Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/edc8f3-0bb2-41ab-ba64-d22967e22ef0/1/pW6yOVfw8_zjeGew4M3PS6bJbBY.roa
File:                     pW6yOVfw8_zjeGew4M3PS6bJbBY.roa (raw, json)
Hash identifier:          BfUhW7XrMv8Fl3GwszP7z1mlmsHfFEJRo4uv6ip4S9o=
Subject key identifier:   A5:6E:B2:39:57:F0:F3:FC:E3:78:67:B0:E0:CD:CF:4B:A6:C9:6C:16
Certificate issuer:       /CN=5eccb7cd1b9d6fc39d7158f2fe9cf5217a12d374
Certificate serial:       018CC4255B6B289E7AFA243717A2445395D6
Authority key identifier: 5E:CC:B7:CD:1B:9D:6F:C3:9D:71:58:F2:FE:9C:F5:21:7A:12:D3:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xsy3zRudb8OdcVjy_pz1IXoS03Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/edc8f3-0bb2-41ab-ba64-d22967e22ef0/1/pW6yOVfw8_zjeGew4M3PS6bJbBY.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203179
IP address blocks:        185.143.156.0/22 maxlen: 22
                          2a07:3640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/edc8f3-0bb2-41ab-ba64-d22967e22ef0/1/Xsy3zRudb8OdcVjy_pz1IXoS03Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/edc8f3-0bb2-41ab-ba64-d22967e22ef0/1/Xsy3zRudb8OdcVjy_pz1IXoS03Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xsy3zRudb8OdcVjy_pz1IXoS03Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5b:6b:28:9e:7a:fa:24:37:17:a2:44:53:95:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eccb7cd1b9d6fc39d7158f2fe9cf5217a12d374
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a56eb23957f0f3fce37867b0e0cdcf4ba6c96c16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:76:6e:e2:6c:4a:7c:93:c7:ec:3f:dd:ec:e7:
                    c6:57:f6:7b:c7:0f:f3:50:1a:d5:f2:97:6e:56:06:
                    97:d3:d6:15:1c:a4:98:a1:3c:b1:19:b5:f6:a9:d0:
                    d0:db:b6:ea:16:4c:2a:88:13:3f:00:99:f9:c9:34:
                    3b:f7:f6:40:61:16:04:8f:9e:e6:06:0a:37:4f:36:
                    ad:80:b2:8b:2b:2d:4a:cd:f2:6f:87:0a:61:61:b2:
                    f9:e1:c7:73:84:7a:52:79:76:a4:30:1d:24:7a:c3:
                    ab:a6:9b:a8:9a:cc:23:17:9a:46:31:70:ef:a3:63:
                    a5:e6:a5:50:ff:dd:ad:68:c8:3d:b9:44:b3:f3:49:
                    66:7b:cd:94:78:60:e3:1d:93:ef:d7:06:15:96:56:
                    e4:ae:83:2c:e2:ed:fb:9f:92:e3:68:2c:50:20:4e:
                    0a:ed:b4:32:6a:0d:09:71:d9:32:af:0d:a5:d1:cd:
                    05:d9:64:d4:a9:8d:a2:e3:ba:f2:87:17:aa:72:e9:
                    b3:ce:74:f5:62:e5:5d:6f:7d:00:a4:08:9e:c8:6b:
                    2e:b8:96:6e:33:27:5b:e3:ea:f6:6e:83:5c:58:66:
                    d1:58:18:6f:04:fb:83:24:a9:1b:28:06:85:af:80:
                    8b:d6:24:63:c0:b5:1e:2c:97:ff:96:3a:cf:7a:9b:
                    1e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6E:B2:39:57:F0:F3:FC:E3:78:67:B0:E0:CD:CF:4B:A6:C9:6C:16
            X509v3 Authority Key Identifier:
                keyid:5E:CC:B7:CD:1B:9D:6F:C3:9D:71:58:F2:FE:9C:F5:21:7A:12:D3:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xsy3zRudb8OdcVjy_pz1IXoS03Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/edc8f3-0bb2-41ab-ba64-d22967e22ef0/1/pW6yOVfw8_zjeGew4M3PS6bJbBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/edc8f3-0bb2-41ab-ba64-d22967e22ef0/1/Xsy3zRudb8OdcVjy_pz1IXoS03Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.156.0/22
                IPv6:
                  2a07:3640::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:df:77:b3:d5:10:34:17:a3:a2:d8:21:dc:97:6f:dc:3a:a5:
         2b:50:24:78:25:ce:db:19:90:7d:52:1d:f9:52:99:32:bf:53:
         2b:1b:87:6f:43:c2:c3:99:ef:c0:21:dd:a0:cc:d4:9b:1d:37:
         52:75:d1:a6:a8:ad:76:57:61:30:dd:89:33:b5:0f:80:aa:64:
         86:9e:56:f6:2b:d1:00:2f:a6:d5:ff:ba:f0:0a:a7:13:a4:6e:
         31:13:35:77:79:38:a5:86:a8:b8:e1:ec:32:59:19:7f:6a:86:
         d7:2d:aa:60:5c:ec:63:b6:20:f7:90:53:ce:a9:97:2c:0e:c7:
         8e:f7:4c:c7:64:21:c0:cb:27:bf:dd:e4:45:42:35:3a:ec:4c:
         61:ef:ab:cd:2a:27:b7:58:50:2a:29:b9:f0:4d:bf:aa:a1:6f:
         85:3d:26:aa:2c:cc:9f:ff:83:4c:5d:13:08:cb:86:65:03:da:
         ad:b1:ea:c5:85:89:33:15:a8:41:65:12:39:34:ce:f5:3b:ed:
         78:45:67:c8:af:79:5d:a0:ea:36:5e:ae:94:b9:cc:ba:f1:61:
         b6:01:3e:b7:5f:03:20:10:3e:37:d7:e6:29:d5:66:4e:d7:85:
         4a:5d:42:53:7b:18:79:49:cd:b3:66:4a:12:80:3c:47:f2:fd:
         4e:f1:a1:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJVtrKJ56+iQ3F6JEU5XWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlY2NiN2NkMWI5ZDZmYzM5ZDcxNThmMmZlOWNmNTIxN2Ex
MmQzNzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTZlYjIzOTU3ZjBmM2ZjZTM3ODY3YjBlMGNkY2Y0YmE2Yzk2YzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3Zu4mxKfJPH7D/d7OfGV/Z7xw/z
UBrV8pduVgaX09YVHKSYoTyxGbX2qdDQ27bqFkwqiBM/AJn5yTQ79/ZAYRYEj57m
Bgo3TzatgLKLKy1KzfJvhwphYbL54cdzhHpSeXakMB0kesOrppuomswjF5pGMXDv
o2Ol5qVQ/92taMg9uUSz80lme82UeGDjHZPv1wYVllbkroMs4u37n5LjaCxQIE4K
7bQyag0Jcdkyrw2l0c0F2WTUqY2i47ryhxeqcumzznT1YuVdb30ApAieyGsuuJZu
Mydb4+r2boNcWGbRWBhvBPuDJKkbKAaFr4CL1iRjwLUeLJf/ljrPepseEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKVusjlX8PP843hnsODNz0umyWwWMB8GA1UdIwQY
MBaAFF7Mt80bnW/DnXFY8v6c9SF6EtN0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHN5M3pSdWRiOE9kY1ZqeV9wejFJWG9TMDNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lZGM4ZjMtMGJiMi00MWFiLWJhNjQt
ZDIyOTY3ZTIyZWYwLzEvcFc2eU9WZnc4X3pqZUdldzRNM1BTNmJKYkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lZGM4ZjMtMGJiMi00MWFiLWJhNjQtZDIyOTY3ZTIyZWYw
LzEvWHN5M3pSdWRiOE9kY1ZqeV9wejFJWG9TMDNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY+cMA0E
AgACMAcDBQMqBzZAMA0GCSqGSIb3DQEBCwUAA4IBAQBC33ez1RA0F6Oi2CHcl2/c
OqUrUCR4Jc7bGZB9Uh35Upkyv1MrG4dvQ8LDme/AId2gzNSbHTdSddGmqK12V2Ew
3YkztQ+AqmSGnlb2K9EAL6bV/7rwCqcTpG4xEzV3eTilhqi44ewyWRl/aobXLapg
XOxjtiD3kFPOqZcsDseO90zHZCHAyye/3eRFQjU67Exh76vNKie3WFAqKbnwTb+q
oW+FPSaqLMyf/4NMXRMIy4ZlA9qtserFhYkzFahBZRI5NM71O+14RWfIr3ldoOo2
Xq6Uucy68WG2AT63XwMgED431+Yp1WZO14VKXUJTexh5Sc2zZkoSgDxH8v1O8aE0
-----END CERTIFICATE-----