Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/P6rt6Sq4hVNa5zRxwvhjoclNgA4.roa
File:                     P6rt6Sq4hVNa5zRxwvhjoclNgA4.roa (raw, json)
Hash identifier:          eBVlft5vXCX6t3RH2ig6G23dn3zKRNEp0zr8pYeiFDk=
Subject key identifier:   3F:AA:ED:E9:2A:B8:85:53:5A:E7:34:71:C2:F8:63:A1:C9:4D:80:0E
Certificate issuer:       /CN=57e898bf420924f976b5ae451108b9e6a01fc7dc
Certificate serial:       018CC4246F48B895300094A7CB8B7DFA75AC
Authority key identifier: 57:E8:98:BF:42:09:24:F9:76:B5:AE:45:11:08:B9:E6:A0:1F:C7:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V-iYv0IJJPl2ta5FEQi55qAfx9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/P6rt6Sq4hVNa5zRxwvhjoclNgA4.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202771
IP address blocks:        185.155.28.0/22 maxlen: 24
                          2a07:90c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/V-iYv0IJJPl2ta5FEQi55qAfx9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/V-iYv0IJJPl2ta5FEQi55qAfx9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V-iYv0IJJPl2ta5FEQi55qAfx9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6f:48:b8:95:30:00:94:a7:cb:8b:7d:fa:75:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57e898bf420924f976b5ae451108b9e6a01fc7dc
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3faaede92ab885535ae73471c2f863a1c94d800e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:92:0f:c4:ab:2d:52:84:ad:53:01:2d:3e:4d:
                    5c:d4:7a:62:78:d6:c8:cc:45:64:d3:83:e7:b4:7b:
                    1b:2e:c4:7b:07:90:2c:83:52:52:47:b8:07:86:34:
                    82:f6:cd:57:de:9b:1e:41:a8:97:17:42:fb:d0:ac:
                    79:19:6f:68:98:14:15:68:b3:49:7d:06:80:30:bd:
                    c4:b8:b2:9a:e0:79:64:a4:a5:a9:2a:94:c6:dd:46:
                    cc:1e:1f:ee:a8:40:54:d8:27:4f:cb:56:4f:90:e9:
                    c8:1a:b6:c1:7c:11:1a:68:de:44:8d:5b:f3:c3:ea:
                    20:ca:f3:20:ea:19:e7:3d:9f:20:63:4f:57:9d:36:
                    fb:aa:a2:d9:d6:9c:d7:9c:9e:0b:bb:b9:fb:3b:08:
                    b2:ca:f6:2c:51:a3:78:fd:02:7f:f5:2e:e1:76:f8:
                    6e:17:71:67:10:76:1c:2b:0f:33:85:e7:54:41:4a:
                    28:22:ff:25:4d:4e:39:a0:7c:e9:96:6a:20:79:ae:
                    6c:da:eb:68:e6:23:7e:36:e4:08:f7:67:79:b5:35:
                    13:77:e4:2b:6a:63:cb:bf:4b:63:5d:09:20:1a:b3:
                    38:9f:e1:89:4d:24:16:32:95:87:f5:b3:2b:8e:c6:
                    2d:5d:21:67:28:d4:7d:55:ac:e0:28:a0:93:b5:fd:
                    a3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:AA:ED:E9:2A:B8:85:53:5A:E7:34:71:C2:F8:63:A1:C9:4D:80:0E
            X509v3 Authority Key Identifier:
                keyid:57:E8:98:BF:42:09:24:F9:76:B5:AE:45:11:08:B9:E6:A0:1F:C7:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V-iYv0IJJPl2ta5FEQi55qAfx9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/P6rt6Sq4hVNa5zRxwvhjoclNgA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/V-iYv0IJJPl2ta5FEQi55qAfx9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.28.0/22
                IPv6:
                  2a07:90c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:08:61:82:c5:cb:b2:7e:e5:52:6c:29:7d:4f:a1:4c:e0:e2:
         d1:94:53:3f:7b:48:9d:06:10:85:c2:65:24:98:7f:13:da:09:
         13:27:3e:b7:b5:4d:81:17:bd:5a:e9:63:d7:f6:0f:42:f7:33:
         0d:1a:51:cc:eb:b5:74:f8:8b:7c:96:67:27:c1:a7:a4:d6:24:
         bc:d0:7f:89:59:37:ef:d9:74:07:9a:1f:44:c6:42:4c:2b:52:
         46:d8:3a:36:4a:ef:f3:54:eb:6c:a3:72:5b:46:23:f6:32:5d:
         c3:69:48:a3:78:cf:1c:c3:9b:4b:8e:e2:4a:08:e3:a6:7f:7a:
         c9:23:89:98:2b:d4:6e:ec:ea:0f:f2:a4:9e:08:54:54:8d:97:
         56:61:43:e2:0e:1a:cd:a0:ef:ab:4a:38:0f:98:68:01:6e:0a:
         c7:82:ca:54:0c:63:1d:40:43:07:d2:e5:fc:49:0f:83:89:e5:
         09:fb:8d:2b:d8:18:f3:b6:66:8e:8f:10:a0:d0:b2:bd:29:50:
         15:37:8d:6c:66:b0:c3:c5:7d:29:33:e9:98:4c:e3:55:af:91:
         5b:2e:08:17:84:5b:2d:e6:28:90:64:36:6b:67:eb:83:b1:9d:
         1b:43:c4:6b:ff:4d:49:c6:e0:5e:88:4b:20:5f:0a:0a:ae:94:
         54:28:12:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJG9IuJUwAJSny4t9+nWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ZTg5OGJmNDIwOTI0Zjk3NmI1YWU0NTExMDhiOWU2YTAx
ZmM3ZGMwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmFhZWRlOTJhYjg4NTUzNWFlNzM0NzFjMmY4NjNhMWM5NGQ4MDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZIPxKstUoStUwEtPk1c1HpieNbI
zEVk04PntHsbLsR7B5Asg1JSR7gHhjSC9s1X3pseQaiXF0L70Kx5GW9omBQVaLNJ
fQaAML3EuLKa4HlkpKWpKpTG3UbMHh/uqEBU2CdPy1ZPkOnIGrbBfBEaaN5EjVvz
w+ogyvMg6hnnPZ8gY09XnTb7qqLZ1pzXnJ4Lu7n7OwiyyvYsUaN4/QJ/9S7hdvhu
F3FnEHYcKw8zhedUQUooIv8lTU45oHzplmogea5s2uto5iN+NuQI92d5tTUTd+Qr
amPLv0tjXQkgGrM4n+GJTSQWMpWH9bMrjsYtXSFnKNR9VazgKKCTtf2jjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD+q7ekquIVTWuc0ccL4Y6HJTYAOMB8GA1UdIwQY
MBaAFFfomL9CCST5drWuRREIueagH8fcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVi1pWXYwSUpKUGwydGE1RkVRaTU1cUFmeDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jNTE0Y2QtNzk1NC00NGNlLWJkN2Yt
NzEzYjQxNjg4NzA2LzEvUDZydDZTcTRoVk5hNXpSeHd2aGpvY2xOZ0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jNTE0Y2QtNzk1NC00NGNlLWJkN2YtNzEzYjQxNjg4NzA2
LzEvVi1pWXYwSUpKUGwydGE1RkVRaTU1cUFmeDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZscMA0E
AgACMAcDBQMqB5DAMA0GCSqGSIb3DQEBCwUAA4IBAQBHCGGCxcuyfuVSbCl9T6FM
4OLRlFM/e0idBhCFwmUkmH8T2gkTJz63tU2BF71a6WPX9g9C9zMNGlHM67V0+It8
lmcnwaek1iS80H+JWTfv2XQHmh9ExkJMK1JG2Do2Su/zVOtso3JbRiP2Ml3DaUij
eM8cw5tLjuJKCOOmf3rJI4mYK9Ru7OoP8qSeCFRUjZdWYUPiDhrNoO+rSjgPmGgB
bgrHgspUDGMdQEMH0uX8SQ+DieUJ+40r2BjztmaOjxCg0LK9KVAVN41sZrDDxX0p
M+mYTONVr5FbLggXhFst5iiQZDZrZ+uDsZ0bQ8Rr/01JxuBeiEsgXwoKrpRUKBLu
-----END CERTIFICATE-----