Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/_U7tppzLS7AVgs3iHGUFFobwaXo.roa
File:                     _U7tppzLS7AVgs3iHGUFFobwaXo.roa (raw, json)
Hash identifier:          JZkaNJHNhtEx3cTrwApswZY8t6qsStfc7mv+pSWGrWc=
Subject key identifier:   FD:4E:ED:A6:9C:CB:4B:B0:15:82:CD:E2:1C:65:05:16:86:F0:69:7A
Certificate issuer:       /CN=5fb88d91788fe9921089d9b6271e210f7f8914a2
Certificate serial:       018CC42562ABD18188A14ECE09418F409DC5
Authority key identifier: 5F:B8:8D:91:78:8F:E9:92:10:89:D9:B6:27:1E:21:0F:7F:89:14:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/_U7tppzLS7AVgs3iHGUFFobwaXo.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.52.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:62:ab:d1:81:88:a1:4e:ce:09:41:8f:40:9d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fb88d91788fe9921089d9b6271e210f7f8914a2
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd4eeda69ccb4bb01582cde21c65051686f0697a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a1:aa:b5:b4:f6:8f:ab:1f:5d:12:83:98:05:
                    69:1f:ac:2d:fc:77:01:fd:72:9c:53:be:76:2d:ad:
                    06:0c:30:73:83:72:90:f8:2f:a6:07:00:35:4f:7c:
                    2c:8d:64:f3:f0:bb:f7:42:d7:df:0c:ef:c8:d5:eb:
                    89:70:67:ee:23:4f:25:4c:3e:ad:a7:f1:0a:31:79:
                    27:22:d7:0d:d2:63:33:19:92:9f:3c:3e:f5:2a:5f:
                    6b:12:82:1a:d8:6b:bb:b7:62:10:2f:e1:7c:d3:76:
                    5c:ca:df:4d:49:03:8b:fc:71:67:8a:cc:4b:5d:27:
                    c4:f4:9c:62:c7:96:28:2e:c5:68:07:7a:59:bf:e4:
                    80:50:b0:9f:aa:b3:e4:96:ec:9b:7d:35:d5:3b:28:
                    fe:95:68:13:bf:6a:d3:27:e7:e9:2e:39:21:08:33:
                    3b:cf:6e:f8:1b:ec:39:04:bf:f3:21:a1:0d:b6:fa:
                    ce:b5:a9:5d:32:57:e3:fb:75:49:5a:fb:7e:a7:d7:
                    11:b3:0f:31:04:c9:40:88:20:dd:0e:0d:95:37:41:
                    62:45:25:02:34:87:6c:19:94:1b:2b:b9:94:52:fb:
                    73:a5:83:08:ef:01:d5:02:63:4a:2e:c0:12:bb:3c:
                    82:aa:8d:84:57:95:bd:1a:7d:fe:e1:c9:1a:76:1f:
                    d1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4E:ED:A6:9C:CB:4B:B0:15:82:CD:E2:1C:65:05:16:86:F0:69:7A
            X509v3 Authority Key Identifier:
                keyid:5F:B8:8D:91:78:8F:E9:92:10:89:D9:B6:27:1E:21:0F:7F:89:14:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/_U7tppzLS7AVgs3iHGUFFobwaXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:06:a3:89:b8:98:68:11:80:ef:6d:9d:86:1e:e7:9e:24:7b:
         0b:2a:01:90:e6:5c:23:c5:e0:57:37:2b:d4:74:7f:6a:a5:15:
         ec:21:ed:1e:00:d7:60:50:62:22:2a:32:87:2c:80:8e:bf:23:
         eb:87:58:49:af:92:b8:ba:67:3e:54:65:7f:88:e7:ca:9b:7f:
         da:d8:e1:c8:d0:1c:be:61:a1:1a:67:25:b8:74:4e:a8:ff:49:
         e9:3b:f4:f4:b8:03:9b:71:cc:ba:c8:e5:16:fa:7b:0a:16:fb:
         a9:27:33:d0:67:15:10:c7:f8:46:2e:e1:d5:01:2f:f2:3a:6a:
         c2:2b:a6:ed:98:a3:a6:cf:85:7f:a0:b3:54:f9:b1:00:3d:17:
         a4:90:24:75:cb:b4:6c:92:3b:86:36:04:b7:b8:8e:76:9d:9b:
         60:8a:13:c3:66:48:a5:df:9f:dd:e1:b3:f9:f6:9a:dd:b7:8b:
         5c:a7:bb:02:87:a9:61:5d:d3:48:3d:96:af:e4:4e:7d:3a:ea:
         7d:51:9d:c7:90:10:04:5e:65:a2:b3:49:c8:2b:4f:c3:01:bd:
         11:93:d9:6c:e8:e4:b8:3b:ed:6d:38:19:68:5d:93:b6:77:cb:
         23:c9:1e:28:a3:4c:a3:a6:14:ef:2f:f8:a4:c0:37:6a:11:6d:
         5e:0e:36:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWKr0YGIoU7OCUGPQJ3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYjg4ZDkxNzg4ZmU5OTIxMDg5ZDliNjI3MWUyMTBmN2Y4
OTE0YTIwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRlZWRhNjljY2I0YmIwMTU4MmNkZTIxYzY1MDUxNjg2ZjA2OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKGqtbT2j6sfXRKDmAVpH6wt/HcB
/XKcU752La0GDDBzg3KQ+C+mBwA1T3wsjWTz8Lv3QtffDO/I1euJcGfuI08lTD6t
p/EKMXknItcN0mMzGZKfPD71Kl9rEoIa2Gu7t2IQL+F803Zcyt9NSQOL/HFnisxL
XSfE9Jxix5YoLsVoB3pZv+SAULCfqrPkluybfTXVOyj+lWgTv2rTJ+fpLjkhCDM7
z274G+w5BL/zIaENtvrOtaldMlfj+3VJWvt+p9cRsw8xBMlAiCDdDg2VN0FiRSUC
NIdsGZQbK7mUUvtzpYMI7wHVAmNKLsASuzyCqo2EV5W9Gn3+4ckadh/ReQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1O7aacy0uwFYLN4hxlBRaG8Gl6MB8GA1UdIwQY
MBaAFF+4jZF4j+mSEInZticeIQ9/iRSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDdpTmtYaVA2WklRaWRtMkp4NGhEMy1KRktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zZjdiY2QtYTdlYS00ZTEwLWJhMzQt
NGNlNGQ4ZmVhNmVmLzEvX1U3dHBwekxTN0FWZ3MzaUhHVUZGb2J3YVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zZjdiY2QtYTdlYS00ZTEwLWJhMzQtNGNlNGQ4ZmVhNmVm
LzEvWDdpTmtYaVA2WklRaWRtMkp4NGhEMy1KRktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTTLMA0G
CSqGSIb3DQEBCwUAA4IBAQB1BqOJuJhoEYDvbZ2GHueeJHsLKgGQ5lwjxeBXNyvU
dH9qpRXsIe0eANdgUGIiKjKHLICOvyPrh1hJr5K4umc+VGV/iOfKm3/a2OHI0By+
YaEaZyW4dE6o/0npO/T0uAObccy6yOUW+nsKFvupJzPQZxUQx/hGLuHVAS/yOmrC
K6btmKOmz4V/oLNU+bEAPRekkCR1y7RskjuGNgS3uI52nZtgihPDZkil35/d4bP5
9prdt4tcp7sCh6lhXdNIPZav5E59Oup9UZ3HkBAEXmWis0nIK0/DAb0Rk9ls6OS4
O+1tOBloXZO2d8sjyR4oo0yjphTvL/ikwDdqEW1eDjbv
-----END CERTIFICATE-----