Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/8533c3-29e0-4506-b00d-36c87396923a/1/qB68wWlAfVE0WZem12ITO9mNfz8.roa
File:                     qB68wWlAfVE0WZem12ITO9mNfz8.roa (raw, json)
Hash identifier:          RtR4J4LXdNwVG9AdzOsE/UeU6RzRxSIe/MZPPfyjL18=
Subject key identifier:   A8:1E:BC:C1:69:40:7D:51:34:59:97:A6:D7:62:13:3B:D9:8D:7F:3F
Certificate issuer:       /CN=d32277ea304b2844a78689b3aa0d9219e3366773
Certificate serial:       018CC8714108BC75CE600B7AD2602B074435
Authority key identifier: D3:22:77:EA:30:4B:28:44:A7:86:89:B3:AA:0D:92:19:E3:36:67:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0yJ36jBLKESnhomzqg2SGeM2Z3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/8533c3-29e0-4506-b00d-36c87396923a/1/qB68wWlAfVE0WZem12ITO9mNfz8.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205103
IP address blocks:        185.230.68.0/22 maxlen: 24
                          2a0c:500::/30 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/8533c3-29e0-4506-b00d-36c87396923a/1/0yJ36jBLKESnhomzqg2SGeM2Z3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/8533c3-29e0-4506-b00d-36c87396923a/1/0yJ36jBLKESnhomzqg2SGeM2Z3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0yJ36jBLKESnhomzqg2SGeM2Z3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 16:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:41:08:bc:75:ce:60:0b:7a:d2:60:2b:07:44:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d32277ea304b2844a78689b3aa0d9219e3366773
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a81ebcc169407d51345997a6d762133bd98d7f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a8:c9:b8:8f:0d:b4:9b:2b:15:af:7e:ca:0e:
                    22:77:33:fc:d2:29:47:33:ae:d2:b0:9d:99:f2:69:
                    ae:85:e4:ed:ea:e0:eb:b5:d6:cd:96:70:b5:9e:a3:
                    07:aa:a8:6c:44:b2:03:03:8c:0b:fd:15:02:26:06:
                    0c:ad:94:c9:ad:c3:18:46:2e:48:0c:ff:a2:48:e0:
                    bf:51:ab:52:28:af:5a:c5:b8:0b:bc:d1:ab:7b:ff:
                    41:76:fe:0e:0a:73:35:b5:d7:fd:b8:d2:5e:d3:7a:
                    61:d7:69:ba:5b:de:82:fc:87:84:76:64:69:b4:48:
                    2b:35:7e:92:41:5b:50:3c:b1:2e:da:a6:2a:60:32:
                    80:0e:2e:ac:ec:ac:95:34:9b:7d:4b:95:d1:5e:d9:
                    c5:0a:6f:ab:42:3d:3c:ff:11:59:43:5e:e4:34:4d:
                    a2:21:40:a8:93:64:a0:d4:95:1d:ff:03:80:37:fa:
                    5a:4a:1d:b8:00:dd:83:ed:3c:56:e4:b7:96:b5:fd:
                    c4:ca:a3:1a:2e:25:a5:de:d7:60:e2:9d:29:ac:28:
                    1d:95:e4:85:01:a9:a0:d0:be:e9:54:01:26:42:95:
                    da:55:13:16:2d:99:64:be:62:11:b8:b0:00:86:dc:
                    f5:df:b8:c7:f2:22:db:53:98:62:0d:b9:5c:11:2c:
                    b9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1E:BC:C1:69:40:7D:51:34:59:97:A6:D7:62:13:3B:D9:8D:7F:3F
            X509v3 Authority Key Identifier:
                keyid:D3:22:77:EA:30:4B:28:44:A7:86:89:B3:AA:0D:92:19:E3:36:67:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0yJ36jBLKESnhomzqg2SGeM2Z3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8533c3-29e0-4506-b00d-36c87396923a/1/qB68wWlAfVE0WZem12ITO9mNfz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8533c3-29e0-4506-b00d-36c87396923a/1/0yJ36jBLKESnhomzqg2SGeM2Z3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.68.0/22
                IPv6:
                  2a0c:500::/30

    Signature Algorithm: sha256WithRSAEncryption
         01:78:bd:8c:bb:4c:9f:7e:22:a2:64:4a:b4:c0:a9:29:13:0e:
         8a:5e:7f:bb:a2:13:78:6c:38:fc:f2:62:98:d0:12:03:79:28:
         3b:03:af:3c:de:7f:4a:73:34:cc:34:9b:55:2a:b3:1e:3e:fd:
         ad:2c:cb:9a:2a:25:f5:00:9e:97:78:78:55:a9:d1:0e:3c:19:
         d5:04:96:80:ab:c6:93:f5:f8:3b:de:d1:3c:88:7c:65:65:45:
         6a:55:79:c2:36:c5:c8:30:b3:bb:e7:38:f0:19:69:36:7d:f5:
         74:f6:94:55:c0:3d:7b:66:f1:07:bb:34:cb:f2:d9:0a:35:bf:
         c7:72:48:79:fc:b2:dd:b4:57:ec:5d:a3:88:84:03:7c:7f:1a:
         2e:a4:a4:68:99:d8:79:0e:22:ca:aa:6c:95:99:33:4b:e5:47:
         2c:1b:88:8a:86:a0:bb:02:28:2e:1b:d2:bd:d5:a8:ca:94:ea:
         9a:26:99:fa:09:97:54:d4:8d:ed:32:f5:cc:8e:36:aa:48:a4:
         8e:1f:d8:55:6e:db:ab:d4:90:6a:bc:b5:e1:57:3f:3e:7e:74:
         49:81:00:c8:7c:13:6e:bb:26:62:b5:e7:5c:4c:e1:cb:b2:9a:
         f1:fe:b6:90:4d:bb:40:76:2a:0f:26:c1:57:00:2c:ac:b5:8d:
         23:6d:77:65
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcUEIvHXOYAt60mArB0Q1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMjI3N2VhMzA0YjI4NDRhNzg2ODliM2FhMGQ5MjE5ZTMz
NjY3NzMwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODFlYmNjMTY5NDA3ZDUxMzQ1OTk3YTZkNzYyMTMzYmQ5OGQ3ZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6jJuI8NtJsrFa9+yg4idzP80ilH
M67SsJ2Z8mmuheTt6uDrtdbNlnC1nqMHqqhsRLIDA4wL/RUCJgYMrZTJrcMYRi5I
DP+iSOC/UatSKK9axbgLvNGre/9Bdv4OCnM1tdf9uNJe03ph12m6W96C/IeEdmRp
tEgrNX6SQVtQPLEu2qYqYDKADi6s7KyVNJt9S5XRXtnFCm+rQj08/xFZQ17kNE2i
IUCok2Sg1JUd/wOAN/paSh24AN2D7TxW5LeWtf3EyqMaLiWl3tdg4p0prCgdleSF
Aamg0L7pVAEmQpXaVRMWLZlkvmIRuLAAhtz137jH8iLbU5hiDblcESy5CQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKgevMFpQH1RNFmXptdiEzvZjX8/MB8GA1UdIwQY
MBaAFNMid+owSyhEp4aJs6oNkhnjNmdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHlKMzZqQkxLRVNuaG9tenFnMlNHZU0yWjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84NTMzYzMtMjllMC00NTA2LWIwMGQt
MzZjODczOTY5MjNhLzEvcUI2OHdXbEFmVkUwV1plbTEySVRPOW1OZno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84NTMzYzMtMjllMC00NTA2LWIwMGQtMzZjODczOTY5MjNh
LzEvMHlKMzZqQkxLRVNuaG9tenFnMlNHZU0yWjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueZEMA0E
AgACMAcDBQIqDAUAMA0GCSqGSIb3DQEBCwUAA4IBAQABeL2Mu0yffiKiZEq0wKkp
Ew6KXn+7ohN4bDj88mKY0BIDeSg7A6883n9KczTMNJtVKrMePv2tLMuaKiX1AJ6X
eHhVqdEOPBnVBJaAq8aT9fg73tE8iHxlZUVqVXnCNsXIMLO75zjwGWk2ffV09pRV
wD17ZvEHuzTL8tkKNb/Hckh5/LLdtFfsXaOIhAN8fxoupKRomdh5DiLKqmyVmTNL
5UcsG4iKhqC7AiguG9K91ajKlOqaJpn6CZdU1I3tMvXMjjaqSKSOH9hVbtur1JBq
vLXhVz8+fnRJgQDIfBNuuyZitedcTOHLsprx/raQTbtAdioPJsFXACystY0jbXdl
-----END CERTIFICATE-----