Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/eefe67-3ebd-46cb-bcc8-6c61a9023139/1/dcrIXQSLmm0rcmf0y_VawM_t2xo.roa
File:                     dcrIXQSLmm0rcmf0y_VawM_t2xo.roa (raw, json)
Hash identifier:          KDjW6P3WG5rF2ZFySrLa8guqjb00+dxtEQpI9HtPDFY=
Subject key identifier:   75:CA:C8:5D:04:8B:9A:6D:2B:72:67:F4:CB:F5:5A:C0:CF:ED:DB:1A
Certificate issuer:       /CN=356ac9c769976f6e2e82aaccfe239b6aa1922378
Certificate serial:       018CC3B73F67BEDBF1684509B9E3EA9DF9D1
Authority key identifier: 35:6A:C9:C7:69:97:6F:6E:2E:82:AA:CC:FE:23:9B:6A:A1:92:23:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWrJx2mXb24ugqrM_iObaqGSI3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/eefe67-3ebd-46cb-bcc8-6c61a9023139/1/dcrIXQSLmm0rcmf0y_VawM_t2xo.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60164
IP address blocks:        185.54.148.0/22 maxlen: 24
                          2a04:d280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/eefe67-3ebd-46cb-bcc8-6c61a9023139/1/NWrJx2mXb24ugqrM_iObaqGSI3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/eefe67-3ebd-46cb-bcc8-6c61a9023139/1/NWrJx2mXb24ugqrM_iObaqGSI3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWrJx2mXb24ugqrM_iObaqGSI3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:67:be:db:f1:68:45:09:b9:e3:ea:9d:f9:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=356ac9c769976f6e2e82aaccfe239b6aa1922378
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75cac85d048b9a6d2b7267f4cbf55ac0cfeddb1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:76:67:36:d6:76:10:40:e7:8f:6d:82:f8:23:
                    82:cb:e8:b8:f6:dc:91:00:a9:ec:9b:f3:35:ef:77:
                    58:7b:78:b3:df:c7:af:49:06:41:5c:a3:b9:26:a5:
                    90:6c:1c:53:b3:11:b8:65:f2:f5:98:07:71:ba:04:
                    06:cb:b2:8f:7f:1a:8c:7a:6c:5f:cd:5e:6e:19:0d:
                    61:91:48:55:93:55:b5:a9:42:15:25:b0:6a:26:7c:
                    81:6e:a2:a7:d5:01:55:a0:4e:94:c0:fb:23:d6:3c:
                    3f:b3:53:cc:f1:99:cc:c5:f8:fd:a2:ed:a5:9a:92:
                    d9:03:72:6c:bd:ba:26:94:d5:82:cd:00:b2:e3:73:
                    f6:d6:99:f1:6f:bf:5b:46:c5:a8:e4:ce:58:f7:de:
                    2f:a7:5f:c9:5c:b4:bb:68:fb:0f:d7:60:b2:bb:3b:
                    57:6f:30:bd:b9:a3:51:f7:ae:de:12:94:35:42:d2:
                    1d:75:50:3b:83:d2:3d:59:b5:96:a3:c7:f6:00:4e:
                    7a:b0:a3:5b:d3:9a:91:68:5f:92:28:1b:e8:c0:f9:
                    9a:cb:23:ae:9f:42:78:46:64:06:b9:aa:ed:d7:52:
                    67:82:a2:53:18:e9:7a:ca:22:6d:7a:e8:f1:7b:66:
                    0a:e2:d0:d4:bd:72:6e:a9:e3:50:0f:ed:e4:c4:ce:
                    db:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:CA:C8:5D:04:8B:9A:6D:2B:72:67:F4:CB:F5:5A:C0:CF:ED:DB:1A
            X509v3 Authority Key Identifier:
                keyid:35:6A:C9:C7:69:97:6F:6E:2E:82:AA:CC:FE:23:9B:6A:A1:92:23:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWrJx2mXb24ugqrM_iObaqGSI3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/eefe67-3ebd-46cb-bcc8-6c61a9023139/1/dcrIXQSLmm0rcmf0y_VawM_t2xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/eefe67-3ebd-46cb-bcc8-6c61a9023139/1/NWrJx2mXb24ugqrM_iObaqGSI3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.148.0/22
                IPv6:
                  2a04:d280::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:21:ca:f1:10:ae:08:95:f1:a7:30:2b:c2:72:65:dd:6f:f0:
         03:09:02:db:26:d2:e8:7f:c9:8b:5b:97:4e:0f:50:37:b7:ad:
         c5:22:c6:f1:bf:75:e2:48:3a:c0:6f:5a:70:b8:64:77:49:19:
         4e:c7:e3:d2:cc:5b:95:7b:fa:92:24:fa:6b:ba:b9:62:52:1c:
         d6:84:b1:6a:e1:e9:cb:5f:ab:fc:62:82:c6:a0:97:51:63:ff:
         bd:ac:ef:fb:b2:38:df:74:0b:e4:a7:da:b5:24:b0:c9:1b:3e:
         a0:eb:40:d8:3a:a0:33:44:bc:73:d2:30:fc:4c:e7:4d:58:64:
         da:02:fe:05:8f:d0:a5:d9:25:87:90:5f:8d:61:91:03:09:2f:
         49:5e:f2:8b:87:cc:5e:2d:82:60:55:a4:4d:4e:73:7e:8f:00:
         a8:6b:9b:9f:7a:55:1d:b4:ef:bf:34:71:e1:7a:fd:8d:d1:dd:
         68:50:f2:92:11:6b:36:47:b7:8a:2d:7f:1c:7c:36:80:e4:69:
         05:72:05:2a:70:c7:04:b0:88:68:bf:96:79:04:8b:68:b2:d0:
         16:17:76:37:c8:d4:1d:cc:86:18:c4:3f:e9:1d:bf:dc:f2:b5:
         57:3c:cb:3a:8c:93:8d:b0:7c:11:4f:d3:b1:0b:be:ff:3b:b9:
         6c:e0:be:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtz9nvtvxaEUJuePqnfnRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NmFjOWM3Njk5NzZmNmUyZTgyYWFjY2ZlMjM5YjZhYTE5
MjIzNzgwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNhYzg1ZDA0OGI5YTZkMmI3MjY3ZjRjYmY1NWFjMGNmZWRkYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXZnNtZ2EEDnj22C+COCy+i49tyR
AKnsm/M173dYe3iz38evSQZBXKO5JqWQbBxTsxG4ZfL1mAdxugQGy7KPfxqMemxf
zV5uGQ1hkUhVk1W1qUIVJbBqJnyBbqKn1QFVoE6UwPsj1jw/s1PM8ZnMxfj9ou2l
mpLZA3JsvbomlNWCzQCy43P21pnxb79bRsWo5M5Y994vp1/JXLS7aPsP12CyuztX
bzC9uaNR967eEpQ1QtIddVA7g9I9WbWWo8f2AE56sKNb05qRaF+SKBvowPmayyOu
n0J4RmQGuart11JngqJTGOl6yiJteujxe2YK4tDUvXJuqeNQD+3kxM7bZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHXKyF0Ei5ptK3Jn9Mv1WsDP7dsaMB8GA1UdIwQY
MBaAFDVqycdpl29uLoKqzP4jm2qhkiN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldySngybVhiMjR1Z3FyTV9pT2JhcUdTSTNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lZWZlNjctM2ViZC00NmNiLWJjYzgt
NmM2MWE5MDIzMTM5LzEvZGNySVhRU0xtbTByY21mMHlfVmF3TV90MnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lZWZlNjctM2ViZC00NmNiLWJjYzgtNmM2MWE5MDIzMTM5
LzEvTldySngybVhiMjR1Z3FyTV9pT2JhcUdTSTNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTaUMA0E
AgACMAcDBQMqBNKAMA0GCSqGSIb3DQEBCwUAA4IBAQBeIcrxEK4IlfGnMCvCcmXd
b/ADCQLbJtLof8mLW5dOD1A3t63FIsbxv3XiSDrAb1pwuGR3SRlOx+PSzFuVe/qS
JPprurliUhzWhLFq4enLX6v8YoLGoJdRY/+9rO/7sjjfdAvkp9q1JLDJGz6g60DY
OqAzRLxz0jD8TOdNWGTaAv4Fj9Cl2SWHkF+NYZEDCS9JXvKLh8xeLYJgVaRNTnN+
jwCoa5ufelUdtO+/NHHhev2N0d1oUPKSEWs2R7eKLX8cfDaA5GkFcgUqcMcEsIho
v5Z5BItostAWF3Y3yNQdzIYYxD/pHb/c8rVXPMs6jJONsHwRT9OxC77/O7ls4L5B
-----END CERTIFICATE-----