Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/_kLxeSpa-hBAkgo7lHb4bxvY1D4.roa
File:                     _kLxeSpa-hBAkgo7lHb4bxvY1D4.roa (raw, json)
Hash identifier:          SMxVBoJ4Dd59obQH8UsFZDoVphKv2eGDekIeQPXVIMY=
Subject key identifier:   FE:42:F1:79:2A:5A:FA:10:40:92:0A:3B:94:76:F8:6F:1B:D8:D4:3E
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018EE066F371C02257777A197CE76ACDAED9
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/_kLxeSpa-hBAkgo7lHb4bxvY1D4.roa
Signing time:             Mon 15 Apr 2024 06:17:07 +0000
ROA not before:           Mon 15 Apr 2024 06:17:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        185.179.218.0/23 maxlen: 24
                          188.64.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:30:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:66:f3:71:c0:22:57:77:7a:19:7c:e7:6a:cd:ae:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr 15 06:17:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe42f1792a5afa1040920a3b9476f86f1bd8d43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e1:df:7a:01:5a:c6:57:0d:d8:72:78:38:af:
                    f1:94:83:67:17:da:76:0b:5b:01:b0:87:dd:d6:b2:
                    fb:63:fe:63:9f:05:a1:9e:ff:9c:b3:26:49:97:94:
                    71:0a:f3:37:84:39:9f:7a:d5:d8:7f:ff:8b:a5:39:
                    f0:59:3d:69:94:8a:45:65:db:05:ae:e1:9e:61:01:
                    aa:30:6a:35:04:e8:32:c5:24:88:98:53:83:39:8b:
                    d1:78:a9:54:06:c0:fc:99:7a:72:50:9b:5d:3d:bd:
                    54:68:a1:96:20:45:dd:9d:4e:40:3c:f2:75:0a:5d:
                    1a:0a:0e:fb:44:bf:44:78:46:e2:8e:17:46:31:b2:
                    8f:81:fc:db:95:35:92:c1:ef:92:f1:24:fa:a0:32:
                    33:8c:2c:b7:9d:5e:7e:d1:18:92:18:70:fd:13:c1:
                    a4:e7:9d:4e:05:99:44:9f:65:d4:33:0b:af:f3:eb:
                    7f:c9:21:51:7a:65:6f:cc:c3:92:a9:14:db:bb:d0:
                    d4:99:5b:47:53:32:d1:6c:70:27:b4:b1:28:03:26:
                    46:dc:42:e9:fe:b5:da:6e:6c:7d:76:7f:65:fd:f2:
                    00:b5:56:d8:af:58:0a:98:4e:8f:d3:b7:3f:ab:e4:
                    d5:fc:2b:06:fc:26:6f:6a:38:0e:ac:02:fa:d8:5e:
                    cd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:42:F1:79:2A:5A:FA:10:40:92:0A:3B:94:76:F8:6F:1B:D8:D4:3E
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/_kLxeSpa-hBAkgo7lHb4bxvY1D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.218.0/23
                  188.64.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:ca:d7:ce:38:8f:24:7d:0d:4c:c1:cf:e2:c2:78:7d:ad:b1:
         2e:62:c3:04:d9:c7:48:69:d1:46:49:6d:1b:95:d9:4d:03:24:
         16:07:ce:be:d4:25:ed:4f:b2:51:6b:82:4e:22:10:ea:1b:7b:
         6c:d8:d3:6b:bd:72:cd:43:ce:52:e8:9f:3c:ee:08:7d:d4:93:
         ca:7d:b5:5e:c9:ca:f9:fd:21:4b:74:f6:dc:6f:f5:97:f3:5b:
         4b:69:7b:2c:61:ee:71:fd:de:97:10:7c:74:90:c1:79:7c:e3:
         ab:d7:35:5c:5c:e2:61:cc:f1:72:42:80:ad:28:15:ec:d5:20:
         a6:ee:97:06:10:d2:72:2d:97:71:24:2a:77:9a:57:8c:86:28:
         e1:ee:d4:88:79:9d:69:f7:5b:19:aa:23:ae:10:22:61:a1:e5:
         8c:aa:81:9b:43:72:4e:be:77:cf:e4:75:37:76:a1:7a:fa:7c:
         19:ee:30:90:00:fc:00:2e:22:bd:d7:db:49:ca:93:0c:ed:dc:
         ce:00:96:14:06:4a:cf:f1:c8:a1:98:ad:99:fd:c9:f3:af:9d:
         01:2b:db:93:76:30:50:94:d0:a3:f3:83:19:e2:48:cc:57:fb:
         a7:9c:d6:87:33:8d:ae:3d:c4:98:c7:18:c5:6c:cd:33:19:a5:
         ae:36:55:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7gZvNxwCJXd3oZfOdqza7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNDE1MDYxNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTQyZjE3OTJhNWFmYTEwNDA5MjBhM2I5NDc2Zjg2ZjFiZDhkNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+HfegFaxlcN2HJ4OK/xlINnF9p2
C1sBsIfd1rL7Y/5jnwWhnv+csyZJl5RxCvM3hDmfetXYf/+LpTnwWT1plIpFZdsF
ruGeYQGqMGo1BOgyxSSImFODOYvReKlUBsD8mXpyUJtdPb1UaKGWIEXdnU5APPJ1
Cl0aCg77RL9EeEbijhdGMbKPgfzblTWSwe+S8ST6oDIzjCy3nV5+0RiSGHD9E8Gk
551OBZlEn2XUMwuv8+t/ySFRemVvzMOSqRTbu9DUmVtHUzLRbHAntLEoAyZG3ELp
/rXabmx9dn9l/fIAtVbYr1gKmE6P07c/q+TV/CsG/CZvajgOrAL62F7N5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP5C8XkqWvoQQJIKO5R2+G8b2NQ+MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvX2tMeGVTcGEtaEJBa2dvN2xIYjRieHZZMUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubPaAwQC
vEBoMA0GCSqGSIb3DQEBCwUAA4IBAQCoytfOOI8kfQ1Mwc/iwnh9rbEuYsME2cdI
adFGSW0bldlNAyQWB86+1CXtT7JRa4JOIhDqG3ts2NNrvXLNQ85S6J887gh91JPK
fbVeycr5/SFLdPbcb/WX81tLaXssYe5x/d6XEHx0kMF5fOOr1zVcXOJhzPFyQoCt
KBXs1SCm7pcGENJyLZdxJCp3mleMhijh7tSIeZ1p91sZqiOuECJhoeWMqoGbQ3JO
vnfP5HU3dqF6+nwZ7jCQAPwALiK919tJypMM7dzOAJYUBkrP8cihmK2Z/cnzr50B
K9uTdjBQlNCj84MZ4kjMV/unnNaHM42uPcSYxxjFbM0zGaWuNlUj
-----END CERTIFICATE-----