Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/rx5qQx72tRDplC-FA4HaURhRKGQ.roa
File:                     rx5qQx72tRDplC-FA4HaURhRKGQ.roa (raw, json)
Hash identifier:          v858skannHLTOOr9y25wvEk/5vu7eQ0oNGXS+BT7uGI=
Subject key identifier:   AF:1E:6A:43:1E:F6:B5:10:E9:94:2F:85:03:81:DA:51:18:51:28:64
Certificate issuer:       /CN=cb6bf2b89584ec96080048dc3fdc2e3983c277f3
Certificate serial:       018CC3B708C684DE5F32ABED1815F3D054BC
Authority key identifier: CB:6B:F2:B8:95:84:EC:96:08:00:48:DC:3F:DC:2E:39:83:C2:77:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2vyuJWE7JYIAEjcP9wuOYPCd_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/rx5qQx72tRDplC-FA4HaURhRKGQ.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203152
IP address blocks:        185.127.136.0/22 maxlen: 24
                          2a13:4547::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/y2vyuJWE7JYIAEjcP9wuOYPCd_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/y2vyuJWE7JYIAEjcP9wuOYPCd_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2vyuJWE7JYIAEjcP9wuOYPCd_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:08:c6:84:de:5f:32:ab:ed:18:15:f3:d0:54:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb6bf2b89584ec96080048dc3fdc2e3983c277f3
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af1e6a431ef6b510e9942f850381da5118512864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:62:d3:28:dc:c1:58:b5:3e:2b:e9:e8:65:83:
                    40:e0:77:b4:91:9b:e0:cf:05:d2:3c:f2:cb:2a:b9:
                    e2:06:db:54:a2:b9:5c:73:40:aa:e1:82:f8:73:f0:
                    67:0b:ee:15:b9:08:b4:ab:e6:54:cf:08:11:93:4b:
                    33:be:e8:a7:1b:1c:15:27:48:03:63:93:14:a5:c6:
                    23:1f:27:b1:af:c3:19:85:0a:c9:81:00:ee:f8:41:
                    bf:a0:55:c6:7f:99:19:2a:ad:89:39:01:b4:c0:7c:
                    4f:e7:c9:9a:d2:be:19:f8:7c:f1:3f:67:48:99:6c:
                    64:57:6f:9b:a1:f0:6b:22:77:51:a3:11:7a:de:32:
                    46:de:38:92:6e:76:a9:c1:1d:c6:9c:af:86:6b:73:
                    87:b0:c9:71:89:a6:fa:d4:67:76:9a:ce:8f:a3:4c:
                    0e:b9:40:8c:2e:a5:39:b8:52:db:54:ba:df:22:6c:
                    06:0b:70:72:0b:c5:7c:13:18:98:64:8c:51:20:2a:
                    ee:b2:4e:d1:f2:f1:ce:02:2c:c3:09:1a:cc:3e:98:
                    16:ae:2a:6a:75:9c:ee:3c:3e:e9:5a:71:c0:de:c6:
                    5c:66:09:90:be:9c:64:8a:b9:71:ec:83:15:97:f2:
                    fc:d8:8d:1f:3f:61:15:16:63:3b:41:77:aa:8e:d5:
                    a2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:1E:6A:43:1E:F6:B5:10:E9:94:2F:85:03:81:DA:51:18:51:28:64
            X509v3 Authority Key Identifier:
                keyid:CB:6B:F2:B8:95:84:EC:96:08:00:48:DC:3F:DC:2E:39:83:C2:77:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2vyuJWE7JYIAEjcP9wuOYPCd_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/rx5qQx72tRDplC-FA4HaURhRKGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/y2vyuJWE7JYIAEjcP9wuOYPCd_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.136.0/22
                IPv6:
                  2a13:4547::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:de:aa:b3:6b:d8:67:7e:f5:29:42:4a:32:0c:c8:69:76:c5:
         7c:84:c4:a3:1c:69:fe:00:a2:59:88:c0:cf:ed:4c:43:61:dc:
         66:8a:4e:a1:96:9c:3e:57:ed:e4:5a:72:67:cf:73:34:6c:25:
         44:e0:b4:57:69:12:d4:3b:54:06:b9:f3:d6:8f:50:97:ae:cf:
         1d:6c:c5:94:c8:6c:86:b4:60:74:59:b6:4a:50:76:91:16:61:
         ab:dc:c4:75:e0:49:63:2d:d7:36:c2:a3:88:63:93:2a:cb:64:
         51:36:1d:79:01:06:48:00:da:66:fa:12:ef:fa:9f:35:17:23:
         e9:dd:77:75:c1:56:fe:cb:8e:79:9e:66:82:b2:f1:53:4a:12:
         ff:07:81:f7:25:4d:1e:e0:da:f7:5a:80:02:8e:fc:5d:52:b0:
         da:4c:15:29:f2:2b:9f:c7:90:e5:22:a0:9e:16:2a:b6:52:2d:
         cf:ee:b4:42:b1:7e:e4:1e:fb:fe:bc:6a:8a:be:2c:12:42:a1:
         26:8d:f0:6a:b4:cc:61:d3:a3:5f:7c:26:f2:23:a4:b5:cc:ed:
         d4:62:03:a1:16:d8:fb:26:0b:7c:43:2e:8c:b5:15:1b:c6:09:
         04:e6:df:c7:c1:8f:9b:42:2e:4e:1d:02:c4:c0:41:41:11:25:
         68:42:78:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtwjGhN5fMqvtGBXz0FS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNmJmMmI4OTU4NGVjOTYwODAwNDhkYzNmZGMyZTM5ODNj
Mjc3ZjMwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjFlNmE0MzFlZjZiNTEwZTk5NDJmODUwMzgxZGE1MTE4NTEyODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWLTKNzBWLU+K+noZYNA4He0kZvg
zwXSPPLLKrniBttUorlcc0Cq4YL4c/BnC+4VuQi0q+ZUzwgRk0szvuinGxwVJ0gD
Y5MUpcYjHyexr8MZhQrJgQDu+EG/oFXGf5kZKq2JOQG0wHxP58ma0r4Z+HzxP2dI
mWxkV2+bofBrIndRoxF63jJG3jiSbnapwR3GnK+Ga3OHsMlxiab61Gd2ms6Po0wO
uUCMLqU5uFLbVLrfImwGC3ByC8V8ExiYZIxRICrusk7R8vHOAizDCRrMPpgWripq
dZzuPD7pWnHA3sZcZgmQvpxkirlx7IMVl/L82I0fP2EVFmM7QXeqjtWidwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK8eakMe9rUQ6ZQvhQOB2lEYUShkMB8GA1UdIwQY
MBaAFMtr8riVhOyWCABI3D/cLjmDwnfzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJ2eXVKV0U3SllJQUVqY1A5d3VPWVBDZF9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82YTg3ZjEtZTE5Ny00YTIzLTk1M2Qt
MTBmZGZjZTk0NTEzLzEvcng1cVF4NzJ0UkRwbEMtRkE0SGFVUmhSS0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82YTg3ZjEtZTE5Ny00YTIzLTk1M2QtMTBmZGZjZTk0NTEz
LzEveTJ2eXVKV0U3SllJQUVqY1A5d3VPWVBDZF9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX+IMA0E
AgACMAcDBQAqE0VHMA0GCSqGSIb3DQEBCwUAA4IBAQCN3qqza9hnfvUpQkoyDMhp
dsV8hMSjHGn+AKJZiMDP7UxDYdxmik6hlpw+V+3kWnJnz3M0bCVE4LRXaRLUO1QG
ufPWj1CXrs8dbMWUyGyGtGB0WbZKUHaRFmGr3MR14EljLdc2wqOIY5Mqy2RRNh15
AQZIANpm+hLv+p81FyPp3Xd1wVb+y455nmaCsvFTShL/B4H3JU0e4Nr3WoACjvxd
UrDaTBUp8iufx5DlIqCeFiq2Ui3P7rRCsX7kHvv+vGqKviwSQqEmjfBqtMxh06Nf
fCbyI6S1zO3UYgOhFtj7Jgt8Qy6MtRUbxgkE5t/HwY+bQi5OHQLEwEFBESVoQnjo
-----END CERTIFICATE-----