Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/aEF4QqmH6mEr_OfxlyMWQyqpzCs.roa
File:                     aEF4QqmH6mEr_OfxlyMWQyqpzCs.roa (raw, json)
Hash identifier:          1JD4pO8+tDSALQOhJOQpSPkswatYwNcQkC1zpWr216I=
Subject key identifier:   68:41:78:42:A9:87:EA:61:2B:FC:E7:F1:97:23:16:43:2A:A9:CC:2B
Certificate issuer:       /CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
Certificate serial:       018CC50011197B96057700E142C8BE20D379
Authority key identifier: AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/aEF4QqmH6mEr_OfxlyMWQyqpzCs.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60688
IP address blocks:        185.27.196.0/23 maxlen: 23
                          185.27.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:11:19:7b:96:05:77:00:e1:42:c8:be:20:d3:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68417842a987ea612bfce7f1972316432aa9cc2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:57:6a:aa:85:6c:3e:c3:3a:26:60:b1:15:ab:
                    32:12:78:ec:8f:93:20:22:89:7e:81:1c:81:ad:c7:
                    82:d7:a4:50:b3:78:58:d0:90:37:16:3d:39:f5:7b:
                    4c:99:14:2d:99:88:d2:3b:8a:0f:ce:f0:f6:3e:e3:
                    12:33:39:4e:f3:70:80:8b:5b:91:8c:20:ec:7a:fb:
                    5d:34:30:9d:78:8c:ee:22:71:fa:58:1c:2d:6f:a5:
                    48:68:62:ca:15:de:33:a4:d1:bf:e5:5d:91:c1:9f:
                    83:86:e3:95:7c:e5:9d:42:ce:37:c3:21:19:d9:80:
                    b2:18:47:51:83:17:0d:d9:dd:af:f5:61:98:54:19:
                    a8:83:ba:4a:1a:33:de:c2:bc:c3:50:55:a9:30:53:
                    b3:eb:3b:4b:72:83:b8:44:f6:fb:5b:bb:db:f4:fb:
                    4e:fe:92:23:50:be:75:96:af:eb:c9:eb:d4:a1:57:
                    0a:88:40:b6:6e:2f:b0:16:ad:dc:8c:ba:72:65:6e:
                    06:72:74:c6:00:15:8d:fc:a5:a5:83:07:f8:b3:e8:
                    dd:f4:ea:7d:48:c1:12:a4:98:87:74:4f:21:4d:40:
                    cb:aa:92:30:7f:cd:0d:9a:ad:72:77:b3:98:72:8b:
                    07:ad:ea:5e:23:30:6d:77:ff:74:e7:9d:46:37:e4:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:41:78:42:A9:87:EA:61:2B:FC:E7:F1:97:23:16:43:2A:A9:CC:2B
            X509v3 Authority Key Identifier:
                keyid:AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/aEF4QqmH6mEr_OfxlyMWQyqpzCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:a9:75:9d:10:02:20:3b:75:c5:d6:16:ba:ba:9d:11:9f:a9:
         c1:4c:29:e5:c1:1e:ea:ed:81:ba:ff:ee:33:ed:ff:aa:8b:24:
         6e:f1:59:01:99:ce:95:76:81:2e:d6:8c:0d:23:bc:63:3b:f1:
         36:b4:12:63:2b:3a:11:a4:83:cb:23:15:cd:16:7f:40:97:dc:
         26:22:ca:1a:8d:c7:60:0a:4c:27:b3:7a:34:1f:e2:b7:b2:83:
         2d:e7:8b:c2:a4:19:1b:31:89:ce:30:cc:53:29:b7:5a:9c:69:
         03:91:4d:78:7b:69:a2:46:8c:12:1a:63:06:f5:05:b2:08:e1:
         18:86:42:b3:f9:81:fc:c4:3a:e2:4f:d2:d6:39:bf:35:45:39:
         fc:81:3e:67:a8:3e:db:4e:24:46:06:4c:dc:66:aa:aa:17:c8:
         a9:92:b9:65:fb:37:68:82:82:eb:f3:fa:54:1a:7c:17:96:a7:
         98:44:7b:bf:ce:fa:3b:08:48:db:85:e2:6a:dd:55:8d:2c:ad:
         b7:3d:45:16:41:b8:43:76:42:c9:31:16:6c:7c:e8:72:a9:27:
         bd:d2:98:cc:8c:94:f6:5d:40:b4:c3:e5:e6:de:ad:29:8b:9c:
         8e:f8:95:35:ca:2c:fb:3d:73:85:0e:5c:65:5c:94:95:42:8f:
         54:aa:cc:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABEZe5YFdwDhQsi+INN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMGNkMWEzMzhlYmY1Yzc5NTJlYjlhMWYwMDYwNTQ5Zjkz
NDBhZDYwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQxNzg0MmE5ODdlYTYxMmJmY2U3ZjE5NzIzMTY0MzJhYTljYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1dqqoVsPsM6JmCxFasyEnjsj5Mg
Iol+gRyBrceC16RQs3hY0JA3Fj059XtMmRQtmYjSO4oPzvD2PuMSMzlO83CAi1uR
jCDsevtdNDCdeIzuInH6WBwtb6VIaGLKFd4zpNG/5V2RwZ+DhuOVfOWdQs43wyEZ
2YCyGEdRgxcN2d2v9WGYVBmog7pKGjPewrzDUFWpMFOz6ztLcoO4RPb7W7vb9PtO
/pIjUL51lq/ryevUoVcKiEC2bi+wFq3cjLpyZW4GcnTGABWN/KWlgwf4s+jd9Op9
SMESpJiHdE8hTUDLqpIwf80Nmq1yd7OYcosHrepeIzBtd/90551GN+QAmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhBeEKph+phK/zn8ZcjFkMqqcwrMB8GA1UdIwQY
MBaAFKwM0aM46/XHlS65ofAGBUn5NArWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQt
YTMzNTE4YmRkOGZlLzEvYUVGNFFxbUg2bUVyX09meGx5TVdReXFwekNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQtYTMzNTE4YmRkOGZl
LzEvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRvEMA0G
CSqGSIb3DQEBCwUAA4IBAQBiqXWdEAIgO3XF1ha6up0Rn6nBTCnlwR7q7YG6/+4z
7f+qiyRu8VkBmc6VdoEu1owNI7xjO/E2tBJjKzoRpIPLIxXNFn9Al9wmIsoajcdg
Ckwns3o0H+K3soMt54vCpBkbMYnOMMxTKbdanGkDkU14e2miRowSGmMG9QWyCOEY
hkKz+YH8xDriT9LWOb81RTn8gT5nqD7bTiRGBkzcZqqqF8ipkrll+zdogoLr8/pU
GnwXlqeYRHu/zvo7CEjbheJq3VWNLK23PUUWQbhDdkLJMRZsfOhyqSe90pjMjJT2
XUC0w+Xm3q0pi5yO+JU1yiz7PXOFDlxlXJSVQo9Uqszk
-----END CERTIFICATE-----