Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/47DfGvPL11xOIM_VlnR19XVikQ4.roa
File:                     47DfGvPL11xOIM_VlnR19XVikQ4.roa (raw, json)
Hash identifier:          AUeBJLteDk2esWbXqmqcGTJk/ZcbekxclS4V3ZBoGnY=
Subject key identifier:   E3:B0:DF:1A:F3:CB:D7:5C:4E:20:CF:D5:96:74:75:F5:75:62:91:0E
Certificate issuer:       /CN=f6acb269fa8a554f5243a3abd68d5b8d76fe5ebb
Certificate serial:       018CC86F6BA198E10CDAB2BA5FB3E68B8CD9
Authority key identifier: F6:AC:B2:69:FA:8A:55:4F:52:43:A3:AB:D6:8D:5B:8D:76:FE:5E:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/47DfGvPL11xOIM_VlnR19XVikQ4.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2635
IP address blocks:        185.64.140.0/22 maxlen: 32
                          2a04:fa80::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6b:a1:98:e1:0c:da:b2:ba:5f:b3:e6:8b:8c:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6acb269fa8a554f5243a3abd68d5b8d76fe5ebb
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3b0df1af3cbd75c4e20cfd5967475f57562910e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e6:5b:58:be:75:f2:a9:ae:7d:50:a4:8a:35:
                    65:2f:24:be:64:66:0d:de:33:2d:86:4c:03:9a:b7:
                    1c:de:ea:e4:42:67:81:08:74:41:b1:c6:64:9b:ca:
                    e4:c6:6a:e5:bf:25:12:9c:f7:f3:ad:94:07:11:99:
                    07:0c:4b:2d:a5:d9:7f:8d:01:37:23:d8:54:b8:e5:
                    27:05:42:dc:c8:29:46:6e:ef:13:19:c5:c3:e0:6e:
                    ec:35:eb:6a:a0:73:42:82:fb:86:20:56:50:4f:58:
                    30:21:39:4d:30:92:22:80:e0:1a:a3:a6:8e:e1:ca:
                    1c:cf:b6:be:39:10:91:b1:88:46:53:7d:b2:db:98:
                    12:8b:ba:30:fd:2d:77:6f:b1:b1:4f:3f:f8:10:72:
                    f2:22:b6:fe:06:6c:df:9c:30:c9:c0:8e:ea:a1:c4:
                    a1:cf:5c:15:a1:c8:f0:46:c1:46:e6:a0:6b:e7:c3:
                    7c:51:c5:1a:e4:80:76:4d:15:89:8d:1a:90:6f:59:
                    c3:a5:4a:23:fc:f7:37:d2:2c:02:b6:bf:0c:c5:16:
                    6a:2a:3a:d0:9a:e8:5a:56:cf:5c:65:79:0f:2f:99:
                    34:9c:e3:37:6e:86:50:24:b5:0a:4d:82:d0:f4:f3:
                    90:40:39:b1:f9:1d:37:fe:29:1a:45:75:c1:07:a5:
                    d2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B0:DF:1A:F3:CB:D7:5C:4E:20:CF:D5:96:74:75:F5:75:62:91:0E
            X509v3 Authority Key Identifier:
                keyid:F6:AC:B2:69:FA:8A:55:4F:52:43:A3:AB:D6:8D:5B:8D:76:FE:5E:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/47DfGvPL11xOIM_VlnR19XVikQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2955fd-092a-4ecc-a92f-fbb33a54fade/1/9qyyafqKVU9SQ6Or1o1bjXb-Xrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.140.0/22
                IPv6:
                  2a04:fa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:3a:77:ea:c1:39:3f:c4:85:e9:ff:70:ae:0b:ca:f8:ff:db:
         34:96:76:7c:db:bb:64:92:d2:74:4c:14:56:e8:dc:a5:c2:d7:
         89:de:51:7a:6b:d0:6e:d6:16:ec:45:af:41:da:94:2e:76:96:
         b7:cd:32:89:42:4e:07:30:34:7c:5c:dd:77:8d:8c:ae:c2:14:
         26:b3:56:09:ca:56:fa:fa:41:15:ca:8c:50:88:70:7e:f6:db:
         80:ba:3c:28:a0:12:7f:52:99:a0:b3:5f:69:b3:60:7b:ae:7f:
         43:a3:4d:38:e1:b9:0a:80:7c:4a:ec:e6:fe:ad:a2:77:56:14:
         0c:7f:58:d0:13:88:ee:99:6c:be:f8:ab:43:69:1e:5b:fa:c6:
         b9:38:42:d1:89:98:52:b5:1d:e7:3e:53:76:4b:55:94:9d:e0:
         95:8a:8e:d2:06:bc:47:d9:8a:0b:1d:6c:5a:31:3d:79:2e:2f:
         56:de:0d:00:62:6b:a0:0d:10:9d:cf:09:19:3a:e7:5b:f6:fd:
         75:e4:3c:8d:96:c3:eb:13:4c:c2:c7:30:10:eb:fc:80:7e:4b:
         27:d3:06:4d:b7:15:fa:65:63:62:08:44:a3:4c:68:10:6b:8a:
         5b:43:29:b8:74:ed:4a:ab:6c:d1:5b:dd:b9:f0:e0:29:aa:ad:
         fa:e9:ed:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb2uhmOEM2rK6X7Pmi4zZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWNiMjY5ZmE4YTU1NGY1MjQzYTNhYmQ2OGQ1YjhkNzZm
ZTVlYmIwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2IwZGYxYWYzY2JkNzVjNGUyMGNmZDU5Njc0NzVmNTc1NjI5MTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOZbWL518qmufVCkijVlLyS+ZGYN
3jMthkwDmrcc3urkQmeBCHRBscZkm8rkxmrlvyUSnPfzrZQHEZkHDEstpdl/jQE3
I9hUuOUnBULcyClGbu8TGcXD4G7sNetqoHNCgvuGIFZQT1gwITlNMJIigOAao6aO
4cocz7a+ORCRsYhGU32y25gSi7ow/S13b7GxTz/4EHLyIrb+BmzfnDDJwI7qocSh
z1wVocjwRsFG5qBr58N8UcUa5IB2TRWJjRqQb1nDpUoj/Pc30iwCtr8MxRZqKjrQ
muhaVs9cZXkPL5k0nOM3boZQJLUKTYLQ9POQQDmx+R03/ikaRXXBB6XS9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOOw3xrzy9dcTiDP1ZZ0dfV1YpEOMB8GA1UdIwQY
MBaAFPassmn6ilVPUkOjq9aNW412/l67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXF5eWFmcUtWVTlTUTZPcjFvMWJqWGItWHJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yOTU1ZmQtMDkyYS00ZWNjLWE5MmYt
ZmJiMzNhNTRmYWRlLzEvNDdEZkd2UEwxMXhPSU1fVmxuUjE5WFZpa1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yOTU1ZmQtMDkyYS00ZWNjLWE5MmYtZmJiMzNhNTRmYWRl
LzEvOXF5eWFmcUtWVTlTUTZPcjFvMWJqWGItWHJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUCMMA0E
AgACMAcDBQMqBPqAMA0GCSqGSIb3DQEBCwUAA4IBAQBeOnfqwTk/xIXp/3CuC8r4
/9s0lnZ827tkktJ0TBRW6NylwteJ3lF6a9Bu1hbsRa9B2pQudpa3zTKJQk4HMDR8
XN13jYyuwhQms1YJylb6+kEVyoxQiHB+9tuAujwooBJ/Upmgs19ps2B7rn9Do004
4bkKgHxK7Ob+raJ3VhQMf1jQE4jumWy++KtDaR5b+sa5OELRiZhStR3nPlN2S1WU
neCVio7SBrxH2YoLHWxaMT15Li9W3g0AYmugDRCdzwkZOudb9v115DyNlsPrE0zC
xzAQ6/yAfksn0wZNtxX6ZWNiCESjTGgQa4pbQym4dO1Kq2zRW9258OApqq366e1B
-----END CERTIFICATE-----