Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/48f964-a431-4de6-99ce-84ee488566f1/1/1ot6mxsmtvJJZSpoQ3K5_RdeDoA.roa
File:                     1ot6mxsmtvJJZSpoQ3K5_RdeDoA.roa (raw, json)
Hash identifier:          Y/01kguj+rJYYQkcEYGkmSlSpA/UVgWoAo7lJOlb1UM=
Subject key identifier:   D6:8B:7A:9B:1B:26:B6:F2:49:65:2A:68:43:72:B9:FD:17:5E:0E:80
Certificate issuer:       /CN=06785117986adaa437bec30a2bf9f157a9257df2
Certificate serial:       018CC56E56EFD49D41151C7373DB3DB8B71C
Authority key identifier: 06:78:51:17:98:6A:DA:A4:37:BE:C3:0A:2B:F9:F1:57:A9:25:7D:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnhRF5hq2qQ3vsMKK_nxV6klffI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/48f964-a431-4de6-99ce-84ee488566f1/1/1ot6mxsmtvJJZSpoQ3K5_RdeDoA.roa
Signing time:             Mon 01 Jan 2024 14:29:51 +0000
ROA not before:           Mon 01 Jan 2024 14:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56327
IP address blocks:        185.248.72.0/22 maxlen: 22
                          185.219.224.0/22 maxlen: 22
                          2a0f:78c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/48f964-a431-4de6-99ce-84ee488566f1/1/BnhRF5hq2qQ3vsMKK_nxV6klffI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/48f964-a431-4de6-99ce-84ee488566f1/1/BnhRF5hq2qQ3vsMKK_nxV6klffI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnhRF5hq2qQ3vsMKK_nxV6klffI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:56:ef:d4:9d:41:15:1c:73:73:db:3d:b8:b7:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06785117986adaa437bec30a2bf9f157a9257df2
        Validity
            Not Before: Jan  1 14:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d68b7a9b1b26b6f249652a684372b9fd175e0e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2d:0b:1f:04:eb:6a:bc:1a:11:9a:f8:27:36:
                    6f:8d:6c:e1:21:19:34:36:8f:67:b5:65:d5:a0:f3:
                    73:44:73:7c:07:ab:3c:a9:bd:34:e3:1c:0d:37:0c:
                    4d:99:52:20:66:4c:6d:72:c6:2c:c5:6f:09:07:a6:
                    46:06:e0:da:11:df:1e:c7:28:72:1e:b3:e7:b4:8e:
                    57:69:98:08:3e:70:cb:59:0a:9e:c3:79:23:74:c8:
                    bf:25:0f:d1:7b:af:3f:33:19:bd:68:2c:b3:06:cf:
                    f6:fb:f2:26:1e:04:03:de:a8:a7:2d:99:83:30:c9:
                    f3:58:58:d2:f4:e7:08:94:72:78:45:7b:49:39:c7:
                    f0:0e:6c:55:2c:54:d7:cc:81:2d:b2:4c:1e:8f:29:
                    24:55:0c:b9:80:73:bd:b1:94:37:7f:b3:e3:70:5e:
                    3a:f5:84:f0:7d:6b:ef:d2:03:91:bc:89:b2:1a:b7:
                    06:73:fd:f1:73:2b:de:88:da:57:e2:9b:54:98:26:
                    bf:6b:c1:3d:48:77:6d:7c:e6:14:e2:ab:85:28:46:
                    35:ab:15:a1:0f:38:96:16:73:02:0f:4b:3a:94:c9:
                    d0:db:3a:b3:77:ea:15:81:2c:e2:e0:79:7a:7b:af:
                    97:24:e8:23:0c:d0:cb:51:41:ad:69:10:07:de:9e:
                    cf:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:8B:7A:9B:1B:26:B6:F2:49:65:2A:68:43:72:B9:FD:17:5E:0E:80
            X509v3 Authority Key Identifier:
                keyid:06:78:51:17:98:6A:DA:A4:37:BE:C3:0A:2B:F9:F1:57:A9:25:7D:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnhRF5hq2qQ3vsMKK_nxV6klffI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/48f964-a431-4de6-99ce-84ee488566f1/1/1ot6mxsmtvJJZSpoQ3K5_RdeDoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/48f964-a431-4de6-99ce-84ee488566f1/1/BnhRF5hq2qQ3vsMKK_nxV6klffI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.224.0/22
                  185.248.72.0/22
                IPv6:
                  2a0f:78c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:c2:bb:20:5f:e1:3b:df:f5:61:34:60:33:1a:6c:20:9b:ca:
         03:bc:d9:2b:26:b4:13:4c:3c:00:80:ca:ca:d6:ff:d8:64:7d:
         fc:95:c2:72:0b:a9:e3:a6:a6:94:f9:72:6f:78:96:e0:dd:97:
         7f:24:38:65:80:1e:07:04:b6:ef:e4:23:a8:c1:f5:02:18:d1:
         0d:f6:1b:ed:03:77:35:78:4a:23:10:8f:a0:20:d3:2f:1c:51:
         8f:cf:e6:34:6b:a3:4e:09:d0:0d:ca:ca:83:7a:05:31:ce:49:
         33:d2:bc:d1:97:fa:2f:6e:67:11:68:43:d1:84:05:9d:27:93:
         bc:7c:47:c5:bd:b0:16:3f:c0:0a:ad:b1:06:c0:68:49:14:9d:
         39:7f:80:d9:45:d2:bf:f0:1b:e2:19:51:19:68:8b:84:b6:44:
         69:b1:a9:9a:2a:28:5f:3d:1a:b9:7a:3f:9c:0d:fd:ac:90:49:
         ba:cd:3c:d2:f8:c5:24:21:8b:5b:c2:e3:63:42:92:a3:26:42:
         16:35:6d:e9:d5:07:9d:f3:65:7a:f4:a0:17:2e:71:8f:13:46:
         bd:4e:1c:29:a5:a5:51:f9:7a:8c:94:53:21:74:b2:54:00:54:
         af:59:76:9e:42:e5:01:52:9a:7e:a9:68:d9:4e:3a:5f:8b:fb:
         d4:83:87:be
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFblbv1J1BFRxzc9s9uLccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Nzg1MTE3OTg2YWRhYTQzN2JlYzMwYTJiZjlmMTU3YTky
NTdkZjIwHhcNMjQwMTAxMTQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjhiN2E5YjFiMjZiNmYyNDk2NTJhNjg0MzcyYjlmZDE3NWUwZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi0LHwTrarwaEZr4JzZvjWzhIRk0
No9ntWXVoPNzRHN8B6s8qb004xwNNwxNmVIgZkxtcsYsxW8JB6ZGBuDaEd8exyhy
HrPntI5XaZgIPnDLWQqew3kjdMi/JQ/Re68/Mxm9aCyzBs/2+/ImHgQD3qinLZmD
MMnzWFjS9OcIlHJ4RXtJOcfwDmxVLFTXzIEtskwejykkVQy5gHO9sZQ3f7PjcF46
9YTwfWvv0gORvImyGrcGc/3xcyveiNpX4ptUmCa/a8E9SHdtfOYU4quFKEY1qxWh
DziWFnMCD0s6lMnQ2zqzd+oVgSzi4Hl6e6+XJOgjDNDLUUGtaRAH3p7PPwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNaLepsbJrbySWUqaENyuf0XXg6AMB8GA1UdIwQY
MBaAFAZ4UReYatqkN77DCiv58VepJX3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5oUkY1aHEycVEzdnNNS0tfbnhWNmtsZmZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80OGY5NjQtYTQzMS00ZGU2LTk5Y2Ut
ODRlZTQ4ODU2NmYxLzEvMW90Nm14c210dkpKWlNwb1EzSzVfUmRlRG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80OGY5NjQtYTQzMS00ZGU2LTk5Y2UtODRlZTQ4ODU2NmYx
LzEvQm5oUkY1aHEycVEzdnNNS0tfbnhWNmtsZmZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudvgAwQC
ufhIMA0EAgACMAcDBQMqD3jAMA0GCSqGSIb3DQEBCwUAA4IBAQACwrsgX+E73/Vh
NGAzGmwgm8oDvNkrJrQTTDwAgMrK1v/YZH38lcJyC6njpqaU+XJveJbg3Zd/JDhl
gB4HBLbv5COowfUCGNEN9hvtA3c1eEojEI+gINMvHFGPz+Y0a6NOCdANysqDegUx
zkkz0rzRl/ovbmcRaEPRhAWdJ5O8fEfFvbAWP8AKrbEGwGhJFJ05f4DZRdK/8Bvi
GVEZaIuEtkRpsamaKihfPRq5ej+cDf2skEm6zTzS+MUkIYtbwuNjQpKjJkIWNW3p
1Qed82V69KAXLnGPE0a9ThwppaVR+XqMlFMhdLJUAFSvWXaeQuUBUpp+qWjZTjpf
i/vUg4e+
-----END CERTIFICATE-----