Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/0c3886-a32d-4435-ab74-bce934205ae8/1/5f0oPfTfIGtDGawi3IgDQWx9M5I.roa
File:                     5f0oPfTfIGtDGawi3IgDQWx9M5I.roa (raw, json)
Hash identifier:          DFnNjvc0ebYptTwzjfIIvRtWp3C4SKNIhXjGXObdzm4=
Subject key identifier:   E5:FD:28:3D:F4:DF:20:6B:43:19:AC:22:DC:88:03:41:6C:7D:33:92
Certificate issuer:       /CN=dc05df6e404ef920e6a5928d8963e6a5f8d61120
Certificate serial:       018CC6B925422198FBC335FAE5794CD2003B
Authority key identifier: DC:05:DF:6E:40:4E:F9:20:E6:A5:92:8D:89:63:E6:A5:F8:D6:11:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AXfbkBO-SDmpZKNiWPmpfjWESA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/0c3886-a32d-4435-ab74-bce934205ae8/1/5f0oPfTfIGtDGawi3IgDQWx9M5I.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6507
IP address blocks:        185.40.64.0/22 maxlen: 22
                          2a04:82c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/0c3886-a32d-4435-ab74-bce934205ae8/1/3AXfbkBO-SDmpZKNiWPmpfjWESA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/0c3886-a32d-4435-ab74-bce934205ae8/1/3AXfbkBO-SDmpZKNiWPmpfjWESA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3AXfbkBO-SDmpZKNiWPmpfjWESA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:25:42:21:98:fb:c3:35:fa:e5:79:4c:d2:00:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc05df6e404ef920e6a5928d8963e6a5f8d61120
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5fd283df4df206b4319ac22dc8803416c7d3392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5b:ff:b3:a6:18:e6:84:1c:eb:0a:d2:72:22:
                    fb:70:00:e7:8a:cd:22:25:57:3c:93:11:ad:e0:e7:
                    fd:6f:12:d4:8e:61:8b:56:99:ec:2d:66:81:51:97:
                    6c:de:e6:82:ab:49:58:98:9c:29:b0:96:14:72:4d:
                    b4:c3:ef:db:02:36:f2:62:79:b6:b8:05:2d:b6:f7:
                    18:4e:23:8e:68:99:e0:19:f4:61:11:d1:d1:07:53:
                    0b:3f:32:cf:dd:46:47:3c:56:ef:d9:9a:df:10:a8:
                    6f:55:96:66:a0:7d:3f:2c:80:95:f8:08:0d:ca:ec:
                    44:64:08:7a:3a:3d:f4:63:96:e0:a0:c8:08:b6:db:
                    f6:20:a0:a0:a0:7e:76:d9:75:3f:a4:80:0e:22:5c:
                    db:2f:fa:36:29:c0:1c:f2:12:34:11:01:ef:dd:2f:
                    bd:97:dd:cd:5d:52:c9:40:33:bc:3c:49:14:ee:f0:
                    c8:f9:1b:77:6b:12:52:f3:a1:78:d9:4c:db:ad:2a:
                    7d:80:7c:b6:53:ce:4b:9d:7b:05:e5:3a:3b:e2:33:
                    b1:91:a5:e6:1e:d5:79:f9:ad:27:92:0c:35:da:58:
                    d4:9f:39:98:a9:cc:52:e7:51:20:08:df:35:5f:45:
                    88:09:65:e8:92:e3:0a:62:3d:d3:35:c8:ef:2e:f0:
                    e2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:FD:28:3D:F4:DF:20:6B:43:19:AC:22:DC:88:03:41:6C:7D:33:92
            X509v3 Authority Key Identifier:
                keyid:DC:05:DF:6E:40:4E:F9:20:E6:A5:92:8D:89:63:E6:A5:F8:D6:11:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AXfbkBO-SDmpZKNiWPmpfjWESA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0c3886-a32d-4435-ab74-bce934205ae8/1/5f0oPfTfIGtDGawi3IgDQWx9M5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0c3886-a32d-4435-ab74-bce934205ae8/1/3AXfbkBO-SDmpZKNiWPmpfjWESA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.64.0/22
                IPv6:
                  2a04:82c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:3a:16:51:70:47:4d:a7:1c:d8:3a:a5:bf:30:93:22:eb:55:
         5f:85:17:3b:5f:2d:c1:07:47:af:c0:4e:58:53:4e:15:64:d0:
         54:e7:a8:75:43:6c:04:d7:eb:cf:81:fd:c5:8f:ae:ce:da:3f:
         c6:8a:16:5e:65:7d:3f:fa:68:35:85:44:60:af:55:aa:a6:11:
         f8:c4:9c:5d:15:54:22:42:a3:c2:e6:44:1b:ac:23:0f:37:04:
         4c:34:71:ab:d2:25:1e:a5:f8:c9:42:d0:25:01:f3:d3:04:08:
         fd:40:c2:04:07:a4:20:76:ed:c2:ce:40:49:6a:27:10:5d:d6:
         e2:92:cd:4e:2c:24:0a:de:3c:8d:12:a8:4b:37:d0:d4:55:4f:
         51:23:1a:31:2b:f6:65:4e:86:7e:53:06:25:f7:35:6b:22:16:
         8a:90:18:68:75:7a:9f:89:83:dd:cf:0c:ff:14:c0:e9:50:6d:
         3d:44:d4:f9:1a:26:02:aa:7f:87:1e:c9:50:69:c6:aa:30:f6:
         48:a3:1a:14:f2:d1:e1:6c:41:2d:22:01:71:67:2a:f9:98:7e:
         5f:69:06:95:8d:8f:7e:01:0e:79:5f:5e:71:32:63:19:87:7f:
         98:cd:42:28:36:fe:00:2c:e4:3e:a0:92:29:e2:38:3a:2a:ed:
         58:ab:fe:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuSVCIZj7wzX65XlM0gA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDVkZjZlNDA0ZWY5MjBlNmE1OTI4ZDg5NjNlNmE1Zjhk
NjExMjAwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWZkMjgzZGY0ZGYyMDZiNDMxOWFjMjJkYzg4MDM0MTZjN2QzMzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylv/s6YY5oQc6wrSciL7cADnis0i
JVc8kxGt4Of9bxLUjmGLVpnsLWaBUZds3uaCq0lYmJwpsJYUck20w+/bAjbyYnm2
uAUttvcYTiOOaJngGfRhEdHRB1MLPzLP3UZHPFbv2ZrfEKhvVZZmoH0/LICV+AgN
yuxEZAh6Oj30Y5bgoMgIttv2IKCgoH522XU/pIAOIlzbL/o2KcAc8hI0EQHv3S+9
l93NXVLJQDO8PEkU7vDI+Rt3axJS86F42UzbrSp9gHy2U85LnXsF5To74jOxkaXm
HtV5+a0nkgw12ljUnzmYqcxS51EgCN81X0WICWXokuMKYj3TNcjvLvDi1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOX9KD303yBrQxmsItyIA0FsfTOSMB8GA1UdIwQY
MBaAFNwF325ATvkg5qWSjYlj5qX41hEgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FYZmJrQk8tU0RtcFpLTmlXUG1wZmpXRVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wYzM4ODYtYTMyZC00NDM1LWFiNzQt
YmNlOTM0MjA1YWU4LzEvNWYwb1BmVGZJR3RER2F3aTNJZ0RRV3g5TTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wYzM4ODYtYTMyZC00NDM1LWFiNzQtYmNlOTM0MjA1YWU4
LzEvM0FYZmJrQk8tU0RtcFpLTmlXUG1wZmpXRVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuShAMA0E
AgACMAcDBQMqBILAMA0GCSqGSIb3DQEBCwUAA4IBAQAkOhZRcEdNpxzYOqW/MJMi
61VfhRc7Xy3BB0evwE5YU04VZNBU56h1Q2wE1+vPgf3Fj67O2j/GihZeZX0/+mg1
hURgr1WqphH4xJxdFVQiQqPC5kQbrCMPNwRMNHGr0iUepfjJQtAlAfPTBAj9QMIE
B6Qgdu3CzkBJaicQXdbiks1OLCQK3jyNEqhLN9DUVU9RIxoxK/ZlToZ+UwYl9zVr
IhaKkBhodXqfiYPdzwz/FMDpUG09RNT5GiYCqn+HHslQacaqMPZIoxoU8tHhbEEt
IgFxZyr5mH5faQaVjY9+AQ55X15xMmMZh3+YzUIoNv4ALOQ+oJIp4jg6Ku1Yq/76
-----END CERTIFICATE-----