Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/ac2978-4903-4a87-9015-bf4a38107e99/1/kG-b5eX-ELvCTwP2E1cJFOaFZDA.roa
File:                     kG-b5eX-ELvCTwP2E1cJFOaFZDA.roa (raw, json)
Hash identifier:          71MRL3lPaqvgJ7u8oEQP1mJUa7C8hsZgIU1QepvG6/k=
Subject key identifier:   90:6F:9B:E5:E5:FE:10:BB:C2:4F:03:F6:13:57:09:14:E6:85:64:30
Certificate issuer:       /CN=9adc1290226b8f5b267764fb9565c0bc19833697
Certificate serial:       018CC5DC39C05FF212381349170B8673613D
Authority key identifier: 9A:DC:12:90:22:6B:8F:5B:26:77:64:FB:95:65:C0:BC:19:83:36:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mtwSkCJrj1smd2T7lWXAvBmDNpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/ac2978-4903-4a87-9015-bf4a38107e99/1/kG-b5eX-ELvCTwP2E1cJFOaFZDA.roa
Signing time:             Mon 01 Jan 2024 16:29:53 +0000
ROA not before:           Mon 01 Jan 2024 16:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202105
IP address blocks:        185.133.85.0/24 maxlen: 24
                          185.133.84.0/24 maxlen: 24
                          185.133.86.0/24 maxlen: 24
                          185.133.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/ac2978-4903-4a87-9015-bf4a38107e99/1/mtwSkCJrj1smd2T7lWXAvBmDNpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/ac2978-4903-4a87-9015-bf4a38107e99/1/mtwSkCJrj1smd2T7lWXAvBmDNpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mtwSkCJrj1smd2T7lWXAvBmDNpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:39:c0:5f:f2:12:38:13:49:17:0b:86:73:61:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9adc1290226b8f5b267764fb9565c0bc19833697
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=906f9be5e5fe10bbc24f03f613570914e6856430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:93:ae:ff:21:ec:b2:6e:5c:71:33:ad:ea:4b:
                    8a:d6:4d:c1:d9:46:36:ec:84:7e:56:52:c1:4b:e8:
                    e9:e7:8d:1a:40:b8:bb:d4:b0:f9:f1:f0:33:98:a4:
                    fe:2c:71:a4:f7:cc:db:33:b3:24:57:93:f1:a4:f4:
                    12:b4:77:48:c1:bc:f8:01:d8:bd:91:8b:b9:f7:a0:
                    a9:8d:55:03:9f:17:32:a1:0d:23:9f:ab:2a:c5:11:
                    72:1d:a5:e6:e9:72:2d:90:1f:f1:21:88:f6:4d:23:
                    d9:97:02:dd:74:25:1a:0e:0e:a1:34:d5:94:62:02:
                    d5:5f:c7:d5:9d:f5:37:fc:a8:da:c8:87:33:b9:9d:
                    1a:c4:d0:cf:89:e0:2e:57:cb:33:7e:01:c1:43:d9:
                    2c:6b:f2:f9:c5:4d:02:3c:71:0e:6b:05:cd:84:f4:
                    1a:da:40:ed:5d:5d:fd:c2:44:31:0b:0c:19:e0:a0:
                    36:0c:91:9e:c5:38:b6:bd:41:68:b2:c0:dc:a5:d7:
                    43:c0:6b:4c:9d:4c:e3:db:5e:5c:b8:c4:ff:bf:ac:
                    a2:f4:45:39:17:85:5f:4a:c8:07:ee:ed:56:b8:12:
                    f3:d6:50:73:e1:84:ba:f6:85:d4:64:df:de:8f:c7:
                    40:86:20:5f:f2:c7:0d:a4:b7:cf:2a:fb:51:95:cb:
                    ea:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:6F:9B:E5:E5:FE:10:BB:C2:4F:03:F6:13:57:09:14:E6:85:64:30
            X509v3 Authority Key Identifier:
                keyid:9A:DC:12:90:22:6B:8F:5B:26:77:64:FB:95:65:C0:BC:19:83:36:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mtwSkCJrj1smd2T7lWXAvBmDNpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/ac2978-4903-4a87-9015-bf4a38107e99/1/kG-b5eX-ELvCTwP2E1cJFOaFZDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/ac2978-4903-4a87-9015-bf4a38107e99/1/mtwSkCJrj1smd2T7lWXAvBmDNpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e7:63:e3:72:ec:4b:3c:0a:8a:6e:ec:ca:1d:b0:ac:58:81:d1:
         c8:4c:c6:1f:9b:11:8c:b5:0e:86:ce:f4:e1:97:d7:3c:48:b4:
         7e:07:90:bc:7c:88:ed:0b:b3:96:5a:89:92:8a:ff:89:09:0f:
         41:f9:46:7d:00:40:8d:c0:fc:11:2e:fe:b5:0c:04:d4:c1:01:
         1c:5c:3b:e9:66:3a:58:6c:21:a8:d6:93:92:22:8b:29:a9:78:
         2d:c9:02:8a:76:91:af:5a:44:31:60:25:dc:cb:f1:00:6e:31:
         1d:a2:a0:73:a5:7a:31:55:91:1a:70:ad:fe:8d:4f:56:29:3e:
         23:89:9b:32:77:e6:44:14:85:c0:00:74:f4:0d:60:50:94:b5:
         8d:be:31:e3:7b:1c:f1:10:08:1c:20:c3:05:5e:55:79:bc:18:
         2a:e7:e3:43:96:e1:83:20:1a:b3:7b:4a:37:25:9a:fd:c7:b4:
         cf:f7:29:2f:3c:63:16:66:55:39:de:01:a5:63:c0:48:e9:05:
         a2:c8:17:0b:ac:b8:97:fd:da:eb:7d:79:e0:3a:1f:c2:fb:b6:
         22:6a:bf:ff:44:c8:d8:70:2d:3c:7a:0e:70:ee:64:7d:7b:ea:
         0a:6d:db:7a:2b:20:46:4e:98:3b:71:9a:ce:34:f4:24:1d:03:
         58:7b:c6:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DnAX/ISOBNJFwuGc2E9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZGMxMjkwMjI2YjhmNWIyNjc3NjRmYjk1NjVjMGJjMTk4
MzM2OTcwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDZmOWJlNWU1ZmUxMGJiYzI0ZjAzZjYxMzU3MDkxNGU2ODU2NDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJOu/yHssm5ccTOt6kuK1k3B2UY2
7IR+VlLBS+jp540aQLi71LD58fAzmKT+LHGk98zbM7MkV5PxpPQStHdIwbz4Adi9
kYu596CpjVUDnxcyoQ0jn6sqxRFyHaXm6XItkB/xIYj2TSPZlwLddCUaDg6hNNWU
YgLVX8fVnfU3/KjayIczuZ0axNDPieAuV8szfgHBQ9ksa/L5xU0CPHEOawXNhPQa
2kDtXV39wkQxCwwZ4KA2DJGexTi2vUFossDcpddDwGtMnUzj215cuMT/v6yi9EU5
F4VfSsgH7u1WuBLz1lBz4YS69oXUZN/ej8dAhiBf8scNpLfPKvtRlcvqywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBvm+Xl/hC7wk8D9hNXCRTmhWQwMB8GA1UdIwQY
MBaAFJrcEpAia49bJndk+5VlwLwZgzaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXR3U2tDSnJqMXNtZDJUN2xXWEF2Qm1ETnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hYzI5NzgtNDkwMy00YTg3LTkwMTUt
YmY0YTM4MTA3ZTk5LzEva0ctYjVlWC1FTHZDVHdQMkUxY0pGT2FGWkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hYzI5NzgtNDkwMy00YTg3LTkwMTUtYmY0YTM4MTA3ZTk5
LzEvbXR3U2tDSnJqMXNtZDJUN2xXWEF2Qm1ETnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYVUMA0G
CSqGSIb3DQEBCwUAA4IBAQDnY+Ny7Es8Copu7ModsKxYgdHITMYfmxGMtQ6GzvTh
l9c8SLR+B5C8fIjtC7OWWomSiv+JCQ9B+UZ9AECNwPwRLv61DATUwQEcXDvpZjpY
bCGo1pOSIospqXgtyQKKdpGvWkQxYCXcy/EAbjEdoqBzpXoxVZEacK3+jU9WKT4j
iZsyd+ZEFIXAAHT0DWBQlLWNvjHjexzxEAgcIMMFXlV5vBgq5+NDluGDIBqze0o3
JZr9x7TP9ykvPGMWZlU53gGlY8BI6QWiyBcLrLiX/drrfXngOh/C+7Yiar//RMjY
cC08eg5w7mR9e+oKbdt6KyBGTpg7cZrONPQkHQNYe8ZZ
-----END CERTIFICATE-----