Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/67e3ac-c332-4d13-83ef-c7b10d505cfe/1/I-omZ5vxdNlAXFKZYdKH6OEBJXA.roa
File:                     I-omZ5vxdNlAXFKZYdKH6OEBJXA.roa (raw, json)
Hash identifier:          oBkJzg7l1DGfT3tXbF4Gaok08jW+bVRIfyNDVZFLGnw=
Subject key identifier:   23:EA:26:67:9B:F1:74:D9:40:5C:52:99:61:D2:87:E8:E1:01:25:70
Certificate issuer:       /CN=f57dc5996c8178c0de2ea20499eebdeade4023eb
Certificate serial:       018CC86FD1582B2FED382F5DF2584AB20917
Authority key identifier: F5:7D:C5:99:6C:81:78:C0:DE:2E:A2:04:99:EE:BD:EA:DE:40:23:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9X3FmWyBeMDeLqIEme696t5AI-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/67e3ac-c332-4d13-83ef-c7b10d505cfe/1/I-omZ5vxdNlAXFKZYdKH6OEBJXA.roa
Signing time:             Tue 02 Jan 2024 04:30:20 +0000
ROA not before:           Tue 02 Jan 2024 04:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59755
IP address blocks:        185.71.8.0/22 maxlen: 22
                          2a03:37a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/67e3ac-c332-4d13-83ef-c7b10d505cfe/1/9X3FmWyBeMDeLqIEme696t5AI-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/67e3ac-c332-4d13-83ef-c7b10d505cfe/1/9X3FmWyBeMDeLqIEme696t5AI-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9X3FmWyBeMDeLqIEme696t5AI-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d1:58:2b:2f:ed:38:2f:5d:f2:58:4a:b2:09:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f57dc5996c8178c0de2ea20499eebdeade4023eb
        Validity
            Not Before: Jan  2 04:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23ea26679bf174d9405c529961d287e8e1012570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:75:39:8b:de:b7:66:72:f7:cf:e8:bb:64:2d:
                    99:02:97:01:99:52:83:40:79:ee:bf:3b:6a:eb:1a:
                    99:9b:41:d1:92:8a:d6:94:5a:d4:78:78:da:52:8a:
                    38:c9:ef:1a:14:00:23:01:2e:52:64:7f:2e:e3:78:
                    ee:f8:40:12:12:c9:cf:bf:c8:37:64:c5:13:b4:55:
                    bf:55:6b:30:cf:58:3d:51:ec:27:0d:ac:16:d4:30:
                    c8:11:e8:92:b7:93:69:fc:86:21:24:dc:62:50:bb:
                    95:4f:ff:87:61:37:c1:33:07:ea:f3:2b:9a:cb:97:
                    68:c9:7e:73:ae:4e:73:a9:31:2d:59:96:f1:d8:39:
                    23:ad:7b:db:a8:8e:d0:56:91:4b:22:d7:ed:dd:d2:
                    06:f1:91:53:74:a3:9c:d6:53:9d:30:b9:5d:f3:12:
                    00:ef:5a:15:ad:3d:68:6f:53:f6:5c:67:52:ae:47:
                    02:96:bb:2e:b9:c0:01:51:b8:6a:98:26:60:00:f4:
                    c7:b1:d0:2c:8f:ef:4f:00:cf:03:5f:37:a6:ca:4f:
                    32:de:23:f1:7b:89:1c:b6:ab:25:6b:d6:e2:bd:c8:
                    e6:31:81:0a:b7:52:15:f2:90:1c:8d:36:9f:89:1f:
                    18:a0:57:e7:2d:d7:0e:11:de:11:fa:42:3b:ef:6e:
                    6e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EA:26:67:9B:F1:74:D9:40:5C:52:99:61:D2:87:E8:E1:01:25:70
            X509v3 Authority Key Identifier:
                keyid:F5:7D:C5:99:6C:81:78:C0:DE:2E:A2:04:99:EE:BD:EA:DE:40:23:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9X3FmWyBeMDeLqIEme696t5AI-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/67e3ac-c332-4d13-83ef-c7b10d505cfe/1/I-omZ5vxdNlAXFKZYdKH6OEBJXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/67e3ac-c332-4d13-83ef-c7b10d505cfe/1/9X3FmWyBeMDeLqIEme696t5AI-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.8.0/22
                IPv6:
                  2a03:37a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:ed:65:1e:22:35:fb:32:9c:5f:62:5d:2a:0c:67:7c:ec:d7:
         db:a5:88:0c:dd:ca:d3:81:2b:2d:b0:04:93:eb:ac:fa:19:10:
         4f:c6:da:83:0a:8b:35:df:f0:22:0b:8f:a4:d2:d4:73:92:cc:
         36:4f:20:27:ef:9b:fb:ab:63:34:0b:7e:3e:e5:9b:b8:a6:88:
         c3:f2:7b:65:39:52:83:54:70:15:7d:43:7d:5a:a1:66:76:81:
         a4:02:c2:31:aa:b0:4a:ce:29:c1:b9:ef:00:e8:40:49:0f:5a:
         0f:50:6f:34:38:ad:68:ac:ef:2e:0f:67:8b:0b:6f:77:30:59:
         6a:82:eb:90:1a:bb:ea:3d:38:f7:27:d9:fc:c3:07:46:43:53:
         cb:d2:4c:c2:66:29:9f:8e:60:e2:96:75:e3:e2:3b:b0:a1:32:
         92:ab:7a:b9:e8:4f:43:60:8f:cb:72:5b:0d:13:26:ff:ef:de:
         4a:65:ce:76:04:0e:25:8f:9c:f2:03:54:6c:9a:09:33:af:dc:
         66:82:ea:f8:15:c3:c2:a1:bf:0a:5d:55:45:81:90:58:94:aa:
         90:c0:dc:e0:fe:b5:04:16:84:0a:f4:d0:63:dc:3d:1b:0f:fb:
         df:89:1d:01:e3:49:89:d8:e1:f8:bb:a6:4a:96:03:48:f3:ac:
         46:f2:60:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb9FYKy/tOC9d8lhKsgkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1N2RjNTk5NmM4MTc4YzBkZTJlYTIwNDk5ZWViZGVhZGU0
MDIzZWIwHhcNMjQwMTAyMDQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2VhMjY2NzliZjE3NGQ5NDA1YzUyOTk2MWQyODdlOGUxMDEyNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHU5i963ZnL3z+i7ZC2ZApcBmVKD
QHnuvztq6xqZm0HRkorWlFrUeHjaUoo4ye8aFAAjAS5SZH8u43ju+EASEsnPv8g3
ZMUTtFW/VWswz1g9UewnDawW1DDIEeiSt5Np/IYhJNxiULuVT/+HYTfBMwfq8yua
y5doyX5zrk5zqTEtWZbx2DkjrXvbqI7QVpFLItft3dIG8ZFTdKOc1lOdMLld8xIA
71oVrT1ob1P2XGdSrkcClrsuucABUbhqmCZgAPTHsdAsj+9PAM8DXzemyk8y3iPx
e4kctqsla9bivcjmMYEKt1IV8pAcjTafiR8YoFfnLdcOEd4R+kI7725uAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCPqJmeb8XTZQFxSmWHSh+jhASVwMB8GA1UdIwQY
MBaAFPV9xZlsgXjA3i6iBJnuvereQCPrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVgzRm1XeUJlTURlTHFJRW1lNjk2dDVBSS1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82N2UzYWMtYzMzMi00ZDEzLTgzZWYt
YzdiMTBkNTA1Y2ZlLzEvSS1vbVo1dnhkTmxBWEZLWllkS0g2T0VCSlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My82N2UzYWMtYzMzMi00ZDEzLTgzZWYtYzdiMTBkNTA1Y2Zl
LzEvOVgzRm1XeUJlTURlTHFJRW1lNjk2dDVBSS1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUcIMA0E
AgACMAcDBQAqAzegMA0GCSqGSIb3DQEBCwUAA4IBAQCd7WUeIjX7MpxfYl0qDGd8
7NfbpYgM3crTgSstsAST66z6GRBPxtqDCos13/AiC4+k0tRzksw2TyAn75v7q2M0
C34+5Zu4pojD8ntlOVKDVHAVfUN9WqFmdoGkAsIxqrBKzinBue8A6EBJD1oPUG80
OK1orO8uD2eLC293MFlqguuQGrvqPTj3J9n8wwdGQ1PL0kzCZimfjmDilnXj4juw
oTKSq3q56E9DYI/LclsNEyb/795KZc52BA4lj5zyA1Rsmgkzr9xmgur4FcPCob8K
XVVFgZBYlKqQwNzg/rUEFoQK9NBj3D0bD/vfiR0B40mJ2OH4u6ZKlgNI86xG8mCI
-----END CERTIFICATE-----