Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1ba6df-548c-44ea-b1d5-f4eb0ff5bb73/1/68FCuQM364j9rJD4bJuLnjmOEhc.roa
File:                     68FCuQM364j9rJD4bJuLnjmOEhc.roa (raw, json)
Hash identifier:          LRXaKlZ1Oray8LpjQdTnq1nqVQ3tat42bc2daj614Vo=
Subject key identifier:   EB:C1:42:B9:03:37:EB:88:FD:AC:90:F8:6C:9B:8B:9E:39:8E:12:17
Certificate issuer:       /CN=cb89ae63648fd1c89ed56a361bd8c1e11956bfba
Certificate serial:       018CC56E0C66A7E9F74765F7E085B02B1C65
Authority key identifier: CB:89:AE:63:64:8F:D1:C8:9E:D5:6A:36:1B:D8:C1:E1:19:56:BF:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y4muY2SP0cie1Wo2G9jB4RlWv7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1ba6df-548c-44ea-b1d5-f4eb0ff5bb73/1/68FCuQM364j9rJD4bJuLnjmOEhc.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205179
IP address blocks:        185.226.232.0/24 maxlen: 24
                          185.226.232.0/22 maxlen: 22
                          185.226.233.0/24 maxlen: 24
                          185.226.235.0/24 maxlen: 24
                          185.226.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/1ba6df-548c-44ea-b1d5-f4eb0ff5bb73/1/y4muY2SP0cie1Wo2G9jB4RlWv7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/1ba6df-548c-44ea-b1d5-f4eb0ff5bb73/1/y4muY2SP0cie1Wo2G9jB4RlWv7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y4muY2SP0cie1Wo2G9jB4RlWv7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:66:a7:e9:f7:47:65:f7:e0:85:b0:2b:1c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb89ae63648fd1c89ed56a361bd8c1e11956bfba
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebc142b90337eb88fdac90f86c9b8b9e398e1217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e6:30:6d:79:0e:06:1d:35:ea:19:6d:7c:a6:
                    1b:0d:f0:b4:40:e8:52:95:1a:3b:4d:00:82:32:db:
                    b4:e5:f7:ac:a3:84:c7:41:aa:2a:b2:21:f9:e8:0c:
                    54:53:f3:2d:3b:92:0e:d7:2b:ab:7e:74:85:74:b2:
                    0d:45:bd:df:49:cb:02:5b:c3:87:35:3e:d5:77:da:
                    46:7d:87:65:89:b7:1d:d2:84:1a:8a:81:e1:19:3d:
                    88:3d:b8:5f:14:41:2b:51:d0:55:e8:93:8e:93:b7:
                    c3:9c:83:89:e2:1a:02:6a:20:97:58:3a:c1:59:c1:
                    e5:08:3a:c6:c7:db:74:23:23:b3:24:f4:5d:eb:0b:
                    b9:4a:33:13:9d:25:e2:66:8f:29:d6:3d:34:49:1e:
                    b6:e3:cb:c2:7e:87:b1:75:c2:20:ae:04:a0:97:ab:
                    8f:3f:d2:5a:db:50:13:fe:1a:32:fc:07:00:52:6e:
                    05:dc:67:97:81:f2:4b:70:5d:80:cf:52:e5:52:0a:
                    82:fa:15:17:a9:c9:1a:2f:e4:ed:65:67:0a:7a:bf:
                    2b:39:91:d3:27:3a:de:77:2e:55:5b:4a:ed:60:3d:
                    7c:c0:f8:f0:06:b5:0e:39:3e:68:91:36:1d:7c:f3:
                    f1:b9:f6:b0:63:02:8a:c2:a1:a0:31:84:ed:4f:27:
                    b8:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C1:42:B9:03:37:EB:88:FD:AC:90:F8:6C:9B:8B:9E:39:8E:12:17
            X509v3 Authority Key Identifier:
                keyid:CB:89:AE:63:64:8F:D1:C8:9E:D5:6A:36:1B:D8:C1:E1:19:56:BF:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y4muY2SP0cie1Wo2G9jB4RlWv7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ba6df-548c-44ea-b1d5-f4eb0ff5bb73/1/68FCuQM364j9rJD4bJuLnjmOEhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ba6df-548c-44ea-b1d5-f4eb0ff5bb73/1/y4muY2SP0cie1Wo2G9jB4RlWv7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:53:66:82:5c:a5:cc:31:f9:58:02:f0:fc:f3:5f:04:ce:87:
         87:a5:62:81:59:e7:a0:3f:3f:8f:c5:79:b8:3c:a8:4e:83:5a:
         e4:da:47:fb:a6:71:c8:75:ce:50:31:3e:b5:a2:a9:37:33:57:
         77:a6:ff:20:2c:e9:5d:bd:6d:be:5a:d5:4e:54:d7:75:24:84:
         f3:43:8e:75:12:ec:f3:2a:72:d4:53:c1:3a:30:08:f2:89:b2:
         3b:f7:e3:27:b0:6d:6e:2b:b7:cc:dd:28:5b:d5:42:3e:1a:93:
         d9:19:38:57:5b:b2:ca:6b:1a:db:56:ae:b5:cf:14:00:cc:8b:
         60:54:f4:ec:67:f1:51:96:0b:3c:41:89:06:fa:f0:d1:27:83:
         49:49:c4:71:4b:76:23:58:4b:7e:97:a1:97:9b:69:43:ba:77:
         9c:7b:2a:e5:6d:83:23:6a:a5:5f:9c:ca:9e:1f:ac:82:88:ca:
         58:89:83:86:2d:c7:e7:0c:00:c5:29:dd:c0:a9:3c:04:e0:7c:
         9e:89:a0:48:f9:56:11:30:b4:2e:18:07:4f:4b:2e:45:52:26:
         73:2b:75:f5:05:eb:09:a4:98:1a:72:93:0d:59:8a:cf:2b:75:
         1b:5b:2b:81:c5:0a:e4:f5:4a:45:e9:e5:e4:e1:2d:a9:1f:26:
         b5:d4:f0:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgxmp+n3R2X34IWwKxxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiODlhZTYzNjQ4ZmQxYzg5ZWQ1NmEzNjFiZDhjMWUxMTk1
NmJmYmEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMxNDJiOTAzMzdlYjg4ZmRhYzkwZjg2YzliOGI5ZTM5OGUxMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+YwbXkOBh016hltfKYbDfC0QOhS
lRo7TQCCMtu05feso4THQaoqsiH56AxUU/MtO5IO1yurfnSFdLINRb3fScsCW8OH
NT7Vd9pGfYdlibcd0oQaioHhGT2IPbhfFEErUdBV6JOOk7fDnIOJ4hoCaiCXWDrB
WcHlCDrGx9t0IyOzJPRd6wu5SjMTnSXiZo8p1j00SR6248vCfoexdcIgrgSgl6uP
P9Ja21AT/hoy/AcAUm4F3GeXgfJLcF2Az1LlUgqC+hUXqckaL+TtZWcKer8rOZHT
Jzredy5VW0rtYD18wPjwBrUOOT5okTYdfPPxufawYwKKwqGgMYTtTye4zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvBQrkDN+uI/ayQ+Gybi545jhIXMB8GA1UdIwQY
MBaAFMuJrmNkj9HIntVqNhvYweEZVr+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTRtdVkyU1AwY2llMVdvMkc5akI0UmxXdjdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYmE2ZGYtNTQ4Yy00NGVhLWIxZDUt
ZjRlYjBmZjViYjczLzEvNjhGQ3VRTTM2NGo5ckpENGJKdUxuam1PRWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYmE2ZGYtNTQ4Yy00NGVhLWIxZDUtZjRlYjBmZjViYjcz
LzEveTRtdVkyU1AwY2llMVdvMkc5akI0UmxXdjdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueLoMA0G
CSqGSIb3DQEBCwUAA4IBAQB1U2aCXKXMMflYAvD8818EzoeHpWKBWeegPz+PxXm4
PKhOg1rk2kf7pnHIdc5QMT61oqk3M1d3pv8gLOldvW2+WtVOVNd1JITzQ451Euzz
KnLUU8E6MAjyibI79+MnsG1uK7fM3Shb1UI+GpPZGThXW7LKaxrbVq61zxQAzItg
VPTsZ/FRlgs8QYkG+vDRJ4NJScRxS3YjWEt+l6GXm2lDuneceyrlbYMjaqVfnMqe
H6yCiMpYiYOGLcfnDADFKd3AqTwE4HyeiaBI+VYRMLQuGAdPSy5FUiZzK3X1BesJ
pJgacpMNWYrPK3UbWyuBxQrk9UpF6eXk4S2pHya11PCG
-----END CERTIFICATE-----