Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/3iBo7rtaE-bfjlrLXKTAWHSRTl0.roa
File:                     3iBo7rtaE-bfjlrLXKTAWHSRTl0.roa (raw, json)
Hash identifier:          sHTu/OMy4KXK2gTTbJWpwLiy46VfWuLQh7UAPHxxeRM=
Subject key identifier:   DE:20:68:EE:BB:5A:13:E6:DF:8E:5A:CB:5C:A4:C0:58:74:91:4E:5D
Certificate issuer:       /CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
Certificate serial:       018CC9BC06AAEEF6F69720A5FACB3993360F
Authority key identifier: CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/3iBo7rtaE-bfjlrLXKTAWHSRTl0.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210924
IP address blocks:        185.210.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:06:aa:ee:f6:f6:97:20:a5:fa:cb:39:93:36:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de2068eebb5a13e6df8e5acb5ca4c05874914e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:54:98:56:d5:33:1e:a3:7a:50:d9:75:72:67:
                    c3:39:91:72:e1:ba:24:a5:f1:28:99:b6:9f:39:7c:
                    84:98:23:51:e8:9b:33:00:68:14:4e:eb:85:ae:5b:
                    3d:aa:a2:5b:6d:d0:51:88:9c:e0:3a:28:b0:85:ff:
                    cc:63:dd:28:e0:39:27:e1:4f:c7:78:38:95:e7:6d:
                    b4:58:f8:da:5d:20:d4:92:5d:dc:3a:f1:41:f5:9b:
                    2d:64:23:f9:3a:97:97:c0:e9:ce:10:0c:19:d5:81:
                    90:2f:0a:11:d5:de:d6:32:36:da:92:77:b6:5f:d8:
                    80:a9:65:6b:06:6e:54:95:b4:9a:c8:19:26:20:11:
                    1e:45:04:4a:7e:a9:70:f8:65:95:de:3a:77:dd:8c:
                    47:7f:ac:69:c9:f8:a5:fc:14:de:46:ee:ba:ee:0e:
                    5b:dd:72:50:7f:f9:b3:a8:fd:c9:18:a5:1f:0f:29:
                    a0:0b:19:c9:53:9d:a0:9a:6d:23:12:a7:88:13:f4:
                    cd:b7:11:01:c5:2b:75:80:e5:58:fb:4b:4e:30:01:
                    8a:f5:32:e9:67:20:f5:f2:d3:16:97:4e:22:cb:f6:
                    e0:38:18:63:3d:1d:09:81:37:15:4d:cb:20:6d:26:
                    9a:a9:2e:d3:ec:91:07:8f:47:08:60:7e:da:09:a5:
                    ea:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:20:68:EE:BB:5A:13:E6:DF:8E:5A:CB:5C:A4:C0:58:74:91:4E:5D
            X509v3 Authority Key Identifier:
                keyid:CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/3iBo7rtaE-bfjlrLXKTAWHSRTl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:4c:63:0b:91:d2:9b:64:2d:c6:af:4c:16:6c:12:1f:31:8c:
         fa:c8:43:dc:ec:42:14:d2:72:12:75:e1:5e:29:95:93:89:77:
         a9:ce:25:7e:31:0a:11:f7:b0:2c:69:d9:1b:58:a1:b2:4d:de:
         c5:17:65:1d:4a:6b:b2:00:e5:43:9d:cd:59:24:3f:dc:af:99:
         7e:df:c3:fc:84:81:9e:82:70:e4:c0:1b:dd:5a:b2:97:64:63:
         eb:45:05:d2:e0:46:16:cf:1e:99:65:eb:f2:61:af:96:4a:c5:
         b4:98:e7:c9:53:6b:e5:7b:38:ea:7d:9d:2d:0b:47:a6:f3:a5:
         be:07:47:f9:38:d7:12:69:64:1c:02:8c:19:77:4d:aa:08:d9:
         cf:39:8f:1b:94:f7:96:c6:31:1d:68:95:71:6b:64:c1:c3:34:
         20:b1:67:10:e9:b5:36:d4:21:44:a2:56:45:1a:e4:72:57:b5:
         a2:94:bc:90:b6:d5:6d:0c:d3:bb:c4:75:e5:5e:5c:61:d1:2a:
         a7:ab:0e:23:64:e7:3e:8d:78:14:78:a6:c1:88:3f:9d:50:a4:
         01:ca:f8:fa:41:34:8f:ba:f2:cf:70:ab:d4:74:85:9f:21:bc:
         c2:5f:58:dd:9f:56:0a:9b:df:24:77:9a:ac:9c:5e:d5:4a:2c:
         0b:56:37:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAaq7vb2lyCl+ss5kzYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjQ1YmMwZmRiODYyNmJjZTJjMDQyNWM0MDg3YjU0ZTE1
MGQzODYwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTIwNjhlZWJiNWExM2U2ZGY4ZTVhY2I1Y2E0YzA1ODc0OTE0ZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFSYVtUzHqN6UNl1cmfDOZFy4bok
pfEombafOXyEmCNR6JszAGgUTuuFrls9qqJbbdBRiJzgOiiwhf/MY90o4Dkn4U/H
eDiV5220WPjaXSDUkl3cOvFB9ZstZCP5OpeXwOnOEAwZ1YGQLwoR1d7WMjbakne2
X9iAqWVrBm5UlbSayBkmIBEeRQRKfqlw+GWV3jp33YxHf6xpyfil/BTeRu667g5b
3XJQf/mzqP3JGKUfDymgCxnJU52gmm0jEqeIE/TNtxEBxSt1gOVY+0tOMAGK9TLp
ZyD18tMWl04iy/bgOBhjPR0JgTcVTcsgbSaaqS7T7JEHj0cIYH7aCaXqQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4gaO67WhPm345ay1ykwFh0kU5dMB8GA1UdIwQY
MBaAFMtkW8D9uGJrziwEJcQIe1ThUNOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmIt
ZTg3NTRkMDA1ZWJlLzEvM2lCbzdydGFFLWJmamxyTFhLVEFXSFNSVGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmItZTg3NTRkMDA1ZWJl
LzEveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKdMA0G
CSqGSIb3DQEBCwUAA4IBAQCGTGMLkdKbZC3Gr0wWbBIfMYz6yEPc7EIU0nISdeFe
KZWTiXepziV+MQoR97AsadkbWKGyTd7FF2UdSmuyAOVDnc1ZJD/cr5l+38P8hIGe
gnDkwBvdWrKXZGPrRQXS4EYWzx6ZZevyYa+WSsW0mOfJU2vlezjqfZ0tC0em86W+
B0f5ONcSaWQcAowZd02qCNnPOY8blPeWxjEdaJVxa2TBwzQgsWcQ6bU21CFEolZF
GuRyV7WilLyQttVtDNO7xHXlXlxh0Sqnqw4jZOc+jXgUeKbBiD+dUKQByvj6QTSP
uvLPcKvUdIWfIbzCX1jdn1YKm98kd5qsnF7VSiwLVjfX
-----END CERTIFICATE-----