Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/foEJwclHbC-93FDAKhIesjUmTqk.roa
File:                     foEJwclHbC-93FDAKhIesjUmTqk.roa (raw, json)
Hash identifier:          6vCc18NqGrzkuaYtbKSpJXvaaPmw6BhlGTCHenC4Fn4=
Subject key identifier:   7E:81:09:C1:C9:47:6C:2F:BD:DC:50:C0:2A:12:1E:B2:35:26:4E:A9
Certificate issuer:       /CN=a56ff71e4b8ec24b1c632b2fa2248739cc572205
Certificate serial:       018CC7270CC085FF26CAEFF4060D57018FB6
Authority key identifier: A5:6F:F7:1E:4B:8E:C2:4B:1C:63:2B:2F:A2:24:87:39:CC:57:22:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/foEJwclHbC-93FDAKhIesjUmTqk.roa
Signing time:             Mon 01 Jan 2024 22:31:14 +0000
ROA not before:           Mon 01 Jan 2024 22:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61966
IP address blocks:        185.52.228.0/23 maxlen: 23
                          185.52.230.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0c:c0:85:ff:26:ca:ef:f4:06:0d:57:01:8f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a56ff71e4b8ec24b1c632b2fa2248739cc572205
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e8109c1c9476c2fbddc50c02a121eb235264ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:d9:e4:5f:43:34:b6:7b:d6:2e:46:74:74:
                    bb:b9:cd:95:cd:12:7c:34:38:fa:d5:09:fc:24:97:
                    2e:ab:85:5c:47:7b:48:de:ea:9c:4f:78:7f:d0:e1:
                    eb:5e:ad:48:e5:85:c2:92:8f:b4:01:89:f3:34:48:
                    35:84:6e:fe:97:7a:4a:5d:c7:43:00:ee:68:8f:fe:
                    25:e7:b8:7c:ba:ba:c1:e5:04:6f:8d:fb:a0:42:8b:
                    2f:c0:f4:c9:c8:f7:a7:6b:5f:93:d6:5f:60:34:6a:
                    ba:5f:dd:3b:39:c8:eb:18:ca:29:1f:8c:ed:93:61:
                    af:ae:a8:95:ac:48:37:2c:98:63:3d:ed:02:df:b9:
                    9d:66:c9:f8:f3:8f:8d:ce:63:a8:56:61:67:7f:c1:
                    fc:b0:cc:ca:16:66:ef:c4:89:6b:db:67:fc:c1:af:
                    5e:8c:c9:61:d1:19:d5:f6:d9:98:32:01:8a:1a:e4:
                    12:63:af:cf:66:86:de:eb:65:e4:9a:64:ca:42:dd:
                    25:56:e0:29:63:9e:88:6d:58:7e:9a:36:8b:89:39:
                    4a:2f:a3:12:1a:f6:d5:32:1f:35:b7:39:fb:e3:72:
                    25:a9:94:bb:48:06:51:3b:1f:ce:16:a5:89:74:f3:
                    aa:05:b8:bb:b5:aa:57:4a:42:14:ba:1a:59:7f:c7:
                    0e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:81:09:C1:C9:47:6C:2F:BD:DC:50:C0:2A:12:1E:B2:35:26:4E:A9
            X509v3 Authority Key Identifier:
                keyid:A5:6F:F7:1E:4B:8E:C2:4B:1C:63:2B:2F:A2:24:87:39:CC:57:22:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/foEJwclHbC-93FDAKhIesjUmTqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:60:99:8f:d2:24:c6:bb:6f:58:68:5b:e2:fe:7d:63:b6:a6:
         cc:2c:61:2c:f2:34:50:44:01:d6:c7:41:95:8e:32:2c:e4:14:
         84:da:83:90:5d:21:81:81:32:1f:d7:4c:7e:30:f4:87:87:8a:
         e6:9d:a6:a1:d5:42:9a:8c:1a:b6:69:f0:b6:82:a2:30:8d:7b:
         f6:3b:64:2d:a3:04:5d:00:01:01:3e:f5:df:93:70:2b:aa:f4:
         6b:e2:ab:75:6a:21:5a:71:78:f0:e8:5a:fb:64:63:26:c1:09:
         51:ed:fc:3f:4c:07:9c:de:f9:65:3d:99:a9:fc:8a:c8:04:35:
         5d:7b:72:d0:73:b4:5d:d7:3c:bc:a0:1b:c4:53:30:05:a8:a8:
         25:26:2a:94:6b:1a:ee:cb:2d:fb:26:c5:dd:54:18:df:e5:f0:
         bf:64:90:6b:9d:95:57:d6:65:66:55:2b:02:98:2d:d8:72:bf:
         e4:6b:f3:cf:98:21:f6:2f:35:c2:6d:5b:37:08:6b:85:55:04:
         57:fb:5e:5c:25:6b:8a:0e:de:bf:4f:41:cd:7e:61:17:59:f9:
         b2:d4:61:6f:14:f6:0b:58:a9:08:00:e4:fe:9e:5a:5b:c7:0d:
         7b:71:ce:12:90:50:e0:82:1c:fe:c6:eb:a0:1b:2d:56:d7:35:
         29:bd:a4:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwzAhf8myu/0Bg1XAY+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NmZmNzFlNGI4ZWMyNGIxYzYzMmIyZmEyMjQ4NzM5Y2M1
NzIyMDUwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTgxMDljMWM5NDc2YzJmYmRkYzUwYzAyYTEyMWViMjM1MjY0ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJjZ5F9DNLZ71i5GdHS7uc2VzRJ8
NDj61Qn8JJcuq4VcR3tI3uqcT3h/0OHrXq1I5YXCko+0AYnzNEg1hG7+l3pKXcdD
AO5oj/4l57h8urrB5QRvjfugQosvwPTJyPena1+T1l9gNGq6X907OcjrGMopH4zt
k2GvrqiVrEg3LJhjPe0C37mdZsn484+NzmOoVmFnf8H8sMzKFmbvxIlr22f8wa9e
jMlh0RnV9tmYMgGKGuQSY6/PZobe62XkmmTKQt0lVuApY56IbVh+mjaLiTlKL6MS
GvbVMh81tzn743IlqZS7SAZROx/OFqWJdPOqBbi7tapXSkIUuhpZf8cOiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6BCcHJR2wvvdxQwCoSHrI1Jk6pMB8GA1UdIwQY
MBaAFKVv9x5LjsJLHGMrL6IkhznMVyIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdfM0hrdU93a3NjWXlzdm9pU0hPY3hYSWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80YTMxMzktOGUxYi00YTFlLTg3ZGEt
ZTZhYWJiMDZiYmIwLzEvZm9FSndjbEhiQy05M0ZEQUtoSWVzalVtVHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80YTMxMzktOGUxYi00YTFlLTg3ZGEtZTZhYWJiMDZiYmIw
LzEvcFdfM0hrdU93a3NjWXlzdm9pU0hPY3hYSWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTTkMA0G
CSqGSIb3DQEBCwUAA4IBAQAeYJmP0iTGu29YaFvi/n1jtqbMLGEs8jRQRAHWx0GV
jjIs5BSE2oOQXSGBgTIf10x+MPSHh4rmnaah1UKajBq2afC2gqIwjXv2O2QtowRd
AAEBPvXfk3ArqvRr4qt1aiFacXjw6Fr7ZGMmwQlR7fw/TAec3vllPZmp/IrIBDVd
e3LQc7Rd1zy8oBvEUzAFqKglJiqUaxruyy37JsXdVBjf5fC/ZJBrnZVX1mVmVSsC
mC3Ycr/ka/PPmCH2LzXCbVs3CGuFVQRX+15cJWuKDt6/T0HNfmEXWfmy1GFvFPYL
WKkIAOT+nlpbxw17cc4SkFDgghz+xuugGy1W1zUpvaTi
-----END CERTIFICATE-----