Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/eG_11npt4gRII3ILpOg8PtVpp3o.roa
File:                     eG_11npt4gRII3ILpOg8PtVpp3o.roa (raw, json)
Hash identifier:          BsAZWGItNqPvJffkccHKnsu/YQoglINj8yQIaW9IQMc=
Subject key identifier:   78:6F:F5:D6:7A:6D:E2:04:48:23:72:0B:A4:E8:3C:3E:D5:69:A7:7A
Certificate issuer:       /CN=5fb88d91788fe9921089d9b6271e210f7f8914a2
Certificate serial:       018CC42563036A35C6E87B3A66843DE15EE4
Authority key identifier: 5F:B8:8D:91:78:8F:E9:92:10:89:D9:B6:27:1E:21:0F:7F:89:14:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/eG_11npt4gRII3ILpOg8PtVpp3o.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60102
IP address blocks:        185.52.202.0/24 maxlen: 24
                          185.52.201.0/24 maxlen: 24
                          185.52.200.0/24 maxlen: 24
                          185.52.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:63:03:6a:35:c6:e8:7b:3a:66:84:3d:e1:5e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fb88d91788fe9921089d9b6271e210f7f8914a2
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=786ff5d67a6de2044823720ba4e83c3ed569a77a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:12:a7:dc:71:a5:55:d9:2f:da:14:3d:78:58:
                    ad:f6:de:d4:3c:97:2f:2b:ab:5d:cf:af:3c:04:db:
                    1d:74:0d:a3:19:71:7a:b0:c4:b6:4c:c9:9a:20:91:
                    14:d7:19:2e:d0:12:36:69:5c:41:1b:cb:36:28:5c:
                    ff:31:5a:13:15:45:c5:52:94:4e:7e:e4:2e:a2:bb:
                    f1:89:28:f5:14:7a:fa:f5:30:02:f8:f4:f6:1c:9a:
                    10:e4:8b:a0:c4:33:4c:2a:59:fc:50:8b:64:81:2d:
                    eb:a8:cc:e0:fd:e3:7c:ff:0f:eb:4b:98:5f:8f:49:
                    7b:23:d2:a1:b5:55:53:e2:9c:55:45:8b:93:bf:f3:
                    4c:d9:90:53:97:7c:58:ac:ce:1f:75:4d:c4:c9:ee:
                    4c:98:a1:c4:f0:61:f1:8c:eb:ee:2f:b7:d7:78:f4:
                    fd:a5:2e:8b:33:b1:18:4c:d1:3b:ce:44:6b:20:7f:
                    6a:0f:01:2d:fd:b8:7f:da:63:9c:39:79:84:4b:20:
                    0e:c2:11:d1:a2:56:d8:e0:9b:58:e5:2b:32:ef:50:
                    86:b4:5f:27:4a:45:0e:cc:b3:5f:cb:3e:1f:f7:e4:
                    5a:fa:62:9a:12:92:d6:2e:4e:8e:47:0c:63:2e:e3:
                    62:fb:1c:dc:4b:99:c3:6d:a4:4a:d6:36:f4:f2:7d:
                    32:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6F:F5:D6:7A:6D:E2:04:48:23:72:0B:A4:E8:3C:3E:D5:69:A7:7A
            X509v3 Authority Key Identifier:
                keyid:5F:B8:8D:91:78:8F:E9:92:10:89:D9:B6:27:1E:21:0F:7F:89:14:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/eG_11npt4gRII3ILpOg8PtVpp3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f7bcd-a7ea-4e10-ba34-4ce4d8fea6ef/1/X7iNkXiP6ZIQidm2Jx4hD3-JFKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:48:00:5e:11:cb:73:64:37:85:4d:f4:5e:18:58:01:21:79:
         2f:ef:2a:fb:5b:27:23:00:2f:57:fd:36:1a:75:2f:38:57:b1:
         b9:e2:bc:63:b5:a5:37:81:bd:30:fa:de:fc:78:8d:f0:37:c6:
         36:44:e1:10:aa:97:a1:38:46:7e:3a:19:4d:f4:5a:c8:27:49:
         f7:a7:43:f7:b9:a2:dd:24:1b:12:79:eb:bd:69:f3:21:57:e8:
         fa:52:0e:8a:79:4f:06:63:4d:f5:13:4b:b0:43:81:8e:45:40:
         d0:9f:be:26:3a:a6:ac:c0:4e:6d:7d:a3:56:c3:11:2f:46:6a:
         6f:f0:5f:4c:45:33:6d:51:8a:2c:6c:f5:0d:25:08:df:0a:d3:
         8a:49:41:38:14:fd:17:4a:9d:bc:c4:a6:ca:51:ff:ae:a9:ee:
         61:ad:6e:17:6b:c3:16:46:74:1c:f0:d2:b2:84:bb:09:d7:8b:
         f5:3f:fb:27:2f:a3:c2:51:3e:2d:e4:06:b9:3c:21:36:5b:c5:
         4a:9a:de:cc:b0:c2:00:2f:88:d9:e3:a0:0a:a1:59:fa:0c:43:
         3b:ca:a9:a9:53:3f:07:c2:fe:00:fd:c1:54:19:87:73:e5:52:
         82:80:fa:b5:42:2e:c8:fc:ff:20:64:99:5b:91:26:82:03:46:
         5b:5b:e5:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWMDajXG6Hs6ZoQ94V7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYjg4ZDkxNzg4ZmU5OTIxMDg5ZDliNjI3MWUyMTBmN2Y4
OTE0YTIwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODZmZjVkNjdhNmRlMjA0NDgyMzcyMGJhNGU4M2MzZWQ1NjlhNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xKn3HGlVdkv2hQ9eFit9t7UPJcv
K6tdz688BNsddA2jGXF6sMS2TMmaIJEU1xku0BI2aVxBG8s2KFz/MVoTFUXFUpRO
fuQuorvxiSj1FHr69TAC+PT2HJoQ5IugxDNMKln8UItkgS3rqMzg/eN8/w/rS5hf
j0l7I9KhtVVT4pxVRYuTv/NM2ZBTl3xYrM4fdU3Eye5MmKHE8GHxjOvuL7fXePT9
pS6LM7EYTNE7zkRrIH9qDwEt/bh/2mOcOXmESyAOwhHRolbY4JtY5Ssy71CGtF8n
SkUOzLNfyz4f9+Ra+mKaEpLWLk6ORwxjLuNi+xzcS5nDbaRK1jb08n0yKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhv9dZ6beIESCNyC6ToPD7Vaad6MB8GA1UdIwQY
MBaAFF+4jZF4j+mSEInZticeIQ9/iRSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDdpTmtYaVA2WklRaWRtMkp4NGhEMy1KRktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zZjdiY2QtYTdlYS00ZTEwLWJhMzQt
NGNlNGQ4ZmVhNmVmLzEvZUdfMTFucHQ0Z1JJSTNJTHBPZzhQdFZwcDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zZjdiY2QtYTdlYS00ZTEwLWJhMzQtNGNlNGQ4ZmVhNmVm
LzEvWDdpTmtYaVA2WklRaWRtMkp4NGhEMy1KRktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTTIMA0G
CSqGSIb3DQEBCwUAA4IBAQC2SABeEctzZDeFTfReGFgBIXkv7yr7WycjAC9X/TYa
dS84V7G54rxjtaU3gb0w+t78eI3wN8Y2ROEQqpehOEZ+OhlN9FrIJ0n3p0P3uaLd
JBsSeeu9afMhV+j6Ug6KeU8GY031E0uwQ4GORUDQn74mOqaswE5tfaNWwxEvRmpv
8F9MRTNtUYosbPUNJQjfCtOKSUE4FP0XSp28xKbKUf+uqe5hrW4Xa8MWRnQc8NKy
hLsJ14v1P/snL6PCUT4t5Aa5PCE2W8VKmt7MsMIAL4jZ46AKoVn6DEM7yqmpUz8H
wv4A/cFUGYdz5VKCgPq1Qi7I/P8gZJlbkSaCA0ZbW+UR
-----END CERTIFICATE-----