Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/782447-ec8b-4289-9c1c-28f960eb7a39/1/bruD0r-8X8AHuBXnHv-0Labx7yY.roa
File:                     bruD0r-8X8AHuBXnHv-0Labx7yY.roa (raw, json)
Hash identifier:          JsOVTL4vyVxPUzyria0VUbXb3pu7pNaEcDG4i/ZIePk=
Subject key identifier:   6E:BB:83:D2:BF:BC:5F:C0:07:B8:15:E7:1E:FF:B4:2D:A6:F1:EF:26
Certificate issuer:       /CN=79df50e26894bb0e81359606d82b7190c17598cc
Certificate serial:       018CC7947778FD455F2F0F47E9ED48CC2410
Authority key identifier: 79:DF:50:E2:68:94:BB:0E:81:35:96:06:D8:2B:71:90:C1:75:98:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ed9Q4miUuw6BNZYG2CtxkMF1mMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/782447-ec8b-4289-9c1c-28f960eb7a39/1/bruD0r-8X8AHuBXnHv-0Labx7yY.roa
Signing time:             Tue 02 Jan 2024 00:30:45 +0000
ROA not before:           Tue 02 Jan 2024 00:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201059
IP address blocks:        185.81.148.0/22 maxlen: 22
                          2a05:68c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/782447-ec8b-4289-9c1c-28f960eb7a39/1/ed9Q4miUuw6BNZYG2CtxkMF1mMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/782447-ec8b-4289-9c1c-28f960eb7a39/1/ed9Q4miUuw6BNZYG2CtxkMF1mMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ed9Q4miUuw6BNZYG2CtxkMF1mMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:77:78:fd:45:5f:2f:0f:47:e9:ed:48:cc:24:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79df50e26894bb0e81359606d82b7190c17598cc
        Validity
            Not Before: Jan  2 00:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ebb83d2bfbc5fc007b815e71effb42da6f1ef26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8b:5e:35:bb:9d:fc:cd:a9:c5:b6:5a:1b:28:
                    c0:bb:ea:30:48:64:9b:44:b4:3e:a3:eb:cc:25:0c:
                    b8:1e:5f:18:4a:7d:ca:b3:ab:85:dc:6c:ab:8c:f3:
                    f7:e8:72:71:30:3f:41:a9:c4:dc:78:d2:51:30:1d:
                    83:99:ed:1e:7c:1d:42:f4:ba:9e:f6:bf:c3:fe:3f:
                    37:16:11:8f:d8:46:64:ad:2d:95:ba:f8:fc:33:6e:
                    55:85:50:04:2d:e7:ed:c7:8e:f2:ef:1f:3a:a2:e2:
                    1f:d7:93:79:ba:c0:16:55:f0:cf:58:8f:0a:91:9d:
                    c8:3a:09:d8:91:02:38:86:ed:36:c9:f6:e3:0f:e0:
                    36:34:0a:3c:e8:c9:80:a6:c4:43:10:d5:68:77:a7:
                    37:19:65:47:0b:8a:e8:8b:78:ee:0e:6e:6e:eb:ae:
                    06:cb:19:2c:9f:73:83:7e:a7:24:c4:46:6c:d6:74:
                    6c:e5:9e:b3:06:15:0e:a8:cf:55:0c:f6:1c:ee:54:
                    f9:ff:bb:68:3e:53:6b:ff:a4:72:dd:a5:ee:d0:97:
                    97:98:57:bd:da:cb:6d:19:6b:21:fc:ec:b1:7e:4d:
                    95:e5:c1:90:b8:f4:85:80:27:b6:17:f4:40:cc:a4:
                    ba:6d:ec:c6:12:ec:36:c2:ab:44:f9:16:b3:c4:e8:
                    a4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:BB:83:D2:BF:BC:5F:C0:07:B8:15:E7:1E:FF:B4:2D:A6:F1:EF:26
            X509v3 Authority Key Identifier:
                keyid:79:DF:50:E2:68:94:BB:0E:81:35:96:06:D8:2B:71:90:C1:75:98:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed9Q4miUuw6BNZYG2CtxkMF1mMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/782447-ec8b-4289-9c1c-28f960eb7a39/1/bruD0r-8X8AHuBXnHv-0Labx7yY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/782447-ec8b-4289-9c1c-28f960eb7a39/1/ed9Q4miUuw6BNZYG2CtxkMF1mMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.148.0/22
                IPv6:
                  2a05:68c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:88:0c:e8:a3:0d:4f:53:9c:35:f6:ae:bd:e8:95:2d:11:d5:
         0e:2a:cd:73:b2:9e:f0:40:13:2d:96:1f:6b:ba:bb:97:50:33:
         d5:6e:f0:f4:c9:70:c6:50:78:12:ab:8c:6e:f1:aa:15:ef:8a:
         34:a0:da:26:a3:75:85:e2:4a:20:2f:7c:fe:7a:cc:da:f3:28:
         2e:32:c4:f2:77:ee:18:a3:43:80:be:41:fe:c6:a1:7f:45:60:
         cf:f6:9b:c1:8e:05:68:c4:0d:60:2f:b8:74:45:22:07:0d:82:
         96:e0:a6:d5:07:60:c8:49:79:60:3d:55:30:a9:6e:59:9d:9a:
         8a:3b:b7:2d:d3:6a:ce:55:42:1b:41:8a:e0:85:f0:bb:c0:4b:
         88:58:c4:fe:2a:bd:77:52:06:56:68:53:d7:b0:2b:a8:26:d6:
         c1:c4:99:f9:da:ea:b1:87:12:98:d0:03:4c:d1:f7:84:8f:38:
         e7:22:e0:07:3f:24:3e:fd:b9:02:64:8f:8a:d2:ab:b4:61:03:
         7f:82:e6:fe:fc:88:2f:af:8d:68:1c:e6:a1:4e:df:3c:21:af:
         d8:2d:09:99:04:6d:d9:c0:e5:66:7f:3c:be:4a:dc:23:0d:75:
         96:e2:f5:b5:12:7e:00:b2:0d:1b:2d:7b:c6:a5:a6:e8:9e:e4:
         22:80:7a:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlHd4/UVfLw9H6e1IzCQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZGY1MGUyNjg5NGJiMGU4MTM1OTYwNmQ4MmI3MTkwYzE3
NTk4Y2MwHhcNMjQwMTAyMDAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWJiODNkMmJmYmM1ZmMwMDdiODE1ZTcxZWZmYjQyZGE2ZjFlZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoteNbud/M2pxbZaGyjAu+owSGSb
RLQ+o+vMJQy4Hl8YSn3Ks6uF3GyrjPP36HJxMD9BqcTceNJRMB2Dme0efB1C9Lqe
9r/D/j83FhGP2EZkrS2Vuvj8M25VhVAELeftx47y7x86ouIf15N5usAWVfDPWI8K
kZ3IOgnYkQI4hu02yfbjD+A2NAo86MmApsRDENVod6c3GWVHC4roi3juDm5u664G
yxksn3ODfqckxEZs1nRs5Z6zBhUOqM9VDPYc7lT5/7toPlNr/6Ry3aXu0JeXmFe9
2sttGWsh/Oyxfk2V5cGQuPSFgCe2F/RAzKS6bezGEuw2wqtE+RazxOikowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG67g9K/vF/AB7gV5x7/tC2m8e8mMB8GA1UdIwQY
MBaAFHnfUOJolLsOgTWWBtgrcZDBdZjMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWQ5UTRtaVV1dzZCTlpZRzJDdHhrTUYxbU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC83ODI0NDctZWM4Yi00Mjg5LTljMWMt
MjhmOTYwZWI3YTM5LzEvYnJ1RDByLThYOEFIdUJYbkh2LTBMYWJ4N3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC83ODI0NDctZWM4Yi00Mjg5LTljMWMtMjhmOTYwZWI3YTM5
LzEvZWQ5UTRtaVV1dzZCTlpZRzJDdHhrTUYxbU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVGUMA0E
AgACMAcDBQMqBWjAMA0GCSqGSIb3DQEBCwUAA4IBAQCTiAzoow1PU5w19q696JUt
EdUOKs1zsp7wQBMtlh9ruruXUDPVbvD0yXDGUHgSq4xu8aoV74o0oNomo3WF4kog
L3z+esza8yguMsTyd+4Yo0OAvkH+xqF/RWDP9pvBjgVoxA1gL7h0RSIHDYKW4KbV
B2DISXlgPVUwqW5ZnZqKO7ct02rOVUIbQYrghfC7wEuIWMT+Kr13UgZWaFPXsCuo
JtbBxJn52uqxhxKY0ANM0feEjzjnIuAHPyQ+/bkCZI+K0qu0YQN/gub+/Igvr41o
HOahTt88Ia/YLQmZBG3ZwOVmfzy+StwjDXWW4vW1En4Asg0bLXvGpabonuQigHqt
-----END CERTIFICATE-----