Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/8ccbcc-cd51-44ae-8f05-36fd233514f9/1/roXuBj2F3PMj9MvAMYEF0qrBBII.roa
File:                     roXuBj2F3PMj9MvAMYEF0qrBBII.roa (raw, json)
Hash identifier:          xU6/6565AtMws03BatqK6ZswgYcYPbC74rziwHcRmGE=
Subject key identifier:   AE:85:EE:06:3D:85:DC:F3:23:F4:CB:C0:31:81:05:D2:AA:C1:04:82
Certificate issuer:       /CN=b921277f3e7954a4af5520a99042fb0893af804d
Certificate serial:       018CC424EF5F31E15BAD42DEA48A2AF270C7
Authority key identifier: B9:21:27:7F:3E:79:54:A4:AF:55:20:A9:90:42:FB:08:93:AF:80:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uSEnfz55VKSvVSCpkEL7CJOvgE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/8ccbcc-cd51-44ae-8f05-36fd233514f9/1/roXuBj2F3PMj9MvAMYEF0qrBBII.roa
Signing time:             Mon 01 Jan 2024 08:30:04 +0000
ROA not before:           Mon 01 Jan 2024 08:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213131
IP address blocks:        185.230.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/8ccbcc-cd51-44ae-8f05-36fd233514f9/1/uSEnfz55VKSvVSCpkEL7CJOvgE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/8ccbcc-cd51-44ae-8f05-36fd233514f9/1/uSEnfz55VKSvVSCpkEL7CJOvgE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uSEnfz55VKSvVSCpkEL7CJOvgE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ef:5f:31:e1:5b:ad:42:de:a4:8a:2a:f2:70:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b921277f3e7954a4af5520a99042fb0893af804d
        Validity
            Not Before: Jan  1 08:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae85ee063d85dcf323f4cbc0318105d2aac10482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:44:a8:23:ff:66:12:d2:be:a1:0b:60:94:c4:
                    96:b4:b9:03:da:b0:e5:28:34:f2:1b:56:2d:63:96:
                    13:ca:fa:dd:89:9b:03:7c:ba:49:de:9b:db:6c:e8:
                    7a:24:21:34:c7:8b:ca:50:95:dc:2d:d0:06:5a:f8:
                    84:48:f2:05:c8:1a:b0:f5:e9:89:da:7d:eb:2f:16:
                    33:f4:ea:69:25:a1:96:c8:72:20:00:6e:45:5f:eb:
                    30:d5:34:89:b5:5b:f6:87:8a:b1:e6:74:14:d7:ae:
                    91:cc:cf:a0:bb:3f:e1:07:78:1d:3a:ba:5c:bf:49:
                    d2:19:b8:23:d9:6a:ea:9b:15:a7:aa:92:41:45:bb:
                    78:4a:9f:fe:86:bf:7e:cc:bd:06:e1:99:bf:58:4c:
                    1b:01:f7:ae:90:f1:c5:49:9d:aa:af:32:11:5b:1b:
                    b4:02:86:b6:f2:3e:b0:a4:2b:83:af:09:92:78:89:
                    69:d9:ed:28:4a:33:c3:09:7e:ca:e7:f7:24:da:81:
                    a3:67:8c:4d:bf:db:33:7e:78:89:37:96:08:f7:34:
                    67:a0:51:0e:17:fc:0d:e5:6d:32:42:b5:7f:e6:9b:
                    45:1f:d7:ab:b7:23:cb:b3:63:d5:d7:54:0c:2a:49:
                    a0:b0:52:4b:76:d1:7d:d5:42:0a:91:82:68:0e:fe:
                    ff:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:85:EE:06:3D:85:DC:F3:23:F4:CB:C0:31:81:05:D2:AA:C1:04:82
            X509v3 Authority Key Identifier:
                keyid:B9:21:27:7F:3E:79:54:A4:AF:55:20:A9:90:42:FB:08:93:AF:80:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uSEnfz55VKSvVSCpkEL7CJOvgE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/8ccbcc-cd51-44ae-8f05-36fd233514f9/1/roXuBj2F3PMj9MvAMYEF0qrBBII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/8ccbcc-cd51-44ae-8f05-36fd233514f9/1/uSEnfz55VKSvVSCpkEL7CJOvgE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:9f:3d:d4:67:71:57:73:7d:d0:2b:d3:39:7c:38:24:09:c1:
         c6:ff:ff:15:90:34:0f:29:23:2a:b1:d3:79:54:8e:03:c1:50:
         d9:00:ef:2f:53:a5:27:0e:5b:e4:b6:bc:67:31:a3:fd:23:d3:
         91:32:00:8e:6a:47:bf:18:fa:53:93:bb:0f:57:bb:94:60:0b:
         5d:1f:b3:d1:2d:bd:94:3e:9c:37:a4:f7:96:6c:cd:27:fb:5d:
         c8:58:98:fe:85:8c:07:2c:7c:7e:27:b7:2a:a8:b2:94:a3:dc:
         ff:d4:50:91:d3:59:42:d1:a9:79:02:75:13:4f:f2:43:d5:27:
         65:1c:59:91:ab:f5:d5:3f:38:f8:63:96:83:90:ea:56:cc:d4:
         af:ef:01:d2:1c:10:0a:6c:29:01:4b:c9:11:67:9f:bf:8a:13:
         a7:74:39:26:67:ad:e0:20:f4:e3:62:5c:07:13:aa:6b:e2:d0:
         94:10:8a:d9:98:a7:f5:b5:2b:21:f3:da:63:ba:5a:ca:ed:e7:
         93:f5:56:08:fb:b9:f9:8e:86:cc:3c:df:f3:f1:50:4c:8c:e7:
         80:16:ee:11:46:b5:1f:52:11:09:10:eb:6e:86:84:c8:6e:3c:
         6f:17:47:a4:ec:f8:ec:43:5a:dc:66:a1:62:07:c4:94:d2:e0:
         60:25:d6:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJO9fMeFbrULepIoq8nDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MjEyNzdmM2U3OTU0YTRhZjU1MjBhOTkwNDJmYjA4OTNh
ZjgwNGQwHhcNMjQwMTAxMDgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTg1ZWUwNjNkODVkY2YzMjNmNGNiYzAzMTgxMDVkMmFhYzEwNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsESoI/9mEtK+oQtglMSWtLkD2rDl
KDTyG1YtY5YTyvrdiZsDfLpJ3pvbbOh6JCE0x4vKUJXcLdAGWviESPIFyBqw9emJ
2n3rLxYz9OppJaGWyHIgAG5FX+sw1TSJtVv2h4qx5nQU166RzM+guz/hB3gdOrpc
v0nSGbgj2WrqmxWnqpJBRbt4Sp/+hr9+zL0G4Zm/WEwbAfeukPHFSZ2qrzIRWxu0
Aoa28j6wpCuDrwmSeIlp2e0oSjPDCX7K5/ck2oGjZ4xNv9szfniJN5YI9zRnoFEO
F/wN5W0yQrV/5ptFH9ertyPLs2PV11QMKkmgsFJLdtF91UIKkYJoDv7/+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6F7gY9hdzzI/TLwDGBBdKqwQSCMB8GA1UdIwQY
MBaAFLkhJ38+eVSkr1UgqZBC+wiTr4BNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVNFbmZ6NTVWS1N2VlNDcGtFTDdDSk92Z0UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84Y2NiY2MtY2Q1MS00NGFlLThmMDUt
MzZmZDIzMzUxNGY5LzEvcm9YdUJqMkYzUE1qOU12QU1ZRUYwcXJCQklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84Y2NiY2MtY2Q1MS00NGFlLThmMDUtMzZmZDIzMzUxNGY5
LzEvdVNFbmZ6NTVWS1N2VlNDcGtFTDdDSk92Z0UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueaeMA0G
CSqGSIb3DQEBCwUAA4IBAQBdnz3UZ3FXc33QK9M5fDgkCcHG//8VkDQPKSMqsdN5
VI4DwVDZAO8vU6UnDlvktrxnMaP9I9ORMgCOake/GPpTk7sPV7uUYAtdH7PRLb2U
Ppw3pPeWbM0n+13IWJj+hYwHLHx+J7cqqLKUo9z/1FCR01lC0al5AnUTT/JD1Sdl
HFmRq/XVPzj4Y5aDkOpWzNSv7wHSHBAKbCkBS8kRZ5+/ihOndDkmZ63gIPTjYlwH
E6pr4tCUEIrZmKf1tSsh89pjulrK7eeT9VYI+7n5jobMPN/z8VBMjOeAFu4RRrUf
UhEJEOtuhoTIbjxvF0ek7PjsQ1rcZqFiB8SU0uBgJdZB
-----END CERTIFICATE-----