Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/829b02-d326-4c83-93f4-8cc231555e51/1/69VG30nDzmDHL9f_LFj9sWEvzqo.roa
File:                     69VG30nDzmDHL9f_LFj9sWEvzqo.roa (raw, json)
Hash identifier:          n7HBTW0upAptW9t5aCREcc58S0CfSOKu5N4uxUk5wcM=
Subject key identifier:   EB:D5:46:DF:49:C3:CE:60:C7:2F:D7:FF:2C:58:FD:B1:61:2F:CE:AA
Certificate issuer:       /CN=cfba970db187d18e19a91e64f00b0d3160860db5
Certificate serial:       018CC4935B05052307B0D39A2B9D41B512ED
Authority key identifier: CF:BA:97:0D:B1:87:D1:8E:19:A9:1E:64:F0:0B:0D:31:60:86:0D:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z7qXDbGH0Y4ZqR5k8AsNMWCGDbU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/829b02-d326-4c83-93f4-8cc231555e51/1/69VG30nDzmDHL9f_LFj9sWEvzqo.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        185.5.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/829b02-d326-4c83-93f4-8cc231555e51/1/z7qXDbGH0Y4ZqR5k8AsNMWCGDbU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/829b02-d326-4c83-93f4-8cc231555e51/1/z7qXDbGH0Y4ZqR5k8AsNMWCGDbU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z7qXDbGH0Y4ZqR5k8AsNMWCGDbU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5b:05:05:23:07:b0:d3:9a:2b:9d:41:b5:12:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfba970db187d18e19a91e64f00b0d3160860db5
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebd546df49c3ce60c72fd7ff2c58fdb1612fceaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8b:2a:2d:2d:b5:a6:cf:46:5d:9b:c4:59:b9:
                    dd:bf:3e:c8:0b:46:1e:b9:93:7e:7d:1e:29:95:db:
                    4b:44:a8:8c:f5:e3:19:12:25:41:bc:cc:d8:4f:16:
                    4a:a6:13:48:35:7a:39:fb:80:61:41:1d:97:9b:05:
                    3b:e8:64:f8:cf:6a:7f:0c:b1:cd:3c:b5:47:9a:f6:
                    60:99:bc:39:57:ca:40:53:98:2b:14:98:fe:7d:ca:
                    50:26:74:1c:37:1f:e3:53:c1:b3:f8:d4:09:b5:dd:
                    e9:fa:9a:4a:a7:5d:6a:da:99:ea:86:1c:b4:54:80:
                    e5:0f:8d:ab:6d:86:66:be:ac:d2:0a:82:6f:f0:5b:
                    b3:ae:07:ec:40:47:0e:7c:e6:f3:f9:3a:ef:4d:d8:
                    be:40:b5:b0:87:ff:e1:50:47:7d:9c:31:9f:ba:02:
                    a2:50:e2:71:44:75:88:d1:47:a7:db:92:d1:06:88:
                    ff:03:44:cf:98:e4:6a:0e:c9:99:06:4b:0e:03:0a:
                    cd:35:a5:fb:aa:63:2a:ec:cd:e0:28:20:df:20:2a:
                    d7:ae:25:83:f3:26:9d:ea:a8:fb:b3:36:c7:12:28:
                    c6:0c:f3:82:c1:02:92:05:00:38:14:d0:3b:9b:ae:
                    cc:65:b3:74:01:0d:59:81:56:41:00:f1:c1:65:da:
                    53:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D5:46:DF:49:C3:CE:60:C7:2F:D7:FF:2C:58:FD:B1:61:2F:CE:AA
            X509v3 Authority Key Identifier:
                keyid:CF:BA:97:0D:B1:87:D1:8E:19:A9:1E:64:F0:0B:0D:31:60:86:0D:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z7qXDbGH0Y4ZqR5k8AsNMWCGDbU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/829b02-d326-4c83-93f4-8cc231555e51/1/69VG30nDzmDHL9f_LFj9sWEvzqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/829b02-d326-4c83-93f4-8cc231555e51/1/z7qXDbGH0Y4ZqR5k8AsNMWCGDbU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:34:b6:1e:56:6c:fe:03:d4:b4:e8:36:83:46:b3:ae:f2:16:
         47:54:64:1d:5d:dc:2e:32:90:f3:c5:cb:c1:8b:cf:b6:02:ed:
         8a:53:5b:c4:e8:99:12:dd:cf:36:01:c3:aa:48:fd:15:f4:5f:
         25:94:29:a9:59:9c:15:bd:58:de:25:25:ba:0b:f6:69:c3:49:
         c0:33:a1:a6:4f:26:51:3c:36:67:61:91:4e:af:e0:79:12:44:
         57:f5:32:e3:a8:4f:c6:e6:68:64:eb:73:8e:79:a2:fb:6f:0c:
         47:96:9d:6b:ad:ee:15:6c:cb:00:00:cb:7d:d9:34:09:9b:71:
         99:98:c2:2e:e1:ad:6b:89:98:cd:22:25:78:39:c3:7c:f1:88:
         f8:05:01:f5:ea:b1:d6:33:7f:82:d9:36:fb:c7:be:37:40:11:
         46:4a:d6:5b:ae:43:a4:7e:2b:9d:6a:c9:31:4b:0b:5d:39:9b:
         72:eb:0f:5c:78:cb:05:7d:16:d8:7e:90:13:c7:d1:9a:39:2a:
         d3:aa:8b:d3:b0:0f:91:38:1d:cc:b0:17:79:56:8e:34:c3:0c:
         3e:0d:f8:38:fa:c4:4d:ec:9d:f7:14:4a:78:06:df:9a:05:98:
         46:f6:a6:32:38:57:16:5d:d7:b1:87:bf:f8:b7:ce:1e:5f:36:
         7f:29:d5:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1sFBSMHsNOaK51BtRLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYmE5NzBkYjE4N2QxOGUxOWE5MWU2NGYwMGIwZDMxNjA4
NjBkYjUwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQ1NDZkZjQ5YzNjZTYwYzcyZmQ3ZmYyYzU4ZmRiMTYxMmZjZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIsqLS21ps9GXZvEWbndvz7IC0Ye
uZN+fR4pldtLRKiM9eMZEiVBvMzYTxZKphNINXo5+4BhQR2XmwU76GT4z2p/DLHN
PLVHmvZgmbw5V8pAU5grFJj+fcpQJnQcNx/jU8Gz+NQJtd3p+ppKp11q2pnqhhy0
VIDlD42rbYZmvqzSCoJv8FuzrgfsQEcOfObz+TrvTdi+QLWwh//hUEd9nDGfugKi
UOJxRHWI0Uen25LRBoj/A0TPmORqDsmZBksOAwrNNaX7qmMq7M3gKCDfICrXriWD
8yad6qj7szbHEijGDPOCwQKSBQA4FNA7m67MZbN0AQ1ZgVZBAPHBZdpTsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvVRt9Jw85gxy/X/yxY/bFhL86qMB8GA1UdIwQY
MBaAFM+6lw2xh9GOGakeZPALDTFghg21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejdxWERiR0gwWTRacVI1azhBc05NV0NHRGJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84MjliMDItZDMyNi00YzgzLTkzZjQt
OGNjMjMxNTU1ZTUxLzEvNjlWRzMwbkR6bURITDlmX0xGajlzV0V2enFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84MjliMDItZDMyNi00YzgzLTkzZjQtOGNjMjMxNTU1ZTUx
LzEvejdxWERiR0gwWTRacVI1azhBc05NV0NHRGJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQWQMA0G
CSqGSIb3DQEBCwUAA4IBAQASNLYeVmz+A9S06DaDRrOu8hZHVGQdXdwuMpDzxcvB
i8+2Au2KU1vE6JkS3c82AcOqSP0V9F8llCmpWZwVvVjeJSW6C/Zpw0nAM6GmTyZR
PDZnYZFOr+B5EkRX9TLjqE/G5mhk63OOeaL7bwxHlp1rre4VbMsAAMt92TQJm3GZ
mMIu4a1riZjNIiV4OcN88Yj4BQH16rHWM3+C2Tb7x743QBFGStZbrkOkfiudaskx
SwtdOZty6w9ceMsFfRbYfpATx9GaOSrTqovTsA+ROB3MsBd5Vo40www+Dfg4+sRN
7J33FEp4Bt+aBZhG9qYyOFcWXdexh7/4t84eXzZ/KdVK
-----END CERTIFICATE-----