Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/uF8tc090B-i2hfd11P5QDNdWCf4.roa
File:                     uF8tc090B-i2hfd11P5QDNdWCf4.roa (raw, json)
Hash identifier:          nYv2u0yvEFVOQz36aJ5DlJ0NKtFrW4rYp7pnmLlaeyA=
Subject key identifier:   B8:5F:2D:73:4F:74:07:E8:B6:85:F7:75:D4:FE:50:0C:D7:56:09:FE
Certificate issuer:       /CN=d3540b518d75fbefd616bfd94cf05fd25ba488b6
Certificate serial:       018CC86FEB7FB18C7F187A4923DD3EE9E06B
Authority key identifier: D3:54:0B:51:8D:75:FB:EF:D6:16:BF:D9:4C:F0:5F:D2:5B:A4:88:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01QLUY11--_WFr_ZTPBf0lukiLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/uF8tc090B-i2hfd11P5QDNdWCf4.roa
Signing time:             Tue 02 Jan 2024 04:30:27 +0000
ROA not before:           Tue 02 Jan 2024 04:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205260
IP address blocks:        185.223.196.0/22 maxlen: 22
                          185.223.199.0/24 maxlen: 24
                          2a0c:4c00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/01QLUY11--_WFr_ZTPBf0lukiLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/01QLUY11--_WFr_ZTPBf0lukiLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01QLUY11--_WFr_ZTPBf0lukiLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:eb:7f:b1:8c:7f:18:7a:49:23:dd:3e:e9:e0:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3540b518d75fbefd616bfd94cf05fd25ba488b6
        Validity
            Not Before: Jan  2 04:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85f2d734f7407e8b685f775d4fe500cd75609fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:57:b4:bf:c4:a6:44:9e:dc:cb:23:b5:71:f1:
                    16:ce:45:0c:cc:95:a2:fc:18:3b:2b:42:00:82:10:
                    bb:4e:26:2c:d3:e4:c1:f1:f1:ee:ff:c0:2c:71:1c:
                    07:6f:71:46:d1:c3:9a:ca:14:b3:85:a8:1c:70:cb:
                    70:53:cc:42:a5:fa:f8:19:03:b1:dd:43:fd:39:5f:
                    81:8a:ed:71:8f:96:03:1a:12:44:98:9c:c6:f2:07:
                    c3:9b:27:db:c9:9f:b0:7d:7d:4f:c8:8b:5d:95:ed:
                    b9:94:4b:14:39:6e:44:ea:f3:bb:ec:d7:50:1d:75:
                    61:9d:d6:55:7f:df:d9:db:1d:80:dc:16:bc:08:89:
                    f3:07:0b:6b:2c:04:57:6f:5a:f4:5b:96:08:68:7c:
                    37:03:8a:1f:25:ac:46:1b:0d:9f:c6:00:fe:0f:b8:
                    1b:a3:4a:8b:b2:de:2f:03:49:4b:9d:e8:bc:25:11:
                    f7:f4:e4:2c:7e:23:88:73:3b:4b:53:ff:26:0b:89:
                    b4:44:a3:16:40:c4:a8:3a:fb:07:ea:41:8b:d9:63:
                    b2:b8:65:10:cd:38:50:08:63:e1:e9:4d:59:f2:52:
                    88:da:cf:2e:0d:02:42:4d:a5:6c:93:c6:26:bf:d3:
                    ef:5f:c8:a5:e4:c6:b3:83:ab:0f:11:ad:84:5f:67:
                    76:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5F:2D:73:4F:74:07:E8:B6:85:F7:75:D4:FE:50:0C:D7:56:09:FE
            X509v3 Authority Key Identifier:
                keyid:D3:54:0B:51:8D:75:FB:EF:D6:16:BF:D9:4C:F0:5F:D2:5B:A4:88:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01QLUY11--_WFr_ZTPBf0lukiLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/uF8tc090B-i2hfd11P5QDNdWCf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/01QLUY11--_WFr_ZTPBf0lukiLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.196.0/22
                IPv6:
                  2a0c:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         bd:f6:fa:87:8f:c8:d1:cd:14:2a:4a:fd:8f:8b:86:5e:10:69:
         83:3f:10:c6:d5:30:6a:7d:31:9e:17:90:f4:fa:c0:a2:71:1a:
         14:8c:b7:e8:92:c9:54:8b:b5:0f:02:e8:23:e3:f3:c8:97:c4:
         37:be:4e:ab:91:8a:dd:9b:45:bf:a6:76:66:67:1c:54:ea:16:
         e6:0d:b0:40:97:8e:92:39:4d:0a:50:a7:89:3b:ba:d7:bc:2f:
         6d:bb:57:a4:43:94:a3:12:db:26:ea:ae:b4:68:88:33:b7:7e:
         aa:3f:00:81:7d:55:15:5e:36:06:1e:a2:7d:65:6e:75:5e:aa:
         e8:16:cb:4b:91:6c:08:9b:16:08:e1:25:91:a7:19:2f:02:20:
         08:f7:cd:1f:2e:69:e2:d6:00:3a:a3:9b:40:5a:91:c0:e8:35:
         5b:99:10:e6:cc:bc:15:ef:19:80:73:6e:e8:a1:1c:9f:d8:c7:
         fa:5c:d1:30:ca:05:1e:36:fa:e8:38:7c:5b:f6:7d:53:69:5e:
         6b:30:3a:38:c1:08:ff:5b:3b:49:29:62:a1:8c:bf:f1:8c:d5:
         1a:95:8e:34:55:d8:4c:24:12:57:23:a9:ab:e5:66:34:2f:91:
         5e:d6:ff:77:8e:e7:29:c1:2a:a4:b9:f0:46:2d:9d:29:87:7a:
         5f:2f:ba:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb+t/sYx/GHpJI90+6eBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTQwYjUxOGQ3NWZiZWZkNjE2YmZkOTRjZjA1ZmQyNWJh
NDg4YjYwHhcNMjQwMTAyMDQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODVmMmQ3MzRmNzQwN2U4YjY4NWY3NzVkNGZlNTAwY2Q3NTYwOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1e0v8SmRJ7cyyO1cfEWzkUMzJWi
/Bg7K0IAghC7TiYs0+TB8fHu/8AscRwHb3FG0cOayhSzhagccMtwU8xCpfr4GQOx
3UP9OV+Biu1xj5YDGhJEmJzG8gfDmyfbyZ+wfX1PyItdle25lEsUOW5E6vO77NdQ
HXVhndZVf9/Z2x2A3Ba8CInzBwtrLARXb1r0W5YIaHw3A4ofJaxGGw2fxgD+D7gb
o0qLst4vA0lLnei8JRH39OQsfiOIcztLU/8mC4m0RKMWQMSoOvsH6kGL2WOyuGUQ
zThQCGPh6U1Z8lKI2s8uDQJCTaVsk8Ymv9PvX8il5Mazg6sPEa2EX2d2SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLhfLXNPdAfotoX3ddT+UAzXVgn+MB8GA1UdIwQY
MBaAFNNUC1GNdfvv1ha/2UzwX9JbpIi2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFRTFVZMTEtLV9XRnJfWlRQQmYwbHVraUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hY2VlOGUtNzc2MS00MTlmLWI0ODMt
YjMwMTYyZTNjY2MwLzEvdUY4dGMwOTBCLWkyaGZkMTFQNVFETmRXQ2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hY2VlOGUtNzc2MS00MTlmLWI0ODMtYjMwMTYyZTNjY2Mw
LzEvMDFRTFVZMTEtLV9XRnJfWlRQQmYwbHVraUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud/EMA0E
AgACMAcDBQMqDEwAMA0GCSqGSIb3DQEBCwUAA4IBAQC99vqHj8jRzRQqSv2Pi4Ze
EGmDPxDG1TBqfTGeF5D0+sCicRoUjLfokslUi7UPAugj4/PIl8Q3vk6rkYrdm0W/
pnZmZxxU6hbmDbBAl46SOU0KUKeJO7rXvC9tu1ekQ5SjEtsm6q60aIgzt36qPwCB
fVUVXjYGHqJ9ZW51XqroFstLkWwImxYI4SWRpxkvAiAI980fLmni1gA6o5tAWpHA
6DVbmRDmzLwV7xmAc27ooRyf2Mf6XNEwygUeNvroOHxb9n1TaV5rMDo4wQj/WztJ
KWKhjL/xjNUalY40VdhMJBJXI6mr5WY0L5Fe1v93jucpwSqkufBGLZ0ph3pfL7qC
-----END CERTIFICATE-----