Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/f59f8e-f544-4fbe-95c3-cff00e4cd2be/1/eUd0gqTXdlos533CLBaVEtK4Ctw.roa
File:                     eUd0gqTXdlos533CLBaVEtK4Ctw.roa (raw, json)
Hash identifier:          D93Ok9hZrL4S3DuJ3wPsGSHXthkx+ZzNUe3aZYZlNKg=
Subject key identifier:   79:47:74:82:A4:D7:76:5A:2C:E7:7D:C2:2C:16:95:12:D2:B8:0A:DC
Certificate issuer:       /CN=b65e3b74fc934b092193aded7eca01da1ef186ad
Certificate serial:       018CC3B719A8FC0A608E398A1071F19821B7
Authority key identifier: B6:5E:3B:74:FC:93:4B:09:21:93:AD:ED:7E:CA:01:DA:1E:F1:86:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tl47dPyTSwkhk63tfsoB2h7xhq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/f59f8e-f544-4fbe-95c3-cff00e4cd2be/1/eUd0gqTXdlos533CLBaVEtK4Ctw.roa
Signing time:             Mon 01 Jan 2024 06:30:05 +0000
ROA not before:           Mon 01 Jan 2024 06:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60491
IP address blocks:        185.30.92.0/22 maxlen: 22
                          2a00:afe0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/f59f8e-f544-4fbe-95c3-cff00e4cd2be/1/tl47dPyTSwkhk63tfsoB2h7xhq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/f59f8e-f544-4fbe-95c3-cff00e4cd2be/1/tl47dPyTSwkhk63tfsoB2h7xhq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tl47dPyTSwkhk63tfsoB2h7xhq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:19:a8:fc:0a:60:8e:39:8a:10:71:f1:98:21:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b65e3b74fc934b092193aded7eca01da1ef186ad
        Validity
            Not Before: Jan  1 06:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79477482a4d7765a2ce77dc22c169512d2b80adc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:08:84:67:63:d2:45:4b:7d:47:22:cb:dc:5d:
                    cf:9b:2a:67:0e:ba:1d:ca:33:05:cf:9f:0d:f3:29:
                    3b:60:c4:7a:7a:91:84:75:4c:7c:f8:cb:30:b5:cf:
                    03:8d:4b:60:76:d0:e5:8d:a2:cc:f7:7b:c3:e2:01:
                    14:0f:c0:05:6d:5e:2c:60:15:53:98:2a:86:71:62:
                    77:27:09:e8:5b:6c:d0:10:7f:53:e1:2a:62:7c:07:
                    e3:79:6f:8b:7e:fd:d6:60:e9:22:3b:17:ed:43:65:
                    3d:79:c3:30:84:9e:bc:6f:7e:50:c3:1d:f9:75:c2:
                    aa:7f:11:08:3b:5e:2b:d3:a0:2d:42:14:d3:b4:63:
                    19:79:89:c8:49:db:22:51:e7:73:2a:1a:25:50:7f:
                    e3:c5:43:12:3a:4b:db:aa:80:11:a7:02:fa:e5:c3:
                    b9:4e:f9:6d:c3:e1:25:cc:9b:09:7d:a1:f3:d4:7f:
                    58:47:b3:5f:af:79:0e:12:e6:75:7a:cd:80:00:e9:
                    17:2d:82:f9:54:06:97:00:a7:d3:a6:50:8a:8c:6f:
                    64:14:5b:01:71:8d:cc:25:80:0d:ae:fb:8f:2b:e6:
                    20:ed:d0:d7:31:aa:61:03:b7:e1:50:08:38:d4:aa:
                    45:b9:62:0e:97:37:69:ef:06:cb:e3:d1:66:0a:58:
                    8c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:47:74:82:A4:D7:76:5A:2C:E7:7D:C2:2C:16:95:12:D2:B8:0A:DC
            X509v3 Authority Key Identifier:
                keyid:B6:5E:3B:74:FC:93:4B:09:21:93:AD:ED:7E:CA:01:DA:1E:F1:86:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tl47dPyTSwkhk63tfsoB2h7xhq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/f59f8e-f544-4fbe-95c3-cff00e4cd2be/1/eUd0gqTXdlos533CLBaVEtK4Ctw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/f59f8e-f544-4fbe-95c3-cff00e4cd2be/1/tl47dPyTSwkhk63tfsoB2h7xhq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.92.0/22
                IPv6:
                  2a00:afe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:b0:7c:74:1f:8f:bd:b0:1f:80:df:31:10:38:50:82:b6:2d:
         69:23:9e:c7:fd:dd:f4:69:fd:09:ac:cd:29:61:89:66:f2:b4:
         c6:15:61:67:41:da:b0:c2:cb:42:6e:d7:bc:bb:2c:53:dd:6d:
         33:2b:22:26:97:3b:2e:1e:3d:9e:8d:0e:73:2a:3c:c4:44:be:
         16:7b:90:c8:88:62:02:90:f2:bf:8d:cb:b1:8f:de:d8:87:bd:
         1c:fd:b6:74:fb:6c:55:f1:46:12:c1:35:0e:99:73:82:04:0d:
         45:b7:f7:78:39:28:29:e3:68:48:bc:ed:2a:bd:d6:be:02:0e:
         a3:65:d5:bb:e1:15:d1:c3:3e:dd:9e:50:29:42:a4:ee:7c:4a:
         9a:c2:cf:c6:6f:37:d2:10:dd:77:03:68:6b:be:cb:3f:f0:77:
         69:79:4b:f5:f1:3a:71:14:4f:5c:e2:e5:6b:70:53:de:3b:bf:
         aa:eb:fa:dc:f3:37:1c:d2:61:76:15:81:67:23:cb:48:04:b6:
         10:f9:3a:a3:d1:7c:bc:38:f6:02:8f:0f:2a:d1:c3:1c:6b:45:
         1a:9f:e8:ec:3c:3f:48:38:b7:c9:d2:bd:e8:ed:c2:df:b2:ba:
         02:95:a7:45:e5:23:a5:7f:a5:42:eb:3a:60:98:db:b2:42:64:
         f1:e9:01:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtxmo/ApgjjmKEHHxmCG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NWUzYjc0ZmM5MzRiMDkyMTkzYWRlZDdlY2EwMWRhMWVm
MTg2YWQwHhcNMjQwMTAxMDYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTQ3NzQ4MmE0ZDc3NjVhMmNlNzdkYzIyYzE2OTUxMmQyYjgwYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgiEZ2PSRUt9RyLL3F3PmypnDrod
yjMFz58N8yk7YMR6epGEdUx8+Mswtc8DjUtgdtDljaLM93vD4gEUD8AFbV4sYBVT
mCqGcWJ3JwnoW2zQEH9T4SpifAfjeW+Lfv3WYOkiOxftQ2U9ecMwhJ68b35Qwx35
dcKqfxEIO14r06AtQhTTtGMZeYnISdsiUedzKholUH/jxUMSOkvbqoARpwL65cO5
Tvltw+ElzJsJfaHz1H9YR7Nfr3kOEuZ1es2AAOkXLYL5VAaXAKfTplCKjG9kFFsB
cY3MJYANrvuPK+Yg7dDXMaphA7fhUAg41KpFuWIOlzdp7wbL49FmCliMKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHlHdIKk13ZaLOd9wiwWlRLSuArcMB8GA1UdIwQY
MBaAFLZeO3T8k0sJIZOt7X7KAdoe8YatMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGw0N2RQeVRTd2toazYzdGZzb0IyaDd4aHEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9mNTlmOGUtZjU0NC00ZmJlLTk1YzMt
Y2ZmMDBlNGNkMmJlLzEvZVVkMGdxVFhkbG9zNTMzQ0xCYVZFdEs0Q3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9mNTlmOGUtZjU0NC00ZmJlLTk1YzMtY2ZmMDBlNGNkMmJl
LzEvdGw0N2RQeVRTd2toazYzdGZzb0IyaDd4aHEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR5cMA0E
AgACMAcDBQAqAK/gMA0GCSqGSIb3DQEBCwUAA4IBAQCYsHx0H4+9sB+A3zEQOFCC
ti1pI57H/d30af0JrM0pYYlm8rTGFWFnQdqwwstCbte8uyxT3W0zKyImlzsuHj2e
jQ5zKjzERL4We5DIiGICkPK/jcuxj97Yh70c/bZ0+2xV8UYSwTUOmXOCBA1Ft/d4
OSgp42hIvO0qvda+Ag6jZdW74RXRwz7dnlApQqTufEqaws/GbzfSEN13A2hrvss/
8HdpeUv18TpxFE9c4uVrcFPeO7+q6/rc8zcc0mF2FYFnI8tIBLYQ+Tqj0Xy8OPYC
jw8q0cMca0Uan+jsPD9IOLfJ0r3o7cLfsroCladF5SOlf6VC6zpgmNuyQmTx6QE6
-----END CERTIFICATE-----