Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/Bd_b6fzTAuU26a43knucH0iD3SQ.roa
File:                     Bd_b6fzTAuU26a43knucH0iD3SQ.roa (raw, json)
Hash identifier:          1Re1OnU6xuN92nLJNDmybHEMJ9HGZeyIg0N+Y8kggDc=
Subject key identifier:   05:DF:DB:E9:FC:D3:02:E5:36:E9:AE:37:92:7B:9C:1F:48:83:DD:24
Certificate issuer:       /CN=6954e90899ff25644520724cde8c211613600bef
Certificate serial:       018CD403CDBFDBADBF4373B0006DFDAD0236
Authority key identifier: 69:54:E9:08:99:FF:25:64:45:20:72:4C:DE:8C:21:16:13:60:0B:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVTpCJn_JWRFIHJM3owhFhNgC-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/Bd_b6fzTAuU26a43knucH0iD3SQ.roa
Signing time:             Thu 04 Jan 2024 10:27:48 +0000
ROA not before:           Thu 04 Jan 2024 10:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51569
IP address blocks:        185.95.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/aVTpCJn_JWRFIHJM3owhFhNgC-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/aVTpCJn_JWRFIHJM3owhFhNgC-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVTpCJn_JWRFIHJM3owhFhNgC-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d4:03:cd:bf:db:ad:bf:43:73:b0:00:6d:fd:ad:02:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6954e90899ff25644520724cde8c211613600bef
        Validity
            Not Before: Jan  4 10:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05dfdbe9fcd302e536e9ae37927b9c1f4883dd24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b1:44:b1:c5:07:85:ed:e7:20:da:44:4e:ea:
                    f9:96:97:09:05:cd:84:c0:69:29:2a:87:a8:7d:f2:
                    90:b6:aa:fd:0e:71:7f:e4:fd:10:ed:6e:f3:e5:b5:
                    e0:c2:e5:e9:4a:7f:3d:a9:2d:7b:56:52:e8:6a:b0:
                    66:e4:57:1f:55:a9:9b:7f:0d:90:05:5a:71:a8:f9:
                    62:5d:0f:b4:be:36:70:92:f4:85:d3:8c:b4:f9:3f:
                    94:5a:9b:e8:34:f6:27:f3:02:e1:1a:91:50:7f:08:
                    aa:d4:d7:f6:e5:96:17:99:20:31:c9:7a:8a:ae:38:
                    35:36:58:64:69:cf:94:ce:ee:6f:2b:13:5f:0e:d6:
                    c0:55:b9:ba:50:f2:9c:39:b2:6f:02:85:62:ff:9e:
                    de:f7:a7:ea:17:4b:f1:7d:9e:62:a0:66:0d:ec:69:
                    31:38:a2:bb:06:0d:63:d9:0c:6d:e6:ee:53:7e:f8:
                    77:2a:c4:96:be:ee:eb:c5:c8:db:f9:20:b1:25:6c:
                    ff:49:53:8e:a6:10:9e:77:0e:31:b0:c0:f3:a7:47:
                    74:c4:0f:79:c6:db:e4:44:7d:e6:94:87:61:90:f1:
                    03:cb:12:d1:58:d7:b3:3d:f6:31:57:77:08:69:e1:
                    3e:c2:03:d8:23:b1:31:43:d9:52:d8:c0:a5:75:de:
                    f4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:DF:DB:E9:FC:D3:02:E5:36:E9:AE:37:92:7B:9C:1F:48:83:DD:24
            X509v3 Authority Key Identifier:
                keyid:69:54:E9:08:99:FF:25:64:45:20:72:4C:DE:8C:21:16:13:60:0B:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVTpCJn_JWRFIHJM3owhFhNgC-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/Bd_b6fzTAuU26a43knucH0iD3SQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/aVTpCJn_JWRFIHJM3owhFhNgC-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:8a:7d:89:16:d3:f9:27:3d:b9:fe:fe:35:f8:f5:7b:b2:05:
         34:c4:2a:8c:c2:df:c3:43:40:47:21:74:ea:c7:cc:2a:78:64:
         16:3e:f5:9c:33:c5:d1:68:65:db:fb:05:df:af:d8:4f:31:da:
         f3:29:55:00:9e:1b:93:76:17:ca:ff:45:c7:c9:d6:c4:a2:4e:
         64:0d:ea:a3:54:28:54:ea:46:03:a4:3b:0a:69:90:41:23:8c:
         67:c2:da:ed:09:fe:fe:f6:ba:b6:94:41:a7:0d:b7:78:3b:e4:
         86:6d:53:f5:0c:bd:73:52:aa:ff:96:53:dd:f6:4b:1e:4c:98:
         e2:3a:3a:5f:87:e9:b8:f1:58:59:ed:35:ab:10:b1:de:37:ac:
         11:32:09:50:a5:bf:0c:66:ed:86:08:47:eb:30:34:51:0f:e6:
         28:41:27:31:f4:32:32:8c:f4:75:a6:b8:11:ac:62:27:91:26:
         4b:7c:c5:b8:9d:82:d8:eb:05:6d:0d:cb:6f:aa:f1:93:b4:91:
         c4:4e:84:63:90:f8:79:c2:d8:16:51:75:ca:71:c7:87:db:86:
         78:3c:2d:8f:ec:84:25:24:a5:e5:bd:5b:d4:68:16:8f:99:14:
         3c:67:7f:14:3b:23:7d:88:a0:46:54:ab:03:05:31:2b:7d:65:
         94:3b:06:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzUA82/262/Q3OwAG39rQI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTRlOTA4OTlmZjI1NjQ0NTIwNzI0Y2RlOGMyMTE2MTM2
MDBiZWYwHhcNMjQwMTA0MTAyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWRmZGJlOWZjZDMwMmU1MzZlOWFlMzc5MjdiOWMxZjQ4ODNkZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7FEscUHhe3nINpETur5lpcJBc2E
wGkpKoeoffKQtqr9DnF/5P0Q7W7z5bXgwuXpSn89qS17VlLoarBm5FcfVambfw2Q
BVpxqPliXQ+0vjZwkvSF04y0+T+UWpvoNPYn8wLhGpFQfwiq1Nf25ZYXmSAxyXqK
rjg1Nlhkac+Uzu5vKxNfDtbAVbm6UPKcObJvAoVi/57e96fqF0vxfZ5ioGYN7Gkx
OKK7Bg1j2Qxt5u5Tfvh3KsSWvu7rxcjb+SCxJWz/SVOOphCedw4xsMDzp0d0xA95
xtvkRH3mlIdhkPEDyxLRWNezPfYxV3cIaeE+wgPYI7ExQ9lS2MCldd70SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXf2+n80wLlNumuN5J7nB9Ig90kMB8GA1UdIwQY
MBaAFGlU6QiZ/yVkRSByTN6MIRYTYAvvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZUcENKbl9KV1JGSUhKTTNvd2hGaE5nQy04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8xY2I5MTEtNWU3Zi00OWU4LWI0ZjAt
M2Y2ZWU3MDU5MTViLzEvQmRfYjZmelRBdVUyNmE0M2tudWNIMGlEM1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8xY2I5MTEtNWU3Zi00OWU4LWI0ZjAtM2Y2ZWU3MDU5MTVi
LzEvYVZUcENKbl9KV1JGSUhKTTNvd2hGaE5nQy04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBHin2JFtP5Jz25/v41+PV7sgU0xCqMwt/DQ0BHIXTq
x8wqeGQWPvWcM8XRaGXb+wXfr9hPMdrzKVUAnhuTdhfK/0XHydbEok5kDeqjVChU
6kYDpDsKaZBBI4xnwtrtCf7+9rq2lEGnDbd4O+SGbVP1DL1zUqr/llPd9kseTJji
Ojpfh+m48VhZ7TWrELHeN6wRMglQpb8MZu2GCEfrMDRRD+YoQScx9DIyjPR1prgR
rGInkSZLfMW4nYLY6wVtDctvqvGTtJHEToRjkPh5wtgWUXXKcceH24Z4PC2P7IQl
JKXlvVvUaBaPmRQ8Z38UOyN9iKBGVKsDBTErfWWUOwYq
-----END CERTIFICATE-----