Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/vKUjzdJb1kam235ldreiw0WeLHE.roa
File:                     vKUjzdJb1kam235ldreiw0WeLHE.roa (raw, json)
Hash identifier:          x74vtL9AjE1bC8nWioZu3+s/GOZlOHvWF7H25w3CSg8=
Subject key identifier:   BC:A5:23:CD:D2:5B:D6:46:A6:DB:7E:65:76:B7:A2:C3:45:9E:2C:71
Certificate issuer:       /CN=0cb7a2adc6dcaf177b93a336cb8ececc5af30258
Certificate serial:       018CCA2B1DDD5F5D6F00BC2BE27A62476D8F
Authority key identifier: 0C:B7:A2:AD:C6:DC:AF:17:7B:93:A3:36:CB:8E:CE:CC:5A:F3:02:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DLeircbcrxd7k6M2y47OzFrzAlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/vKUjzdJb1kam235ldreiw0WeLHE.roa
Signing time:             Tue 02 Jan 2024 12:34:32 +0000
ROA not before:           Tue 02 Jan 2024 12:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205538
IP address blocks:        185.214.89.0/24 maxlen: 24
                          185.214.90.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/DLeircbcrxd7k6M2y47OzFrzAlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/DLeircbcrxd7k6M2y47OzFrzAlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DLeircbcrxd7k6M2y47OzFrzAlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:1d:dd:5f:5d:6f:00:bc:2b:e2:7a:62:47:6d:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cb7a2adc6dcaf177b93a336cb8ececc5af30258
        Validity
            Not Before: Jan  2 12:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bca523cdd25bd646a6db7e6576b7a2c3459e2c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:67:0a:cb:ce:6d:be:ad:0c:3b:46:d6:4d:14:
                    e3:7d:58:a5:22:60:3f:f7:9b:88:a6:bd:91:60:5b:
                    a6:b3:b9:cf:0f:b0:ec:ea:b8:64:3e:be:40:01:d7:
                    39:5c:58:ff:f4:93:d7:44:d1:a5:a4:cc:72:3f:f1:
                    b7:dc:d7:ba:db:0c:1a:50:b2:53:de:42:5c:26:e2:
                    4f:a6:d4:ce:5e:5a:74:fe:8e:ae:94:aa:50:12:40:
                    94:44:79:4f:52:c8:d1:b9:96:0c:57:ad:77:2f:0f:
                    ca:5f:a1:28:08:0c:38:1f:d5:d0:f4:db:14:e4:4e:
                    f9:02:70:65:dc:20:d8:0b:60:ea:8c:4a:9d:09:f2:
                    a8:41:d4:4f:e9:dc:57:e7:03:02:17:45:9d:72:f8:
                    84:16:b7:39:b6:f0:0c:c7:32:fb:65:ae:fb:b5:76:
                    dc:9c:54:01:16:8a:e4:cb:cc:d5:e5:8b:85:be:d7:
                    03:52:43:03:f1:05:6f:21:d0:fc:af:ac:fa:11:e7:
                    f1:5a:1b:0a:d3:86:59:54:cb:1c:09:d2:37:6a:bd:
                    b3:3e:8c:ad:ea:c5:86:f1:18:7d:83:d7:ce:31:29:
                    3d:d1:1d:0c:0e:b1:c2:03:3b:e0:40:91:91:0f:09:
                    5e:ce:6e:cd:74:1c:14:75:52:b0:f7:d3:14:58:23:
                    a4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A5:23:CD:D2:5B:D6:46:A6:DB:7E:65:76:B7:A2:C3:45:9E:2C:71
            X509v3 Authority Key Identifier:
                keyid:0C:B7:A2:AD:C6:DC:AF:17:7B:93:A3:36:CB:8E:CE:CC:5A:F3:02:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DLeircbcrxd7k6M2y47OzFrzAlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/vKUjzdJb1kam235ldreiw0WeLHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/DLeircbcrxd7k6M2y47OzFrzAlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.89.0-185.214.91.255

    Signature Algorithm: sha256WithRSAEncryption
         03:b3:d1:54:5a:33:7f:1a:e0:dd:30:0f:88:6e:8e:46:1d:06:
         0c:94:73:1e:69:da:d9:69:1f:1f:75:57:af:4f:7e:29:1a:f4:
         7f:33:64:d3:3c:eb:21:95:e2:c4:4c:89:b3:91:77:e0:5c:90:
         3b:48:37:aa:38:71:1f:e4:7a:d6:8d:a9:d7:f2:d1:20:83:92:
         a6:26:c5:c9:71:01:dc:19:9d:e4:d8:73:75:32:02:60:43:eb:
         c3:85:b4:1d:f2:c3:08:45:52:d0:11:23:23:12:86:c0:98:9d:
         b4:88:73:80:a4:a1:79:4b:0e:0f:83:62:59:9e:b0:66:72:99:
         6f:59:73:16:67:fa:d7:99:2d:e2:16:88:58:12:af:93:9d:cc:
         ba:82:63:5d:f9:e0:a0:ee:f1:76:f4:4c:d6:32:3f:fa:ac:1b:
         76:31:71:d8:4b:88:6b:42:19:35:a8:c6:e3:f4:dd:b1:ce:90:
         05:e6:56:29:21:a5:39:23:24:84:7a:cc:91:49:16:a4:23:06:
         a5:fb:b2:97:99:1c:fc:93:6c:96:ca:2b:71:03:ed:eb:7c:6f:
         89:49:df:8d:9d:57:8b:62:80:68:70:36:7f:a2:e2:dc:38:bf:
         22:50:73:ba:fe:26:f5:0e:b7:38:e3:05:1a:c7:fe:50:c6:83:
         7e:95:84:e4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKx3dX11vALwr4npiR22PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYjdhMmFkYzZkY2FmMTc3YjkzYTMzNmNiOGVjZWNjNWFm
MzAyNTgwHhcNMjQwMTAyMTIzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E1MjNjZGQyNWJkNjQ2YTZkYjdlNjU3NmI3YTJjMzQ1OWUyYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2cKy85tvq0MO0bWTRTjfVilImA/
95uIpr2RYFums7nPD7Ds6rhkPr5AAdc5XFj/9JPXRNGlpMxyP/G33Ne62wwaULJT
3kJcJuJPptTOXlp0/o6ulKpQEkCURHlPUsjRuZYMV613Lw/KX6EoCAw4H9XQ9NsU
5E75AnBl3CDYC2DqjEqdCfKoQdRP6dxX5wMCF0WdcviEFrc5tvAMxzL7Za77tXbc
nFQBForky8zV5YuFvtcDUkMD8QVvIdD8r6z6EefxWhsK04ZZVMscCdI3ar2zPoyt
6sWG8Rh9g9fOMSk90R0MDrHCAzvgQJGRDwlezm7NdBwUdVKw99MUWCOkTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLylI83SW9ZGptt+ZXa3osNFnixxMB8GA1UdIwQY
MBaAFAy3oq3G3K8Xe5OjNsuOzsxa8wJYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRExlaXJjYmNyeGQ3azZNMnk0N096RnJ6QWxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8yZjc4OTQtNzU2ZC00Y2JmLTk3N2Mt
M2M1YWU3NjFjYWIwLzEvdktVanpkSmIxa2FtMjM1bGRyZWl3MFdlTEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8yZjc4OTQtNzU2ZC00Y2JmLTk3N2MtM2M1YWU3NjFjYWIw
LzEvRExlaXJjYmNyeGQ3azZNMnk0N096RnJ6QWxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC51lkD
BAK51lgwDQYJKoZIhvcNAQELBQADggEBAAOz0VRaM38a4N0wD4hujkYdBgyUcx5p
2tlpHx91V69Pfika9H8zZNM86yGV4sRMibORd+BckDtIN6o4cR/ketaNqdfy0SCD
kqYmxclxAdwZneTYc3UyAmBD68OFtB3ywwhFUtARIyMShsCYnbSIc4CkoXlLDg+D
YlmesGZymW9ZcxZn+teZLeIWiFgSr5OdzLqCY1354KDu8Xb0TNYyP/qsG3YxcdhL
iGtCGTWoxuP03bHOkAXmVikhpTkjJIR6zJFJFqQjBqX7speZHPyTbJbKK3ED7et8
b4lJ342dV4tigGhwNn+i4tw4vyJQc7r+JvUOtzjjBRrH/lDGg36VhOQ=
-----END CERTIFICATE-----