Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/xyeI3V7x98BOyj_KcwS3IZ4CXKI.roa
File:                     xyeI3V7x98BOyj_KcwS3IZ4CXKI.roa (raw, json)
Hash identifier:          NibHHhmPeD8GVP/Lp8gwnWFEbw/BwPzfjpDRDzws5UE=
Subject key identifier:   C7:27:88:DD:5E:F1:F7:C0:4E:CA:3F:CA:73:04:B7:21:9E:02:5C:A2
Certificate issuer:       /CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
Certificate serial:       018CC56DF43379A43B5BB8AA0044BC68412B
Authority key identifier: 3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/xyeI3V7x98BOyj_KcwS3IZ4CXKI.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42202
IP address blocks:        185.206.188.0/22 maxlen: 22
                          2a0b:1740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:33:79:a4:3b:5b:b8:aa:00:44:bc:68:41:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c72788dd5ef1f7c04eca3fca7304b7219e025ca2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ea:46:03:bb:57:b0:2d:51:7d:84:0f:8a:ac:
                    77:2e:f4:6b:c1:8d:ee:ce:5f:db:6d:91:94:cd:96:
                    42:2c:9a:2f:28:3e:c9:94:32:2d:79:e5:81:60:c3:
                    4a:cd:73:80:d7:a3:76:0d:bb:ce:03:ec:5d:31:c6:
                    8c:13:41:57:d5:8d:02:10:96:ea:a5:da:3f:53:ac:
                    13:c2:4f:5b:5f:8e:6b:90:8f:07:37:09:8c:1c:94:
                    8a:f3:2a:8d:f1:8a:d5:9e:e1:11:55:17:7e:35:38:
                    6d:7e:44:90:24:ec:aa:29:b9:b7:85:4e:64:51:36:
                    44:39:e8:75:a8:42:e0:d2:b3:52:3a:cd:97:68:02:
                    e7:e4:a2:44:0f:08:01:13:da:b8:da:22:28:aa:e2:
                    1a:6d:2f:5e:c3:e3:58:dd:30:16:c2:f7:4a:da:73:
                    9e:e3:f6:c9:27:5c:14:1c:ee:35:67:95:b1:1f:bb:
                    30:49:4e:05:e5:da:94:92:39:17:a5:72:29:90:95:
                    47:73:6f:a7:a9:b2:4c:d1:c4:9b:b8:d5:93:fb:e6:
                    55:5f:66:44:45:52:48:0d:68:9b:9e:66:60:7a:f4:
                    f6:b6:0d:dc:1c:29:7d:13:94:5f:b4:57:40:66:73:
                    c2:5c:3a:66:16:fa:99:47:fe:02:bf:ea:dc:81:4d:
                    36:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:27:88:DD:5E:F1:F7:C0:4E:CA:3F:CA:73:04:B7:21:9E:02:5C:A2
            X509v3 Authority Key Identifier:
                keyid:3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/xyeI3V7x98BOyj_KcwS3IZ4CXKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.188.0/22
                IPv6:
                  2a0b:1740::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:c1:5c:0c:3e:dc:4c:ec:c8:88:fc:0d:04:30:fe:c8:5b:38:
         97:01:de:e9:f4:85:a6:d3:38:e6:4a:f1:5a:14:49:79:e6:c4:
         65:78:7c:4f:e5:0f:2a:2d:09:45:d7:70:1c:3e:1b:f3:20:20:
         8f:ef:0b:2e:92:c4:78:71:d3:2f:e4:d8:ae:67:78:2e:7c:ee:
         04:fa:2f:cb:6a:42:b9:6d:e9:0f:bb:30:62:94:bc:5e:cf:b6:
         73:42:a5:4c:52:05:05:2f:8a:5b:d6:59:42:3e:ae:3c:6e:bc:
         f6:9f:a1:f0:b1:46:e5:21:8b:4e:06:33:4c:28:01:e0:d0:d9:
         c0:9b:df:48:94:0f:19:54:54:db:ff:5f:f3:6d:bf:c1:b0:08:
         18:78:c0:47:4a:2c:ef:1f:b0:30:96:3e:56:9f:89:28:4a:f3:
         81:75:eb:37:70:d5:58:b9:d8:80:7c:fd:b8:85:5a:a7:71:da:
         d8:9c:9c:3d:11:a4:bd:ce:02:4d:1f:17:83:1c:d2:48:7d:ad:
         9f:af:4a:c2:48:9d:45:c8:6f:e9:78:eb:9b:3b:a7:2f:2c:0c:
         3a:33:0e:8a:49:a1:fd:81:ed:1c:39:b9:dd:e5:e0:0e:2b:54:
         ff:72:0f:23:58:61:a5:5c:68:2e:b8:41:33:99:1f:1d:86:43:
         bb:bb:98:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbfQzeaQ7W7iqAES8aEErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDk0MzZkMjEzNWMwODQ4OTdiNzRjNmFkMzZkYTE3MDBh
N2E5OGQwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI3ODhkZDVlZjFmN2MwNGVjYTNmY2E3MzA0YjcyMTllMDI1Y2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+pGA7tXsC1RfYQPiqx3LvRrwY3u
zl/bbZGUzZZCLJovKD7JlDIteeWBYMNKzXOA16N2DbvOA+xdMcaME0FX1Y0CEJbq
pdo/U6wTwk9bX45rkI8HNwmMHJSK8yqN8YrVnuERVRd+NThtfkSQJOyqKbm3hU5k
UTZEOeh1qELg0rNSOs2XaALn5KJEDwgBE9q42iIoquIabS9ew+NY3TAWwvdK2nOe
4/bJJ1wUHO41Z5WxH7swSU4F5dqUkjkXpXIpkJVHc2+nqbJM0cSbuNWT++ZVX2ZE
RVJIDWibnmZgevT2tg3cHCl9E5RftFdAZnPCXDpmFvqZR/4Cv+rcgU02CQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMcniN1e8ffATso/ynMEtyGeAlyiMB8GA1UdIwQY
MBaAFDvZQ20hNcCEiXt0xq022hcAp6mNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTIt
MjYzN2QxMzMzOGYxLzEveHllSTNWN3g5OEJPeWpfS2N3UzNJWjRDWEtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTItMjYzN2QxMzMzOGYx
LzEvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc68MA0E
AgACMAcDBQMqCxdAMA0GCSqGSIb3DQEBCwUAA4IBAQCDwVwMPtxM7MiI/A0EMP7I
WziXAd7p9IWm0zjmSvFaFEl55sRleHxP5Q8qLQlF13AcPhvzICCP7wsuksR4cdMv
5NiuZ3gufO4E+i/LakK5bekPuzBilLxez7ZzQqVMUgUFL4pb1llCPq48brz2n6Hw
sUblIYtOBjNMKAHg0NnAm99IlA8ZVFTb/1/zbb/BsAgYeMBHSizvH7Awlj5Wn4ko
SvOBdes3cNVYudiAfP24hVqncdrYnJw9EaS9zgJNHxeDHNJIfa2fr0rCSJ1FyG/p
eOubO6cvLAw6Mw6KSaH9ge0cObnd5eAOK1T/cg8jWGGlXGguuEEzmR8dhkO7u5i6
-----END CERTIFICATE-----