Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/S2RxVauU_CQ8L5gpc_YOEWVYLEY.roa
File:                     S2RxVauU_CQ8L5gpc_YOEWVYLEY.roa (raw, json)
Hash identifier:          R226H1uw/kBXsv1Vv2czKwYpCu1qe4pvuYHxutjB3k8=
Subject key identifier:   4B:64:71:55:AB:94:FC:24:3C:2F:98:29:73:F6:0E:11:65:58:2C:46
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F45C8C8E41466DB9F96A42D4772C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/S2RxVauU_CQ8L5gpc_YOEWVYLEY.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60647
IP address blocks:        185.88.175.0/24 maxlen: 24
                          185.98.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 18:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f4:5c:8c:8e:41:46:6d:b9:f9:6a:42:d4:77:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b647155ab94fc243c2f982973f60e1165582c46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ae:a9:ad:69:1f:63:49:6c:3d:ed:c2:de:51:
                    f8:c6:cc:23:72:be:70:f6:7c:d4:e7:ca:03:67:38:
                    56:9c:1b:14:02:5f:89:8e:70:5e:d7:11:16:ea:5b:
                    f5:ff:5c:d8:2e:4d:6f:14:c1:20:d6:4b:53:67:57:
                    94:56:9d:6a:25:18:78:6f:b8:42:69:70:2e:54:2f:
                    46:35:83:eb:2b:c2:a9:d1:a3:b8:de:05:6c:39:45:
                    1f:02:83:ca:fa:60:01:08:11:6c:ed:26:0e:de:31:
                    ae:dd:04:02:4e:1c:02:48:89:2a:0b:b3:71:45:84:
                    e6:35:63:49:e9:77:6f:9f:bf:98:05:86:f0:64:28:
                    8a:5f:b5:fe:1a:3a:60:dd:93:fa:de:3a:f7:9a:40:
                    31:ae:6a:7e:7d:c0:6f:43:cc:e7:8b:5f:4f:14:a1:
                    9e:b8:ff:6a:9e:ee:b6:6d:cc:f2:d0:57:aa:de:d7:
                    e1:64:5f:0a:ee:c6:2c:83:ae:f2:53:d1:95:0b:aa:
                    e2:56:3f:1c:13:73:00:b0:cb:37:c8:50:d2:fc:2c:
                    7b:7f:0a:7c:0c:60:a0:95:86:cb:f2:4d:14:c8:b9:
                    61:d5:dd:e3:76:1d:a4:93:ed:6c:28:80:60:94:c4:
                    1b:10:c5:6b:b2:6a:2b:86:86:2e:21:48:d2:89:30:
                    6e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:64:71:55:AB:94:FC:24:3C:2F:98:29:73:F6:0E:11:65:58:2C:46
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/S2RxVauU_CQ8L5gpc_YOEWVYLEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.175.0/24
                  185.98.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:27:05:4f:1e:84:a2:e6:f9:34:d4:1d:70:cd:37:c2:9c:1f:
         19:2b:8e:14:bb:46:70:4a:3a:1b:11:f7:f9:82:87:8c:aa:91:
         03:6f:28:bd:20:c2:a3:fb:9f:03:35:43:c5:fe:d2:6e:62:f3:
         75:02:f3:91:d2:8c:2b:5b:9b:1d:62:53:9a:7a:31:ee:28:7a:
         67:2c:c3:66:a5:f7:cb:ea:3c:aa:0d:5a:a3:9a:e1:b5:66:24:
         24:e6:ac:f1:e0:51:69:05:27:72:c7:39:30:2f:a1:31:ef:96:
         73:5c:4a:a1:8c:a5:44:e3:11:85:bf:cb:97:74:d1:5e:ba:ca:
         23:87:ae:95:4e:b4:f4:0f:d8:7a:e5:4e:fd:6b:ac:64:44:84:
         07:ec:be:bb:b0:21:3f:31:7f:da:77:9a:b1:63:12:38:9e:8c:
         f8:cc:8c:8f:a4:8f:4f:07:bd:07:c1:5f:bf:2f:0a:3f:9f:3f:
         d4:8d:ec:2f:eb:87:e8:bf:27:c4:db:2c:b5:b1:bc:27:3d:0b:
         58:49:0b:41:d7:e2:28:79:c2:0f:00:27:b0:81:4f:a6:cd:4b:
         b1:47:14:80:41:8a:a3:fa:89:9e:6e:40:75:9b:cf:c3:7f:91:
         62:ed:37:1f:4f:e3:78:40:ed:f4:ad:fa:aa:8b:35:30:b1:e4:
         5d:c8:cb:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJPRcjI5BRm25+WpC1HcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY0NzE1NWFiOTRmYzI0M2MyZjk4Mjk3M2Y2MGUxMTY1NTgyYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua6prWkfY0lsPe3C3lH4xswjcr5w
9nzU58oDZzhWnBsUAl+JjnBe1xEW6lv1/1zYLk1vFMEg1ktTZ1eUVp1qJRh4b7hC
aXAuVC9GNYPrK8Kp0aO43gVsOUUfAoPK+mABCBFs7SYO3jGu3QQCThwCSIkqC7Nx
RYTmNWNJ6Xdvn7+YBYbwZCiKX7X+Gjpg3ZP63jr3mkAxrmp+fcBvQ8zni19PFKGe
uP9qnu62bczy0Feq3tfhZF8K7sYsg67yU9GVC6riVj8cE3MAsMs3yFDS/Cx7fwp8
DGCglYbL8k0UyLlh1d3jdh2kk+1sKIBglMQbEMVrsmorhoYuIUjSiTBuEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEtkcVWrlPwkPC+YKXP2DhFlWCxGMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvUzJSeFZhdVVfQ1E4TDVncGNfWU9FV1ZZTEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVivAwQA
uWI/MA0GCSqGSIb3DQEBCwUAA4IBAQBqJwVPHoSi5vk01B1wzTfCnB8ZK44Uu0Zw
SjobEff5goeMqpEDbyi9IMKj+58DNUPF/tJuYvN1AvOR0owrW5sdYlOaejHuKHpn
LMNmpffL6jyqDVqjmuG1ZiQk5qzx4FFpBSdyxzkwL6Ex75ZzXEqhjKVE4xGFv8uX
dNFeusojh66VTrT0D9h65U79a6xkRIQH7L67sCE/MX/ad5qxYxI4noz4zIyPpI9P
B70HwV+/Lwo/nz/Ujewv64fovyfE2yy1sbwnPQtYSQtB1+IoecIPACewgU+mzUux
RxSAQYqj+omebkB1m8/Df5Fi7TcfT+N4QO30rfqqizUwseRdyMsn
-----END CERTIFICATE-----