Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/D3CAgRBHSLJuMDA0v5v-gJiwvm4.roa
File:                     D3CAgRBHSLJuMDA0v5v-gJiwvm4.roa (raw, json)
Hash identifier:          MepX9Ns9PXI1x+ywtQ3ISGa68yxN2hloDL1CvNtpFag=
Subject key identifier:   0F:70:80:81:10:47:48:B2:6E:30:30:34:BF:9B:FE:80:98:B0:BE:6E
Certificate issuer:       /CN=5fc24743304b7fd9a065d22cd89cda95045e269c
Certificate serial:       018CC7936EE20E4EBA30FE4BBDBA577CB5CB
Authority key identifier: 5F:C2:47:43:30:4B:7F:D9:A0:65:D2:2C:D8:9C:DA:95:04:5E:26:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8JHQzBLf9mgZdIs2JzalQReJpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/D3CAgRBHSLJuMDA0v5v-gJiwvm4.roa
Signing time:             Tue 02 Jan 2024 00:29:37 +0000
ROA not before:           Tue 02 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201659
IP address blocks:        185.61.160.0/22 maxlen: 22
                          2a02:7ae0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/X8JHQzBLf9mgZdIs2JzalQReJpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/X8JHQzBLf9mgZdIs2JzalQReJpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8JHQzBLf9mgZdIs2JzalQReJpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:6e:e2:0e:4e:ba:30:fe:4b:bd:ba:57:7c:b5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc24743304b7fd9a065d22cd89cda95045e269c
        Validity
            Not Before: Jan  2 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f708081104748b26e303034bf9bfe8098b0be6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:03:55:f1:83:67:ec:5b:5a:74:dd:2e:86:5b:
                    c7:a3:a5:5c:e0:4d:29:5a:df:3e:7d:0c:dc:61:d1:
                    6c:1b:c3:f4:6a:5b:cf:78:e3:79:d9:1e:68:c6:7f:
                    99:fb:33:c0:32:5c:c4:63:69:c5:15:3f:85:33:5d:
                    50:63:5f:26:79:ca:52:d4:54:74:7f:f2:9b:b3:ce:
                    95:d2:7c:72:4c:c5:ce:4a:94:da:36:b2:7f:f7:a3:
                    4b:a3:bc:7f:af:2e:11:53:d1:c5:85:d2:3d:c4:09:
                    d0:a1:c1:02:27:fd:dd:21:9c:7b:5c:6f:45:2a:d0:
                    c6:be:c1:a3:47:ce:c4:41:17:d8:14:b8:26:23:44:
                    53:e9:1c:77:8a:95:b2:64:8c:98:b3:89:94:72:e8:
                    d9:fe:85:7b:9d:2a:97:bc:7f:b7:53:c6:dd:71:6a:
                    be:98:ab:54:8e:d4:0b:e5:4b:d2:53:7a:cb:99:39:
                    ae:fa:bf:ca:8a:f9:a2:64:ef:e8:c3:25:68:ef:20:
                    ec:b1:7b:3c:e2:74:d3:37:3b:2d:44:e0:f7:c6:38:
                    8b:19:13:3b:ca:db:cc:c0:99:3e:67:04:68:a9:7d:
                    31:4b:7b:7e:fe:fb:e5:58:2f:e8:28:38:e4:62:e2:
                    92:71:5e:fc:19:7d:47:98:de:b2:61:20:3e:15:9f:
                    30:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:70:80:81:10:47:48:B2:6E:30:30:34:BF:9B:FE:80:98:B0:BE:6E
            X509v3 Authority Key Identifier:
                keyid:5F:C2:47:43:30:4B:7F:D9:A0:65:D2:2C:D8:9C:DA:95:04:5E:26:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8JHQzBLf9mgZdIs2JzalQReJpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/D3CAgRBHSLJuMDA0v5v-gJiwvm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/X8JHQzBLf9mgZdIs2JzalQReJpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.160.0/22
                IPv6:
                  2a02:7ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:d4:a6:98:34:74:8e:5d:0c:5f:31:3a:1b:45:f4:8e:e6:05:
         79:95:e5:19:a0:47:1e:b5:7a:c2:26:57:d4:29:fd:8e:00:81:
         bf:7c:06:29:ff:93:42:af:6c:8e:07:4f:48:59:fb:2f:8f:6d:
         93:cc:da:51:c4:d9:c2:d9:53:2e:43:e8:6d:35:38:5e:59:63:
         b7:d7:fd:39:07:29:34:32:3a:24:42:b7:ac:8c:e5:95:ed:e0:
         98:76:72:5e:93:dd:19:b2:43:0d:5c:97:78:43:cf:ce:14:46:
         9e:13:3d:6c:ae:0d:73:39:90:f0:10:11:e4:ab:3b:d7:6e:3f:
         0a:46:d8:d0:16:ef:8b:16:83:3e:fb:ad:84:8b:63:d5:9c:54:
         1f:6f:38:ad:84:62:a9:db:e6:f0:c9:ba:08:73:cf:42:fb:b0:
         64:25:32:44:d0:f4:9b:ed:b7:0b:1c:27:13:af:3c:3e:c0:74:
         2d:7e:98:3d:ba:17:23:1d:f9:ff:52:a8:20:87:d7:fa:ca:52:
         cd:d7:38:68:8c:36:a4:f9:31:63:87:0c:50:5c:3b:8b:e7:22:
         14:b8:35:54:ef:c2:16:e5:97:fa:4c:0e:6f:4b:b5:8c:ed:1d:
         7f:bd:29:74:6a:51:f4:7f:10:15:1a:07:d6:af:a0:01:1b:f6:
         28:f4:c1:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk27iDk66MP5LvbpXfLXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzI0NzQzMzA0YjdmZDlhMDY1ZDIyY2Q4OWNkYTk1MDQ1
ZTI2OWMwHhcNMjQwMTAyMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjcwODA4MTEwNDc0OGIyNmUzMDMwMzRiZjliZmU4MDk4YjBiZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQNV8YNn7FtadN0uhlvHo6Vc4E0p
Wt8+fQzcYdFsG8P0alvPeON52R5oxn+Z+zPAMlzEY2nFFT+FM11QY18mecpS1FR0
f/Kbs86V0nxyTMXOSpTaNrJ/96NLo7x/ry4RU9HFhdI9xAnQocECJ/3dIZx7XG9F
KtDGvsGjR87EQRfYFLgmI0RT6Rx3ipWyZIyYs4mUcujZ/oV7nSqXvH+3U8bdcWq+
mKtUjtQL5UvSU3rLmTmu+r/KivmiZO/owyVo7yDssXs84nTTNzstROD3xjiLGRM7
ytvMwJk+ZwRoqX0xS3t+/vvlWC/oKDjkYuKScV78GX1HmN6yYSA+FZ8w4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA9wgIEQR0iybjAwNL+b/oCYsL5uMB8GA1UdIwQY
MBaAFF/CR0MwS3/ZoGXSLNic2pUEXiacMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhKSFF6QkxmOW1nWmRJczJKemFsUVJlSnB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9lNWEyYzctMDQ1My00OGJhLWIxMGMt
MGJhOTY3OWRlMmU2LzEvRDNDQWdSQkhTTEp1TURBMHY1di1nSml3dm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9lNWEyYzctMDQ1My00OGJhLWIxMGMtMGJhOTY3OWRlMmU2
LzEvWDhKSFF6QkxmOW1nWmRJczJKemFsUVJlSnB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuT2gMA0E
AgACMAcDBQAqAnrgMA0GCSqGSIb3DQEBCwUAA4IBAQCB1KaYNHSOXQxfMTobRfSO
5gV5leUZoEcetXrCJlfUKf2OAIG/fAYp/5NCr2yOB09IWfsvj22TzNpRxNnC2VMu
Q+htNTheWWO31/05Byk0MjokQresjOWV7eCYdnJek90ZskMNXJd4Q8/OFEaeEz1s
rg1zOZDwEBHkqzvXbj8KRtjQFu+LFoM++62Ei2PVnFQfbzithGKp2+bwyboIc89C
+7BkJTJE0PSb7bcLHCcTrzw+wHQtfpg9uhcjHfn/Uqggh9f6ylLN1zhojDak+TFj
hwxQXDuL5yIUuDVU78IW5Zf6TA5vS7WM7R1/vSl0alH0fxAVGgfWr6ABG/Yo9MGM
-----END CERTIFICATE-----