Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/iuWkfXwjXD_7YyWp7uAyhX0IyUc.roa
File:                     iuWkfXwjXD_7YyWp7uAyhX0IyUc.roa (raw, json)
Hash identifier:          rVp+niFW4FSrz2mQrmbT1GislFki4CWw3yQo/5fMTPM=
Subject key identifier:   8A:E5:A4:7D:7C:23:5C:3F:FB:63:25:A9:EE:E0:32:85:7D:08:C9:47
Certificate issuer:       /CN=c53e2aba0515ec90d10911060fcf29236d76dddf
Certificate serial:       018CC5DC53E208E93717B557258514BF8B20
Authority key identifier: C5:3E:2A:BA:05:15:EC:90:D1:09:11:06:0F:CF:29:23:6D:76:DD:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xT4qugUV7JDRCREGD88pI2123d8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/iuWkfXwjXD_7YyWp7uAyhX0IyUc.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205316
IP address blocks:        185.222.108.0/22 maxlen: 22
                          2a0c:2800::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/xT4qugUV7JDRCREGD88pI2123d8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/xT4qugUV7JDRCREGD88pI2123d8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xT4qugUV7JDRCREGD88pI2123d8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:53:e2:08:e9:37:17:b5:57:25:85:14:bf:8b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53e2aba0515ec90d10911060fcf29236d76dddf
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ae5a47d7c235c3ffb6325a9eee032857d08c947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ac:99:38:05:25:d9:98:30:d6:35:6c:cf:d3:
                    08:ad:7b:50:ad:14:0d:77:35:d5:8f:73:39:e9:94:
                    ff:8d:49:64:12:f5:19:6f:67:40:44:f1:33:5e:08:
                    f0:7f:22:91:9c:30:b4:50:c4:06:59:03:f5:7e:a8:
                    58:48:c1:d9:83:f2:4f:91:1e:af:87:f9:cc:94:50:
                    a7:c6:cb:82:db:bb:3e:ff:0f:2d:28:ee:63:e7:9d:
                    c8:3d:98:6f:9b:32:0f:a9:91:7a:5c:5f:c1:1d:9d:
                    92:a1:e2:02:f6:37:14:b1:e9:b6:0e:38:82:f0:da:
                    e5:96:cc:3f:27:69:27:7b:5a:04:4b:16:21:4f:43:
                    59:7f:f9:14:87:ce:0e:ab:5f:aa:95:84:bc:86:37:
                    c3:3f:38:e5:7d:80:37:21:57:fb:6e:65:10:5f:d9:
                    fd:0b:42:dd:99:b4:bb:8c:74:7f:43:4e:d7:4d:74:
                    44:1a:36:49:0d:f7:ad:e2:81:0b:43:17:5e:9a:74:
                    2a:79:16:b2:e0:57:a9:f4:a4:6c:e8:2e:3a:23:85:
                    40:22:f0:2b:49:07:42:88:1c:e6:a8:87:bc:4a:12:
                    73:dc:3b:04:12:eb:20:a4:09:1b:f7:d9:cc:f9:f8:
                    9b:63:03:fb:1c:e7:b6:22:47:95:d6:2f:2e:ee:2f:
                    f4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E5:A4:7D:7C:23:5C:3F:FB:63:25:A9:EE:E0:32:85:7D:08:C9:47
            X509v3 Authority Key Identifier:
                keyid:C5:3E:2A:BA:05:15:EC:90:D1:09:11:06:0F:CF:29:23:6D:76:DD:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xT4qugUV7JDRCREGD88pI2123d8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/iuWkfXwjXD_7YyWp7uAyhX0IyUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/xT4qugUV7JDRCREGD88pI2123d8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.108.0/22
                IPv6:
                  2a0c:2800::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:21:af:2d:12:7a:8f:ba:d6:6f:12:02:2a:cf:87:c6:83:49:
         55:93:0e:72:2b:2a:ea:cd:e9:d6:3d:97:d0:d6:f0:d7:72:db:
         c5:60:43:5b:90:43:80:06:15:46:fd:40:08:e4:7f:94:8d:0b:
         ab:f1:1b:d3:c4:4e:e5:2d:4c:82:49:f8:39:26:af:b4:12:14:
         fe:ae:93:d9:0e:92:45:2e:94:a7:bc:79:07:01:a8:1c:9e:07:
         1d:16:e6:76:30:ef:6c:ca:dc:6c:f7:5c:1e:f3:59:cb:8e:68:
         86:d9:25:58:5a:62:08:26:76:e4:ed:23:90:b9:80:6b:01:45:
         b0:df:16:97:7c:83:6b:32:1c:c2:3c:1d:84:3c:88:0f:e9:2e:
         57:97:93:78:3e:ff:f4:22:a7:53:46:5f:dd:3d:6d:4a:83:9a:
         9d:19:28:0c:e5:c0:0d:ac:4c:62:00:f6:ff:79:74:00:52:5a:
         c8:0e:d8:25:33:4f:bb:71:9e:30:fd:46:14:cb:26:f3:1e:e9:
         0e:12:b9:39:53:71:33:6c:58:92:1f:e2:4c:00:aa:56:62:14:
         f5:1c:b8:15:3c:ba:f7:cb:a5:10:9a:e3:ae:1b:e1:b9:71:95:
         f8:6a:92:e0:98:73:4a:92:e0:de:b3:2b:1f:d5:ed:06:73:cd:
         a6:cd:18:65
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3FPiCOk3F7VXJYUUv4sgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2UyYWJhMDUxNWVjOTBkMTA5MTEwNjBmY2YyOTIzNmQ3
NmRkZGYwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWU1YTQ3ZDdjMjM1YzNmZmI2MzI1YTllZWUwMzI4NTdkMDhjOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgayZOAUl2Zgw1jVsz9MIrXtQrRQN
dzXVj3M56ZT/jUlkEvUZb2dARPEzXgjwfyKRnDC0UMQGWQP1fqhYSMHZg/JPkR6v
h/nMlFCnxsuC27s+/w8tKO5j553IPZhvmzIPqZF6XF/BHZ2SoeIC9jcUsem2DjiC
8Nrllsw/J2kne1oESxYhT0NZf/kUh84Oq1+qlYS8hjfDPzjlfYA3IVf7bmUQX9n9
C0LdmbS7jHR/Q07XTXREGjZJDfet4oELQxdemnQqeRay4Fep9KRs6C46I4VAIvAr
SQdCiBzmqIe8ShJz3DsEEusgpAkb99nM+fibYwP7HOe2IkeV1i8u7i/08wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIrlpH18I1w/+2Mlqe7gMoV9CMlHMB8GA1UdIwQY
MBaAFMU+KroFFeyQ0QkRBg/PKSNtdt3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFQ0cXVnVVY3SkRSQ1JFR0Q4OHBJMjEyM2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85MDhhNjItZjRlMC00OTg1LTllMzQt
MTIwNTNhZGU5ZmFmLzEvaXVXa2ZYd2pYRF83WXlXcDd1QXloWDBJeVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85MDhhNjItZjRlMC00OTg1LTllMzQtMTIwNTNhZGU5ZmFm
LzEveFQ0cXVnVVY3SkRSQ1JFR0Q4OHBJMjEyM2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud5sMA0E
AgACMAcDBQAqDCgAMA0GCSqGSIb3DQEBCwUAA4IBAQARIa8tEnqPutZvEgIqz4fG
g0lVkw5yKyrqzenWPZfQ1vDXctvFYENbkEOABhVG/UAI5H+UjQur8RvTxE7lLUyC
Sfg5Jq+0EhT+rpPZDpJFLpSnvHkHAagcngcdFuZ2MO9sytxs91we81nLjmiG2SVY
WmIIJnbk7SOQuYBrAUWw3xaXfINrMhzCPB2EPIgP6S5Xl5N4Pv/0IqdTRl/dPW1K
g5qdGSgM5cANrExiAPb/eXQAUlrIDtglM0+7cZ4w/UYUyybzHukOErk5U3EzbFiS
H+JMAKpWYhT1HLgVPLr3y6UQmuOuG+G5cZX4apLgmHNKkuDesysf1e0Gc82mzRhl
-----END CERTIFICATE-----