Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/v8ZzjS84seAfa5w7QHi66QUil1A.roa
File:                     v8ZzjS84seAfa5w7QHi66QUil1A.roa (raw, json)
Hash identifier:          BVs5h/4SaImDQV6/xpJNX36yegYKxRW61hjxAZJSTms=
Subject key identifier:   BF:C6:73:8D:2F:38:B1:E0:1F:6B:9C:3B:40:78:BA:E9:05:22:97:50
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       018FB06D530F8B16F982BCAC57B845DD258C
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/v8ZzjS84seAfa5w7QHi66QUil1A.roa
Signing time:             Sat 25 May 2024 15:45:05 +0000
ROA not before:           Sat 25 May 2024 15:45:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216074
IP address blocks:        78.158.166.0/24 maxlen: 24
                          188.136.204.0/22 maxlen: 24
                          213.195.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b0:6d:53:0f:8b:16:f9:82:bc:ac:57:b8:45:dd:25:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: May 25 15:45:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfc6738d2f38b1e01f6b9c3b4078bae905229750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c7:03:3f:20:f2:27:c7:dd:fc:1d:62:36:db:
                    18:a3:f1:f6:70:d8:a8:d5:dc:71:ed:27:90:6c:9f:
                    a3:60:ff:20:40:92:48:be:fa:5d:77:e8:a6:1d:8e:
                    0e:91:d8:9c:fc:35:3f:5c:e2:b4:f5:b5:99:13:4f:
                    f0:a0:5e:23:fb:a0:a0:18:9d:7a:9e:98:cf:d7:92:
                    8f:b0:0a:7b:64:43:81:93:bc:0c:64:dc:f1:05:a5:
                    22:30:59:7d:57:63:b4:a8:f1:c5:72:cb:81:e1:cc:
                    8f:2d:35:d4:a9:fe:20:72:3e:94:67:d8:50:40:e0:
                    3d:bb:db:61:9a:b4:23:40:54:72:99:bb:7d:56:66:
                    25:24:b9:44:8c:a4:a7:19:03:dd:52:8c:e0:23:8e:
                    40:96:29:54:4a:22:3e:d6:dd:87:07:c2:ae:6e:26:
                    ea:23:a9:55:be:a9:3a:6d:b9:bc:02:ed:58:69:73:
                    0f:7c:c0:60:e0:52:11:f6:99:37:44:7d:75:7b:34:
                    1e:22:4f:1d:55:ec:11:51:63:f8:ba:9d:30:b0:03:
                    2d:21:1b:c1:b1:33:5a:b0:67:78:14:f3:fb:91:11:
                    23:d7:0d:52:1b:15:a2:27:4b:8e:25:17:c4:64:7d:
                    86:62:ad:f5:d9:23:b5:2f:e3:e6:49:34:da:2d:4b:
                    bb:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C6:73:8D:2F:38:B1:E0:1F:6B:9C:3B:40:78:BA:E9:05:22:97:50
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/v8ZzjS84seAfa5w7QHi66QUil1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.158.166.0/24
                  188.136.204.0/22
                  213.195.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:25:2c:5c:8f:2f:f2:8d:f0:23:6f:b6:9e:ed:5c:b5:ee:a5:
         9c:43:e9:3d:35:6c:ba:65:50:8c:e1:f4:bd:61:39:95:96:ca:
         f6:51:c9:11:a3:2b:be:fa:3b:70:e7:1e:05:45:6f:b5:ac:55:
         f2:c0:00:4b:da:d3:9a:e9:2e:b9:b3:fd:9d:87:81:f9:a9:5e:
         9b:f9:7c:18:c6:0f:aa:d0:ba:f1:9c:3c:35:6b:16:79:72:e8:
         6a:77:36:2a:1d:e0:71:0c:a6:08:ec:30:65:58:0e:36:a5:20:
         4f:44:ed:d2:59:73:e0:74:ff:34:10:f0:18:84:79:75:0a:ed:
         cc:33:b2:ad:f1:d8:be:53:fe:a4:73:aa:6c:32:6e:3e:06:e3:
         8b:41:ef:4c:80:6b:ff:1e:12:4b:e9:63:e9:1a:70:c0:d8:e8:
         5d:a0:e4:f6:c5:d5:4d:37:dd:2a:81:67:e6:fe:7b:6c:31:a4:
         16:8c:1f:ca:09:d5:f7:ed:3f:b9:de:0b:b8:ba:bb:33:54:1c:
         ba:c6:b9:e1:28:d7:79:0e:79:dc:a5:10:ca:60:21:97:26:af:
         b0:72:b8:57:13:2c:cf:b6:fc:87:43:37:63:b4:34:eb:29:b6:
         52:c8:0e:f9:89:a9:f5:71:08:ae:64:66:85:fa:b3:e8:b9:11:
         f5:44:e5:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+wbVMPixb5grysV7hF3SWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjQwNTI1MTU0NTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmM2NzM4ZDJmMzhiMWUwMWY2YjljM2I0MDc4YmFlOTA1MjI5NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmccDPyDyJ8fd/B1iNtsYo/H2cNio
1dxx7SeQbJ+jYP8gQJJIvvpdd+imHY4Okdic/DU/XOK09bWZE0/woF4j+6CgGJ16
npjP15KPsAp7ZEOBk7wMZNzxBaUiMFl9V2O0qPHFcsuB4cyPLTXUqf4gcj6UZ9hQ
QOA9u9thmrQjQFRymbt9VmYlJLlEjKSnGQPdUozgI45AlilUSiI+1t2HB8Kubibq
I6lVvqk6bbm8Au1YaXMPfMBg4FIR9pk3RH11ezQeIk8dVewRUWP4up0wsAMtIRvB
sTNasGd4FPP7kREj1w1SGxWiJ0uOJRfEZH2GYq312SO1L+PmSTTaLUu7LQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL/Gc40vOLHgH2ucO0B4uukFIpdQMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvdjhaempTODRzZUFmYTV3N1FIaTY2UVVpbDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATp6mAwQC
vIjMAwQA1cMXMA0GCSqGSIb3DQEBCwUAA4IBAQCBJSxcjy/yjfAjb7ae7Vy17qWc
Q+k9NWy6ZVCM4fS9YTmVlsr2UckRoyu++jtw5x4FRW+1rFXywABL2tOa6S65s/2d
h4H5qV6b+XwYxg+q0LrxnDw1axZ5cuhqdzYqHeBxDKYI7DBlWA42pSBPRO3SWXPg
dP80EPAYhHl1Cu3MM7Kt8di+U/6kc6psMm4+BuOLQe9MgGv/HhJL6WPpGnDA2Ohd
oOT2xdVNN90qgWfm/ntsMaQWjB/KCdX37T+53gu4urszVBy6xrnhKNd5DnncpRDK
YCGXJq+wcrhXEyzPtvyHQzdjtDTrKbZSyA75ian1cQiuZGaF+rPouRH1ROVJ
-----END CERTIFICATE-----