Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/yjFcp1MyAN7i0goLHcZmbTBpQAk.roa
File:                     yjFcp1MyAN7i0goLHcZmbTBpQAk.roa (raw, json)
Hash identifier:          DhprV+3YIEKPjxtGq2YtflJGmQfc480r6R0+I6Sq9y8=
Subject key identifier:   CA:31:5C:A7:53:32:00:DE:E2:D2:0A:0B:1D:C6:66:6D:30:69:40:09
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       018D7DD4353FABA8D060BA038BACA74E0F01
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/yjFcp1MyAN7i0goLHcZmbTBpQAk.roa
Signing time:             Tue 06 Feb 2024 09:51:15 +0000
ROA not before:           Tue 06 Feb 2024 09:51:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3177
IP address blocks:        185.129.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:d4:35:3f:ab:a8:d0:60:ba:03:8b:ac:a7:4e:0f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Feb  6 09:51:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca315ca7533200dee2d20a0b1dc6666d30694009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:62:43:b5:e9:ab:e3:79:b5:a5:5d:5d:48:db:
                    c3:10:fb:e8:2c:39:aa:f2:9b:34:de:1e:7a:4f:68:
                    64:3b:e2:61:5b:99:c6:3c:f2:70:a4:33:b1:46:b0:
                    06:33:d3:b4:83:87:86:2e:71:5e:03:c2:e2:30:3c:
                    14:0d:ef:ee:6c:50:3b:2b:5c:e4:2d:ea:0e:fb:a1:
                    b6:e6:11:8a:ee:22:06:f4:3f:c6:4d:4d:ac:d2:f9:
                    e4:2e:39:66:4c:b2:46:94:b5:3f:b6:72:99:b2:a9:
                    80:a7:a2:52:81:55:9b:54:53:0c:0a:88:18:ff:9f:
                    7f:6a:b3:11:c9:71:83:aa:28:81:91:c7:e1:a0:ef:
                    44:c9:8d:36:31:7a:44:c9:be:3d:1c:73:c3:0b:84:
                    19:e9:0a:63:fb:e1:49:a5:5d:19:dc:63:bf:a4:80:
                    8f:53:5f:e7:a1:ea:de:53:d6:69:b9:53:86:dc:db:
                    6a:9b:4f:85:f4:6e:e1:a5:7b:f3:cf:bf:e0:42:c9:
                    01:13:f2:a9:df:da:8c:d0:c4:bd:17:f3:9a:55:c7:
                    ec:8f:0f:41:ba:bc:28:2f:07:b3:a3:cf:9d:06:8a:
                    97:8b:65:f4:19:e4:25:64:29:4b:9c:2f:82:ec:c5:
                    aa:14:03:24:b9:7c:91:00:e6:29:88:45:59:e8:a5:
                    1b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:31:5C:A7:53:32:00:DE:E2:D2:0A:0B:1D:C6:66:6D:30:69:40:09
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/yjFcp1MyAN7i0goLHcZmbTBpQAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:ae:e6:2f:b4:55:bb:f0:88:73:78:5f:24:25:c1:bf:d7:85:
         d4:74:7a:11:ba:3a:74:b7:a3:c6:4a:5d:e7:b7:75:2e:45:eb:
         4b:ba:70:ba:3a:fc:6d:86:6c:09:1c:92:26:2d:8f:1e:ab:f3:
         a6:4d:8f:71:eb:90:84:09:4e:0a:fc:76:7a:3b:dd:5a:0b:70:
         71:1b:c2:47:41:14:d0:2e:c9:3f:f0:24:db:f2:16:8a:47:af:
         b1:b2:48:57:16:ae:66:47:cb:3a:1e:f8:55:3d:3a:49:05:19:
         dc:62:eb:10:88:f2:c0:31:4a:10:72:48:ba:cf:2d:36:86:d8:
         63:c3:6d:7d:03:68:08:84:f4:db:53:07:76:38:8c:29:ab:87:
         26:b3:a2:3c:8c:83:f9:d5:37:b0:f2:eb:33:7b:7a:7d:54:3c:
         ce:81:de:73:9e:01:91:37:d3:71:5e:f7:e7:9c:62:38:5e:3f:
         ad:93:e9:d8:32:db:d1:62:1b:dd:a5:96:69:38:2a:d0:9e:b3:
         de:c8:21:6f:e2:b1:af:12:4b:a0:b9:6c:63:8f:42:e4:de:47:
         b5:8a:f1:40:db:09:a4:c8:9c:43:23:0d:a7:2a:d2:3d:0d:93:
         a9:37:26:05:30:84:9d:52:56:b2:7e:91:56:79:97:a3:63:af:
         aa:35:82:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY191DU/q6jQYLoDi6ynTg8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjQwMjA2MDk1MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMxNWNhNzUzMzIwMGRlZTJkMjBhMGIxZGM2NjY2ZDMwNjk0MDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2JDtemr43m1pV1dSNvDEPvoLDmq
8ps03h56T2hkO+JhW5nGPPJwpDOxRrAGM9O0g4eGLnFeA8LiMDwUDe/ubFA7K1zk
LeoO+6G25hGK7iIG9D/GTU2s0vnkLjlmTLJGlLU/tnKZsqmAp6JSgVWbVFMMCogY
/59/arMRyXGDqiiBkcfhoO9EyY02MXpEyb49HHPDC4QZ6Qpj++FJpV0Z3GO/pICP
U1/noereU9ZpuVOG3Ntqm0+F9G7hpXvzz7/gQskBE/Kp39qM0MS9F/OaVcfsjw9B
urwoLwezo8+dBoqXi2X0GeQlZClLnC+C7MWqFAMkuXyRAOYpiEVZ6KUbhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoxXKdTMgDe4tIKCx3GZm0waUAJMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEveWpGY3AxTXlBTjdpMGdvTEhjWm1iVEJwUUFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYG4MA0G
CSqGSIb3DQEBCwUAA4IBAQB0ruYvtFW78IhzeF8kJcG/14XUdHoRujp0t6PGSl3n
t3UuRetLunC6OvxthmwJHJImLY8eq/OmTY9x65CECU4K/HZ6O91aC3BxG8JHQRTQ
Lsk/8CTb8haKR6+xskhXFq5mR8s6HvhVPTpJBRncYusQiPLAMUoQcki6zy02hthj
w219A2gIhPTbUwd2OIwpq4cms6I8jIP51Tew8usze3p9VDzOgd5zngGRN9NxXvfn
nGI4Xj+tk+nYMtvRYhvdpZZpOCrQnrPeyCFv4rGvEkuguWxjj0Lk3ke1ivFA2wmk
yJxDIw2nKtI9DZOpNyYFMISdUlayfpFWeZejY6+qNYLL
-----END CERTIFICATE-----