Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/srvIO8uI8sswTaQSAvEX0uu0kqM.roa
File:                     srvIO8uI8sswTaQSAvEX0uu0kqM.roa (raw, json)
Hash identifier:          HWX7qY0tX8oh3zI4IoDfD8r073JP00X4hqABe9ck4pA=
Subject key identifier:   B2:BB:C8:3B:CB:88:F2:CB:30:4D:A4:12:02:F1:17:D2:EB:B4:92:A3
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018D69C6DB6D6FC15E792C35A8378B821662
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/srvIO8uI8sswTaQSAvEX0uu0kqM.roa
Signing time:             Fri 02 Feb 2024 12:24:16 +0000
ROA not before:           Fri 02 Feb 2024 12:24:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200250
IP address blocks:        2a0c:fe01::/32 maxlen: 48
                          2a0e:a942::/32 maxlen: 48
                          2a0e:cbc3::/33 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:c6:db:6d:6f:c1:5e:79:2c:35:a8:37:8b:82:16:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Feb  2 12:24:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2bbc83bcb88f2cb304da41202f117d2ebb492a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:0e:43:66:33:4c:9f:71:d5:2f:81:da:10:30:
                    5b:be:86:1f:c5:8d:40:40:39:ac:70:30:34:d0:b5:
                    d9:dd:9f:0a:4f:7f:e5:89:5c:81:26:27:ca:18:57:
                    88:e6:b4:07:cc:af:dc:88:ef:fc:e8:89:3b:c1:ec:
                    d4:20:d1:6a:4b:a0:77:6d:f5:d3:87:e8:c4:14:f5:
                    6d:63:12:77:b7:21:79:75:70:af:30:6e:01:8e:5f:
                    10:00:a1:ee:ac:b8:a3:ee:69:c5:69:9a:ef:77:69:
                    d5:3c:a9:ab:9c:8a:ae:7c:14:14:67:65:da:ee:7d:
                    50:b9:ec:01:21:ee:97:49:70:1a:43:4e:d7:3c:91:
                    c7:9b:85:13:5f:cc:b8:d9:ea:6a:ce:84:b2:bc:3d:
                    1e:12:2e:e3:09:71:ff:22:08:8a:6d:60:fa:f1:fd:
                    b9:41:4f:82:1f:d1:96:24:ee:91:c7:fa:e4:35:5b:
                    ce:e1:1b:75:bc:fb:a2:d6:4e:f0:57:6d:eb:c5:e6:
                    58:31:ba:79:d9:ab:7c:90:d6:48:a6:d9:73:c3:59:
                    eb:82:6c:c1:32:c5:01:bc:59:60:27:e3:86:c0:97:
                    f9:df:e3:9d:9d:d5:3f:84:9e:c9:c1:a5:4e:f0:af:
                    cb:1f:08:ab:24:e6:12:d8:da:e6:e4:22:01:59:8b:
                    33:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:BB:C8:3B:CB:88:F2:CB:30:4D:A4:12:02:F1:17:D2:EB:B4:92:A3
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/srvIO8uI8sswTaQSAvEX0uu0kqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:fe01::/32
                  2a0e:a942::/32
                  2a0e:cbc3::/33

    Signature Algorithm: sha256WithRSAEncryption
         19:05:4b:d0:70:8e:49:b7:6b:26:9f:cb:22:b1:86:86:32:81:
         64:ff:23:d6:22:dd:00:c8:a3:a4:9e:f3:af:89:4b:2b:d8:42:
         3d:7c:5e:0e:06:55:63:98:17:0b:02:dd:81:46:fb:ca:8f:62:
         6d:f3:e6:be:3a:74:1b:b7:63:b3:97:45:78:ae:91:fb:07:92:
         b2:56:f6:6d:f4:8c:01:97:25:62:5b:7c:25:fe:81:61:67:ee:
         83:2e:10:56:61:c9:68:2c:0d:a8:7d:3c:ed:82:b7:c3:bf:29:
         2a:8d:0d:90:26:3e:04:ee:f9:e0:aa:28:f6:eb:f4:6c:18:d9:
         7d:a7:01:16:19:a9:28:41:89:e5:95:21:43:8a:5e:ab:ee:d5:
         e0:3b:09:bf:2a:42:50:4c:fe:59:b2:b6:cc:51:1b:cb:86:ef:
         2d:7c:43:fe:36:93:f7:06:55:6d:40:c1:64:8f:a0:c3:f7:37:
         3b:2b:6b:7e:d5:b8:3f:92:b2:9f:34:8d:88:33:bd:36:70:48:
         25:5c:26:0f:8f:cf:68:de:e1:c4:15:1a:d9:df:66:ff:16:5e:
         96:17:42:84:8b:d1:29:11:34:71:d5:94:2b:10:a3:c9:29:7d:
         74:5b:bf:06:5c:b9:36:ed:60:1b:cd:64:79:60:6e:fa:f9:df:
         5a:31:d2:c9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY1pxtttb8FeeSw1qDeLghZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMjAyMTIyNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmJiYzgzYmNiODhmMmNiMzA0ZGE0MTIwMmYxMTdkMmViYjQ5MmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgw5DZjNMn3HVL4HaEDBbvoYfxY1A
QDmscDA00LXZ3Z8KT3/liVyBJifKGFeI5rQHzK/ciO/86Ik7wezUINFqS6B3bfXT
h+jEFPVtYxJ3tyF5dXCvMG4Bjl8QAKHurLij7mnFaZrvd2nVPKmrnIqufBQUZ2Xa
7n1QuewBIe6XSXAaQ07XPJHHm4UTX8y42epqzoSyvD0eEi7jCXH/IgiKbWD68f25
QU+CH9GWJO6Rx/rkNVvO4Rt1vPui1k7wV23rxeZYMbp52at8kNZIptlzw1nrgmzB
MsUBvFlgJ+OGwJf53+OdndU/hJ7JwaVO8K/LHwirJOYS2Nrm5CIBWYszQQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLK7yDvLiPLLME2kEgLxF9LrtJKjMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvc3J2SU84dUk4c3N3VGFRU0F2RVgwdXUwa3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAcBAIAAjAWAwUAKgz+AQMF
ACoOqUIDBgcqDsvDADANBgkqhkiG9w0BAQsFAAOCAQEAGQVL0HCOSbdrJp/LIrGG
hjKBZP8j1iLdAMijpJ7zr4lLK9hCPXxeDgZVY5gXCwLdgUb7yo9ibfPmvjp0G7dj
s5dFeK6R+weSslb2bfSMAZclYlt8Jf6BYWfugy4QVmHJaCwNqH087YK3w78pKo0N
kCY+BO754Koo9uv0bBjZfacBFhmpKEGJ5ZUhQ4peq+7V4DsJvypCUEz+WbK2zFEb
y4bvLXxD/jaT9wZVbUDBZI+gw/c3OytrftW4P5KynzSNiDO9NnBIJVwmD4/PaN7h
xBUa2d9m/xZelhdChIvRKRE0cdWUKxCjySl9dFu/Bly5Nu1gG81keWBu+vnfWjHS
yQ==
-----END CERTIFICATE-----