Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cA5LKzKIxkTtw9eASX-vjfY5pUQ.roa
File:                     cA5LKzKIxkTtw9eASX-vjfY5pUQ.roa (raw, json)
Hash identifier:          6rYbmCSJuSb7PADDzf3wYpU9H1T+aTxBtPzBIYXi0+g=
Subject key identifier:   70:0E:4B:2B:32:88:C6:44:ED:C3:D7:80:49:7F:AF:8D:F6:39:A5:44
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E13E7BFF98C73634675221A06EE0E
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cA5LKzKIxkTtw9eASX-vjfY5pUQ.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205786
IP address blocks:        178.253.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:e7:bf:f9:8c:73:63:46:75:22:1a:06:ee:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=700e4b2b3288c644edc3d780497faf8df639a544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a2:de:b1:d9:7e:bb:9b:c9:4c:b8:1f:d1:7b:
                    4e:b9:6c:39:07:d2:4c:cc:52:12:73:5a:64:79:37:
                    21:d7:f6:0c:b9:9f:50:5a:b5:1a:84:1f:e2:4a:51:
                    2c:d8:b9:3c:d3:10:eb:67:83:dd:f0:38:f7:fb:e2:
                    8f:2c:a4:b4:47:e2:7a:63:b3:36:61:b8:19:43:77:
                    5f:ec:d0:2b:51:4e:5c:b9:54:ce:4e:9c:af:9e:21:
                    7f:97:d9:cf:9c:09:d1:32:f4:3a:13:9f:1f:4e:a3:
                    fd:f6:d2:68:8d:7a:46:59:f1:fc:0e:12:80:2f:f2:
                    d2:8d:29:44:8d:51:cd:11:a5:d4:77:b0:60:9c:71:
                    1d:0b:9b:83:ad:81:27:32:ba:0f:c8:87:64:8c:1e:
                    a8:4e:cd:9c:21:5c:74:6f:0e:ac:28:d2:21:ad:66:
                    35:65:37:01:7c:32:5f:68:56:f6:de:6a:36:1b:87:
                    3b:67:59:d6:2d:eb:36:39:5b:44:b3:e7:11:48:de:
                    1c:f2:99:e7:53:63:e0:5d:b2:28:6d:4c:15:ec:f1:
                    76:2f:94:7a:c7:71:24:e3:0f:a5:f5:07:46:f1:fb:
                    0e:03:b5:d2:6f:52:00:87:80:92:20:40:0a:7a:5c:
                    ed:7a:db:c3:16:ba:36:98:da:bf:75:0c:a7:69:e8:
                    73:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:0E:4B:2B:32:88:C6:44:ED:C3:D7:80:49:7F:AF:8D:F6:39:A5:44
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cA5LKzKIxkTtw9eASX-vjfY5pUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:44:fb:e9:ec:43:55:c6:a1:1f:f0:59:08:65:bf:74:58:5f:
         0c:f0:dd:be:91:10:e6:68:a2:74:8b:37:4e:99:c2:da:24:2c:
         ac:db:a7:fe:24:9c:a7:20:a6:57:ec:00:59:3f:41:e6:eb:f7:
         c3:2d:ee:2f:70:2f:a2:ac:c7:34:ed:b1:62:b4:4f:bf:ff:8f:
         7b:ea:e4:8c:c2:7e:10:30:74:1b:b4:ca:40:a4:45:01:9d:88:
         2e:3d:7c:81:12:53:f4:f9:fc:13:a0:ca:e5:62:9e:fe:34:46:
         16:9d:36:91:a5:20:c8:6e:40:9f:b7:63:d6:1a:8f:11:be:4c:
         6a:18:75:f2:bd:a5:b4:9b:51:d4:14:2e:9f:ff:70:3a:28:60:
         87:47:c3:80:5b:2a:5a:79:54:ac:58:fe:94:81:a4:b1:4b:61:
         2d:b7:bb:d2:22:78:ee:66:15:b7:c1:41:63:1a:bb:03:db:7c:
         2d:d3:dc:9d:d4:59:fc:29:92:29:8a:77:da:ad:42:2c:96:f7:
         80:dc:2a:eb:9f:a9:b8:f2:7e:62:a4:3c:72:99:56:11:e2:6c:
         8c:16:fc:22:8d:67:56:3f:51:9e:43:e5:20:e8:a3:8e:48:7f:
         55:7e:8e:6c:6b:07:ec:d6:0e:09:89:7e:eb:d4:13:39:c5:87:
         27:19:b0:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhPnv/mMc2NGdSIaBu4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDBlNGIyYjMyODhjNjQ0ZWRjM2Q3ODA0OTdmYWY4ZGY2MzlhNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaLesdl+u5vJTLgf0XtOuWw5B9JM
zFISc1pkeTch1/YMuZ9QWrUahB/iSlEs2Lk80xDrZ4Pd8Dj3++KPLKS0R+J6Y7M2
YbgZQ3df7NArUU5cuVTOTpyvniF/l9nPnAnRMvQ6E58fTqP99tJojXpGWfH8DhKA
L/LSjSlEjVHNEaXUd7BgnHEdC5uDrYEnMroPyIdkjB6oTs2cIVx0bw6sKNIhrWY1
ZTcBfDJfaFb23mo2G4c7Z1nWLes2OVtEs+cRSN4c8pnnU2PgXbIobUwV7PF2L5R6
x3Ek4w+l9QdG8fsOA7XSb1IAh4CSIEAKelztetvDFro2mNq/dQynaehznwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAOSysyiMZE7cPXgEl/r432OaVEMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvY0E1TEt6S0l4a1R0dzllQVNYLXZqZlk1cFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv33MA0G
CSqGSIb3DQEBCwUAA4IBAQB1RPvp7ENVxqEf8FkIZb90WF8M8N2+kRDmaKJ0izdO
mcLaJCys26f+JJynIKZX7ABZP0Hm6/fDLe4vcC+irMc07bFitE+//4976uSMwn4Q
MHQbtMpApEUBnYguPXyBElP0+fwToMrlYp7+NEYWnTaRpSDIbkCft2PWGo8Rvkxq
GHXyvaW0m1HUFC6f/3A6KGCHR8OAWypaeVSsWP6UgaSxS2Ett7vSInjuZhW3wUFj
GrsD23wt09yd1Fn8KZIpinfarUIslveA3Crrn6m48n5ipDxymVYR4myMFvwijWdW
P1GeQ+Ug6KOOSH9Vfo5sawfs1g4JiX7r1BM5xYcnGbA2
-----END CERTIFICATE-----