Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/c96247-e979-4e58-89f6-eebdcbd3aee8/1/a1yTuIfdjI6HN-GUTaMkz_bdx-A.roa
File:                     a1yTuIfdjI6HN-GUTaMkz_bdx-A.roa (raw, json)
Hash identifier:          ac3G8kfSeXLTjRxyKwmQVc1boKO8SS1dvSr4hEVpSo8=
Subject key identifier:   6B:5C:93:B8:87:DD:8C:8E:87:37:E1:94:4D:A3:24:CF:F6:DD:C7:E0
Certificate issuer:       /CN=6b1a57f06ef72007dd6193f960a616344b73301f
Certificate serial:       018CC2DB4FB13027AE20F8E587112D4D428F
Authority key identifier: 6B:1A:57:F0:6E:F7:20:07:DD:61:93:F9:60:A6:16:34:4B:73:30:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axpX8G73IAfdYZP5YKYWNEtzMB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/c96247-e979-4e58-89f6-eebdcbd3aee8/1/a1yTuIfdjI6HN-GUTaMkz_bdx-A.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203052
IP address blocks:        185.146.140.0/22 maxlen: 22
                          2a07:5100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/c96247-e979-4e58-89f6-eebdcbd3aee8/1/axpX8G73IAfdYZP5YKYWNEtzMB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/c96247-e979-4e58-89f6-eebdcbd3aee8/1/axpX8G73IAfdYZP5YKYWNEtzMB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axpX8G73IAfdYZP5YKYWNEtzMB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4f:b1:30:27:ae:20:f8:e5:87:11:2d:4d:42:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b1a57f06ef72007dd6193f960a616344b73301f
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b5c93b887dd8c8e8737e1944da324cff6ddc7e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5b:94:37:d3:c2:1c:ea:84:f0:b0:54:26:91:
                    17:57:4c:22:5a:cf:ba:c4:b8:ab:a1:50:e0:4d:6c:
                    36:2a:5e:e2:dd:1b:ca:3e:df:ce:c5:a8:7d:6a:a9:
                    64:b0:02:d6:84:2e:7d:3c:87:ac:3c:bc:c5:cf:2a:
                    f5:df:7e:be:1b:ef:04:d1:45:39:af:00:70:24:43:
                    4f:ed:a4:9f:ec:2f:c4:80:c6:d4:8e:9c:4f:d6:8a:
                    14:0d:a2:7e:7b:1f:68:60:43:8a:64:ca:9c:b1:33:
                    52:56:fd:d7:56:fe:a3:1d:7d:c8:9d:e9:79:98:5b:
                    df:03:5f:92:29:5a:cd:a5:b4:6c:5c:19:aa:ff:f1:
                    43:89:20:a9:89:b5:0b:e5:9c:05:51:ee:bc:6a:70:
                    c1:28:1a:41:c7:38:be:15:b3:c1:04:1f:4d:4b:2b:
                    0b:d8:b0:9e:8e:52:4e:31:7b:c2:2a:d0:e7:3b:f2:
                    c2:0a:9e:27:36:35:d8:44:d7:77:86:d5:dd:6e:01:
                    0a:c8:85:b3:16:ab:08:11:8e:68:9c:f7:f4:25:90:
                    e7:b3:39:85:03:09:73:ce:06:3a:8c:2f:8a:0b:8a:
                    e5:ff:9c:68:b6:12:e6:fd:6f:5f:14:e0:3b:2d:27:
                    c8:8c:37:39:12:49:8e:7d:e0:09:0d:9f:07:d7:e6:
                    5f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5C:93:B8:87:DD:8C:8E:87:37:E1:94:4D:A3:24:CF:F6:DD:C7:E0
            X509v3 Authority Key Identifier:
                keyid:6B:1A:57:F0:6E:F7:20:07:DD:61:93:F9:60:A6:16:34:4B:73:30:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axpX8G73IAfdYZP5YKYWNEtzMB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/c96247-e979-4e58-89f6-eebdcbd3aee8/1/a1yTuIfdjI6HN-GUTaMkz_bdx-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/c96247-e979-4e58-89f6-eebdcbd3aee8/1/axpX8G73IAfdYZP5YKYWNEtzMB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.140.0/22
                IPv6:
                  2a07:5100::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:d9:32:17:1c:73:a6:6e:f3:34:db:a1:4e:63:f8:f2:64:46:
         44:bb:b6:50:55:ee:0f:ec:5d:c9:c2:9f:39:f6:b1:aa:df:26:
         6a:17:69:0e:5e:10:bf:fe:c6:38:d5:25:ca:78:b0:3b:66:a7:
         23:ac:3b:ae:a7:ee:34:59:a8:83:2a:3b:be:a9:85:95:51:d0:
         88:0f:56:ea:ff:8f:27:35:8c:af:ea:2d:0b:95:f0:0c:ba:1f:
         4c:42:af:a1:75:a4:72:44:c1:7a:39:c7:20:ff:e7:06:ef:b9:
         17:81:44:2b:5a:c7:37:18:5e:0b:ba:cf:60:fb:3c:47:90:93:
         a2:fe:f6:f7:3e:c6:30:31:02:4c:f3:d7:be:69:a0:f1:7d:b9:
         58:60:51:77:3e:a7:3a:bc:63:44:56:af:a7:75:d5:55:48:48:
         bd:72:8a:6e:6a:12:c5:8f:44:e3:ed:bd:7f:20:9d:09:81:cb:
         45:75:b0:b7:40:15:93:a9:2d:42:f9:5e:f7:ab:62:25:a1:6b:
         ff:64:45:62:46:c1:90:c9:16:37:ce:06:0f:45:89:9d:40:13:
         cf:07:d4:bf:61:a4:65:b4:e3:67:de:84:12:b3:39:47:37:4e:
         f7:94:d2:54:e9:4b:d8:ac:27:3a:ea:23:ee:aa:a5:f0:bd:dd:
         86:c8:73:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC20+xMCeuIPjlhxEtTUKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMWE1N2YwNmVmNzIwMDdkZDYxOTNmOTYwYTYxNjM0NGI3
MzMwMWYwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjVjOTNiODg3ZGQ4YzhlODczN2UxOTQ0ZGEzMjRjZmY2ZGRjN2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFuUN9PCHOqE8LBUJpEXV0wiWs+6
xLiroVDgTWw2Kl7i3RvKPt/Oxah9aqlksALWhC59PIesPLzFzyr1336+G+8E0UU5
rwBwJENP7aSf7C/EgMbUjpxP1ooUDaJ+ex9oYEOKZMqcsTNSVv3XVv6jHX3Inel5
mFvfA1+SKVrNpbRsXBmq//FDiSCpibUL5ZwFUe68anDBKBpBxzi+FbPBBB9NSysL
2LCejlJOMXvCKtDnO/LCCp4nNjXYRNd3htXdbgEKyIWzFqsIEY5onPf0JZDnszmF
AwlzzgY6jC+KC4rl/5xothLm/W9fFOA7LSfIjDc5EkmOfeAJDZ8H1+ZfsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGtck7iH3YyOhzfhlE2jJM/23cfgMB8GA1UdIwQY
MBaAFGsaV/Bu9yAH3WGT+WCmFjRLczAfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhwWDhHNzNJQWZkWVpQNVlLWVdORXR6TUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9jOTYyNDctZTk3OS00ZTU4LTg5ZjYt
ZWViZGNiZDNhZWU4LzEvYTF5VHVJZmRqSTZITi1HVVRhTWt6X2JkeC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9jOTYyNDctZTk3OS00ZTU4LTg5ZjYtZWViZGNiZDNhZWU4
LzEvYXhwWDhHNzNJQWZkWVpQNVlLWVdORXR6TUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZKMMA0E
AgACMAcDBQMqB1EAMA0GCSqGSIb3DQEBCwUAA4IBAQCH2TIXHHOmbvM026FOY/jy
ZEZEu7ZQVe4P7F3Jwp859rGq3yZqF2kOXhC//sY41SXKeLA7ZqcjrDuup+40WaiD
Kju+qYWVUdCID1bq/48nNYyv6i0LlfAMuh9MQq+hdaRyRMF6Occg/+cG77kXgUQr
Wsc3GF4Lus9g+zxHkJOi/vb3PsYwMQJM89e+aaDxfblYYFF3Pqc6vGNEVq+nddVV
SEi9copuahLFj0Tj7b1/IJ0JgctFdbC3QBWTqS1C+V73q2IloWv/ZEViRsGQyRY3
zgYPRYmdQBPPB9S/YaRltONn3oQSszlHN073lNJU6UvYrCc66iPuqqXwvd2GyHOx
-----END CERTIFICATE-----