Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/Ref85zXKMY5FH0MRc8IkuFzw5NI.roa
File:                     Ref85zXKMY5FH0MRc8IkuFzw5NI.roa (raw, json)
Hash identifier:          +C530PKJduX/+x+ElI3K71w3iZOLlus6Y2Zm5R00EdM=
Subject key identifier:   45:E7:FC:E7:35:CA:31:8E:45:1F:43:11:73:C2:24:B8:5C:F0:E4:D2
Certificate issuer:       /CN=ac1f721b7b7e6d049fbfe520e1ca89c1ca256813
Certificate serial:       018CC4938F51AC81285BC0AB37F409A56763
Authority key identifier: AC:1F:72:1B:7B:7E:6D:04:9F:BF:E5:20:E1:CA:89:C1:CA:25:68:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/Ref85zXKMY5FH0MRc8IkuFzw5NI.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20818
IP address blocks:        185.111.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8f:51:ac:81:28:5b:c0:ab:37:f4:09:a5:67:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac1f721b7b7e6d049fbfe520e1ca89c1ca256813
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45e7fce735ca318e451f431173c224b85cf0e4d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:46:03:bd:df:66:0d:40:60:b1:58:b1:f7:83:
                    e6:d0:da:6d:38:04:f1:35:23:b7:5e:56:f0:ce:27:
                    4b:94:fa:27:0d:f0:8b:65:b6:1b:41:df:c2:34:df:
                    e7:07:1a:23:3f:4d:50:bb:a3:09:a9:17:25:66:f3:
                    50:17:f5:ef:c0:30:0b:28:79:15:43:0b:1c:76:b0:
                    2a:24:14:ed:fc:52:cd:e8:83:3a:cd:71:a6:08:6b:
                    9c:ff:9e:7b:9e:8a:71:3f:97:ac:21:8e:a5:4e:47:
                    9d:d3:80:5a:36:84:e1:84:da:5a:da:70:71:e0:17:
                    81:67:a5:a4:49:60:8b:85:12:56:bc:6c:dd:e4:46:
                    40:63:79:7c:53:d0:da:2b:33:82:24:76:49:18:58:
                    ca:6d:27:75:4e:f1:53:1c:0d:32:85:cf:b2:a5:84:
                    77:16:61:08:41:f6:0a:ca:74:71:f9:19:cf:64:54:
                    2e:b9:ca:8f:91:83:d4:ac:04:b7:47:81:a3:b7:92:
                    01:71:3d:fb:38:9e:89:c2:2f:d7:cf:72:86:57:df:
                    e7:5a:07:ea:29:75:7d:9e:9d:3b:73:9a:e4:31:28:
                    90:3b:e0:8d:50:1a:c2:52:66:81:f2:c1:a9:dd:ef:
                    63:39:bf:f7:a6:d6:92:3c:e4:9a:b1:c0:f7:cd:0b:
                    7b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E7:FC:E7:35:CA:31:8E:45:1F:43:11:73:C2:24:B8:5C:F0:E4:D2
            X509v3 Authority Key Identifier:
                keyid:AC:1F:72:1B:7B:7E:6D:04:9F:BF:E5:20:E1:CA:89:C1:CA:25:68:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/Ref85zXKMY5FH0MRc8IkuFzw5NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:5b:20:cb:51:d2:05:1f:c5:d2:7d:16:ba:d5:ad:3e:56:5a:
         4b:f4:05:3e:93:8e:cb:f6:ba:1e:15:5f:a5:dd:01:31:8c:c7:
         33:17:04:22:e2:00:46:98:86:46:bb:e2:6d:f7:d7:84:23:ac:
         5f:5d:c0:33:54:3d:60:10:5d:05:d4:90:1b:af:36:b1:4a:2b:
         33:ec:8f:b0:76:78:a0:a7:9e:a0:4e:61:10:29:42:a8:f9:c3:
         ef:e8:47:e6:41:51:ea:c1:16:9a:85:18:a8:ca:60:97:6c:e6:
         73:84:74:10:4c:6b:11:bc:d5:2c:eb:d5:46:61:d4:b5:97:5b:
         ab:df:8a:09:83:4f:23:bc:47:00:9b:ea:de:55:25:0f:b1:a5:
         49:43:6f:12:33:c0:ca:40:3a:4c:62:a7:9d:62:ea:95:e2:1c:
         f5:c9:09:5c:92:bb:f5:1f:5e:ed:eb:40:d9:21:0d:54:28:37:
         7b:c1:a9:db:55:16:72:44:a8:7c:81:9d:7e:16:f4:1c:9f:23:
         49:4e:ea:67:c0:ee:78:be:b4:f8:df:5e:b3:6f:80:62:1d:49:
         f5:e2:ff:08:0a:48:74:9b:cf:37:a7:59:9b:cf:72:5d:54:00:
         b2:75:c8:0e:c2:65:82:6b:d3:13:c1:46:ca:1d:e0:c0:f5:db:
         36:f6:4e:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk49RrIEoW8CrN/QJpWdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMWY3MjFiN2I3ZTZkMDQ5ZmJmZTUyMGUxY2E4OWMxY2Ey
NTY4MTMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWU3ZmNlNzM1Y2EzMThlNDUxZjQzMTE3M2MyMjRiODVjZjBlNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEYDvd9mDUBgsVix94Pm0NptOATx
NSO3XlbwzidLlPonDfCLZbYbQd/CNN/nBxojP01Qu6MJqRclZvNQF/XvwDALKHkV
QwscdrAqJBTt/FLN6IM6zXGmCGuc/557nopxP5esIY6lTked04BaNoThhNpa2nBx
4BeBZ6WkSWCLhRJWvGzd5EZAY3l8U9DaKzOCJHZJGFjKbSd1TvFTHA0yhc+ypYR3
FmEIQfYKynRx+RnPZFQuucqPkYPUrAS3R4Gjt5IBcT37OJ6Jwi/Xz3KGV9/nWgfq
KXV9np07c5rkMSiQO+CNUBrCUmaB8sGp3e9jOb/3ptaSPOSascD3zQt7hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXn/Oc1yjGORR9DEXPCJLhc8OTSMB8GA1UdIwQY
MBaAFKwfcht7fm0En7/lIOHKicHKJWgTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckI5eUczdC1iUVNmdi1VZzRjcUp3Y29sYUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NmQyNjctMWM0My00N2M4LWFmYjIt
NjRkMjljODZiZjNlLzEvUmVmODV6WEtNWTVGSDBNUmM4SWt1Rnp3NU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NmQyNjctMWM0My00N2M4LWFmYjItNjRkMjljODZiZjNl
LzEvckI5eUczdC1iUVNmdi1VZzRjcUp3Y29sYUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/UMA0G
CSqGSIb3DQEBCwUAA4IBAQA8WyDLUdIFH8XSfRa61a0+VlpL9AU+k47L9roeFV+l
3QExjMczFwQi4gBGmIZGu+Jt99eEI6xfXcAzVD1gEF0F1JAbrzaxSisz7I+wdnig
p56gTmEQKUKo+cPv6EfmQVHqwRaahRioymCXbOZzhHQQTGsRvNUs69VGYdS1l1ur
34oJg08jvEcAm+reVSUPsaVJQ28SM8DKQDpMYqedYuqV4hz1yQlckrv1H17t60DZ
IQ1UKDd7wanbVRZyRKh8gZ1+FvQcnyNJTupnwO54vrT4316zb4BiHUn14v8ICkh0
m883p1mbz3JdVACydcgOwmWCa9MTwUbKHeDA9ds29k5W
-----END CERTIFICATE-----