Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/j2OIUl12VaV7xSp6IrsFriNKYVU.roa
File:                     j2OIUl12VaV7xSp6IrsFriNKYVU.roa (raw, json)
Hash identifier:          XV/2R5TKoYlrkyqc453jFONl5dam6l/J4kRfr4bU9fc=
Subject key identifier:   8F:63:88:52:5D:76:55:A5:7B:C5:2A:7A:22:BB:05:AE:23:4A:61:55
Certificate issuer:       /CN=d5f94786d036685440901a3dce5a334cf13272a0
Certificate serial:       018CC6B7B1503DAD516044EE3248754FB22C
Authority key identifier: D5:F9:47:86:D0:36:68:54:40:90:1A:3D:CE:5A:33:4C:F1:32:72:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1flHhtA2aFRAkBo9zlozTPEycqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/j2OIUl12VaV7xSp6IrsFriNKYVU.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62093
IP address blocks:        185.110.20.0/22 maxlen: 22
                          2a02:c540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/1flHhtA2aFRAkBo9zlozTPEycqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/1flHhtA2aFRAkBo9zlozTPEycqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1flHhtA2aFRAkBo9zlozTPEycqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b1:50:3d:ad:51:60:44:ee:32:48:75:4f:b2:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f94786d036685440901a3dce5a334cf13272a0
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f6388525d7655a57bc52a7a22bb05ae234a6155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:a2:14:2b:95:84:cd:46:24:0b:c7:c6:7d:
                    1b:79:b4:f0:3e:02:9f:ac:08:dd:d1:5e:5a:21:1a:
                    30:5d:21:3f:0e:3c:1d:77:44:b3:c6:99:a7:1a:a9:
                    5b:c6:a4:cf:dd:89:7a:8a:d5:c0:92:a7:9e:3c:c5:
                    6c:ef:95:61:4f:02:43:28:f4:ef:5b:cc:bd:d6:f7:
                    0a:de:b7:dc:60:8b:cf:bc:e1:e2:21:fa:72:d3:8c:
                    81:1c:0f:f9:f3:2f:79:62:d3:ee:b3:9a:7e:61:ad:
                    ad:19:00:d2:30:eb:c3:19:8d:b9:2d:2b:93:4f:ef:
                    34:98:f3:86:94:a8:22:7d:57:c5:00:30:15:38:66:
                    36:b2:06:ce:2d:95:4b:b0:f0:d1:34:29:ce:02:63:
                    c3:45:40:92:93:97:51:3d:77:87:7c:30:ca:95:42:
                    fa:74:aa:d2:22:de:78:47:a3:d5:00:1b:5c:43:84:
                    45:4d:58:d5:43:90:0c:a3:33:ee:70:55:dc:87:9e:
                    44:46:3e:88:f7:2a:e0:85:03:bb:59:e8:bf:1a:63:
                    70:71:32:7e:f2:1f:bd:d3:1c:57:4e:ed:f7:16:4e:
                    95:d0:9e:2a:9d:4c:cb:9f:38:07:13:34:ff:26:f7:
                    d0:56:2f:35:af:fc:f7:96:f9:3f:49:45:5a:5f:66:
                    ec:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:63:88:52:5D:76:55:A5:7B:C5:2A:7A:22:BB:05:AE:23:4A:61:55
            X509v3 Authority Key Identifier:
                keyid:D5:F9:47:86:D0:36:68:54:40:90:1A:3D:CE:5A:33:4C:F1:32:72:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1flHhtA2aFRAkBo9zlozTPEycqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/j2OIUl12VaV7xSp6IrsFriNKYVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/1flHhtA2aFRAkBo9zlozTPEycqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.20.0/22
                IPv6:
                  2a02:c540::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:fc:e1:38:ff:0c:be:d2:4d:eb:13:cf:f3:47:4c:7b:e5:33:
         e5:6a:c1:aa:2b:b9:13:75:70:54:c5:bc:a2:f4:6a:4a:37:fa:
         2e:0d:75:a8:ae:3f:de:7e:b1:71:ad:e5:dc:9d:ee:60:7a:87:
         52:70:86:b0:b9:c8:a2:d4:65:37:10:a4:61:2e:e2:c9:f2:dd:
         ca:ee:b7:ed:5f:b8:45:a7:11:d3:c3:3c:a3:a3:c3:f3:98:6f:
         d5:c2:20:a1:fa:da:10:e8:02:32:d6:be:d2:35:d4:90:f7:b6:
         98:70:c7:32:29:1e:42:1c:78:5f:b6:e3:eb:e9:7b:f5:3e:f8:
         d1:9c:a4:d8:fe:7f:d8:ef:db:70:29:99:77:06:6c:64:6b:8d:
         8e:06:02:83:bd:88:3d:70:1a:92:8d:e8:64:3f:44:b4:0f:42:
         42:01:11:66:bc:84:ac:16:89:e9:91:00:4b:cb:cd:08:0b:d7:
         62:aa:f9:68:99:59:75:43:e4:a5:3a:ad:48:c5:71:fc:24:17:
         19:60:2b:80:52:9c:91:fe:31:78:6c:17:1a:d6:e2:7a:f8:1f:
         9f:d9:37:5b:3a:b9:b7:7c:30:d0:d9:fc:0f:3f:20:15:a3:b4:
         f2:85:84:86:be:5b:49:2e:40:3c:67:f6:6b:d2:8f:b2:09:32:
         c6:65:d0:08
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt7FQPa1RYETuMkh1T7IsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1Zjk0Nzg2ZDAzNjY4NTQ0MDkwMWEzZGNlNWEzMzRjZjEz
MjcyYTAwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjYzODg1MjVkNzY1NWE1N2JjNTJhN2EyMmJiMDVhZTIzNGE2MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz6iFCuVhM1GJAvHxn0bebTwPgKf
rAjd0V5aIRowXSE/Djwdd0SzxpmnGqlbxqTP3Yl6itXAkqeePMVs75VhTwJDKPTv
W8y91vcK3rfcYIvPvOHiIfpy04yBHA/58y95YtPus5p+Ya2tGQDSMOvDGY25LSuT
T+80mPOGlKgifVfFADAVOGY2sgbOLZVLsPDRNCnOAmPDRUCSk5dRPXeHfDDKlUL6
dKrSIt54R6PVABtcQ4RFTVjVQ5AMozPucFXch55ERj6I9yrghQO7Wei/GmNwcTJ+
8h+90xxXTu33Fk6V0J4qnUzLnzgHEzT/JvfQVi81r/z3lvk/SUVaX2bsOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI9jiFJddlWle8UqeiK7Ba4jSmFVMB8GA1UdIwQY
MBaAFNX5R4bQNmhUQJAaPc5aM0zxMnKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZsSGh0QTJhRlJBa0JvOXpsb3pUUEV5Y3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy83MDQ5NmMtNjNiOC00N2M4LWE3Njkt
YzlhNjk2ODNhOGU4LzEvajJPSVVsMTJWYVY3eFNwNklyc0ZyaU5LWVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy83MDQ5NmMtNjNiOC00N2M4LWE3NjktYzlhNjk2ODNhOGU4
LzEvMWZsSGh0QTJhRlJBa0JvOXpsb3pUUEV5Y3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW4UMA0E
AgACMAcDBQMqAsVAMA0GCSqGSIb3DQEBCwUAA4IBAQB+/OE4/wy+0k3rE8/zR0x7
5TPlasGqK7kTdXBUxbyi9GpKN/ouDXWorj/efrFxreXcne5geodScIawucii1GU3
EKRhLuLJ8t3K7rftX7hFpxHTwzyjo8PzmG/VwiCh+toQ6AIy1r7SNdSQ97aYcMcy
KR5CHHhftuPr6Xv1PvjRnKTY/n/Y79twKZl3Bmxka42OBgKDvYg9cBqSjehkP0S0
D0JCARFmvISsFonpkQBLy80IC9diqvlomVl1Q+SlOq1IxXH8JBcZYCuAUpyR/jF4
bBca1uJ6+B+f2TdbOrm3fDDQ2fwPPyAVo7TyhYSGvltJLkA8Z/Zr0o+yCTLGZdAI
-----END CERTIFICATE-----