Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/494f27-4bbc-4b38-849b-d888a0689c19/1/R5lZ5YMjLjFju7LDkRXStgORVMQ.roa
File:                     R5lZ5YMjLjFju7LDkRXStgORVMQ.roa (raw, json)
Hash identifier:          WnvDddicIDTZav05Cbb04luLdpGMTeS7uwMZj/34ySI=
Subject key identifier:   47:99:59:E5:83:23:2E:31:63:BB:B2:C3:91:15:D2:B6:03:91:54:C4
Certificate issuer:       /CN=fdcb976bb6029216f7a2ad05b7932f4a55e0cf8a
Certificate serial:       018CC8018ABC9677B3F9F3F09BCBC08F88A7
Authority key identifier: FD:CB:97:6B:B6:02:92:16:F7:A2:AD:05:B7:93:2F:4A:55:E0:CF:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_cuXa7YCkhb3oq0Ft5MvSlXgz4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/494f27-4bbc-4b38-849b-d888a0689c19/1/R5lZ5YMjLjFju7LDkRXStgORVMQ.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201080
IP address blocks:        185.167.16.0/22 maxlen: 22
                          2a0b:3200::/30 maxlen: 30
                          2a0b:3200::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/494f27-4bbc-4b38-849b-d888a0689c19/1/_cuXa7YCkhb3oq0Ft5MvSlXgz4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/494f27-4bbc-4b38-849b-d888a0689c19/1/_cuXa7YCkhb3oq0Ft5MvSlXgz4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_cuXa7YCkhb3oq0Ft5MvSlXgz4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8a:bc:96:77:b3:f9:f3:f0:9b:cb:c0:8f:88:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdcb976bb6029216f7a2ad05b7932f4a55e0cf8a
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=479959e583232e3163bbb2c39115d2b6039154c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fd:92:96:77:70:1d:6f:5c:72:ba:9a:42:2b:
                    39:80:7c:0c:6f:21:d5:fb:1d:8a:5e:ca:9f:7e:68:
                    52:4c:e4:8f:28:44:28:c1:0d:0e:12:9d:d8:55:81:
                    8b:15:41:36:37:e6:83:93:60:88:7c:f4:32:b1:b2:
                    41:68:2f:c9:9d:10:24:4c:5f:39:90:43:28:fb:09:
                    b6:e0:fd:b9:6e:fb:c6:08:db:17:a7:1d:0d:db:c6:
                    94:2e:10:d1:7f:f4:a9:8a:e0:0b:d7:09:2f:3d:62:
                    d4:9a:07:0d:42:35:61:a7:92:99:30:37:5f:97:89:
                    e8:62:3f:b7:71:9e:72:5f:22:77:9f:ad:ac:ca:a4:
                    aa:99:8a:5d:6a:41:57:41:91:d1:6d:5d:30:a9:9f:
                    69:83:dc:2d:27:06:51:b9:d3:0a:f0:cb:8a:f5:01:
                    99:b9:18:d7:11:5c:82:ad:89:c5:c3:22:e0:d2:1f:
                    b9:01:87:03:01:ab:8d:3b:47:95:a2:fe:2c:14:71:
                    e7:79:98:1c:53:86:3e:0f:ae:e0:1f:71:27:e7:4d:
                    45:cc:56:ef:49:ba:e9:5f:bc:32:7f:4c:f4:bc:d0:
                    2f:69:6c:d8:bc:92:b0:66:9a:40:c1:fa:59:cd:84:
                    5e:08:4f:39:50:29:60:48:30:a0:a5:ee:3d:6f:a2:
                    64:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:99:59:E5:83:23:2E:31:63:BB:B2:C3:91:15:D2:B6:03:91:54:C4
            X509v3 Authority Key Identifier:
                keyid:FD:CB:97:6B:B6:02:92:16:F7:A2:AD:05:B7:93:2F:4A:55:E0:CF:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_cuXa7YCkhb3oq0Ft5MvSlXgz4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/494f27-4bbc-4b38-849b-d888a0689c19/1/R5lZ5YMjLjFju7LDkRXStgORVMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/494f27-4bbc-4b38-849b-d888a0689c19/1/_cuXa7YCkhb3oq0Ft5MvSlXgz4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.16.0/22
                IPv6:
                  2a0b:3200::/30

    Signature Algorithm: sha256WithRSAEncryption
         61:55:24:28:6d:e1:87:8a:79:b8:88:0a:23:8f:0c:3c:86:37:
         37:05:c7:99:b3:a7:98:31:02:d6:48:70:2a:42:b2:70:3f:33:
         1c:bf:4a:63:73:06:e2:0d:0b:07:50:64:f9:1b:48:5f:72:8e:
         21:d2:d5:8c:13:15:3c:a7:c7:21:ef:e0:a9:f9:c8:5b:18:e0:
         b2:c6:0c:9a:c7:91:06:61:ea:08:da:3d:eb:bd:b0:b9:b2:64:
         b9:4f:bf:21:c0:20:e9:35:80:bb:06:e5:76:6f:fd:09:8a:3c:
         fc:b3:b1:3d:ce:11:7b:91:a8:71:cb:75:60:9d:9f:5a:d8:9b:
         05:2a:d8:5d:e4:99:3a:5f:57:3a:f7:66:83:f3:4f:02:9b:6a:
         8c:1f:4d:76:4f:22:39:0d:9d:db:4d:5a:39:e2:c2:36:8f:9e:
         71:5f:b0:f6:37:dc:b2:64:e6:06:be:55:81:85:9c:54:dc:0e:
         dc:ba:6a:9d:ae:92:fb:ed:12:e4:ba:cb:0f:de:66:4c:31:79:
         e8:0e:1f:35:33:c3:34:e9:65:c6:3b:05:6a:2d:00:d3:95:21:
         2a:a5:3f:80:1f:b9:34:98:1e:fe:6a:10:9a:55:93:ab:b1:13:
         ce:87:b5:3a:9f:e2:32:50:5b:cd:f4:a9:ce:d5:b3:1f:bc:44:
         69:67:8b:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAYq8lnez+fPwm8vAj4inMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkY2I5NzZiYjYwMjkyMTZmN2EyYWQwNWI3OTMyZjRhNTVl
MGNmOGEwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzk5NTllNTgzMjMyZTMxNjNiYmIyYzM5MTE1ZDJiNjAzOTE1NGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/2SlndwHW9ccrqaQis5gHwMbyHV
+x2KXsqffmhSTOSPKEQowQ0OEp3YVYGLFUE2N+aDk2CIfPQysbJBaC/JnRAkTF85
kEMo+wm24P25bvvGCNsXpx0N28aULhDRf/SpiuAL1wkvPWLUmgcNQjVhp5KZMDdf
l4noYj+3cZ5yXyJ3n62syqSqmYpdakFXQZHRbV0wqZ9pg9wtJwZRudMK8MuK9QGZ
uRjXEVyCrYnFwyLg0h+5AYcDAauNO0eVov4sFHHneZgcU4Y+D67gH3En501FzFbv
SbrpX7wyf0z0vNAvaWzYvJKwZppAwfpZzYReCE85UClgSDCgpe49b6JkgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEeZWeWDIy4xY7uyw5EV0rYDkVTEMB8GA1UdIwQY
MBaAFP3Ll2u2ApIW96KtBbeTL0pV4M+KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2N1WGE3WUNraGIzb3EwRnQ1TXZTbFhnejRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80OTRmMjctNGJiYy00YjM4LTg0OWIt
ZDg4OGEwNjg5YzE5LzEvUjVsWjVZTWpMakZqdTdMRGtSWFN0Z09SVk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80OTRmMjctNGJiYy00YjM4LTg0OWItZDg4OGEwNjg5YzE5
LzEvX2N1WGE3WUNraGIzb3EwRnQ1TXZTbFhnejRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuacQMA0E
AgACMAcDBQIqCzIAMA0GCSqGSIb3DQEBCwUAA4IBAQBhVSQobeGHinm4iAojjww8
hjc3BceZs6eYMQLWSHAqQrJwPzMcv0pjcwbiDQsHUGT5G0hfco4h0tWMExU8p8ch
7+Cp+chbGOCyxgyax5EGYeoI2j3rvbC5smS5T78hwCDpNYC7BuV2b/0Jijz8s7E9
zhF7kahxy3VgnZ9a2JsFKthd5Jk6X1c692aD808Cm2qMH012TyI5DZ3bTVo54sI2
j55xX7D2N9yyZOYGvlWBhZxU3A7cumqdrpL77RLkussP3mZMMXnoDh81M8M06WXG
OwVqLQDTlSEqpT+AH7k0mB7+ahCaVZOrsRPOh7U6n+IyUFvN9KnO1bMfvERpZ4sY
-----END CERTIFICATE-----