Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/0_kxPk8kXx-R7NRk0Iqxosv18mM.roa
File:                     0_kxPk8kXx-R7NRk0Iqxosv18mM.roa (raw, json)
Hash identifier:          qIOBpCZSUI9weCZJaTIhFJro+AkRx0Es8wR0BwtpioA=
Subject key identifier:   D3:F9:31:3E:4F:24:5F:1F:91:EC:D4:64:D0:8A:B1:A2:CB:F5:F2:63
Certificate issuer:       /CN=11535f8fa4b5f51533d724eaf90dba99715fc6fc
Certificate serial:       018CC80134D127E7C364759556FA7C332613
Authority key identifier: 11:53:5F:8F:A4:B5:F5:15:33:D7:24:EA:F9:0D:BA:99:71:5F:C6:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EVNfj6S19RUz1yTq-Q26mXFfxvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/0_kxPk8kXx-R7NRk0Iqxosv18mM.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204195
IP address blocks:        185.115.236.0/22 maxlen: 22
                          2a06:2780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/EVNfj6S19RUz1yTq-Q26mXFfxvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/EVNfj6S19RUz1yTq-Q26mXFfxvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EVNfj6S19RUz1yTq-Q26mXFfxvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:d1:27:e7:c3:64:75:95:56:fa:7c:33:26:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11535f8fa4b5f51533d724eaf90dba99715fc6fc
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3f9313e4f245f1f91ecd464d08ab1a2cbf5f263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:79:5f:da:37:79:99:c6:20:2b:f3:02:da:b3:
                    d7:fb:c1:05:4b:72:3d:cc:0b:00:ee:84:bf:e6:8e:
                    6d:7e:06:f0:ab:fd:d3:77:09:c4:58:e8:ee:55:33:
                    a3:ff:50:07:f1:c7:ba:e5:f5:d4:cf:67:fc:df:86:
                    39:21:82:db:5d:d6:61:1b:7f:fa:64:85:1e:48:90:
                    c8:38:9a:31:07:a4:b8:40:ea:45:81:11:24:79:2e:
                    4e:3e:91:0a:78:77:17:96:c5:3a:8b:47:3f:40:22:
                    62:6f:36:b0:3f:b7:8f:a1:9e:e8:08:60:93:d2:92:
                    9d:9c:52:0b:f0:e6:88:11:e6:29:a7:1a:f7:80:e5:
                    87:28:4c:31:4e:89:18:f7:c1:a0:a1:8c:97:70:2d:
                    29:c0:2f:3a:ce:86:07:b1:f8:04:c3:b4:7b:8e:6d:
                    87:40:e5:8c:99:2e:35:4c:56:ad:4f:b6:47:11:01:
                    67:89:70:0e:c5:27:f5:dd:fd:0a:5b:ef:22:72:2d:
                    2a:4e:6d:80:63:a8:e7:31:2f:b1:be:c8:32:1a:6e:
                    c1:1f:ad:96:e4:3e:77:44:f3:ea:6b:57:43:9a:26:
                    b4:13:1b:47:d6:66:7f:a5:83:db:1f:cc:76:a7:ab:
                    6d:28:6d:8e:3b:ea:98:31:75:cb:35:f5:4d:fa:e4:
                    8a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F9:31:3E:4F:24:5F:1F:91:EC:D4:64:D0:8A:B1:A2:CB:F5:F2:63
            X509v3 Authority Key Identifier:
                keyid:11:53:5F:8F:A4:B5:F5:15:33:D7:24:EA:F9:0D:BA:99:71:5F:C6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EVNfj6S19RUz1yTq-Q26mXFfxvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/0_kxPk8kXx-R7NRk0Iqxosv18mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/EVNfj6S19RUz1yTq-Q26mXFfxvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.236.0/22
                IPv6:
                  2a06:2780::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:42:ec:4b:18:50:4a:dd:4b:94:85:e3:9a:eb:4c:d8:41:dc:
         80:68:12:a6:e8:ce:5e:7e:2e:ce:ad:44:f7:27:ba:9d:2a:c7:
         5a:fd:db:ce:44:d9:fb:b3:5e:60:b8:45:7d:29:55:7c:ad:8f:
         04:82:e7:47:8d:3b:f5:03:53:d4:07:d8:5b:bd:22:16:3f:f7:
         18:6a:bf:fe:32:54:f6:d7:32:1e:56:b4:e1:50:22:f6:32:60:
         50:fa:1a:f4:9b:2e:f3:68:8a:1b:01:c6:f4:60:47:9a:ff:e6:
         46:be:c1:47:b3:5d:60:3a:4e:d4:14:3f:ca:74:b7:59:7f:5b:
         2f:cd:67:70:dd:9b:e3:5d:6d:d8:96:ec:30:e4:89:65:c2:dc:
         31:4a:3f:07:7f:90:40:80:30:4c:a8:6a:c9:e8:2e:33:fd:07:
         14:54:0f:f5:31:57:4d:5d:ce:44:7a:e7:db:76:54:aa:66:8f:
         5d:9a:28:e7:19:de:06:73:c8:a7:96:49:cd:58:b3:9e:8d:07:
         ba:05:c3:5c:f3:5c:29:43:d0:b0:ac:a3:31:db:e8:8e:bd:df:
         37:e9:69:b7:43:bd:8c:b5:49:01:06:43:d5:de:8e:51:45:a8:
         ec:bc:70:90:5c:72:73:50:5a:8b:36:11:4d:99:0c:b4:83:e8:
         d0:35:7a:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIATTRJ+fDZHWVVvp8MyYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNTM1ZjhmYTRiNWY1MTUzM2Q3MjRlYWY5MGRiYTk5NzE1
ZmM2ZmMwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Y5MzEzZTRmMjQ1ZjFmOTFlY2Q0NjRkMDhhYjFhMmNiZjVmMjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHlf2jd5mcYgK/MC2rPX+8EFS3I9
zAsA7oS/5o5tfgbwq/3TdwnEWOjuVTOj/1AH8ce65fXUz2f834Y5IYLbXdZhG3/6
ZIUeSJDIOJoxB6S4QOpFgREkeS5OPpEKeHcXlsU6i0c/QCJibzawP7ePoZ7oCGCT
0pKdnFIL8OaIEeYppxr3gOWHKEwxTokY98GgoYyXcC0pwC86zoYHsfgEw7R7jm2H
QOWMmS41TFatT7ZHEQFniXAOxSf13f0KW+8ici0qTm2AY6jnMS+xvsgyGm7BH62W
5D53RPPqa1dDmia0ExtH1mZ/pYPbH8x2p6ttKG2OO+qYMXXLNfVN+uSKHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNP5MT5PJF8fkezUZNCKsaLL9fJjMB8GA1UdIwQY
MBaAFBFTX4+ktfUVM9ck6vkNuplxX8b8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVZOZmo2UzE5UlV6MXlUcS1RMjZtWEZmeHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wNmQ2ODMtNWE1NS00MmFkLTkxZDkt
NWYyZWU1Y2U0NTgxLzEvMF9reFBrOGtYeC1SN05SazBJcXhvc3YxOG1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wNmQ2ODMtNWE1NS00MmFkLTkxZDktNWYyZWU1Y2U0NTgx
LzEvRVZOZmo2UzE5UlV6MXlUcS1RMjZtWEZmeHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXPsMA0E
AgACMAcDBQMqBieAMA0GCSqGSIb3DQEBCwUAA4IBAQBuQuxLGFBK3UuUheOa60zY
QdyAaBKm6M5efi7OrUT3J7qdKsda/dvORNn7s15guEV9KVV8rY8EgudHjTv1A1PU
B9hbvSIWP/cYar/+MlT21zIeVrThUCL2MmBQ+hr0my7zaIobAcb0YEea/+ZGvsFH
s11gOk7UFD/KdLdZf1svzWdw3ZvjXW3Yluww5IllwtwxSj8Hf5BAgDBMqGrJ6C4z
/QcUVA/1MVdNXc5EeufbdlSqZo9dmijnGd4Gc8inlknNWLOejQe6BcNc81wpQ9Cw
rKMx2+iOvd836Wm3Q72MtUkBBkPV3o5RRajsvHCQXHJzUFqLNhFNmQy0g+jQNXra
-----END CERTIFICATE-----