Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/yzANwqcREJivwpunemfV70BxYs0.roa
File:                     yzANwqcREJivwpunemfV70BxYs0.roa (raw, json)
Hash identifier:          Iyjevymzi79Oa9VDF2inF0sWRJ8PA0u0738zY1BGqWw=
Subject key identifier:   CB:30:0D:C2:A7:11:10:98:AF:C2:9B:A7:7A:67:D5:EF:40:71:62:CD
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EA2E2A1B1F51B296592CC24BAAF47CC4E
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/yzANwqcREJivwpunemfV70BxYs0.roa
Signing time:             Wed 03 Apr 2024 07:35:45 +0000
ROA not before:           Wed 03 Apr 2024 07:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216379
IP address blocks:        178.185.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:e2:a1:b1:f5:1b:29:65:92:cc:24:ba:af:47:cc:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr  3 07:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb300dc2a7111098afc29ba77a67d5ef407162cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:fb:03:0a:e0:cf:57:43:97:18:79:89:4e:6e:
                    14:d8:eb:16:9f:60:ab:1e:d5:8c:25:f9:72:1b:ff:
                    dc:3f:78:6a:72:ef:ec:04:1e:7c:a7:14:94:d8:42:
                    94:d3:f4:89:70:e0:1b:c1:48:73:17:fb:9c:51:81:
                    cb:4c:d9:7b:86:6a:9e:08:d3:00:a7:26:e4:13:15:
                    23:2f:e5:d2:1a:b8:7e:9a:6c:74:99:fe:8b:74:8f:
                    18:86:99:bd:52:dd:ee:90:cc:7e:a7:46:f6:95:70:
                    07:15:6c:69:02:a0:ff:54:c1:b4:15:e1:2f:9f:ca:
                    d5:e6:ff:7d:54:0b:1c:fb:0b:98:52:56:dd:b3:3b:
                    c2:6b:6d:4a:57:f4:ed:44:af:3e:f1:95:69:ba:ac:
                    cf:da:c6:14:7d:13:62:8e:4f:11:0d:42:13:f6:ed:
                    9a:45:00:41:8f:f3:c9:16:ba:e3:bc:a3:86:0e:0d:
                    fa:a9:af:d2:2e:87:f4:21:5a:c8:e3:aa:15:0b:da:
                    19:5b:fa:68:14:00:52:fc:f8:ae:12:55:f6:57:32:
                    83:5f:b4:36:44:17:f7:bb:01:85:8c:b1:c1:d6:73:
                    98:c1:d9:86:6f:26:10:56:b0:26:61:87:64:ab:dc:
                    c8:56:88:2c:97:9f:3d:66:dd:b5:5a:b7:d9:00:fd:
                    ba:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:30:0D:C2:A7:11:10:98:AF:C2:9B:A7:7A:67:D5:EF:40:71:62:CD
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/yzANwqcREJivwpunemfV70BxYs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.185.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0e:3b:f8:9b:87:1d:f9:b0:6a:4d:00:43:7a:b4:9e:d5:39:
         e2:73:94:cd:ef:7c:99:ef:6b:ce:6b:4a:d6:7e:b9:04:02:25:
         81:10:e4:14:f4:72:ac:49:c6:61:fb:66:0d:e4:af:4f:c9:10:
         1e:f2:2c:9b:4a:20:ba:19:87:38:c3:6f:20:74:bc:5d:a3:d6:
         1d:33:49:53:c4:29:87:8d:40:21:e3:49:ea:e5:82:45:96:e3:
         93:e8:b1:1d:bc:d5:0f:b0:6b:eb:2e:5a:cf:68:b8:f8:f9:d9:
         ba:f1:62:fa:55:a7:2f:ce:ce:a2:ad:8c:12:37:4a:07:2f:ad:
         62:2a:b2:d7:22:2a:0f:0b:8a:6b:9d:23:ec:10:76:54:bd:d4:
         57:ee:62:08:75:fd:04:0b:42:d8:a8:ce:fa:70:86:d5:c5:b0:
         21:94:1f:b6:c9:b4:99:c5:db:63:98:51:c2:ef:9f:35:c6:d6:
         0a:80:52:0d:17:b6:c2:4d:66:7f:6e:22:16:19:11:2c:13:5e:
         e4:e4:82:6c:57:21:45:19:d0:61:b4:f7:26:b3:26:cb:25:65:
         06:53:7b:ec:01:88:0f:8e:a3:dc:11:04:fb:56:a8:82:15:0a:
         33:8f:2c:17:ec:b5:eb:42:26:ba:de:88:24:e6:f3:bf:ac:d1:
         bb:0f:6d:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6i4qGx9RspZZLMJLqvR8xOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDAzMDczNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMwMGRjMmE3MTExMDk4YWZjMjliYTc3YTY3ZDVlZjQwNzE2MmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/sDCuDPV0OXGHmJTm4U2OsWn2Cr
HtWMJflyG//cP3hqcu/sBB58pxSU2EKU0/SJcOAbwUhzF/ucUYHLTNl7hmqeCNMA
pybkExUjL+XSGrh+mmx0mf6LdI8Yhpm9Ut3ukMx+p0b2lXAHFWxpAqD/VMG0FeEv
n8rV5v99VAsc+wuYUlbdszvCa21KV/TtRK8+8ZVpuqzP2sYUfRNijk8RDUIT9u2a
RQBBj/PJFrrjvKOGDg36qa/SLof0IVrI46oVC9oZW/poFABS/PiuElX2VzKDX7Q2
RBf3uwGFjLHB1nOYwdmGbyYQVrAmYYdkq9zIVogsl589Zt21WrfZAP262QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMswDcKnERCYr8Kbp3pn1e9AcWLNMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEveXpBTndxY1JFSml2d3B1bmVtZlY3MEJ4WXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsrniMA0G
CSqGSIb3DQEBCwUAA4IBAQAQDjv4m4cd+bBqTQBDerSe1Tnic5TN73yZ72vOa0rW
frkEAiWBEOQU9HKsScZh+2YN5K9PyRAe8iybSiC6GYc4w28gdLxdo9YdM0lTxCmH
jUAh40nq5YJFluOT6LEdvNUPsGvrLlrPaLj4+dm68WL6Vacvzs6irYwSN0oHL61i
KrLXIioPC4prnSPsEHZUvdRX7mIIdf0EC0LYqM76cIbVxbAhlB+2ybSZxdtjmFHC
7581xtYKgFINF7bCTWZ/biIWGREsE17k5IJsVyFFGdBhtPcmsybLJWUGU3vsAYgP
jqPcEQT7VqiCFQozjywX7LXrQia63ogk5vO/rNG7D201
-----END CERTIFICATE-----