Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/bIXbGnmiAnAoUxSiZ74UzpvmjEo.roa
File:                     bIXbGnmiAnAoUxSiZ74UzpvmjEo.roa (raw, json)
Hash identifier:          rg7zY081joyocJhHRS/oclCCECNCYTg6Fxkf7JBPIQo=
Subject key identifier:   6C:85:DB:1A:79:A2:02:70:28:53:14:A2:67:BE:14:CE:9B:E6:8C:4A
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018CC5008AA7C53D4697C0CE140EBD77A4D3
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/bIXbGnmiAnAoUxSiZ74UzpvmjEo.roa
Signing time:             Mon 01 Jan 2024 12:29:56 +0000
ROA not before:           Mon 01 Jan 2024 12:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        146.255.188.0/24 maxlen: 24
                          2a11:c880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:8a:a7:c5:3d:46:97:c0:ce:14:0e:bd:77:a4:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jan  1 12:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c85db1a79a20270285314a267be14ce9be68c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ee:55:3c:ff:5d:77:44:a3:b5:4b:69:08:e8:
                    0f:7f:4a:6e:5a:c5:1c:32:eb:c1:5a:ce:55:6d:14:
                    aa:75:a9:2d:f4:38:69:31:a0:d1:88:24:54:78:15:
                    6e:61:0e:36:58:5b:ee:3b:e5:ec:02:5b:b9:6f:a6:
                    82:db:bc:d8:93:e4:7d:47:99:0d:e8:cf:33:f6:69:
                    25:1e:cf:a3:1d:f2:93:57:f9:79:96:3f:b6:8a:62:
                    d7:ac:ec:02:f1:9b:74:78:39:48:ff:91:4b:49:c3:
                    f1:2b:a7:12:9c:da:1b:a2:65:51:a6:03:1d:91:f3:
                    46:33:1d:2d:c0:02:dc:4c:14:9f:06:c4:68:78:f0:
                    64:62:41:dc:f3:96:79:26:0a:eb:86:fe:6b:71:3f:
                    94:36:07:45:e3:e2:ed:52:2d:8e:9f:b5:9d:71:a9:
                    31:d9:1d:41:59:32:fd:4c:06:45:e6:ca:20:e4:74:
                    15:3c:12:1f:58:f1:3b:b8:d4:ef:a8:a3:e7:48:9f:
                    cd:ba:fa:92:a0:e9:ea:ab:c1:de:48:5c:21:88:55:
                    50:e7:3a:46:a1:34:05:3f:b5:d9:43:f1:b3:29:7b:
                    dd:02:b0:b8:cd:e9:6b:0d:9e:ad:8a:27:53:f0:a0:
                    7f:47:c9:59:09:37:58:af:2b:d3:d4:30:f3:77:82:
                    ac:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:85:DB:1A:79:A2:02:70:28:53:14:A2:67:BE:14:CE:9B:E6:8C:4A
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/bIXbGnmiAnAoUxSiZ74UzpvmjEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.188.0/24
                IPv6:
                  2a11:c880::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:e7:42:10:32:4c:0e:02:2d:43:46:2c:cb:c4:d5:25:dc:18:
         1f:d9:65:93:1a:19:bf:76:79:c8:e1:b5:2b:60:ea:55:fd:76:
         25:64:98:0d:a3:69:38:cc:36:c0:5a:07:cc:52:e8:e5:d3:34:
         82:8c:8a:dc:10:06:a7:40:e6:0e:fa:3c:6e:2d:d9:86:1b:5b:
         28:e4:b6:78:67:95:b0:ad:e4:40:ae:1e:e7:16:86:08:97:3d:
         18:71:89:88:e3:ae:6f:24:8b:76:16:93:a3:29:85:2e:c2:a6:
         bd:2f:1d:50:4b:b1:d7:ac:68:fc:87:0d:10:8c:8e:f2:db:6e:
         1a:9e:ba:6e:cf:b5:21:19:38:5b:ab:48:31:5a:22:ea:a8:92:
         53:98:4d:e7:c0:9c:b0:e1:bf:0e:5d:cc:ae:98:5a:36:3e:a6:
         9c:51:40:01:92:2e:4c:a2:d5:85:23:13:95:2f:60:00:ba:a2:
         29:eb:4a:59:6e:b4:cd:21:53:e9:e7:59:77:0e:4c:04:c2:70:
         d8:81:c8:b6:68:75:8f:34:4d:c6:db:12:2d:7b:f7:f8:22:dd:
         d0:fa:4a:29:9d:4c:dd:cf:b4:8f:a4:ff:49:1b:7d:bb:1e:35:
         c8:b3:81:2b:4c:9c:24:ac:0b:34:c2:b0:58:47:4a:5f:28:6b:
         87:80:00:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAIqnxT1Gl8DOFA69d6TTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMTAxMTIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzg1ZGIxYTc5YTIwMjcwMjg1MzE0YTI2N2JlMTRjZTliZTY4YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe5VPP9dd0SjtUtpCOgPf0puWsUc
MuvBWs5VbRSqdakt9DhpMaDRiCRUeBVuYQ42WFvuO+XsAlu5b6aC27zYk+R9R5kN
6M8z9mklHs+jHfKTV/l5lj+2imLXrOwC8Zt0eDlI/5FLScPxK6cSnNobomVRpgMd
kfNGMx0twALcTBSfBsRoePBkYkHc85Z5Jgrrhv5rcT+UNgdF4+LtUi2On7Wdcakx
2R1BWTL9TAZF5sog5HQVPBIfWPE7uNTvqKPnSJ/NuvqSoOnqq8HeSFwhiFVQ5zpG
oTQFP7XZQ/GzKXvdArC4zelrDZ6tiidT8KB/R8lZCTdYryvT1DDzd4KsswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGyF2xp5ogJwKFMUome+FM6b5oxKMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvYklYYkdubWlBbkFvVXhTaVo3NFV6cHZtakVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAkv+8MA0E
AgACMAcDBQMqEciAMA0GCSqGSIb3DQEBCwUAA4IBAQBl50IQMkwOAi1DRizLxNUl
3Bgf2WWTGhm/dnnI4bUrYOpV/XYlZJgNo2k4zDbAWgfMUujl0zSCjIrcEAanQOYO
+jxuLdmGG1so5LZ4Z5WwreRArh7nFoYIlz0YcYmI465vJIt2FpOjKYUuwqa9Lx1Q
S7HXrGj8hw0QjI7y224anrpuz7UhGThbq0gxWiLqqJJTmE3nwJyw4b8OXcyumFo2
PqacUUABki5MotWFIxOVL2AAuqIp60pZbrTNIVPp51l3DkwEwnDYgci2aHWPNE3G
2xIte/f4It3Q+kopnUzdz7SPpP9JG327HjXIs4ErTJwkrAs0wrBYR0pfKGuHgAD/
-----END CERTIFICATE-----