Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/h6bwUmHe2fGn1c5Nr_0Az2teVv0.roa
File:                     h6bwUmHe2fGn1c5Nr_0Az2teVv0.roa (raw, json)
Hash identifier:          yYoUG2tvPRhDBZFeTym5a6HJ593OW1/oixPBJqSug+I=
Subject key identifier:   87:A6:F0:52:61:DE:D9:F1:A7:D5:CE:4D:AF:FD:00:CF:6B:5E:56:FD
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       018CC94D4D7904B78888E9CAB011A5BB2C68
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/h6bwUmHe2fGn1c5Nr_0Az2teVv0.roa
Signing time:             Tue 02 Jan 2024 08:32:15 +0000
ROA not before:           Tue 02 Jan 2024 08:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57536
IP address blocks:        212.7.212.0/24 maxlen: 24
                          185.107.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4d:79:04:b7:88:88:e9:ca:b0:11:a5:bb:2c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  2 08:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87a6f05261ded9f1a7d5ce4daffd00cf6b5e56fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8c:db:6a:93:80:27:5e:47:32:c6:f1:97:45:
                    0d:9a:27:1c:2f:36:77:f2:14:aa:4a:af:a7:fd:4b:
                    e4:25:97:ec:fa:31:d7:51:47:8f:d2:5f:bd:25:de:
                    20:1a:03:c7:84:5e:44:08:70:4b:b3:76:40:b4:b5:
                    70:2e:66:6e:7b:c3:e6:e2:59:39:1c:8c:cd:f0:e8:
                    d7:b4:74:db:58:18:ca:36:f1:0d:f3:f2:c4:5b:14:
                    5a:ed:00:09:3a:43:b4:d0:19:1b:14:d5:37:e0:73:
                    ea:85:ae:c7:5d:cd:40:6b:b0:a8:7a:e1:c0:9b:aa:
                    9f:74:dd:03:1a:f8:0b:22:16:35:de:8a:7e:b0:b3:
                    19:2f:19:e3:18:ec:c3:ae:95:81:86:5e:ef:66:21:
                    1b:5c:96:f8:3f:66:81:77:24:25:4d:ef:ad:2a:0c:
                    de:9a:ea:9e:84:87:64:66:d9:de:40:00:3f:81:df:
                    1b:9c:a0:2f:36:29:ef:9c:b5:8e:4b:3e:70:62:22:
                    99:62:9c:a1:63:7f:78:bc:a5:af:f5:46:3d:48:f4:
                    1a:75:de:9c:76:40:39:96:40:5e:19:7a:5f:81:fd:
                    4c:d1:3c:cc:4c:8e:58:e3:f8:32:64:90:b9:f4:ba:
                    22:60:f8:80:04:ed:ee:07:52:24:42:d0:dc:aa:b6:
                    1d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A6:F0:52:61:DE:D9:F1:A7:D5:CE:4D:AF:FD:00:CF:6B:5E:56:FD
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/h6bwUmHe2fGn1c5Nr_0Az2teVv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.65.0/24
                  212.7.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:d9:4f:57:62:21:21:4f:d9:30:0f:bf:0b:da:81:1c:de:d2:
         4d:5f:13:11:b7:d5:73:f5:93:64:c2:1f:d2:ff:6a:2f:bf:16:
         18:63:96:74:fb:05:04:0b:8e:7d:ef:bb:48:c2:f4:ed:84:21:
         48:9d:e5:bb:de:22:be:f2:b8:92:03:05:bf:d1:cc:3c:b9:46:
         f0:1b:e4:d7:e3:27:72:d5:c4:72:6f:c1:7d:b5:bf:f2:db:9e:
         fa:13:83:fa:9c:50:52:cc:f5:81:8f:28:7e:ba:1e:b6:a4:91:
         68:21:4a:6a:06:61:25:00:d8:a8:73:bd:a7:f7:d9:8a:0d:50:
         a4:5b:b8:f7:70:0c:31:ec:a8:7d:aa:24:60:4a:f9:09:79:ad:
         50:ea:da:c1:86:63:76:22:fd:c0:ee:3e:be:3b:d1:b8:20:67:
         ec:8c:06:15:32:b7:cb:1e:60:e7:23:7e:c1:f1:6f:b1:47:4b:
         20:a0:f7:5c:c2:a0:53:d9:1b:bd:3f:1b:c6:d6:ae:a8:b7:6a:
         d7:0a:8f:b2:9a:7e:1a:a1:eb:13:88:a0:3f:1a:60:ba:23:a2:
         dc:33:44:df:db:11:48:b0:0b:50:97:0e:1b:97:08:ec:30:12:
         42:e2:bb:77:40:ac:97:e1:d1:3a:2c:1e:8f:bd:3d:87:e3:18:
         b7:32:66:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTU15BLeIiOnKsBGluyxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjQwMTAyMDgzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2E2ZjA1MjYxZGVkOWYxYTdkNWNlNGRhZmZkMDBjZjZiNWU1NmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIzbapOAJ15HMsbxl0UNmiccLzZ3
8hSqSq+n/UvkJZfs+jHXUUeP0l+9Jd4gGgPHhF5ECHBLs3ZAtLVwLmZue8Pm4lk5
HIzN8OjXtHTbWBjKNvEN8/LEWxRa7QAJOkO00BkbFNU34HPqha7HXc1Aa7CoeuHA
m6qfdN0DGvgLIhY13op+sLMZLxnjGOzDrpWBhl7vZiEbXJb4P2aBdyQlTe+tKgze
muqehIdkZtneQAA/gd8bnKAvNinvnLWOSz5wYiKZYpyhY394vKWv9UY9SPQadd6c
dkA5lkBeGXpfgf1M0TzMTI5Y4/gyZJC59LoiYPiABO3uB1IkQtDcqrYdKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIem8FJh3tnxp9XOTa/9AM9rXlb9MB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvaDZid1VtSGUyZkduMWM1TnJfMEF6MnRlVnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWtBAwQA
1AfUMA0GCSqGSIb3DQEBCwUAA4IBAQBM2U9XYiEhT9kwD78L2oEc3tJNXxMRt9Vz
9ZNkwh/S/2ovvxYYY5Z0+wUEC45977tIwvTthCFIneW73iK+8riSAwW/0cw8uUbw
G+TX4ydy1cRyb8F9tb/y2576E4P6nFBSzPWBjyh+uh62pJFoIUpqBmElANioc72n
99mKDVCkW7j3cAwx7Kh9qiRgSvkJea1Q6trBhmN2Iv3A7j6+O9G4IGfsjAYVMrfL
HmDnI37B8W+xR0sgoPdcwqBT2Ru9PxvG1q6ot2rXCo+ymn4aoesTiKA/GmC6I6Lc
M0Tf2xFIsAtQlw4blwjsMBJC4rt3QKyX4dE6LB6PvT2H4xi3MmY8
-----END CERTIFICATE-----