Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/a28ef5-14c4-4341-8f19-9106bfbfe74d/1/u5EPRjxd0a8XpFfldiSeUi8ts7A.roa
File:                     u5EPRjxd0a8XpFfldiSeUi8ts7A.roa (raw, json)
Hash identifier:          QVtk37Ea7GqSEpKXgxZ7syPAFRW8RxdnfOwKnhLjQAs=
Subject key identifier:   BB:91:0F:46:3C:5D:D1:AF:17:A4:57:E5:76:24:9E:52:2F:2D:B3:B0
Certificate issuer:       /CN=bcc01bf8e98ba7b2b0e11a8e0fbc4b39a11b8673
Certificate serial:       018CC5DC370E97A8138300F058425E96C91E
Authority key identifier: BC:C0:1B:F8:E9:8B:A7:B2:B0:E1:1A:8E:0F:BC:4B:39:A1:1B:86:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMAb-OmLp7Kw4RqOD7xLOaEbhnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/a28ef5-14c4-4341-8f19-9106bfbfe74d/1/u5EPRjxd0a8XpFfldiSeUi8ts7A.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34569
IP address blocks:        185.218.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/a28ef5-14c4-4341-8f19-9106bfbfe74d/1/vMAb-OmLp7Kw4RqOD7xLOaEbhnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/a28ef5-14c4-4341-8f19-9106bfbfe74d/1/vMAb-OmLp7Kw4RqOD7xLOaEbhnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vMAb-OmLp7Kw4RqOD7xLOaEbhnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 19:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:37:0e:97:a8:13:83:00:f0:58:42:5e:96:c9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc01bf8e98ba7b2b0e11a8e0fbc4b39a11b8673
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb910f463c5dd1af17a457e576249e522f2db3b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ff:9f:8c:f0:19:a3:49:83:c0:0a:1e:83:16:
                    33:b2:a7:57:1e:fc:2a:a2:02:a4:c5:7a:89:7d:04:
                    9f:d1:21:a0:92:3b:92:92:22:ad:4d:a4:72:8d:b6:
                    89:77:2e:25:b9:b5:0b:fd:3c:0f:bb:e4:c4:87:ce:
                    3f:a7:b5:87:b6:a4:99:23:d9:29:52:07:f2:dc:a9:
                    aa:75:72:f1:3d:62:70:0b:9e:62:1b:25:eb:2d:2e:
                    2e:0a:6f:89:a3:98:2b:8e:10:85:2f:39:47:e5:76:
                    db:96:86:d5:28:4b:0c:6e:3c:0f:ac:4a:24:f4:86:
                    07:fa:3d:0b:ed:3c:68:6a:b8:ab:61:23:dd:9e:0f:
                    c3:af:bd:54:f9:aa:79:68:5b:58:02:da:21:ce:62:
                    16:7d:a4:7d:c8:37:d0:00:3f:f7:7d:57:80:89:c4:
                    38:11:54:d2:66:fb:93:f6:80:00:2a:a3:ad:bb:f9:
                    29:61:f5:0a:0c:8e:48:5f:8c:10:44:8b:f5:03:5a:
                    fd:78:d6:5f:15:1a:83:a7:4e:88:09:5e:6a:6c:25:
                    8d:3a:05:6e:87:5c:f3:f8:eb:d7:58:29:bc:73:20:
                    cc:34:e1:fb:b7:c3:52:b4:7b:49:30:15:21:88:8f:
                    1a:4b:85:4d:3f:43:4b:91:81:c9:e4:fa:6c:75:1c:
                    ed:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:91:0F:46:3C:5D:D1:AF:17:A4:57:E5:76:24:9E:52:2F:2D:B3:B0
            X509v3 Authority Key Identifier:
                keyid:BC:C0:1B:F8:E9:8B:A7:B2:B0:E1:1A:8E:0F:BC:4B:39:A1:1B:86:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMAb-OmLp7Kw4RqOD7xLOaEbhnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/a28ef5-14c4-4341-8f19-9106bfbfe74d/1/u5EPRjxd0a8XpFfldiSeUi8ts7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/a28ef5-14c4-4341-8f19-9106bfbfe74d/1/vMAb-OmLp7Kw4RqOD7xLOaEbhnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:46:ce:31:75:92:2e:11:8d:7b:4a:0b:a7:37:80:bb:f3:0e:
         10:7e:9c:e2:e5:01:fc:23:b7:d8:2d:5e:8b:4d:5c:15:23:c6:
         6a:d6:d1:eb:12:b8:10:38:72:69:de:a0:96:05:be:3d:15:b6:
         1f:6c:d6:74:e5:cc:b1:3a:ed:d6:69:87:02:0a:b5:99:f4:a7:
         cd:82:be:bd:56:7a:c6:bf:b8:b9:05:00:f1:cb:0c:ec:9c:ce:
         c0:74:6d:7d:9b:1d:65:6f:51:dd:18:84:89:ff:21:84:de:72:
         2a:18:a6:d7:74:6f:4f:e5:bf:21:5f:14:8e:b8:4a:d2:6b:7e:
         19:2e:5d:f3:4e:a5:3a:e7:ce:e1:9d:4e:24:db:0a:20:82:f5:
         1a:71:56:1e:8e:b4:b7:84:0d:8d:da:62:36:43:fb:38:78:d1:
         b8:35:71:97:7b:23:2e:85:c8:72:5a:02:43:f9:2b:e9:79:a2:
         7b:19:08:2e:59:92:06:35:68:b8:c3:f8:12:d7:e4:1e:36:d5:
         93:46:6d:5b:c1:01:b3:a8:02:71:12:42:07:e3:bd:a4:3c:62:
         0d:91:23:b2:da:78:77:40:4f:1c:e1:16:6d:cb:df:7f:6f:e6:
         9e:76:98:dc:d2:cb:d0:de:2f:63:da:ad:d8:b8:ae:8c:75:fa:
         2a:cd:24:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DcOl6gTgwDwWEJelskeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYzAxYmY4ZTk4YmE3YjJiMGUxMWE4ZTBmYmM0YjM5YTEx
Yjg2NzMwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjkxMGY0NjNjNWRkMWFmMTdhNDU3ZTU3NjI0OWU1MjJmMmRiM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhv+fjPAZo0mDwAoegxYzsqdXHvwq
ogKkxXqJfQSf0SGgkjuSkiKtTaRyjbaJdy4lubUL/TwPu+TEh84/p7WHtqSZI9kp
Ugfy3KmqdXLxPWJwC55iGyXrLS4uCm+Jo5grjhCFLzlH5XbblobVKEsMbjwPrEok
9IYH+j0L7TxoarirYSPdng/Dr71U+ap5aFtYAtohzmIWfaR9yDfQAD/3fVeAicQ4
EVTSZvuT9oAAKqOtu/kpYfUKDI5IX4wQRIv1A1r9eNZfFRqDp06ICV5qbCWNOgVu
h1zz+OvXWCm8cyDMNOH7t8NStHtJMBUhiI8aS4VNP0NLkYHJ5PpsdRztfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuRD0Y8XdGvF6RX5XYknlIvLbOwMB8GA1UdIwQY
MBaAFLzAG/jpi6eysOEajg+8SzmhG4ZzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk1BYi1PbUxwN0t3NFJxT0Q3eExPYUViaG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9hMjhlZjUtMTRjNC00MzQxLThmMTkt
OTEwNmJmYmZlNzRkLzEvdTVFUFJqeGQwYThYcEZmbGRpU2VVaTh0czdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9hMjhlZjUtMTRjNC00MzQxLThmMTktOTEwNmJmYmZlNzRk
LzEvdk1BYi1PbUxwN0t3NFJxT0Q3eExPYUViaG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudpAMA0G
CSqGSIb3DQEBCwUAA4IBAQAdRs4xdZIuEY17SgunN4C78w4Qfpzi5QH8I7fYLV6L
TVwVI8Zq1tHrErgQOHJp3qCWBb49FbYfbNZ05cyxOu3WaYcCCrWZ9KfNgr69VnrG
v7i5BQDxywzsnM7AdG19mx1lb1HdGISJ/yGE3nIqGKbXdG9P5b8hXxSOuErSa34Z
Ll3zTqU6587hnU4k2woggvUacVYejrS3hA2N2mI2Q/s4eNG4NXGXeyMuhchyWgJD
+SvpeaJ7GQguWZIGNWi4w/gS1+QeNtWTRm1bwQGzqAJxEkIH472kPGINkSOy2nh3
QE8c4RZty99/b+aedpjc0svQ3i9j2q3YuK6MdfoqzSTa
-----END CERTIFICATE-----