dfPyOgTY1aYlafVEf1AQ789XDQi0gxHs
fj8HaWPb5rlCaPlkQMDTyekNgTADUrrSg53BNPgpI3C44eNYUI7WDHI6vOQxS0ko
vMY4zd6S
-----END CERTIFICATE-----