Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/6k7WAYIeXXs34Gf03sjVBAYtLKE.roa
File:                     6k7WAYIeXXs34Gf03sjVBAYtLKE.roa (raw, json)
Hash identifier:          Q9bCst4ykRYHA9Z+XI3s0SpWQFa52478E/q6vumeF9A=
Subject key identifier:   EA:4E:D6:01:82:1E:5D:7B:37:E0:67:F4:DE:C8:D5:04:06:2D:2C:A1
Certificate issuer:       /CN=bf5bdc4106adde89e1ce9c32b807b2082ebb9944
Certificate serial:       018CC26D3F150A67A51FBF2AEC9A5BD613AE
Authority key identifier: BF:5B:DC:41:06:AD:DE:89:E1:CE:9C:32:B8:07:B2:08:2E:BB:99:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/6k7WAYIeXXs34Gf03sjVBAYtLKE.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62276
IP address blocks:        185.40.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3f:15:0a:67:a5:1f:bf:2a:ec:9a:5b:d6:13:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5bdc4106adde89e1ce9c32b807b2082ebb9944
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea4ed601821e5d7b37e067f4dec8d504062d2ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ea:1c:7c:6c:84:3c:d6:71:90:4e:d8:1c:82:
                    0c:ef:b7:b6:43:ca:fa:2f:b2:5a:38:7f:9f:2f:8a:
                    af:00:e3:ee:49:96:e5:7d:e5:46:f4:b2:89:64:fe:
                    a9:7f:c9:d4:b1:12:fa:32:ab:16:0f:bc:ed:e2:be:
                    84:50:d4:bc:58:ec:c9:d0:dd:ab:d6:02:f5:c8:61:
                    d4:ae:a6:52:21:22:27:26:e1:d7:9a:6c:77:27:ac:
                    5a:c1:4a:f0:be:db:16:3c:e2:cf:99:b2:20:fa:ce:
                    2a:59:59:ef:8e:11:6a:54:4e:45:38:f5:a5:e2:7d:
                    da:d7:40:38:12:c8:bf:14:a8:0d:34:5c:ce:ca:07:
                    75:66:29:a0:44:e1:9b:ae:3a:d8:9c:28:21:9f:4d:
                    e1:7a:65:9b:1d:53:a0:6e:4b:ec:1e:5f:25:e5:6e:
                    92:35:d3:24:3b:ea:c0:a6:5d:b4:07:b2:72:cc:62:
                    b4:ae:df:45:86:79:ef:c4:bc:1b:2f:8c:80:84:db:
                    44:8b:67:ae:9f:46:89:c5:5f:e3:79:ca:c6:81:ff:
                    b5:8e:cb:5e:bd:42:ad:2e:03:0e:1d:04:23:48:62:
                    0f:28:d2:f0:76:e9:84:36:b8:92:aa:84:f7:a7:28:
                    60:6c:67:3f:96:d8:86:a6:d4:b4:d8:ea:be:bd:c3:
                    69:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:4E:D6:01:82:1E:5D:7B:37:E0:67:F4:DE:C8:D5:04:06:2D:2C:A1
            X509v3 Authority Key Identifier:
                keyid:BF:5B:DC:41:06:AD:DE:89:E1:CE:9C:32:B8:07:B2:08:2E:BB:99:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/6k7WAYIeXXs34Gf03sjVBAYtLKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:74:2d:6f:54:69:4f:58:2a:73:03:6c:a4:a5:4b:63:c3:56:
         07:01:ea:f2:f9:af:4c:e1:f1:88:5e:ce:e3:be:49:0d:7c:e9:
         a1:d5:45:ac:2d:e5:94:04:00:6e:e0:5a:dc:1b:22:fa:a2:f6:
         69:b8:c4:22:17:1c:6a:ae:8a:25:02:20:f2:ff:59:b0:3e:0b:
         e8:22:ad:17:ba:77:a8:83:7f:ad:be:eb:5b:2e:e4:00:11:4c:
         05:36:d0:08:d9:0a:8b:53:2a:0c:9f:67:76:30:ea:68:58:56:
         0a:8d:cf:04:0a:8b:c5:3d:d7:61:c2:a6:c4:27:76:dc:f3:69:
         f4:69:aa:65:d6:9e:f5:46:9d:59:f6:86:e8:67:4b:63:fd:2a:
         19:9e:57:2d:1f:4b:8c:af:ca:86:09:c4:f2:8e:96:0c:1b:3f:
         fd:04:a1:81:9b:77:49:0f:f2:cf:05:d5:09:e4:33:6c:f0:14:
         1e:b6:05:e2:94:2f:f9:fe:6b:d6:41:55:62:cd:5c:3b:e7:24:
         55:87:54:27:f4:34:bb:4c:6a:8f:4d:1e:40:a1:f6:f9:3a:08:
         2f:a8:14:c1:8d:15:ee:5d:ba:3a:52:12:4b:d7:38:a6:5e:ce:
         42:69:bf:d6:98:af:df:e9:5b:ff:dd:e1:af:f6:c7:70:2b:59:
         c0:02:39:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbT8VCmelH78q7Jpb1hOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNWJkYzQxMDZhZGRlODllMWNlOWMzMmI4MDdiMjA4MmVi
Yjk5NDQwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTRlZDYwMTgyMWU1ZDdiMzdlMDY3ZjRkZWM4ZDUwNDA2MmQyY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuocfGyEPNZxkE7YHIIM77e2Q8r6
L7JaOH+fL4qvAOPuSZblfeVG9LKJZP6pf8nUsRL6MqsWD7zt4r6EUNS8WOzJ0N2r
1gL1yGHUrqZSISInJuHXmmx3J6xawUrwvtsWPOLPmbIg+s4qWVnvjhFqVE5FOPWl
4n3a10A4Esi/FKgNNFzOygd1ZimgROGbrjrYnCghn03hemWbHVOgbkvsHl8l5W6S
NdMkO+rApl20B7JyzGK0rt9FhnnvxLwbL4yAhNtEi2eun0aJxV/jecrGgf+1jste
vUKtLgMOHQQjSGIPKNLwdumENriSqoT3pyhgbGc/ltiGptS02Oq+vcNpeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpO1gGCHl17N+Bn9N7I1QQGLSyhMB8GA1UdIwQY
MBaAFL9b3EEGrd6J4c6cMrgHsgguu5lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjF2Y1FRYXQzb25oenB3eXVBZXlDQzY3bVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yZDFhMGEtNzFjYy00ZjU3LWFhNjMt
YmVkYWMxMGFhY2RjLzEvNms3V0FZSWVYWHMzNEdmMDNzalZCQVl0TEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yZDFhMGEtNzFjYy00ZjU3LWFhNjMtYmVkYWMxMGFhY2Rj
LzEvdjF2Y1FRYXQzb25oenB3eXVBZXlDQzY3bVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSioMA0G
CSqGSIb3DQEBCwUAA4IBAQCfdC1vVGlPWCpzA2ykpUtjw1YHAery+a9M4fGIXs7j
vkkNfOmh1UWsLeWUBABu4FrcGyL6ovZpuMQiFxxqroolAiDy/1mwPgvoIq0Xuneo
g3+tvutbLuQAEUwFNtAI2QqLUyoMn2d2MOpoWFYKjc8ECovFPddhwqbEJ3bc82n0
aapl1p71Rp1Z9oboZ0tj/SoZnlctH0uMr8qGCcTyjpYMGz/9BKGBm3dJD/LPBdUJ
5DNs8BQetgXilC/5/mvWQVVizVw75yRVh1Qn9DS7TGqPTR5Aofb5OggvqBTBjRXu
Xbo6UhJL1zimXs5Cab/WmK/f6Vv/3eGv9sdwK1nAAjks
-----END CERTIFICATE-----