Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/SsoxluEScmS-lBybhFHroIHYMKk.roa
File:                     SsoxluEScmS-lBybhFHroIHYMKk.roa (raw, json)
Hash identifier:          7CfwpvjUb5vZiyhb/v0eSgJ41F7KVWHRGCZLZmywsb8=
Subject key identifier:   4A:CA:31:96:E1:12:72:64:BE:94:1C:9B:84:51:EB:A0:81:D8:30:A9
Certificate issuer:       /CN=c0eb668b735a1839374e48f79cb2436dbf417caa
Certificate serial:       018CC802BAE5F04707C6D0070DFBE75DF76D
Authority key identifier: C0:EB:66:8B:73:5A:18:39:37:4E:48:F7:9C:B2:43:6D:BF:41:7C:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/SsoxluEScmS-lBybhFHroIHYMKk.roa
Signing time:             Tue 02 Jan 2024 02:31:11 +0000
ROA not before:           Tue 02 Jan 2024 02:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200402
IP address blocks:        185.84.56.0/22 maxlen: 24
                          2a03:6ee0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:ba:e5:f0:47:07:c6:d0:07:0d:fb:e7:5d:f7:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0eb668b735a1839374e48f79cb2436dbf417caa
        Validity
            Not Before: Jan  2 02:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4aca3196e1127264be941c9b8451eba081d830a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1e:c3:23:91:75:ed:6b:25:e9:f0:46:94:29:
                    65:da:39:8c:9a:49:df:47:35:0f:e4:c2:98:14:cd:
                    1a:a6:dc:80:c5:ae:b6:d4:29:84:c2:0f:6e:8f:1a:
                    40:a4:b6:d3:9a:46:20:7d:eb:59:31:0e:df:8a:1f:
                    05:0d:15:43:89:9e:e1:b2:1c:30:66:a5:62:a0:2c:
                    9d:d2:03:2b:02:60:e8:03:40:1b:1b:1f:56:e5:54:
                    c2:b4:5e:79:47:aa:02:2b:3b:52:ee:65:0d:d1:1f:
                    1f:ea:da:0c:81:f6:d0:91:24:3c:a4:6b:f7:a7:9e:
                    19:a3:be:0a:7c:f1:84:60:3a:cf:25:8a:aa:0d:a3:
                    74:02:37:4c:c8:d5:6a:5a:86:4b:d4:ff:33:0e:c5:
                    c4:72:59:af:8c:1d:fa:5f:32:7b:bc:4e:a6:ca:26:
                    aa:9e:c8:46:79:1b:d1:40:01:c8:15:d2:d9:7d:34:
                    ca:eb:63:0b:4e:09:25:05:d9:e8:dd:a2:30:9a:f2:
                    c2:23:af:96:28:87:19:b0:ee:4c:7a:ca:f1:87:d1:
                    13:19:17:50:8e:1b:b0:43:50:a0:7f:51:ee:92:37:
                    13:07:9f:6d:06:7e:7d:c5:27:45:26:c1:de:0f:8d:
                    ff:0f:44:e9:df:12:7d:d3:d8:9f:83:ae:29:a4:90:
                    ea:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:CA:31:96:E1:12:72:64:BE:94:1C:9B:84:51:EB:A0:81:D8:30:A9
            X509v3 Authority Key Identifier:
                keyid:C0:EB:66:8B:73:5A:18:39:37:4E:48:F7:9C:B2:43:6D:BF:41:7C:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/SsoxluEScmS-lBybhFHroIHYMKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.56.0/22
                IPv6:
                  2a03:6ee0::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:71:2a:bd:e1:3a:2d:21:68:63:51:e8:fd:d6:aa:49:7e:7c:
         b4:c3:6d:15:81:d0:33:2c:bf:61:41:e6:cc:fd:a1:33:71:2b:
         7b:7d:a0:ed:9a:b5:16:18:d8:21:55:a2:4c:d5:9b:6d:e5:5b:
         74:ec:21:8b:51:33:cf:44:d7:d9:67:a2:a2:65:1e:fe:b0:eb:
         71:8c:6e:b9:ac:f1:48:67:ec:bf:0e:b5:6a:f5:f9:59:eb:1b:
         5c:8e:ea:c6:60:f8:5c:53:fd:e2:43:d2:6d:83:aa:cf:d0:14:
         77:fa:9d:a0:d3:13:75:b7:41:b0:8c:f2:d3:7d:a1:0e:2a:c4:
         81:61:5b:54:a3:13:10:2f:76:cb:92:b2:bf:c9:5b:6f:c6:64:
         26:cc:6a:bf:51:50:4a:6a:1b:c5:92:fd:5d:8b:e9:5e:a6:06:
         52:96:51:14:d7:61:56:46:03:09:85:89:6e:90:1d:6c:00:2f:
         e2:95:10:0a:44:4a:5f:f4:e7:b2:d1:2c:dd:bc:5b:51:cb:2d:
         5d:94:e4:fa:12:13:38:9a:67:1e:97:1c:6b:29:f0:c9:57:60:
         bf:98:6b:b9:21:b4:64:9f:4c:a6:fd:c8:e6:ce:7c:e0:61:d0:
         30:76:e6:3e:8c:9e:80:59:08:83:54:1b:27:2e:aa:b1:5b:d2:
         37:c1:23:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIArrl8EcHxtAHDfvnXfdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZWI2NjhiNzM1YTE4MzkzNzRlNDhmNzljYjI0MzZkYmY0
MTdjYWEwHhcNMjQwMTAyMDIzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWNhMzE5NmUxMTI3MjY0YmU5NDFjOWI4NDUxZWJhMDgxZDgzMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh7DI5F17Wsl6fBGlCll2jmMmknf
RzUP5MKYFM0aptyAxa621CmEwg9ujxpApLbTmkYgfetZMQ7fih8FDRVDiZ7hshww
ZqVioCyd0gMrAmDoA0AbGx9W5VTCtF55R6oCKztS7mUN0R8f6toMgfbQkSQ8pGv3
p54Zo74KfPGEYDrPJYqqDaN0AjdMyNVqWoZL1P8zDsXEclmvjB36XzJ7vE6myiaq
nshGeRvRQAHIFdLZfTTK62MLTgklBdno3aIwmvLCI6+WKIcZsO5Mesrxh9ETGRdQ
jhuwQ1Cgf1HukjcTB59tBn59xSdFJsHeD43/D0Tp3xJ909ifg64ppJDqJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFErKMZbhEnJkvpQcm4RR66CB2DCpMB8GA1UdIwQY
MBaAFMDrZotzWhg5N05I95yyQ22/QXyqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd090bWkzTmFHRGszVGtqM25MSkRiYjlCZktvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC82OGI1MjEtYzc5MC00OTU3LTllNTIt
MmQyNmYxYjU2ZTIwLzEvU3NveGx1RVNjbVMtbEJ5YmhGSHJvSUhZTUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC82OGI1MjEtYzc5MC00OTU3LTllNTItMmQyNmYxYjU2ZTIw
LzEvd090bWkzTmFHRGszVGtqM25MSkRiYjlCZktvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVQ4MA0E
AgACMAcDBQAqA27gMA0GCSqGSIb3DQEBCwUAA4IBAQAQcSq94TotIWhjUej91qpJ
fny0w20VgdAzLL9hQebM/aEzcSt7faDtmrUWGNghVaJM1Ztt5Vt07CGLUTPPRNfZ
Z6KiZR7+sOtxjG65rPFIZ+y/DrVq9flZ6xtcjurGYPhcU/3iQ9Jtg6rP0BR3+p2g
0xN1t0GwjPLTfaEOKsSBYVtUoxMQL3bLkrK/yVtvxmQmzGq/UVBKahvFkv1di+le
pgZSllEU12FWRgMJhYlukB1sAC/ilRAKREpf9Oey0SzdvFtRyy1dlOT6EhM4mmce
lxxrKfDJV2C/mGu5IbRkn0ym/cjmznzgYdAwduY+jJ6AWQiDVBsnLqqxW9I3wSNt
-----END CERTIFICATE-----