Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fe71b6-6aaa-4bd4-8661-6998ab7edf7a/1/sA054zSiWv8_RXVElOFL0TWw1FE.roa
File:                     sA054zSiWv8_RXVElOFL0TWw1FE.roa (raw, json)
Hash identifier:          +BosdFVQ6yC+jEGAxDbx62dRkpBzgxfVOnbS+S9mmBo=
Subject key identifier:   B0:0D:39:E3:34:A2:5A:FF:3F:45:75:44:94:E1:4B:D1:35:B0:D4:51
Certificate issuer:       /CN=705526f9ab0dd276823fc1f0ebaa1de63b7d656c
Certificate serial:       018FC9DDD0183253F6DB2B32935A82B98F5F
Authority key identifier: 70:55:26:F9:AB:0D:D2:76:82:3F:C1:F0:EB:AA:1D:E6:3B:7D:65:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFUm-asN0naCP8Hw66od5jt9ZWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fe71b6-6aaa-4bd4-8661-6998ab7edf7a/1/sA054zSiWv8_RXVElOFL0TWw1FE.roa
Signing time:             Thu 30 May 2024 14:18:28 +0000
ROA not before:           Thu 30 May 2024 14:18:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210129
IP address blocks:        185.94.132.0/22 maxlen: 22
                          2a0d:52c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fe71b6-6aaa-4bd4-8661-6998ab7edf7a/1/cFUm-asN0naCP8Hw66od5jt9ZWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fe71b6-6aaa-4bd4-8661-6998ab7edf7a/1/cFUm-asN0naCP8Hw66od5jt9ZWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFUm-asN0naCP8Hw66od5jt9ZWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:dd:d0:18:32:53:f6:db:2b:32:93:5a:82:b9:8f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=705526f9ab0dd276823fc1f0ebaa1de63b7d656c
        Validity
            Not Before: May 30 14:18:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b00d39e334a25aff3f45754494e14bd135b0d451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7e:8f:d2:59:ac:dd:d8:0b:d1:29:08:9f:43:
                    fa:25:21:55:df:21:0f:33:c0:76:39:14:fa:1b:75:
                    21:8d:83:d3:8a:fb:25:e5:9d:26:c1:ee:86:1b:66:
                    20:d5:92:03:af:d7:f0:f1:34:8d:a4:57:51:f6:3c:
                    eb:e3:30:eb:ef:49:6a:73:22:34:1a:a3:66:39:e5:
                    16:13:2f:29:f1:5e:8f:ee:e3:0b:7d:09:eb:1c:00:
                    5b:a7:51:41:d1:00:ac:bd:27:77:48:44:9d:8d:36:
                    06:94:d7:6f:e0:ef:d7:bb:97:cf:5f:5c:23:20:b2:
                    3f:e9:cf:9a:d7:c3:6f:fe:fe:02:9f:ee:e4:91:e2:
                    39:3b:1f:70:c2:02:ad:8d:3d:4e:39:00:38:df:d7:
                    62:ac:a6:52:54:a8:d3:64:f7:eb:6e:35:33:77:da:
                    a6:7b:71:97:d9:a8:61:dd:5c:d3:6e:fa:71:f6:db:
                    eb:bb:6d:c9:fe:14:84:cc:8e:6b:51:f0:bd:f2:54:
                    03:74:01:74:21:0f:41:00:4c:11:19:82:34:ed:e4:
                    45:d7:54:6d:74:95:bc:9b:77:ed:5c:37:72:89:c3:
                    98:10:2b:a1:1c:e6:29:58:d8:58:e5:7b:bf:ca:89:
                    96:07:87:da:54:5c:69:68:c1:86:9a:54:e0:32:e9:
                    65:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0D:39:E3:34:A2:5A:FF:3F:45:75:44:94:E1:4B:D1:35:B0:D4:51
            X509v3 Authority Key Identifier:
                keyid:70:55:26:F9:AB:0D:D2:76:82:3F:C1:F0:EB:AA:1D:E6:3B:7D:65:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFUm-asN0naCP8Hw66od5jt9ZWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe71b6-6aaa-4bd4-8661-6998ab7edf7a/1/sA054zSiWv8_RXVElOFL0TWw1FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe71b6-6aaa-4bd4-8661-6998ab7edf7a/1/cFUm-asN0naCP8Hw66od5jt9ZWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.132.0/22
                IPv6:
                  2a0d:52c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         e4:9e:02:fd:c1:ee:84:5e:f6:79:1b:b3:16:7a:00:56:d1:1c:
         21:45:21:97:a1:83:c7:ed:74:06:ca:5c:fd:3c:03:04:e8:10:
         2f:59:46:55:6b:0d:2c:dd:d3:43:1c:c9:ab:a2:b9:e4:ca:d7:
         f0:41:38:c0:04:1f:50:ee:fe:00:5c:00:78:1c:af:d8:20:1c:
         33:a0:84:d9:55:9f:f5:a3:4f:3f:cc:64:44:e9:64:30:39:57:
         8f:ab:b3:d7:6a:59:3b:ca:48:27:74:07:74:e1:6a:19:8b:62:
         c9:fc:9a:c7:97:0a:9c:5b:a3:e8:8a:09:88:d0:8a:d0:25:67:
         ab:4f:3c:9d:7e:5d:0b:92:8a:c2:85:70:80:cb:ee:ec:a8:95:
         b0:3a:6b:aa:85:61:64:1d:f5:87:21:e6:fe:3f:f3:3b:1c:95:
         32:19:53:48:3b:d4:3e:17:56:6f:fa:c6:e8:1e:32:ce:ad:8c:
         31:a6:90:ed:e9:66:f6:5f:eb:9b:a3:d7:34:4a:af:8b:c5:69:
         09:39:df:72:ce:85:14:e2:c2:17:09:9a:a5:9f:ea:0c:d3:47:
         ea:ac:6a:91:3f:48:7b:a5:a8:a1:c0:0c:e8:4e:be:40:db:ce:
         13:9b:9a:66:49:87:b2:1c:ba:08:ed:b6:7b:15:ef:3f:96:db:
         12:04:93:ed
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/J3dAYMlP22ysyk1qCuY9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNTUyNmY5YWIwZGQyNzY4MjNmYzFmMGViYWExZGU2M2I3
ZDY1NmMwHhcNMjQwNTMwMTQxODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBkMzllMzM0YTI1YWZmM2Y0NTc1NDQ5NGUxNGJkMTM1YjBkNDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H6P0lms3dgL0SkIn0P6JSFV3yEP
M8B2ORT6G3UhjYPTivsl5Z0mwe6GG2Yg1ZIDr9fw8TSNpFdR9jzr4zDr70lqcyI0
GqNmOeUWEy8p8V6P7uMLfQnrHABbp1FB0QCsvSd3SESdjTYGlNdv4O/Xu5fPX1wj
ILI/6c+a18Nv/v4Cn+7kkeI5Ox9wwgKtjT1OOQA439dirKZSVKjTZPfrbjUzd9qm
e3GX2ahh3VzTbvpx9tvru23J/hSEzI5rUfC98lQDdAF0IQ9BAEwRGYI07eRF11Rt
dJW8m3ftXDdyicOYECuhHOYpWNhY5Xu/yomWB4faVFxpaMGGmlTgMulliwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLANOeM0olr/P0V1RJThS9E1sNRRMB8GA1UdIwQY
MBaAFHBVJvmrDdJ2gj/B8OuqHeY7fWVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0ZVbS1hc04wbmFDUDhIdzY2b2Q1anQ5Wld3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mZTcxYjYtNmFhYS00YmQ0LTg2NjEt
Njk5OGFiN2VkZjdhLzEvc0EwNTR6U2lXdjhfUlhWRWxPRkwwVFd3MUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mZTcxYjYtNmFhYS00YmQ0LTg2NjEtNjk5OGFiN2VkZjdh
LzEvY0ZVbS1hc04wbmFDUDhIdzY2b2Q1anQ5Wld3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuV6EMA0E
AgACMAcDBQMqDVLAMA0GCSqGSIb3DQEBCwUAA4IBAQDkngL9we6EXvZ5G7MWegBW
0RwhRSGXoYPH7XQGylz9PAME6BAvWUZVaw0s3dNDHMmrornkytfwQTjABB9Q7v4A
XAB4HK/YIBwzoITZVZ/1o08/zGRE6WQwOVePq7PXalk7ykgndAd04WoZi2LJ/JrH
lwqcW6PoigmI0IrQJWerTzydfl0LkorChXCAy+7sqJWwOmuqhWFkHfWHIeb+P/M7
HJUyGVNIO9Q+F1Zv+sboHjLOrYwxppDt6Wb2X+ubo9c0Sq+LxWkJOd9yzoUU4sIX
CZqln+oM00fqrGqRP0h7paihwAzoTr5A284Tm5pmSYeyHLoI7bZ7Fe8/ltsSBJPt
-----END CERTIFICATE-----