Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/T6FCJPG1XLjW1N-oznXlzUVwE0I.roa
File:                     T6FCJPG1XLjW1N-oznXlzUVwE0I.roa (raw, json)
Hash identifier:          PElvEbYBklfiTtEnsoxDGuKOcDBvCotON+xFYU+1zoc=
Subject key identifier:   4F:A1:42:24:F1:B5:5C:B8:D6:D4:DF:A8:CE:75:E5:CD:45:70:13:42
Certificate issuer:       /CN=658290fe9814fcb062ab71e32ec1f96da9973a33
Certificate serial:       018CC9BC62051829C2FE2DB99250966D0A2C
Authority key identifier: 65:82:90:FE:98:14:FC:B0:62:AB:71:E3:2E:C1:F9:6D:A9:97:3A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/T6FCJPG1XLjW1N-oznXlzUVwE0I.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58005
IP address blocks:        185.38.120.0/22 maxlen: 22
                          2a04:6fb0::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:62:05:18:29:c2:fe:2d:b9:92:50:96:6d:0a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=658290fe9814fcb062ab71e32ec1f96da9973a33
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fa14224f1b55cb8d6d4dfa8ce75e5cd45701342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e0:6e:ad:3a:e5:65:0b:fe:0b:9a:c0:93:70:
                    f9:f8:04:b9:fc:7d:64:f8:a9:de:16:44:b4:ff:0c:
                    a4:5f:ff:9a:17:7c:c6:ff:52:e6:62:c4:40:20:fb:
                    5e:0e:b5:98:06:71:59:02:f3:c4:4c:9c:e4:39:80:
                    18:99:96:3e:58:58:64:9d:46:62:3e:cb:b0:e4:b7:
                    08:40:32:22:90:8c:9c:30:96:29:90:fd:32:d8:0b:
                    e3:14:ba:a1:c1:92:4f:67:8c:8d:63:4e:0b:27:74:
                    07:86:38:56:fe:24:98:6d:3c:85:f7:74:ce:fa:52:
                    27:4c:b5:8c:31:a5:72:12:e0:b3:66:4c:b4:09:74:
                    26:e1:fa:eb:e1:d8:44:62:0a:e8:8b:78:37:e3:48:
                    d1:68:3b:6b:fc:96:db:60:95:ac:f9:3b:7d:93:46:
                    5c:1b:fb:1b:d1:da:90:46:68:96:9c:da:a3:54:30:
                    33:7f:73:f4:89:f3:83:46:f2:20:bc:55:8a:46:30:
                    b4:4f:97:de:8f:4e:ca:ce:8a:ae:30:b7:10:ca:7a:
                    9d:6b:79:b3:bc:17:24:be:dc:ac:c0:d9:6b:a8:af:
                    b7:98:13:0a:0f:67:14:2f:2b:0e:b0:cd:4d:4d:d3:
                    67:50:6a:94:e8:03:59:81:df:96:16:00:3b:22:d3:
                    b6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A1:42:24:F1:B5:5C:B8:D6:D4:DF:A8:CE:75:E5:CD:45:70:13:42
            X509v3 Authority Key Identifier:
                keyid:65:82:90:FE:98:14:FC:B0:62:AB:71:E3:2E:C1:F9:6D:A9:97:3A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/T6FCJPG1XLjW1N-oznXlzUVwE0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d3b13-c4a1-41c0-a839-aede3ffa4457/1/ZYKQ_pgU_LBiq3HjLsH5bamXOjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.120.0/22
                IPv6:
                  2a04:6fb0::/31

    Signature Algorithm: sha256WithRSAEncryption
         74:9b:95:6c:f2:80:5f:ad:ae:93:2f:0c:a7:b8:ce:4f:9f:5e:
         8d:93:68:a2:d7:4e:5e:44:2a:82:5b:00:2e:f8:60:a4:e5:d5:
         f1:06:ba:08:54:13:be:d0:9a:19:80:7c:e3:3a:d9:de:85:1a:
         37:d4:1c:4a:40:d5:df:6f:0c:e9:ad:ed:dd:94:37:17:a2:b3:
         44:69:6f:7e:ae:0d:a9:30:a3:c8:45:bd:21:19:59:27:24:3a:
         84:06:a2:ba:17:ce:c8:1a:29:16:a8:bb:65:cd:0f:33:57:d1:
         c2:f6:e6:5d:ce:2f:98:85:75:19:ea:e1:b3:0d:1b:64:fe:2c:
         4f:bf:2e:e0:01:8a:87:ac:4c:be:fa:26:e4:18:2d:45:26:b2:
         69:f4:e9:5a:5b:aa:93:1f:a5:56:c7:20:87:a9:20:4e:ef:2b:
         64:3f:27:d2:34:17:8e:ce:27:8e:5d:80:e1:17:d7:f3:d2:56:
         4d:09:92:94:e0:b3:81:6b:41:dc:13:4d:79:9b:36:c9:44:a2:
         63:55:b9:8e:a1:22:1f:c6:8c:ae:46:1f:58:18:d8:16:55:b0:
         fb:ab:c9:f7:3e:c8:35:d0:61:74:b3:8d:e1:bf:f2:35:c7:1b:
         57:6d:7f:ca:67:90:c8:69:ea:e0:31:09:87:9a:9f:dd:c9:5a:
         b2:d4:7c:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvGIFGCnC/i25klCWbQosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODI5MGZlOTgxNGZjYjA2MmFiNzFlMzJlYzFmOTZkYTk5
NzNhMzMwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmExNDIyNGYxYjU1Y2I4ZDZkNGRmYThjZTc1ZTVjZDQ1NzAxMzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseBurTrlZQv+C5rAk3D5+AS5/H1k
+KneFkS0/wykX/+aF3zG/1LmYsRAIPteDrWYBnFZAvPETJzkOYAYmZY+WFhknUZi
Psuw5LcIQDIikIycMJYpkP0y2AvjFLqhwZJPZ4yNY04LJ3QHhjhW/iSYbTyF93TO
+lInTLWMMaVyEuCzZky0CXQm4frr4dhEYgroi3g340jRaDtr/JbbYJWs+Tt9k0Zc
G/sb0dqQRmiWnNqjVDAzf3P0ifODRvIgvFWKRjC0T5fej07KzoquMLcQynqda3mz
vBckvtyswNlrqK+3mBMKD2cULysOsM1NTdNnUGqU6ANZgd+WFgA7ItO29QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE+hQiTxtVy41tTfqM515c1FcBNCMB8GA1UdIwQY
MBaAFGWCkP6YFPywYqtx4y7B+W2plzozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllLUV9wZ1VfTEJpcTNIakxzSDViYW1YT2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDNiMTMtYzRhMS00MWMwLWE4Mzkt
YWVkZTNmZmE0NDU3LzEvVDZGQ0pQRzFYTGpXMU4tb3puWGx6VVZ3RTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDNiMTMtYzRhMS00MWMwLWE4MzktYWVkZTNmZmE0NDU3
LzEvWllLUV9wZ1VfTEJpcTNIakxzSDViYW1YT2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSZ4MA0E
AgACMAcDBQEqBG+wMA0GCSqGSIb3DQEBCwUAA4IBAQB0m5Vs8oBfra6TLwynuM5P
n16Nk2ii105eRCqCWwAu+GCk5dXxBroIVBO+0JoZgHzjOtnehRo31BxKQNXfbwzp
re3dlDcXorNEaW9+rg2pMKPIRb0hGVknJDqEBqK6F87IGikWqLtlzQ8zV9HC9uZd
zi+YhXUZ6uGzDRtk/ixPvy7gAYqHrEy++ibkGC1FJrJp9OlaW6qTH6VWxyCHqSBO
7ytkPyfSNBeOzieOXYDhF9fz0lZNCZKU4LOBa0HcE015mzbJRKJjVbmOoSIfxoyu
Rh9YGNgWVbD7q8n3Psg10GF0s43hv/I1xxtXbX/KZ5DIaergMQmHmp/dyVqy1Hza
-----END CERTIFICATE-----