Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e4f3ef-7bfc-4055-b798-028a2b0a53d5/1/r5cx95WXA9xDuxSR_YkIj5ePZb8.roa
File:                     r5cx95WXA9xDuxSR_YkIj5ePZb8.roa (raw, json)
Hash identifier:          /ic4qXclhHEq20wpPnSvn+u4o5Abdl+t0OTx/jjIwn4=
Subject key identifier:   AF:97:31:F7:95:97:03:DC:43:BB:14:91:FD:89:08:8F:97:8F:65:BF
Certificate issuer:       /CN=b0a7252aa643d0dbc42da410e9c20f5703368cd8
Certificate serial:       018CC727282C83F78512F6C59BBCC7EDFC00
Authority key identifier: B0:A7:25:2A:A6:43:D0:DB:C4:2D:A4:10:E9:C2:0F:57:03:36:8C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sKclKqZD0NvELaQQ6cIPVwM2jNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e4f3ef-7bfc-4055-b798-028a2b0a53d5/1/r5cx95WXA9xDuxSR_YkIj5ePZb8.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21067
IP address blocks:        185.110.148.0/22 maxlen: 24
                          2a06:5840::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e4f3ef-7bfc-4055-b798-028a2b0a53d5/1/sKclKqZD0NvELaQQ6cIPVwM2jNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e4f3ef-7bfc-4055-b798-028a2b0a53d5/1/sKclKqZD0NvELaQQ6cIPVwM2jNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sKclKqZD0NvELaQQ6cIPVwM2jNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:28:2c:83:f7:85:12:f6:c5:9b:bc:c7:ed:fc:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0a7252aa643d0dbc42da410e9c20f5703368cd8
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af9731f7959703dc43bb1491fd89088f978f65bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:89:7f:23:87:a3:e2:68:0a:7f:29:05:50:0d:
                    fd:6d:9f:a2:97:a4:fe:92:51:c5:56:28:3c:a8:9d:
                    d6:06:6a:9a:7a:21:ed:bb:e9:d4:82:01:b9:b9:4c:
                    36:75:ac:6c:bc:06:b2:4a:ee:ea:15:37:e6:3a:a2:
                    c2:52:f9:99:48:b9:bc:1a:ca:e7:d9:c7:fd:66:f0:
                    5d:f8:66:30:98:7b:69:ec:bf:ff:c5:72:59:f7:26:
                    22:88:04:0d:e4:6c:94:5a:f4:cf:f9:5c:34:94:72:
                    af:24:d0:7d:ff:be:7e:fc:5b:07:5e:13:6d:1b:1b:
                    82:4e:e5:c1:c5:18:5f:b0:40:a8:7b:83:b7:81:c8:
                    f2:aa:5d:db:1a:bf:20:e6:55:d2:7b:c8:a3:56:04:
                    91:06:ba:35:b2:3c:36:e1:4a:e8:90:b2:35:60:5b:
                    ca:84:8c:b3:6c:b3:1a:60:29:3f:60:c4:b0:36:1a:
                    01:fd:a2:3f:12:7e:b2:dc:5f:da:7c:6c:be:03:c0:
                    f0:f8:10:8e:a7:3f:18:90:37:cd:e7:71:de:2f:97:
                    9f:5c:f5:77:3b:ea:4e:27:8d:a5:da:4b:5e:dd:d9:
                    59:0b:76:51:bb:f9:2d:19:84:a3:fc:20:46:5f:4b:
                    78:92:39:68:69:d5:16:81:5d:2a:07:0d:aa:24:ff:
                    0c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:97:31:F7:95:97:03:DC:43:BB:14:91:FD:89:08:8F:97:8F:65:BF
            X509v3 Authority Key Identifier:
                keyid:B0:A7:25:2A:A6:43:D0:DB:C4:2D:A4:10:E9:C2:0F:57:03:36:8C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKclKqZD0NvELaQQ6cIPVwM2jNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e4f3ef-7bfc-4055-b798-028a2b0a53d5/1/r5cx95WXA9xDuxSR_YkIj5ePZb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e4f3ef-7bfc-4055-b798-028a2b0a53d5/1/sKclKqZD0NvELaQQ6cIPVwM2jNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.148.0/22
                IPv6:
                  2a06:5840::/29

    Signature Algorithm: sha256WithRSAEncryption
         bc:d7:60:4a:37:bd:d5:ff:40:46:30:b4:9e:86:80:d2:0e:1a:
         48:cb:a0:ec:3e:3a:03:ef:83:8c:4e:83:c9:c0:18:03:b8:fe:
         99:52:f5:13:8a:1a:9e:46:5d:c5:47:9d:bd:fb:99:1e:ea:69:
         07:42:eb:54:08:7f:78:64:4e:eb:17:3b:cd:d5:72:13:b9:53:
         3a:c8:9c:b7:d4:3a:1a:8f:0a:11:43:a8:09:21:e5:1f:33:85:
         59:5a:1b:6b:9a:2e:5b:b0:11:2b:56:d7:9e:ac:f5:c9:05:83:
         d3:87:93:9b:10:57:28:cb:4b:fa:ea:b6:dc:b2:35:80:07:30:
         80:aa:52:0f:81:b6:28:5e:3f:17:b5:e2:ce:94:0c:fe:de:52:
         ad:5b:6d:b8:ca:0e:21:3e:f4:42:f8:a9:d1:ce:8c:42:c7:a5:
         63:a2:9b:eb:73:84:66:33:d0:ed:ba:ce:88:77:e7:41:53:c8:
         75:7e:6d:ef:63:60:89:da:c6:37:8e:44:3b:e0:64:19:4d:c5:
         cd:81:1f:06:e6:e6:8f:5c:0d:c5:15:f8:cf:b8:ca:4b:a7:d6:
         22:72:14:70:b6:fb:c3:da:43:0d:fe:d8:8f:2a:86:a7:8b:33:
         84:d5:a6:06:73:11:34:47:3c:ba:90:93:7c:67:0f:f7:d3:2d:
         b1:c9:e8:dd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJygsg/eFEvbFm7zH7fwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYTcyNTJhYTY0M2QwZGJjNDJkYTQxMGU5YzIwZjU3MDMz
NjhjZDgwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjk3MzFmNzk1OTcwM2RjNDNiYjE0OTFmZDg5MDg4Zjk3OGY2NWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4l/I4ej4mgKfykFUA39bZ+il6T+
klHFVig8qJ3WBmqaeiHtu+nUggG5uUw2daxsvAaySu7qFTfmOqLCUvmZSLm8Gsrn
2cf9ZvBd+GYwmHtp7L//xXJZ9yYiiAQN5GyUWvTP+Vw0lHKvJNB9/75+/FsHXhNt
GxuCTuXBxRhfsECoe4O3gcjyql3bGr8g5lXSe8ijVgSRBro1sjw24UrokLI1YFvK
hIyzbLMaYCk/YMSwNhoB/aI/En6y3F/afGy+A8Dw+BCOpz8YkDfN53HeL5efXPV3
O+pOJ42l2kte3dlZC3ZRu/ktGYSj/CBGX0t4kjloadUWgV0qBw2qJP8MIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK+XMfeVlwPcQ7sUkf2JCI+Xj2W/MB8GA1UdIwQY
MBaAFLCnJSqmQ9DbxC2kEOnCD1cDNozYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tjbEtxWkQwTnZFTGFRUTZjSVBWd00yak5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lNGYzZWYtN2JmYy00MDU1LWI3OTgt
MDI4YTJiMGE1M2Q1LzEvcjVjeDk1V1hBOXhEdXhTUl9Za0lqNWVQWmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lNGYzZWYtN2JmYy00MDU1LWI3OTgtMDI4YTJiMGE1M2Q1
LzEvc0tjbEtxWkQwTnZFTGFRUTZjSVBWd00yak5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW6UMA0E
AgACMAcDBQMqBlhAMA0GCSqGSIb3DQEBCwUAA4IBAQC812BKN73V/0BGMLSehoDS
DhpIy6DsPjoD74OMToPJwBgDuP6ZUvUTihqeRl3FR529+5ke6mkHQutUCH94ZE7r
FzvN1XITuVM6yJy31DoajwoRQ6gJIeUfM4VZWhtrmi5bsBErVteerPXJBYPTh5Ob
EFcoy0v66rbcsjWABzCAqlIPgbYoXj8XteLOlAz+3lKtW224yg4hPvRC+KnRzoxC
x6Vjopvrc4RmM9Dtus6Id+dBU8h1fm3vY2CJ2sY3jkQ74GQZTcXNgR8G5uaPXA3F
FfjPuMpLp9YichRwtvvD2kMN/tiPKoanizOE1aYGcxE0Rzy6kJN8Zw/30y2xyejd
-----END CERTIFICATE-----