Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/9d342c-7ce7-4c69-aece-938506a9f2a7/1/_-eI-jVPuLPYcwAgbricHUX6a7Y.roa
File:                     _-eI-jVPuLPYcwAgbricHUX6a7Y.roa (raw, json)
Hash identifier:          sAbD8+F8LneEesKQBC5wUIrNGRL9F0Kqq+vCKVKwpT4=
Subject key identifier:   FF:E7:88:FA:35:4F:B8:B3:D8:73:00:20:6E:B8:9C:1D:45:FA:6B:B6
Certificate issuer:       /CN=5e803b66b306008fb172c2dfd522b5655057360d
Certificate serial:       018CC7934D184C681DAF6BCF74676F5F97C8
Authority key identifier: 5E:80:3B:66:B3:06:00:8F:B1:72:C2:DF:D5:22:B5:65:50:57:36:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XoA7ZrMGAI-xcsLf1SK1ZVBXNg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/9d342c-7ce7-4c69-aece-938506a9f2a7/1/_-eI-jVPuLPYcwAgbricHUX6a7Y.roa
Signing time:             Tue 02 Jan 2024 00:29:28 +0000
ROA not before:           Tue 02 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200851
IP address blocks:        185.243.76.0/22 maxlen: 24
                          2a0d:a80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/9d342c-7ce7-4c69-aece-938506a9f2a7/1/XoA7ZrMGAI-xcsLf1SK1ZVBXNg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/9d342c-7ce7-4c69-aece-938506a9f2a7/1/XoA7ZrMGAI-xcsLf1SK1ZVBXNg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XoA7ZrMGAI-xcsLf1SK1ZVBXNg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:4d:18:4c:68:1d:af:6b:cf:74:67:6f:5f:97:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e803b66b306008fb172c2dfd522b5655057360d
        Validity
            Not Before: Jan  2 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffe788fa354fb8b3d87300206eb89c1d45fa6bb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d7:c9:fb:7f:cb:3e:26:a6:f9:8a:0f:a9:5c:
                    c6:df:bc:b9:80:3f:5e:41:bb:4d:c5:c3:ed:53:37:
                    49:6f:b1:52:71:07:c6:43:23:01:43:1f:01:e6:3e:
                    12:00:33:8d:60:26:99:df:1f:c3:86:42:f1:9b:44:
                    5a:46:58:52:a3:3a:2b:b0:21:1b:a0:57:0b:76:64:
                    c7:58:27:ce:cc:83:a0:5f:05:5c:9a:eb:f2:d3:ef:
                    27:63:5b:d2:f6:89:b1:d5:34:34:0b:90:fe:f7:a3:
                    3d:fe:0d:5e:c9:3d:15:f9:14:46:3d:12:f9:01:75:
                    0e:8e:57:fc:ba:4c:6b:ef:00:eb:24:27:8e:46:0e:
                    84:91:9c:46:7d:b7:cd:05:d0:c7:ba:5a:0d:74:4a:
                    19:94:a5:f1:66:5d:6d:c9:a3:eb:5f:af:d9:d0:f1:
                    29:2c:97:80:75:b9:78:21:4e:0f:c0:49:43:57:17:
                    13:59:58:64:8f:82:c2:7d:48:6a:4b:de:12:e4:cc:
                    a6:ee:e1:32:4f:67:32:3d:05:7a:94:ae:12:35:42:
                    00:fc:b5:34:eb:ec:38:b7:69:21:4e:c6:a7:32:b4:
                    99:89:86:fd:31:85:de:72:c8:87:07:75:14:c5:a3:
                    c7:26:02:bc:df:e6:2b:82:05:83:f2:0f:56:93:8f:
                    01:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:E7:88:FA:35:4F:B8:B3:D8:73:00:20:6E:B8:9C:1D:45:FA:6B:B6
            X509v3 Authority Key Identifier:
                keyid:5E:80:3B:66:B3:06:00:8F:B1:72:C2:DF:D5:22:B5:65:50:57:36:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XoA7ZrMGAI-xcsLf1SK1ZVBXNg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9d342c-7ce7-4c69-aece-938506a9f2a7/1/_-eI-jVPuLPYcwAgbricHUX6a7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9d342c-7ce7-4c69-aece-938506a9f2a7/1/XoA7ZrMGAI-xcsLf1SK1ZVBXNg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.76.0/22
                IPv6:
                  2a0d:a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:0a:86:3c:19:6a:1e:a0:63:78:f9:73:39:79:ce:eb:2a:54:
         82:14:4c:19:4a:c8:e8:b7:bb:a4:98:08:a8:d9:e6:b3:bb:89:
         9f:33:d3:b4:44:6e:e5:bf:c1:d7:db:a5:e9:d3:9d:8d:68:b3:
         98:5e:a9:0e:e0:6b:b0:01:a5:25:5b:29:0c:5d:90:2c:95:67:
         58:01:03:ca:8d:12:c5:a3:6c:82:c0:bf:3a:89:7b:2a:cf:16:
         49:8f:95:96:9d:d0:73:ec:14:63:db:13:cd:a7:16:4b:50:f2:
         3c:46:fd:10:b9:48:33:76:a7:9d:52:dd:87:b5:12:24:6d:d4:
         f3:74:16:36:ae:2b:b9:0b:08:24:55:88:e3:68:ab:88:05:20:
         73:c8:f4:23:63:63:54:0b:d7:5d:cc:dd:cb:ce:5d:3b:fb:b7:
         6c:1d:28:8b:a5:74:d5:eb:be:bf:31:44:33:4e:d7:75:4a:a0:
         04:12:b0:39:b8:82:32:42:11:74:6f:71:f4:98:3e:96:70:c2:
         72:3d:bb:3d:f2:6a:e9:cb:7f:bf:9b:56:f1:94:96:21:76:ed:
         c2:1b:30:fb:62:ce:62:14:fc:56:94:55:68:68:0b:f2:1e:e0:
         76:81:57:84:b1:8e:f6:ef:5f:fc:62:9d:6b:3b:0d:ab:9e:a6:
         7b:3e:dc:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk00YTGgdr2vPdGdvX5fIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlODAzYjY2YjMwNjAwOGZiMTcyYzJkZmQ1MjJiNTY1NTA1
NzM2MGQwHhcNMjQwMTAyMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmU3ODhmYTM1NGZiOGIzZDg3MzAwMjA2ZWI4OWMxZDQ1ZmE2YmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtfJ+3/LPiam+YoPqVzG37y5gD9e
QbtNxcPtUzdJb7FScQfGQyMBQx8B5j4SADONYCaZ3x/DhkLxm0RaRlhSozorsCEb
oFcLdmTHWCfOzIOgXwVcmuvy0+8nY1vS9omx1TQ0C5D+96M9/g1eyT0V+RRGPRL5
AXUOjlf8ukxr7wDrJCeORg6EkZxGfbfNBdDHuloNdEoZlKXxZl1tyaPrX6/Z0PEp
LJeAdbl4IU4PwElDVxcTWVhkj4LCfUhqS94S5Mym7uEyT2cyPQV6lK4SNUIA/LU0
6+w4t2khTsanMrSZiYb9MYXecsiHB3UUxaPHJgK83+YrggWD8g9Wk48BJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP/niPo1T7iz2HMAIG64nB1F+mu2MB8GA1UdIwQY
MBaAFF6AO2azBgCPsXLC39UitWVQVzYNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG9BN1pyTUdBSS14Y3NMZjFTSzFaVkJYTmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85ZDM0MmMtN2NlNy00YzY5LWFlY2Ut
OTM4NTA2YTlmMmE3LzEvXy1lSS1qVlB1TFBZY3dBZ2JyaWNIVVg2YTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85ZDM0MmMtN2NlNy00YzY5LWFlY2UtOTM4NTA2YTlmMmE3
LzEvWG9BN1pyTUdBSS14Y3NMZjFTSzFaVkJYTmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufNMMA0E
AgACMAcDBQMqDQqAMA0GCSqGSIb3DQEBCwUAA4IBAQB5CoY8GWoeoGN4+XM5ec7r
KlSCFEwZSsjot7ukmAio2eazu4mfM9O0RG7lv8HX26Xp052NaLOYXqkO4GuwAaUl
WykMXZAslWdYAQPKjRLFo2yCwL86iXsqzxZJj5WWndBz7BRj2xPNpxZLUPI8Rv0Q
uUgzdqedUt2HtRIkbdTzdBY2riu5CwgkVYjjaKuIBSBzyPQjY2NUC9ddzN3Lzl07
+7dsHSiLpXTV676/MUQzTtd1SqAEErA5uIIyQhF0b3H0mD6WcMJyPbs98mrpy3+/
m1bxlJYhdu3CGzD7Ys5iFPxWlFVoaAvyHuB2gVeEsY7271/8Yp1rOw2rnqZ7Ptzx
-----END CERTIFICATE-----