Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/B53MNx5bira4aW5e8ZO6_Ma34Dg.roa
File:                     B53MNx5bira4aW5e8ZO6_Ma34Dg.roa (raw, json)
Hash identifier:          6f/h5T88txWyuIIzG1mcRJgvqOWHUvKl6Bypq3CW3nc=
Subject key identifier:   07:9D:CC:37:1E:5B:8A:B6:B8:69:6E:5E:F1:93:BA:FC:C6:B7:E0:38
Certificate issuer:       /CN=e05a2dacf5dd4e9bfa2d2d9b2d3c3f9678745841
Certificate serial:       018CCA29C3BE4B8C1012D2798CFA8826E516
Authority key identifier: E0:5A:2D:AC:F5:DD:4E:9B:FA:2D:2D:9B:2D:3C:3F:96:78:74:58:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FotrPXdTpv6LS2bLTw_lnh0WEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/B53MNx5bira4aW5e8ZO6_Ma34Dg.roa
Signing time:             Tue 02 Jan 2024 12:33:03 +0000
ROA not before:           Tue 02 Jan 2024 12:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        185.31.180.0/22 maxlen: 23
                          2a00:bf60::/32 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/4FotrPXdTpv6LS2bLTw_lnh0WEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/4FotrPXdTpv6LS2bLTw_lnh0WEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FotrPXdTpv6LS2bLTw_lnh0WEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c3:be:4b:8c:10:12:d2:79:8c:fa:88:26:e5:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e05a2dacf5dd4e9bfa2d2d9b2d3c3f9678745841
        Validity
            Not Before: Jan  2 12:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=079dcc371e5b8ab6b8696e5ef193bafcc6b7e038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:03:56:84:e0:66:d4:f3:fa:7a:68:71:dc:ae:
                    77:eb:70:54:b4:f5:0f:1f:15:a1:13:60:c0:f1:af:
                    3f:64:84:fd:aa:35:b0:b0:a9:13:0b:6f:67:38:ab:
                    84:36:55:aa:81:88:35:99:81:d4:df:25:f9:c7:85:
                    8c:71:33:7f:66:70:eb:17:05:5c:bf:ea:65:e6:55:
                    17:60:88:89:0c:b0:cb:f2:c1:11:a1:4d:e7:73:2c:
                    e8:86:ea:27:51:f7:2a:29:2e:23:0b:6b:8a:ea:41:
                    43:a9:0b:cc:e8:3c:b0:d4:a0:87:66:d6:cd:de:05:
                    83:55:a2:1d:d1:51:43:81:66:5f:6b:b0:0b:36:d0:
                    13:6e:0f:32:49:f2:96:c9:6a:2e:4b:eb:f1:fa:d3:
                    49:e6:1e:b8:ee:ca:ba:6f:04:7c:94:3d:ec:f8:22:
                    f2:9a:44:68:18:aa:7a:a0:8c:36:6f:f2:f2:e3:93:
                    73:2d:6b:de:27:cd:8b:2b:04:38:88:c4:30:7d:90:
                    7f:0b:96:5e:3f:1e:e2:b5:1e:be:6c:18:1f:8b:81:
                    c7:f4:0a:56:c1:63:a6:99:fc:69:3f:bd:46:87:f5:
                    dd:34:df:ca:19:78:09:f1:e8:51:c7:a0:2d:4f:9b:
                    ec:bd:b8:8e:f0:40:fb:39:53:83:13:19:00:8a:72:
                    c6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:9D:CC:37:1E:5B:8A:B6:B8:69:6E:5E:F1:93:BA:FC:C6:B7:E0:38
            X509v3 Authority Key Identifier:
                keyid:E0:5A:2D:AC:F5:DD:4E:9B:FA:2D:2D:9B:2D:3C:3F:96:78:74:58:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FotrPXdTpv6LS2bLTw_lnh0WEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/B53MNx5bira4aW5e8ZO6_Ma34Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/4FotrPXdTpv6LS2bLTw_lnh0WEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.180.0/22
                IPv6:
                  2a00:bf60::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:9e:85:87:3f:73:af:91:47:dd:c3:54:ea:ed:d6:67:e6:c3:
         ad:1b:00:d0:60:95:bd:24:d1:49:a4:e1:b1:9d:19:9d:4e:af:
         f1:81:81:54:74:92:79:44:a6:17:09:61:1a:26:d3:2b:c6:fd:
         b8:f8:c9:cf:28:53:23:1e:a2:65:02:b0:e9:5c:f1:9f:86:85:
         8d:94:72:fe:72:43:d6:10:ca:f6:c1:e9:e1:3a:fe:96:fb:62:
         1a:12:da:ce:f5:ab:68:a0:a3:d2:c4:12:30:60:e7:8e:3e:36:
         cd:b4:9e:9a:8d:2a:21:19:0e:7e:c9:54:39:ea:b3:64:9c:43:
         39:2e:bd:63:76:34:82:45:45:3b:50:0e:6c:29:ce:cf:0c:56:
         ee:a5:9e:13:c5:bc:15:d3:42:70:30:10:f1:3e:64:b7:6a:d3:
         c4:df:07:c9:d8:6f:3f:c9:54:78:3a:51:99:dc:18:54:b2:5b:
         aa:4c:7d:ab:7c:59:a5:20:df:74:84:cb:b5:6e:6e:14:6c:78:
         7a:21:3b:28:66:f6:28:65:f3:cd:03:8f:9e:e9:dd:cb:89:c7:
         47:07:e6:cd:56:19:96:13:b2:13:fa:fc:66:54:39:eb:f9:d1:
         c8:98:a8:5b:99:fc:09:8b:57:f4:f5:eb:d9:11:fb:f2:a4:c5:
         38:e6:31:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKcO+S4wQEtJ5jPqIJuUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNWEyZGFjZjVkZDRlOWJmYTJkMmQ5YjJkM2MzZjk2Nzg3
NDU4NDEwHhcNMjQwMTAyMTIzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzlkY2MzNzFlNWI4YWI2Yjg2OTZlNWVmMTkzYmFmY2M2YjdlMDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQNWhOBm1PP6emhx3K5363BUtPUP
HxWhE2DA8a8/ZIT9qjWwsKkTC29nOKuENlWqgYg1mYHU3yX5x4WMcTN/ZnDrFwVc
v+pl5lUXYIiJDLDL8sERoU3ncyzohuonUfcqKS4jC2uK6kFDqQvM6Dyw1KCHZtbN
3gWDVaId0VFDgWZfa7ALNtATbg8ySfKWyWouS+vx+tNJ5h647sq6bwR8lD3s+CLy
mkRoGKp6oIw2b/Ly45NzLWveJ82LKwQ4iMQwfZB/C5ZePx7itR6+bBgfi4HH9ApW
wWOmmfxpP71Gh/XdNN/KGXgJ8ehRx6AtT5vsvbiO8ED7OVODExkAinLGiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAedzDceW4q2uGluXvGTuvzGt+A4MB8GA1UdIwQY
MBaAFOBaLaz13U6b+i0tmy08P5Z4dFhBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZvdHJQWGRUcHY2TFMyYkxUd19sbmgwV0VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wMTAwMGItYWE5Ni00YmM2LThjYzEt
YWYwN2E5ZTg3ZmMwLzEvQjUzTU54NWJpcmE0YVc1ZThaTzZfTWEzNERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wMTAwMGItYWE5Ni00YmM2LThjYzEtYWYwN2E5ZTg3ZmMw
LzEvNEZvdHJQWGRUcHY2TFMyYkxUd19sbmgwV0VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR+0MA0E
AgACMAcDBQAqAL9gMA0GCSqGSIb3DQEBCwUAA4IBAQBMnoWHP3OvkUfdw1Tq7dZn
5sOtGwDQYJW9JNFJpOGxnRmdTq/xgYFUdJJ5RKYXCWEaJtMrxv24+MnPKFMjHqJl
ArDpXPGfhoWNlHL+ckPWEMr2wenhOv6W+2IaEtrO9atooKPSxBIwYOeOPjbNtJ6a
jSohGQ5+yVQ56rNknEM5Lr1jdjSCRUU7UA5sKc7PDFbupZ4TxbwV00JwMBDxPmS3
atPE3wfJ2G8/yVR4OlGZ3BhUsluqTH2rfFmlIN90hMu1bm4UbHh6ITsoZvYoZfPN
A4+e6d3LicdHB+bNVhmWE7IT+vxmVDnr+dHImKhbmfwJi1f09evZEfvypMU45jGW
-----END CERTIFICATE-----