Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/1cf6e4-97c5-4f7f-84bb-4ff048e9ae90/1/d01pCOjz5O9DzKkmMb8_ayfrWXY.roa
File:                     d01pCOjz5O9DzKkmMb8_ayfrWXY.roa (raw, json)
Hash identifier:          j5Eas3zqGBp5HX2QeMvzI5of0G4ZX/uflUt4sKSUxNE=
Subject key identifier:   77:4D:69:08:E8:F3:E4:EF:43:CC:A9:26:31:BF:3F:6B:27:EB:59:76
Certificate issuer:       /CN=9588390cf321dc43ce3ac0bc8fb09554d5fc2e77
Certificate serial:       018CC794A6304AD08504F55EEEDA2562DBFB
Authority key identifier: 95:88:39:0C:F3:21:DC:43:CE:3A:C0:BC:8F:B0:95:54:D5:FC:2E:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYg5DPMh3EPOOsC8j7CVVNX8Lnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/1cf6e4-97c5-4f7f-84bb-4ff048e9ae90/1/d01pCOjz5O9DzKkmMb8_ayfrWXY.roa
Signing time:             Tue 02 Jan 2024 00:30:57 +0000
ROA not before:           Tue 02 Jan 2024 00:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208719
IP address blocks:        185.127.240.0/22 maxlen: 24
                          2a03:9960::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/1cf6e4-97c5-4f7f-84bb-4ff048e9ae90/1/lYg5DPMh3EPOOsC8j7CVVNX8Lnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/1cf6e4-97c5-4f7f-84bb-4ff048e9ae90/1/lYg5DPMh3EPOOsC8j7CVVNX8Lnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYg5DPMh3EPOOsC8j7CVVNX8Lnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a6:30:4a:d0:85:04:f5:5e:ee:da:25:62:db:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9588390cf321dc43ce3ac0bc8fb09554d5fc2e77
        Validity
            Not Before: Jan  2 00:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=774d6908e8f3e4ef43cca92631bf3f6b27eb5976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d8:60:44:03:fe:20:8e:16:07:a2:7a:df:e2:
                    e6:b8:ca:33:30:62:4e:40:70:0b:2a:99:aa:7c:b1:
                    f0:ec:79:cf:77:2d:5e:11:d5:6f:a7:42:51:67:0b:
                    8c:db:ec:15:b3:3f:c5:59:0b:b9:af:67:2c:95:4c:
                    15:90:3d:4a:6a:38:d1:1d:fc:48:2c:48:19:6d:50:
                    d0:98:61:32:e3:4c:43:fa:ea:70:be:84:09:89:74:
                    37:c6:fc:ca:17:fc:63:e8:0b:80:22:81:39:d8:8a:
                    ec:ea:23:cd:dc:87:0a:f1:df:e1:a6:26:5d:5b:44:
                    67:bd:76:b5:80:81:88:a1:89:d7:25:a4:e0:6c:3e:
                    ba:9e:c6:ca:a1:e5:e2:ea:e8:75:bb:c0:91:ec:3d:
                    a3:5e:69:d7:05:d7:31:8c:03:93:14:d3:ef:b6:63:
                    6c:19:18:9e:3a:6b:65:de:6b:de:9c:af:21:88:0b:
                    39:85:c0:03:00:46:8d:85:24:d5:92:18:49:0d:5f:
                    05:e4:1f:1a:5a:a0:a4:65:ae:ed:1a:ba:0e:69:78:
                    a2:92:c7:c7:ec:a0:22:c7:82:aa:79:60:fa:d0:e3:
                    c2:81:b8:68:f6:35:a9:0a:26:ab:29:ae:40:b9:8b:
                    72:07:c2:57:f9:33:f0:5f:ed:2e:8a:a9:53:c3:6f:
                    38:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:4D:69:08:E8:F3:E4:EF:43:CC:A9:26:31:BF:3F:6B:27:EB:59:76
            X509v3 Authority Key Identifier:
                keyid:95:88:39:0C:F3:21:DC:43:CE:3A:C0:BC:8F:B0:95:54:D5:FC:2E:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYg5DPMh3EPOOsC8j7CVVNX8Lnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/1cf6e4-97c5-4f7f-84bb-4ff048e9ae90/1/d01pCOjz5O9DzKkmMb8_ayfrWXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/1cf6e4-97c5-4f7f-84bb-4ff048e9ae90/1/lYg5DPMh3EPOOsC8j7CVVNX8Lnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.240.0/22
                IPv6:
                  2a03:9960::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:b2:18:ba:74:dd:df:fa:84:62:d4:5a:bd:a2:20:6f:62:45:
         be:05:71:57:ac:49:a8:42:91:27:9a:79:b9:f7:17:9d:37:8c:
         ab:1c:33:6c:85:28:0b:34:fb:21:6a:b5:e2:0f:e2:f3:38:51:
         ba:80:28:18:4f:f0:2e:5f:fa:02:4d:a5:b8:86:6e:f6:ae:fc:
         8d:e0:0d:4c:84:3c:f0:22:f8:a1:d0:c2:f2:3a:f5:5c:75:7e:
         2b:45:d0:f3:92:02:d1:41:79:cd:5c:f0:f4:d2:50:54:de:ae:
         7a:ca:74:f9:60:4a:b7:6d:7b:f3:89:60:a4:a8:da:a3:d4:c8:
         68:d4:52:a8:83:26:21:57:9a:cc:7f:d5:eb:1c:e4:4e:5b:46:
         7f:1a:60:25:cf:cb:12:1d:cc:2a:c2:7a:a4:a8:b1:49:7b:72:
         54:cf:89:a4:5c:70:cf:e9:93:01:9c:08:4b:32:69:3d:0f:45:
         b1:b9:ab:ca:01:2b:e0:cd:4e:ea:0a:bd:17:24:e4:8d:fa:fb:
         e7:92:b4:d1:78:d7:71:f8:2d:8d:d2:9d:33:c4:b8:47:50:58:
         2e:cf:6d:bd:a2:4c:ad:34:19:d0:e2:b7:0f:7e:75:08:d3:4b:
         67:54:22:1a:48:fe:89:46:18:4c:50:97:3e:1b:cd:1c:04:85:
         41:50:ff:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlKYwStCFBPVe7tolYtv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODgzOTBjZjMyMWRjNDNjZTNhYzBiYzhmYjA5NTU0ZDVm
YzJlNzcwHhcNMjQwMTAyMDAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzRkNjkwOGU4ZjNlNGVmNDNjY2E5MjYzMWJmM2Y2YjI3ZWI1OTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdhgRAP+II4WB6J63+LmuMozMGJO
QHALKpmqfLHw7HnPdy1eEdVvp0JRZwuM2+wVsz/FWQu5r2cslUwVkD1KajjRHfxI
LEgZbVDQmGEy40xD+upwvoQJiXQ3xvzKF/xj6AuAIoE52Irs6iPN3IcK8d/hpiZd
W0RnvXa1gIGIoYnXJaTgbD66nsbKoeXi6uh1u8CR7D2jXmnXBdcxjAOTFNPvtmNs
GRieOmtl3mvenK8hiAs5hcADAEaNhSTVkhhJDV8F5B8aWqCkZa7tGroOaXiiksfH
7KAix4KqeWD60OPCgbho9jWpCiarKa5AuYtyB8JX+TPwX+0uiqlTw2848QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHdNaQjo8+TvQ8ypJjG/P2sn61l2MB8GA1UdIwQY
MBaAFJWIOQzzIdxDzjrAvI+wlVTV/C53MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlnNURQTWgzRVBPT3NDOGo3Q1ZWTlg4TG5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8xY2Y2ZTQtOTdjNS00ZjdmLTg0YmIt
NGZmMDQ4ZTlhZTkwLzEvZDAxcENPano1TzlEektrbU1iOF9heWZyV1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8xY2Y2ZTQtOTdjNS00ZjdmLTg0YmItNGZmMDQ4ZTlhZTkw
LzEvbFlnNURQTWgzRVBPT3NDOGo3Q1ZWTlg4TG5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX/wMA0E
AgACMAcDBQAqA5lgMA0GCSqGSIb3DQEBCwUAA4IBAQAzshi6dN3f+oRi1Fq9oiBv
YkW+BXFXrEmoQpEnmnm59xedN4yrHDNshSgLNPsharXiD+LzOFG6gCgYT/AuX/oC
TaW4hm72rvyN4A1MhDzwIvih0MLyOvVcdX4rRdDzkgLRQXnNXPD00lBU3q56ynT5
YEq3bXvziWCkqNqj1Mho1FKogyYhV5rMf9XrHOROW0Z/GmAlz8sSHcwqwnqkqLFJ
e3JUz4mkXHDP6ZMBnAhLMmk9D0WxuavKASvgzU7qCr0XJOSN+vvnkrTReNdx+C2N
0p0zxLhHUFguz229okytNBnQ4rcPfnUI00tnVCIaSP6JRhhMUJc+G80cBIVBUP+4
-----END CERTIFICATE-----