Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/0T5HGJNv46vOW07VpX1ZR9PJfp0.roa
File:                     0T5HGJNv46vOW07VpX1ZR9PJfp0.roa (raw, json)
Hash identifier:          W4x2wSB+gtJvPWm0sGf/tEJQBGEbGUjYk+z1KVZd3A8=
Subject key identifier:   D1:3E:47:18:93:6F:E3:AB:CE:5B:4E:D5:A5:7D:59:47:D3:C9:7E:9D
Certificate issuer:       /CN=be6c497ff4d4a8bb5a24bdd2051575b49a083c75
Certificate serial:       018CC3B721216AE9BE281A5A0F97C802E20B
Authority key identifier: BE:6C:49:7F:F4:D4:A8:BB:5A:24:BD:D2:05:15:75:B4:9A:08:3C:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/0T5HGJNv46vOW07VpX1ZR9PJfp0.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.194.234.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:21:21:6a:e9:be:28:1a:5a:0f:97:c8:02:e2:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be6c497ff4d4a8bb5a24bdd2051575b49a083c75
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d13e4718936fe3abce5b4ed5a57d5947d3c97e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:47:ed:9a:da:9f:fb:29:57:1c:17:30:b4:a8:
                    f4:34:2c:b9:b1:ae:cf:79:59:1d:20:9c:10:cb:de:
                    46:11:e4:d7:22:6f:6d:ae:9b:29:32:3e:2c:f4:9e:
                    0d:c7:a9:e0:ce:cd:aa:af:82:7b:12:db:95:f7:5b:
                    5c:74:8e:5d:f2:05:0f:15:27:2c:51:95:d9:28:7c:
                    3b:46:1a:f0:c2:be:e1:ab:a1:2e:17:e6:57:76:5f:
                    05:5d:72:b4:08:1b:5a:f1:a4:e4:84:18:24:ed:fd:
                    4c:5b:d5:74:a5:4a:29:8d:1d:0f:82:06:1a:22:3a:
                    1d:63:7d:1d:79:74:b5:da:61:ba:c6:b2:31:8a:e4:
                    fd:14:bf:e4:5a:b0:a1:cf:5a:36:27:34:9d:8f:68:
                    83:3f:f5:c0:9b:ba:41:84:19:c1:77:b3:16:07:11:
                    9f:84:37:44:14:e4:56:d7:10:29:af:61:62:9b:83:
                    53:d5:60:aa:a3:f4:35:ce:23:c2:ce:a6:44:19:9a:
                    60:4f:cd:b4:f5:8d:f0:34:92:a6:2c:24:75:24:9c:
                    11:9c:f1:37:16:5b:ed:29:15:b0:1b:cd:55:99:a8:
                    02:8d:18:47:46:e3:f8:88:2b:87:02:ea:34:20:be:
                    b8:10:66:78:90:c2:1b:19:d3:c3:f2:3b:85:3f:cd:
                    1a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3E:47:18:93:6F:E3:AB:CE:5B:4E:D5:A5:7D:59:47:D3:C9:7E:9D
            X509v3 Authority Key Identifier:
                keyid:BE:6C:49:7F:F4:D4:A8:BB:5A:24:BD:D2:05:15:75:B4:9A:08:3C:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/0T5HGJNv46vOW07VpX1ZR9PJfp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:47:89:09:b9:17:c6:2c:86:8c:ec:f9:82:01:fb:93:83:5e:
         5e:fd:9e:c1:e0:b6:37:da:6f:96:2e:99:5d:8c:31:20:45:9f:
         90:cd:72:cf:44:7d:24:72:6b:b8:f0:a4:ae:28:52:56:07:b8:
         da:70:c4:fd:08:1e:66:b8:4b:8a:43:73:51:8d:18:38:c0:d1:
         c1:78:c5:de:e0:19:d7:57:55:63:ef:2f:c1:45:ed:b3:c7:f8:
         c1:74:89:36:1e:2f:fd:07:fb:8d:48:16:13:d8:82:88:97:66:
         e2:fb:27:ef:f4:1e:bf:59:ef:21:e6:ff:07:dd:68:57:59:da:
         e4:24:64:85:7c:f9:0e:d4:43:a2:3a:ca:2a:d2:6a:5d:5c:7a:
         ee:c3:b5:99:41:4a:22:30:49:21:1b:83:55:2d:dc:ed:0a:8e:
         53:94:fe:1c:04:aa:00:d4:65:ab:7a:fb:a9:f7:fe:4c:09:37:
         0c:24:5d:42:fa:e0:26:d9:93:04:81:ee:e2:b4:9d:64:9a:c3:
         9e:16:4e:c5:b7:65:0a:94:79:d4:10:06:ba:43:c4:a9:81:5e:
         1b:af:65:24:80:3a:3c:69:b3:cb:b4:33:dd:f8:2b:53:21:6b:
         7a:89:26:a0:64:b1:4e:98:b1:8a:ca:bd:31:2f:02:4c:51:ec:
         59:c8:10:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyEhaum+KBpaD5fIAuILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNmM0OTdmZjRkNGE4YmI1YTI0YmRkMjA1MTU3NWI0OWEw
ODNjNzUwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTNlNDcxODkzNmZlM2FiY2U1YjRlZDVhNTdkNTk0N2QzYzk3ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUftmtqf+ylXHBcwtKj0NCy5sa7P
eVkdIJwQy95GEeTXIm9trpspMj4s9J4Nx6ngzs2qr4J7EtuV91tcdI5d8gUPFScs
UZXZKHw7Rhrwwr7hq6EuF+ZXdl8FXXK0CBta8aTkhBgk7f1MW9V0pUopjR0PggYa
IjodY30deXS12mG6xrIxiuT9FL/kWrChz1o2JzSdj2iDP/XAm7pBhBnBd7MWBxGf
hDdEFORW1xApr2Fim4NT1WCqo/Q1ziPCzqZEGZpgT8209Y3wNJKmLCR1JJwRnPE3
FlvtKRWwG81VmagCjRhHRuP4iCuHAuo0IL64EGZ4kMIbGdPD8juFP80afwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNE+RxiTb+OrzltO1aV9WUfTyX6dMB8GA1UdIwQY
MBaAFL5sSX/01Ki7WiS90gUVdbSaCDx1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm14SmZfVFVxTHRhSkwzU0JSVjF0Sm9JUEhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81ZGI4ZWItY2NjYy00OThhLTgxY2It
NjVhZTU4YTliZWU4LzEvMFQ1SEdKTnY0NnZPVzA3VnBYMVpSOVBKZnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81ZGI4ZWItY2NjYy00OThhLTgxY2ItNjVhZTU4YTliZWU4
LzEvdm14SmZfVFVxTHRhSkwzU0JSVjF0Sm9JUEhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucLqMA0G
CSqGSIb3DQEBCwUAA4IBAQCUR4kJuRfGLIaM7PmCAfuTg15e/Z7B4LY32m+WLpld
jDEgRZ+QzXLPRH0kcmu48KSuKFJWB7jacMT9CB5muEuKQ3NRjRg4wNHBeMXe4BnX
V1Vj7y/BRe2zx/jBdIk2Hi/9B/uNSBYT2IKIl2bi+yfv9B6/We8h5v8H3WhXWdrk
JGSFfPkO1EOiOsoq0mpdXHruw7WZQUoiMEkhG4NVLdztCo5TlP4cBKoA1GWrevup
9/5MCTcMJF1C+uAm2ZMEge7itJ1kmsOeFk7Ft2UKlHnUEAa6Q8SpgV4br2UkgDo8
abPLtDPd+CtTIWt6iSagZLFOmLGKyr0xLwJMUexZyBDn
-----END CERTIFICATE-----