Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/Cbnb6xCMfKSBEvo9o19iXnJTbqI.roa
File:                     Cbnb6xCMfKSBEvo9o19iXnJTbqI.roa (raw, json)
Hash identifier:          Lo65dU8LLhFP+rL9wTItJ+fwvTjDGaiaiNIGhFx13JY=
Subject key identifier:   09:B9:DB:EB:10:8C:7C:A4:81:12:FA:3D:A3:5F:62:5E:72:53:6E:A2
Certificate issuer:       /CN=64dfe26d403141be9059ab2144325b402d4cab7d
Certificate serial:       018CC94E3BCC488E10517ED1EAEF585034AE
Authority key identifier: 64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/Cbnb6xCMfKSBEvo9o19iXnJTbqI.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49760
IP address blocks:        185.54.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 23:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3b:cc:48:8e:10:51:7e:d1:ea:ef:58:50:34:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64dfe26d403141be9059ab2144325b402d4cab7d
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09b9dbeb108c7ca48112fa3da35f625e72536ea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:26:c3:a9:09:25:4d:f2:91:48:ab:68:c3:db:
                    96:92:e4:43:62:e2:47:c9:4d:5d:47:01:95:ce:66:
                    6a:a8:f0:18:00:20:58:9d:8d:f8:0a:64:c5:ee:95:
                    df:e8:74:05:85:72:2c:52:58:e1:4c:4f:1b:56:e2:
                    e9:68:03:95:c2:e4:e9:6e:97:5e:76:0b:9e:06:13:
                    86:33:c3:db:96:d8:37:a8:86:f8:7a:29:29:7d:1a:
                    e3:f9:99:18:ae:fb:ef:8b:b7:2a:e5:78:c0:fa:d1:
                    c5:ef:28:20:21:4c:4c:b0:d8:97:2d:d1:02:37:a6:
                    02:e4:5b:9a:bd:da:d7:9c:34:93:75:72:c0:21:38:
                    3a:9e:be:70:23:93:f1:56:70:bc:f0:49:a4:b4:02:
                    14:3e:09:ff:26:25:56:3d:bc:0b:a9:31:6f:0c:f8:
                    0d:e9:4b:cb:e8:71:22:80:60:53:0e:8f:9e:23:bc:
                    76:26:07:47:f1:50:f1:db:fa:fb:6a:fa:77:17:0e:
                    44:88:12:4e:09:4f:75:ab:be:79:2a:55:bd:aa:30:
                    12:b2:80:56:75:5e:d8:28:8b:e5:18:18:59:c6:43:
                    b2:d9:3a:07:10:ea:3c:9b:6c:4e:08:8c:70:8d:20:
                    fa:e5:b2:02:e8:bc:1a:7a:4d:37:6b:f6:d5:7e:ee:
                    0b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B9:DB:EB:10:8C:7C:A4:81:12:FA:3D:A3:5F:62:5E:72:53:6E:A2
            X509v3 Authority Key Identifier:
                keyid:64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/Cbnb6xCMfKSBEvo9o19iXnJTbqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:92:c7:d4:2d:5a:f9:8f:f1:4c:b0:38:43:98:5a:f7:7c:0a:
         65:9f:26:3e:bb:3f:f8:d0:88:a0:6b:51:89:b6:db:88:bc:d8:
         a9:83:a0:b0:37:70:c2:a9:70:6f:53:68:16:c7:bd:04:17:63:
         05:f0:17:0c:e3:7f:6e:f2:7d:b3:f9:25:12:22:f3:59:c3:5a:
         ef:09:52:e0:61:6e:2f:18:3a:9f:97:d0:9a:0d:82:d4:e2:9e:
         67:5d:2e:c1:4a:29:c6:9d:55:8e:d6:7f:ef:1e:1a:ab:09:da:
         77:74:ab:6b:5e:db:d3:12:08:b1:c6:94:16:d6:d5:8e:05:5d:
         67:74:2e:4c:f9:d4:cd:b0:43:69:fc:d6:d1:89:69:cf:76:e9:
         7f:6f:ab:62:04:81:eb:11:33:5e:f8:b8:d7:d9:1f:50:f8:49:
         9e:f2:0e:9e:4b:f5:54:7d:cf:01:7f:b6:4d:db:a7:07:92:16:
         4b:c7:d6:50:26:82:20:67:9b:ed:9c:35:50:88:46:33:3f:44:
         6d:e8:8f:e8:a0:82:0d:ed:f2:27:f2:67:94:97:4d:43:5f:c0:
         93:ae:39:2e:ae:b8:d6:4d:df:69:81:51:b6:eb:39:3a:48:43:
         12:6b:e4:36:5d:b6:a5:80:b0:79:17:30:98:37:71:cd:49:09:
         de:c4:75:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjvMSI4QUX7R6u9YUDSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGZlMjZkNDAzMTQxYmU5MDU5YWIyMTQ0MzI1YjQwMmQ0
Y2FiN2QwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWI5ZGJlYjEwOGM3Y2E0ODExMmZhM2RhMzVmNjI1ZTcyNTM2ZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCbDqQklTfKRSKtow9uWkuRDYuJH
yU1dRwGVzmZqqPAYACBYnY34CmTF7pXf6HQFhXIsUljhTE8bVuLpaAOVwuTpbpde
dgueBhOGM8Pbltg3qIb4eikpfRrj+ZkYrvvvi7cq5XjA+tHF7yggIUxMsNiXLdEC
N6YC5FuavdrXnDSTdXLAITg6nr5wI5PxVnC88EmktAIUPgn/JiVWPbwLqTFvDPgN
6UvL6HEigGBTDo+eI7x2JgdH8VDx2/r7avp3Fw5EiBJOCU91q755KlW9qjASsoBW
dV7YKIvlGBhZxkOy2ToHEOo8m2xOCIxwjSD65bIC6Lwaek03a/bVfu4LvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAm52+sQjHykgRL6PaNfYl5yU26iMB8GA1UdIwQY
MBaAFGTf4m1AMUG+kFmrIUQyW0AtTKt9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDct
ZjY1NzUxOWQwMjMzLzEvQ2JuYjZ4Q01mS1NCRXZvOW8xOWlYbkpUYnFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDctZjY1NzUxOWQwMjMz
LzEvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTaeMA0G
CSqGSIb3DQEBCwUAA4IBAQCLksfULVr5j/FMsDhDmFr3fAplnyY+uz/40Iiga1GJ
ttuIvNipg6CwN3DCqXBvU2gWx70EF2MF8BcM439u8n2z+SUSIvNZw1rvCVLgYW4v
GDqfl9CaDYLU4p5nXS7BSinGnVWO1n/vHhqrCdp3dKtrXtvTEgixxpQW1tWOBV1n
dC5M+dTNsENp/NbRiWnPdul/b6tiBIHrETNe+LjX2R9Q+Eme8g6eS/VUfc8Bf7ZN
26cHkhZLx9ZQJoIgZ5vtnDVQiEYzP0Rt6I/ooIIN7fIn8meUl01DX8CTrjkurrjW
Td9pgVG26zk6SEMSa+Q2XbalgLB5FzCYN3HNSQnexHUr
-----END CERTIFICATE-----