Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/5fea8b-5228-42f7-8256-c815e50ec5e7/1/pSnrCyim-cOu6rvVNh26yp-UZTw.roa
File:                     pSnrCyim-cOu6rvVNh26yp-UZTw.roa (raw, json)
Hash identifier:          Qyvs4kyZnPMJXNIeRXE6+cHuPCE5EyKirT7aKoOFIvU=
Subject key identifier:   A5:29:EB:0B:28:A6:F9:C3:AE:EA:BB:D5:36:1D:BA:CA:9F:94:65:3C
Certificate issuer:       /CN=ecf4f9db30b19c75e35ae803793f4e1b4aaa1487
Certificate serial:       018CC94BE2C7D9C9B7BC6FA45EF962279657
Authority key identifier: EC:F4:F9:DB:30:B1:9C:75:E3:5A:E8:03:79:3F:4E:1B:4A:AA:14:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PT52zCxnHXjWugDeT9OG0qqFIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/5fea8b-5228-42f7-8256-c815e50ec5e7/1/pSnrCyim-cOu6rvVNh26yp-UZTw.roa
Signing time:             Tue 02 Jan 2024 08:30:42 +0000
ROA not before:           Tue 02 Jan 2024 08:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        185.198.204.0/23 maxlen: 23
                          2a00:f080::/42 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/5fea8b-5228-42f7-8256-c815e50ec5e7/1/7PT52zCxnHXjWugDeT9OG0qqFIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/5fea8b-5228-42f7-8256-c815e50ec5e7/1/7PT52zCxnHXjWugDeT9OG0qqFIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PT52zCxnHXjWugDeT9OG0qqFIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e2:c7:d9:c9:b7:bc:6f:a4:5e:f9:62:27:96:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf4f9db30b19c75e35ae803793f4e1b4aaa1487
        Validity
            Not Before: Jan  2 08:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a529eb0b28a6f9c3aeeabbd5361dbaca9f94653c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:54:2a:31:22:1a:d0:61:46:e3:9f:8c:c5:0a:
                    b8:bf:d2:b2:f1:fe:41:3a:ab:82:60:17:2b:c1:14:
                    da:04:ff:0c:d5:95:38:dc:45:7e:60:a6:a4:04:e7:
                    b0:11:7b:74:30:67:ae:9b:cc:93:96:ff:59:b3:4c:
                    75:e9:3a:44:c2:9d:93:d2:8f:92:0d:3a:34:2f:10:
                    4c:df:99:21:99:6b:b2:9a:70:76:e9:b4:26:fa:c3:
                    eb:14:72:7c:34:4a:1a:41:5b:15:39:0a:d1:de:03:
                    05:8f:51:a9:9c:62:0b:63:7f:8a:14:41:8c:85:2a:
                    57:5d:a4:ce:d0:67:33:cb:fc:3d:c2:36:6f:c0:14:
                    2c:8d:21:3a:2b:86:a0:c0:52:55:7e:8c:94:fb:1b:
                    04:8e:a4:5d:ac:1d:13:7b:5b:56:b4:cd:12:d5:0c:
                    0b:af:b3:c0:46:14:02:c6:58:21:de:7c:ac:8e:b4:
                    c0:70:09:15:21:5d:33:6c:62:1c:04:a2:8c:b5:b6:
                    cd:8b:d2:d2:b1:1d:14:10:26:a0:42:e0:e0:27:68:
                    b6:26:27:a2:e0:90:17:64:76:26:51:5e:70:06:47:
                    5f:8d:4f:8e:e1:ef:6e:d9:ca:72:80:81:ae:28:5d:
                    67:45:8f:23:9a:6f:eb:31:bd:fd:2d:aa:1d:da:65:
                    bc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:29:EB:0B:28:A6:F9:C3:AE:EA:BB:D5:36:1D:BA:CA:9F:94:65:3C
            X509v3 Authority Key Identifier:
                keyid:EC:F4:F9:DB:30:B1:9C:75:E3:5A:E8:03:79:3F:4E:1B:4A:AA:14:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PT52zCxnHXjWugDeT9OG0qqFIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5fea8b-5228-42f7-8256-c815e50ec5e7/1/pSnrCyim-cOu6rvVNh26yp-UZTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5fea8b-5228-42f7-8256-c815e50ec5e7/1/7PT52zCxnHXjWugDeT9OG0qqFIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.204.0/23
                IPv6:
                  2a00:f080::/42

    Signature Algorithm: sha256WithRSAEncryption
         a5:e6:3a:c8:7e:b6:79:9e:6f:ae:60:39:f9:c2:2e:be:74:73:
         df:ec:84:cd:84:d6:0f:e7:db:b9:da:9d:b2:51:be:af:56:b6:
         77:ce:cd:fe:d7:52:84:47:96:74:2d:50:7e:9e:d5:9c:e6:f9:
         7d:be:db:9e:87:b9:2d:3e:41:05:b7:6d:5d:e6:4b:97:4c:21:
         2a:08:9a:c2:98:77:14:ce:29:23:e8:ae:07:0d:11:00:81:5e:
         b4:8b:e9:a7:00:26:99:23:2d:77:1e:b5:32:ed:83:9f:bc:b7:
         da:27:5e:b4:23:21:81:83:12:95:8a:22:37:f2:4e:e5:e9:5b:
         c9:e1:c8:58:7a:ff:13:04:b1:7d:bd:ae:3a:aa:32:2b:9c:f7:
         e0:5c:4c:8a:89:c9:a8:cc:6a:8e:11:4c:5f:2f:87:92:04:03:
         35:c0:1a:ae:86:f7:f6:b9:3e:d4:75:3e:b9:18:a2:df:21:85:
         5b:20:03:ba:e1:c8:4b:99:32:83:a1:d0:29:55:bb:a5:ec:40:
         c7:de:0b:b6:94:60:61:2a:74:77:2a:17:10:b8:01:b2:9f:04:
         d5:91:a8:c3:c2:c6:79:05:af:27:46:42:40:3d:dd:8c:67:f2:
         a0:28:ce:db:27:e4:3a:f6:6a:46:26:a0:f5:cc:ee:f8:2a:bf:
         d0:f2:44:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJS+LH2cm3vG+kXvliJ5ZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjRmOWRiMzBiMTljNzVlMzVhZTgwMzc5M2Y0ZTFiNGFh
YTE0ODcwHhcNMjQwMTAyMDgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTI5ZWIwYjI4YTZmOWMzYWVlYWJiZDUzNjFkYmFjYTlmOTQ2NTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVQqMSIa0GFG45+MxQq4v9Ky8f5B
OquCYBcrwRTaBP8M1ZU43EV+YKakBOewEXt0MGeum8yTlv9Zs0x16TpEwp2T0o+S
DTo0LxBM35khmWuymnB26bQm+sPrFHJ8NEoaQVsVOQrR3gMFj1GpnGILY3+KFEGM
hSpXXaTO0Gczy/w9wjZvwBQsjSE6K4agwFJVfoyU+xsEjqRdrB0Te1tWtM0S1QwL
r7PARhQCxlgh3nysjrTAcAkVIV0zbGIcBKKMtbbNi9LSsR0UECagQuDgJ2i2Jiei
4JAXZHYmUV5wBkdfjU+O4e9u2cpygIGuKF1nRY8jmm/rMb39Laod2mW8XQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKUp6wsopvnDruq71TYdusqflGU8MB8GA1UdIwQY
MBaAFOz0+dswsZx141roA3k/ThtKqhSHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BUNTJ6Q3huSFhqV3VnRGVUOU9HMHFxRkljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81ZmVhOGItNTIyOC00MmY3LTgyNTYt
YzgxNWU1MGVjNWU3LzEvcFNuckN5aW0tY091NnJ2Vk5oMjZ5cC1VWlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81ZmVhOGItNTIyOC00MmY3LTgyNTYtYzgxNWU1MGVjNWU3
LzEvN1BUNTJ6Q3huSFhqV3VnRGVUOU9HMHFxRkljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBucbMMA8E
AgACMAkDBwYqAPCAAAAwDQYJKoZIhvcNAQELBQADggEBAKXmOsh+tnmeb65gOfnC
Lr50c9/shM2E1g/n27nanbJRvq9WtnfOzf7XUoRHlnQtUH6e1Zzm+X2+256HuS0+
QQW3bV3mS5dMISoImsKYdxTOKSPorgcNEQCBXrSL6acAJpkjLXcetTLtg5+8t9on
XrQjIYGDEpWKIjfyTuXpW8nhyFh6/xMEsX29rjqqMiuc9+BcTIqJyajMao4RTF8v
h5IEAzXAGq6G9/a5PtR1PrkYot8hhVsgA7rhyEuZMoOh0ClVu6XsQMfeC7aUYGEq
dHcqFxC4AbKfBNWRqMPCxnkFrydGQkA93Yxn8qAoztsn5Dr2akYmoPXM7vgqv9Dy
RBg=
-----END CERTIFICATE-----