Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/05c669-04f8-4283-9cdb-60e3e214a63e/1/dr7RYQxYPb0AEqxzVHAzQWJWe9k.roa
File:                     dr7RYQxYPb0AEqxzVHAzQWJWe9k.roa (raw, json)
Hash identifier:          TfEBIBGoP/y1e2a3tUtMGEJU3tw9ChGQZ/IDjOj0Rv8=
Subject key identifier:   76:BE:D1:61:0C:58:3D:BD:00:12:AC:73:54:70:33:41:62:56:7B:D9
Certificate issuer:       /CN=b2fbfe5f059f9dc13454344c90749574ece629f5
Certificate serial:       018CC86EF61FD65FAF401660AA82ED252B21
Authority key identifier: B2:FB:FE:5F:05:9F:9D:C1:34:54:34:4C:90:74:95:74:EC:E6:29:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/svv-XwWfncE0VDRMkHSVdOzmKfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/05c669-04f8-4283-9cdb-60e3e214a63e/1/dr7RYQxYPb0AEqxzVHAzQWJWe9k.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202780
IP address blocks:        185.154.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/05c669-04f8-4283-9cdb-60e3e214a63e/1/svv-XwWfncE0VDRMkHSVdOzmKfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/05c669-04f8-4283-9cdb-60e3e214a63e/1/svv-XwWfncE0VDRMkHSVdOzmKfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/svv-XwWfncE0VDRMkHSVdOzmKfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f6:1f:d6:5f:af:40:16:60:aa:82:ed:25:2b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2fbfe5f059f9dc13454344c90749574ece629f5
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76bed1610c583dbd0012ac735470334162567bd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1d:1c:91:be:00:32:4d:56:a3:55:1e:ce:42:
                    5c:5b:80:b6:dc:b5:21:b7:52:c8:b1:de:1f:56:d3:
                    aa:b3:e6:19:26:08:99:46:02:04:5c:8a:81:42:a9:
                    0b:ed:25:45:ef:b9:82:1f:49:44:2d:8f:1b:c1:9c:
                    51:c3:cd:99:4e:a4:d4:dd:e8:1b:05:25:b2:99:c0:
                    53:62:62:f8:bf:d7:61:c5:ff:c3:6f:8a:7e:b5:e0:
                    24:f8:b8:e8:3c:a4:2f:f1:3d:3c:b3:a1:39:2b:b8:
                    f8:0e:9b:86:53:e2:c4:97:8b:12:ba:b6:54:7c:5a:
                    4d:a3:34:03:45:36:54:a1:dd:e7:8e:a3:de:53:03:
                    9a:ce:55:4d:6f:cb:48:b3:f5:29:d5:48:3e:db:73:
                    65:b1:b7:73:7f:c3:03:81:bb:c2:16:6c:c0:8b:1e:
                    63:e9:9a:96:7d:05:13:02:9b:b3:c1:f5:ed:1b:a7:
                    4d:75:ff:e6:2c:e8:3e:ca:4d:9b:eb:91:5b:5d:d4:
                    c7:3c:f4:3e:34:5e:df:32:e4:b3:00:0e:2b:9c:3d:
                    16:47:35:d6:6c:24:af:54:ed:78:35:68:e5:1a:26:
                    f8:2e:ab:3e:81:1f:ad:6e:b7:7c:f2:43:9c:5b:12:
                    97:82:71:a5:a9:1b:c6:97:42:b7:4a:d3:2e:37:f5:
                    51:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:BE:D1:61:0C:58:3D:BD:00:12:AC:73:54:70:33:41:62:56:7B:D9
            X509v3 Authority Key Identifier:
                keyid:B2:FB:FE:5F:05:9F:9D:C1:34:54:34:4C:90:74:95:74:EC:E6:29:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/svv-XwWfncE0VDRMkHSVdOzmKfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/05c669-04f8-4283-9cdb-60e3e214a63e/1/dr7RYQxYPb0AEqxzVHAzQWJWe9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/05c669-04f8-4283-9cdb-60e3e214a63e/1/svv-XwWfncE0VDRMkHSVdOzmKfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:a9:10:91:81:e4:db:64:ed:1c:f2:d9:29:11:48:c3:d4:2d:
         41:f2:60:5e:14:29:4d:5c:71:40:3a:d7:cd:61:4e:22:fa:c5:
         97:49:1e:34:4b:00:b0:a9:ca:14:be:3d:a7:3c:ff:1b:f6:04:
         8e:09:69:c1:c5:fc:05:1a:8c:a4:bc:4e:f3:30:67:07:ab:75:
         ec:ba:e8:bc:63:92:b4:ed:98:de:f8:6c:79:43:2c:01:e2:c7:
         0c:7d:f9:29:bc:2b:c0:ba:24:3c:55:b0:74:43:04:b1:32:32:
         e9:51:cb:f6:28:91:e7:10:b4:20:66:07:ac:e0:8c:78:17:73:
         33:ec:fc:6b:25:a8:9e:df:2c:4f:d3:c0:72:f2:8f:6d:37:fb:
         9b:9f:5d:e8:8d:b5:fb:12:56:1b:46:34:95:99:ca:ac:9a:fc:
         62:f2:5d:32:ae:c7:b6:5f:b3:1d:26:1d:e5:ac:dd:7b:d9:8d:
         cb:d3:ed:f0:0c:dd:fc:73:af:6d:ae:40:23:50:3f:f5:c2:ef:
         2f:9c:64:08:a1:de:e5:af:9d:a9:2d:ea:63:cc:11:5e:c7:65:
         4b:dd:92:7d:72:ee:9a:c7:28:c9:58:07:1a:d2:ce:f8:64:bd:
         b7:f5:8f:25:9b:7e:4b:41:f8:05:f9:ae:42:59:2b:93:dd:47:
         65:a5:00:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvYf1l+vQBZgqoLtJSshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZmJmZTVmMDU5ZjlkYzEzNDU0MzQ0YzkwNzQ5NTc0ZWNl
NjI5ZjUwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmJlZDE2MTBjNTgzZGJkMDAxMmFjNzM1NDcwMzM0MTYyNTY3YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR0ckb4AMk1Wo1UezkJcW4C23LUh
t1LIsd4fVtOqs+YZJgiZRgIEXIqBQqkL7SVF77mCH0lELY8bwZxRw82ZTqTU3egb
BSWymcBTYmL4v9dhxf/Db4p+teAk+LjoPKQv8T08s6E5K7j4DpuGU+LEl4sSurZU
fFpNozQDRTZUod3njqPeUwOazlVNb8tIs/Up1Ug+23Nlsbdzf8MDgbvCFmzAix5j
6ZqWfQUTApuzwfXtG6dNdf/mLOg+yk2b65FbXdTHPPQ+NF7fMuSzAA4rnD0WRzXW
bCSvVO14NWjlGib4Lqs+gR+tbrd88kOcWxKXgnGlqRvGl0K3StMuN/VRTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHa+0WEMWD29ABKsc1RwM0FiVnvZMB8GA1UdIwQY
MBaAFLL7/l8Fn53BNFQ0TJB0lXTs5in1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Z2LVh3V2ZuY0UwVkRSTWtIU1ZkT3ptS2ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8wNWM2NjktMDRmOC00MjgzLTljZGIt
NjBlM2UyMTRhNjNlLzEvZHI3UllReFlQYjBBRXF4elZIQXpRV0pXZTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8wNWM2NjktMDRmOC00MjgzLTljZGItNjBlM2UyMTRhNjNl
LzEvc3Z2LVh3V2ZuY0UwVkRSTWtIU1ZkT3ptS2ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZrkMA0G
CSqGSIb3DQEBCwUAA4IBAQARqRCRgeTbZO0c8tkpEUjD1C1B8mBeFClNXHFAOtfN
YU4i+sWXSR40SwCwqcoUvj2nPP8b9gSOCWnBxfwFGoykvE7zMGcHq3Xsuui8Y5K0
7Zje+Gx5QywB4scMffkpvCvAuiQ8VbB0QwSxMjLpUcv2KJHnELQgZges4Ix4F3Mz
7PxrJaie3yxP08By8o9tN/ubn13ojbX7ElYbRjSVmcqsmvxi8l0yrse2X7MdJh3l
rN172Y3L0+3wDN38c69trkAjUD/1wu8vnGQIod7lr52pLepjzBFex2VL3ZJ9cu6a
xyjJWAca0s74ZL239Y8lm35LQfgF+a5CWSuT3UdlpQCa
-----END CERTIFICATE-----