Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/qESCYPpOO-8HhH17a9qapmujWQ0.roa
File:                     qESCYPpOO-8HhH17a9qapmujWQ0.roa (raw, json)
Hash identifier:          s9b0BjR1x2VNuEgZvEglbAQLfU8iL0h04PJ7+EcHymM=
Subject key identifier:   A8:44:82:60:FA:4E:3B:EF:07:84:7D:7B:6B:DA:9A:A6:6B:A3:59:0D
Certificate issuer:       /CN=e64682adb0238cc772d1c5b4986c7a33986364a0
Certificate serial:       018CC5DC566FDD90F6BCA4D3FEB337B1B4E6
Authority key identifier: E6:46:82:AD:B0:23:8C:C7:72:D1:C5:B4:98:6C:7A:33:98:63:64:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5kaCrbAjjMdy0cW0mGx6M5hjZKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/qESCYPpOO-8HhH17a9qapmujWQ0.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197075
IP address blocks:        185.250.164.0/22 maxlen: 22
                          2a03:ff80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/5kaCrbAjjMdy0cW0mGx6M5hjZKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/5kaCrbAjjMdy0cW0mGx6M5hjZKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5kaCrbAjjMdy0cW0mGx6M5hjZKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:56:6f:dd:90:f6:bc:a4:d3:fe:b3:37:b1:b4:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e64682adb0238cc772d1c5b4986c7a33986364a0
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8448260fa4e3bef07847d7b6bda9aa66ba3590d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a6:ce:8a:9b:05:2c:3b:ad:ec:bd:41:82:74:
                    b4:d4:ed:9c:80:75:82:93:04:99:13:8e:b6:ba:f9:
                    dd:74:cf:3e:20:79:c4:7a:e4:c0:81:36:c6:50:f4:
                    3f:7a:b9:48:32:51:5c:5d:f0:23:1c:b1:1f:69:d5:
                    ad:ca:fc:49:7d:a0:59:2d:42:e9:e0:06:94:76:ca:
                    6d:c5:b4:b3:34:c9:33:a0:c8:f7:4b:e3:91:be:21:
                    a5:db:03:2a:80:6c:48:21:95:6b:e5:41:02:8a:a5:
                    08:f6:c8:27:85:7a:88:f6:05:3e:46:c3:77:3e:c2:
                    62:77:bb:ee:82:14:46:2b:11:27:e7:bf:43:67:03:
                    3c:9e:fd:29:74:34:38:37:74:be:03:fa:e1:cf:5f:
                    16:7b:31:79:7c:58:e7:44:b8:2f:43:22:05:6f:7e:
                    83:b1:80:e4:b9:fd:dd:05:e2:b7:f9:d8:49:2d:62:
                    c5:2e:76:04:44:21:f4:0f:e0:9e:46:61:d6:52:fd:
                    56:3c:99:b0:bc:9a:64:25:6f:2c:d0:87:c4:57:01:
                    3a:1f:b3:38:6a:9d:cf:a8:7d:95:ea:05:65:e4:5c:
                    12:a5:8d:ec:21:7e:1d:be:57:fe:07:90:26:af:ef:
                    f1:d9:4a:32:fa:24:1c:33:4a:20:da:cd:66:c2:99:
                    d3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:44:82:60:FA:4E:3B:EF:07:84:7D:7B:6B:DA:9A:A6:6B:A3:59:0D
            X509v3 Authority Key Identifier:
                keyid:E6:46:82:AD:B0:23:8C:C7:72:D1:C5:B4:98:6C:7A:33:98:63:64:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5kaCrbAjjMdy0cW0mGx6M5hjZKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/qESCYPpOO-8HhH17a9qapmujWQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/5kaCrbAjjMdy0cW0mGx6M5hjZKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.164.0/22
                IPv6:
                  2a03:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:92:79:97:0a:2b:76:3a:44:88:bb:07:34:2d:7a:79:a9:9c:
         63:22:00:1c:0d:8b:f1:fd:65:da:38:9d:47:cb:40:b9:e0:1a:
         fa:51:47:1a:b5:93:bf:d0:63:33:dd:38:21:7c:10:2d:09:6a:
         fe:b9:af:41:75:e8:95:5f:ee:61:54:70:c2:6e:e3:40:71:66:
         a6:6a:17:db:ed:48:7e:6e:e1:de:9e:36:7a:8a:34:5e:c1:1e:
         95:a4:7a:25:bb:77:cd:25:d2:77:8d:a4:1c:d1:6f:a0:29:b8:
         1c:fc:63:46:88:d7:c9:b2:2f:e9:1c:be:f3:d6:84:6b:01:1b:
         de:1a:88:ae:a2:b7:59:91:69:39:3c:c3:58:10:86:48:10:d8:
         01:7c:ed:5f:8e:a4:4f:5e:0f:db:a5:4e:c4:07:60:ae:45:8c:
         4b:1b:36:f0:39:4b:ae:42:42:29:24:bd:33:98:24:02:cb:a0:
         f8:3d:e9:a7:dd:0a:09:e1:8e:ec:d6:eb:d9:bc:04:2f:29:3b:
         ac:8f:ef:86:e2:fa:9f:6e:6f:92:a0:27:1f:a9:e9:9c:23:77:
         69:bd:55:51:7e:b4:f9:1b:ae:06:12:c5:70:07:aa:0e:90:e2:
         02:3a:27:f8:2e:33:25:50:d3:ac:92:e0:7d:8e:93:ee:69:8c:
         75:eb:45:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3FZv3ZD2vKTT/rM3sbTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NDY4MmFkYjAyMzhjYzc3MmQxYzViNDk4NmM3YTMzOTg2
MzY0YTAwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQ0ODI2MGZhNGUzYmVmMDc4NDdkN2I2YmRhOWFhNjZiYTM1OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqbOipsFLDut7L1BgnS01O2cgHWC
kwSZE462uvnddM8+IHnEeuTAgTbGUPQ/erlIMlFcXfAjHLEfadWtyvxJfaBZLULp
4AaUdsptxbSzNMkzoMj3S+ORviGl2wMqgGxIIZVr5UECiqUI9sgnhXqI9gU+RsN3
PsJid7vughRGKxEn579DZwM8nv0pdDQ4N3S+A/rhz18WezF5fFjnRLgvQyIFb36D
sYDkuf3dBeK3+dhJLWLFLnYERCH0D+CeRmHWUv1WPJmwvJpkJW8s0IfEVwE6H7M4
ap3PqH2V6gVl5FwSpY3sIX4dvlf+B5Amr+/x2Uoy+iQcM0og2s1mwpnTDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKhEgmD6TjvvB4R9e2vamqZro1kNMB8GA1UdIwQY
MBaAFOZGgq2wI4zHctHFtJhsejOYY2SgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWthQ3JiQWpqTWR5MGNXMG1HeDZNNWhqWktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9hOWNlYjgtMGM4Ni00OWFjLWEzOTIt
YWNlY2FkNTNjODE1LzEvcUVTQ1lQcE9PLThIaEgxN2E5cWFwbXVqV1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9hOWNlYjgtMGM4Ni00OWFjLWEzOTItYWNlY2FkNTNjODE1
LzEvNWthQ3JiQWpqTWR5MGNXMG1HeDZNNWhqWktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufqkMA0E
AgACMAcDBQMqA/+AMA0GCSqGSIb3DQEBCwUAA4IBAQBoknmXCit2OkSIuwc0LXp5
qZxjIgAcDYvx/WXaOJ1Hy0C54Br6UUcatZO/0GMz3TghfBAtCWr+ua9BdeiVX+5h
VHDCbuNAcWamahfb7Uh+buHenjZ6ijRewR6VpHolu3fNJdJ3jaQc0W+gKbgc/GNG
iNfJsi/pHL7z1oRrARveGoiuordZkWk5PMNYEIZIENgBfO1fjqRPXg/bpU7EB2Cu
RYxLGzbwOUuuQkIpJL0zmCQCy6D4Pemn3QoJ4Y7s1uvZvAQvKTusj++G4vqfbm+S
oCcfqemcI3dpvVVRfrT5G64GEsVwB6oOkOICOif4LjMlUNOskuB9jpPuaYx160XV
-----END CERTIFICATE-----