Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/xrfpoWh9dcdipy2L55b4-lf2JyA.roa
File:                     xrfpoWh9dcdipy2L55b4-lf2JyA.roa (raw, json)
Hash identifier:          A15cZFkiYHBBweiEzD50ID5HFr302x6qgjMHlvmWD/E=
Subject key identifier:   C6:B7:E9:A1:68:7D:75:C7:62:A7:2D:8B:E7:96:F8:FA:57:F6:27:20
Certificate issuer:       /CN=be6c497ff4d4a8bb5a24bdd2051575b49a083c75
Certificate serial:       018CC3B720B3A818C480331ABBEA1DCF389C
Authority key identifier: BE:6C:49:7F:F4:D4:A8:BB:5A:24:BD:D2:05:15:75:B4:9A:08:3C:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/xrfpoWh9dcdipy2L55b4-lf2JyA.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        185.194.232.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:20:b3:a8:18:c4:80:33:1a:bb:ea:1d:cf:38:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be6c497ff4d4a8bb5a24bdd2051575b49a083c75
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6b7e9a1687d75c762a72d8be796f8fa57f62720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f4:9f:3b:cc:04:9d:a0:11:81:ab:42:ab:80:
                    9c:df:0e:f5:e2:6c:ac:5a:d6:6e:9e:ad:25:0c:d6:
                    af:a4:de:ad:b9:8e:1e:b1:5d:d2:fa:b0:05:58:e8:
                    37:1b:d9:a1:8d:5b:9c:13:53:fe:0e:4b:22:f8:72:
                    ec:b8:33:5f:8b:f4:8e:c4:90:b6:e5:27:dd:88:ad:
                    5f:39:3c:ef:ef:96:3d:2f:b4:1b:98:57:3d:9b:83:
                    c6:fc:73:82:f6:95:af:b8:06:aa:74:05:48:f9:db:
                    58:3b:40:ee:06:c9:5b:87:c4:ae:e8:f6:38:d7:79:
                    3f:11:d6:36:2e:4d:20:f7:ae:1f:d2:c7:43:3e:01:
                    94:51:52:bb:10:5c:8f:dc:80:75:f2:66:cb:3f:70:
                    da:87:2a:fa:b6:8d:85:d2:f6:61:cc:40:cb:2b:ff:
                    ec:d2:cc:dc:60:bc:60:78:37:85:ba:d1:82:eb:de:
                    03:74:5f:5a:06:83:3c:88:66:da:43:44:b6:50:f6:
                    15:e7:8f:1d:20:82:16:c2:93:aa:66:ff:22:de:42:
                    e5:85:31:9c:ba:8a:5b:e4:2f:fc:b8:d9:39:b2:cb:
                    6c:ea:55:41:9d:2d:bc:f1:19:1a:c9:f4:a0:10:bc:
                    a7:ac:43:41:40:ef:72:9c:1a:e4:d4:9d:25:b7:00:
                    fd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B7:E9:A1:68:7D:75:C7:62:A7:2D:8B:E7:96:F8:FA:57:F6:27:20
            X509v3 Authority Key Identifier:
                keyid:BE:6C:49:7F:F4:D4:A8:BB:5A:24:BD:D2:05:15:75:B4:9A:08:3C:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/xrfpoWh9dcdipy2L55b4-lf2JyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:90:01:26:62:19:71:49:6e:dc:73:ca:33:6b:84:92:8c:9b:
         bc:a2:0f:3a:5d:a6:f1:ee:35:0a:9c:1a:82:73:22:51:c4:bd:
         67:58:fc:d0:1c:72:25:e1:e7:5e:7c:f9:83:12:30:ad:42:c3:
         2a:c2:da:3b:63:96:52:9c:43:e9:07:60:b3:3f:d2:bf:a0:14:
         76:83:d5:b7:62:3d:27:5f:ae:8b:be:f1:f9:42:3d:b6:c5:0f:
         e1:fa:4f:83:7a:0a:1f:97:ed:43:0d:a3:f5:2f:58:9c:59:f4:
         a2:6e:5e:79:dc:53:d2:86:bf:50:9e:29:5e:7a:59:66:8f:41:
         d4:fc:b9:1c:82:e9:25:95:ab:f3:81:01:6d:19:aa:87:8f:c1:
         a0:35:43:d5:59:41:63:12:fb:1d:38:34:56:9e:a8:ac:72:16:
         e2:f2:75:1d:6c:ae:a3:70:30:38:50:ae:fd:52:5d:d5:ca:0e:
         a4:58:9a:88:61:c2:f6:2f:30:cc:83:63:7b:76:06:8c:6e:9e:
         fa:f4:e7:cb:78:49:cb:37:1d:5e:71:16:bf:d1:60:72:c0:26:
         3d:90:b5:dc:85:6b:46:45:f4:71:4e:f7:54:6f:42:e9:2f:fb:
         80:0e:ef:57:56:55:36:bd:98:1c:77:d1:33:92:2a:90:84:a1:
         c3:24:44:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyCzqBjEgDMau+odzzicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNmM0OTdmZjRkNGE4YmI1YTI0YmRkMjA1MTU3NWI0OWEw
ODNjNzUwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI3ZTlhMTY4N2Q3NWM3NjJhNzJkOGJlNzk2ZjhmYTU3ZjYyNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fSfO8wEnaARgatCq4Cc3w714mys
WtZunq0lDNavpN6tuY4esV3S+rAFWOg3G9mhjVucE1P+Dksi+HLsuDNfi/SOxJC2
5SfdiK1fOTzv75Y9L7QbmFc9m4PG/HOC9pWvuAaqdAVI+dtYO0DuBslbh8Su6PY4
13k/EdY2Lk0g964f0sdDPgGUUVK7EFyP3IB18mbLP3Dahyr6to2F0vZhzEDLK//s
0szcYLxgeDeFutGC694DdF9aBoM8iGbaQ0S2UPYV548dIIIWwpOqZv8i3kLlhTGc
uopb5C/8uNk5ssts6lVBnS288RkayfSgELynrENBQO9ynBrk1J0ltwD9YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMa36aFofXXHYqcti+eW+PpX9icgMB8GA1UdIwQY
MBaAFL5sSX/01Ki7WiS90gUVdbSaCDx1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm14SmZfVFVxTHRhSkwzU0JSVjF0Sm9JUEhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81ZGI4ZWItY2NjYy00OThhLTgxY2It
NjVhZTU4YTliZWU4LzEveHJmcG9XaDlkY2RpcHkyTDU1YjQtbGYySnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81ZGI4ZWItY2NjYy00OThhLTgxY2ItNjVhZTU4YTliZWU4
LzEvdm14SmZfVFVxTHRhSkwzU0JSVjF0Sm9JUEhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucLoMA0G
CSqGSIb3DQEBCwUAA4IBAQB/kAEmYhlxSW7cc8oza4SSjJu8og86Xabx7jUKnBqC
cyJRxL1nWPzQHHIl4edefPmDEjCtQsMqwto7Y5ZSnEPpB2CzP9K/oBR2g9W3Yj0n
X66LvvH5Qj22xQ/h+k+Degofl+1DDaP1L1icWfSibl553FPShr9Qnileellmj0HU
/LkcgukllavzgQFtGaqHj8GgNUPVWUFjEvsdODRWnqischbi8nUdbK6jcDA4UK79
Ul3Vyg6kWJqIYcL2LzDMg2N7dgaMbp769OfLeEnLNx1ecRa/0WBywCY9kLXchWtG
RfRxTvdUb0LpL/uADu9XVlU2vZgcd9EzkiqQhKHDJEQM
-----END CERTIFICATE-----