Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/d6ae54-ed67-401a-88f3-7f8c983f14a4/1/5uqK4DDUw8XKzuvTQ_rbqdFzaCk.roa
File:                     5uqK4DDUw8XKzuvTQ_rbqdFzaCk.roa (raw, json)
Hash identifier:          MynJ6ZFfXoMxBaIX5FBq5Sk5CYXKLQ2hLVzKcbcM/7c=
Subject key identifier:   E6:EA:8A:E0:30:D4:C3:C5:CA:CE:EB:D3:43:FA:DB:A9:D1:73:68:29
Certificate issuer:       /CN=eb5da1da1fa1d425cf1dc9e826d65edaed6cd898
Certificate serial:       018CC94E54F0C6F91C45BB1DD75CB4EDFCF9
Authority key identifier: EB:5D:A1:DA:1F:A1:D4:25:CF:1D:C9:E8:26:D6:5E:DA:ED:6C:D8:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/612h2h-h1CXPHcnoJtZe2u1s2Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/d6ae54-ed67-401a-88f3-7f8c983f14a4/1/5uqK4DDUw8XKzuvTQ_rbqdFzaCk.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197869
IP address blocks:        185.194.92.0/22 maxlen: 22
                          2a00:5980::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/d6ae54-ed67-401a-88f3-7f8c983f14a4/1/612h2h-h1CXPHcnoJtZe2u1s2Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/d6ae54-ed67-401a-88f3-7f8c983f14a4/1/612h2h-h1CXPHcnoJtZe2u1s2Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/612h2h-h1CXPHcnoJtZe2u1s2Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:54:f0:c6:f9:1c:45:bb:1d:d7:5c:b4:ed:fc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb5da1da1fa1d425cf1dc9e826d65edaed6cd898
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6ea8ae030d4c3c5caceebd343fadba9d1736829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:eb:5c:9a:9c:9b:a8:32:68:1b:35:9c:50:21:
                    a1:8d:05:7a:3a:ab:1d:55:37:bb:b3:7d:d7:94:16:
                    5f:79:88:ea:4c:a9:95:24:36:a7:63:c7:cd:8f:c0:
                    90:1c:bc:f2:d3:99:d3:22:9b:1b:5d:98:8a:72:8d:
                    e0:8d:09:fe:6c:3d:2e:52:c9:ba:13:df:2a:5d:fc:
                    6e:73:79:a8:fa:07:fd:1e:95:d2:1c:35:45:f5:5a:
                    2b:58:8a:12:5f:b6:55:e6:7e:41:bc:c6:c6:4f:2a:
                    7c:ca:de:87:1f:12:fe:21:5b:b0:ad:e7:c8:6d:11:
                    f1:bd:b7:b8:5c:4a:81:b1:c6:3b:2e:6e:0a:5d:84:
                    a3:be:7e:0f:85:02:f2:af:85:41:9d:fa:35:2a:54:
                    3f:0d:30:e0:d5:fc:85:c8:bf:28:4d:9d:71:7b:dd:
                    e9:2f:55:1d:3e:1d:31:33:a5:67:43:f4:11:91:7e:
                    1a:4f:7e:19:d4:f4:72:c0:49:75:de:f4:4d:bf:e6:
                    96:82:c7:13:0a:92:d0:ac:ea:81:d2:15:39:68:40:
                    75:f4:e2:d1:de:0a:25:00:f4:ca:7e:80:b0:b5:fd:
                    93:6e:11:ce:7a:21:10:12:0a:9c:38:9a:1e:a6:08:
                    b0:6a:8e:53:78:f7:00:0d:38:a9:94:e3:47:70:5e:
                    26:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:EA:8A:E0:30:D4:C3:C5:CA:CE:EB:D3:43:FA:DB:A9:D1:73:68:29
            X509v3 Authority Key Identifier:
                keyid:EB:5D:A1:DA:1F:A1:D4:25:CF:1D:C9:E8:26:D6:5E:DA:ED:6C:D8:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/612h2h-h1CXPHcnoJtZe2u1s2Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d6ae54-ed67-401a-88f3-7f8c983f14a4/1/5uqK4DDUw8XKzuvTQ_rbqdFzaCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d6ae54-ed67-401a-88f3-7f8c983f14a4/1/612h2h-h1CXPHcnoJtZe2u1s2Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.92.0/22
                IPv6:
                  2a00:5980::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:d1:30:9e:a1:be:77:6d:6a:00:1a:26:cc:c9:40:99:c4:cd:
         dd:9b:fe:66:26:ad:a1:e9:0c:f8:06:0e:f4:c3:27:a5:78:56:
         63:4e:b8:93:8e:07:7d:e9:1b:28:00:56:7f:8a:95:a3:83:15:
         61:6a:73:8f:37:51:6f:b9:5d:30:fa:71:31:d8:1a:20:aa:37:
         b8:6f:47:45:2e:0a:fa:d5:d7:00:d7:54:ae:0b:97:b9:80:3f:
         db:52:33:d8:29:05:d8:c9:eb:76:aa:77:7e:96:03:5f:8c:f1:
         a4:fc:38:4e:38:09:a7:9c:d8:1d:61:e0:68:1c:44:d5:e9:83:
         29:60:c8:b5:8b:02:3c:49:53:33:d8:11:f2:b9:49:89:32:44:
         56:86:11:35:b4:8b:25:5d:5f:de:27:41:08:1f:3a:cd:49:06:
         d0:49:bf:d8:00:f2:fc:d7:66:54:d5:70:b6:a4:ba:11:90:f2:
         96:3a:9f:94:63:4f:63:92:b0:0c:2f:e4:7d:aa:6e:5d:7d:37:
         ad:1d:11:e8:3b:ff:e0:09:e7:cc:47:02:f8:22:14:c9:72:e2:
         f3:2a:d4:6f:a3:40:92:0a:17:4d:53:b9:3c:7d:95:66:fe:fe:
         76:f5:94:93:0d:a4:61:f8:15:2d:4d:bb:e5:8d:53:be:b7:93:
         a4:bc:5f:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTlTwxvkcRbsd11y07fz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNWRhMWRhMWZhMWQ0MjVjZjFkYzllODI2ZDY1ZWRhZWQ2
Y2Q4OTgwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVhOGFlMDMwZDRjM2M1Y2FjZWViZDM0M2ZhZGJhOWQxNzM2ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAietcmpybqDJoGzWcUCGhjQV6Oqsd
VTe7s33XlBZfeYjqTKmVJDanY8fNj8CQHLzy05nTIpsbXZiKco3gjQn+bD0uUsm6
E98qXfxuc3mo+gf9HpXSHDVF9VorWIoSX7ZV5n5BvMbGTyp8yt6HHxL+IVuwrefI
bRHxvbe4XEqBscY7Lm4KXYSjvn4PhQLyr4VBnfo1KlQ/DTDg1fyFyL8oTZ1xe93p
L1UdPh0xM6VnQ/QRkX4aT34Z1PRywEl13vRNv+aWgscTCpLQrOqB0hU5aEB19OLR
3golAPTKfoCwtf2TbhHOeiEQEgqcOJoepgiwao5TePcADTiplONHcF4mLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFObqiuAw1MPFys7r00P626nRc2gpMB8GA1UdIwQY
MBaAFOtdodofodQlzx3J6CbWXtrtbNiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjEyaDJoLWgxQ1hQSGNub0p0WmUydTFzMkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9kNmFlNTQtZWQ2Ny00MDFhLTg4ZjMt
N2Y4Yzk4M2YxNGE0LzEvNXVxSzRERFV3OFhLenV2VFFfcmJxZEZ6YUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9kNmFlNTQtZWQ2Ny00MDFhLTg4ZjMtN2Y4Yzk4M2YxNGE0
LzEvNjEyaDJoLWgxQ1hQSGNub0p0WmUydTFzMkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucJcMA0E
AgACMAcDBQAqAFmAMA0GCSqGSIb3DQEBCwUAA4IBAQCq0TCeob53bWoAGibMyUCZ
xM3dm/5mJq2h6Qz4Bg70wyeleFZjTriTjgd96RsoAFZ/ipWjgxVhanOPN1FvuV0w
+nEx2Bogqje4b0dFLgr61dcA11SuC5e5gD/bUjPYKQXYyet2qnd+lgNfjPGk/DhO
OAmnnNgdYeBoHETV6YMpYMi1iwI8SVMz2BHyuUmJMkRWhhE1tIslXV/eJ0EIHzrN
SQbQSb/YAPL812ZU1XC2pLoRkPKWOp+UY09jkrAML+R9qm5dfTetHRHoO//gCefM
RwL4IhTJcuLzKtRvo0CSChdNU7k8fZVm/v529ZSTDaRh+BUtTbvljVO+t5OkvF9t
-----END CERTIFICATE-----