Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/a69fd7-8e1f-4176-a5df-42837cca00c3/1/xAPGFOcSPb2IDpCgaKhd8hi4EsU.roa
File:                     xAPGFOcSPb2IDpCgaKhd8hi4EsU.roa (raw, json)
Hash identifier:          kbqhAULBIibnCVTSjAkXfKpokhF11fySRJDpRiU+ur8=
Subject key identifier:   C4:03:C6:14:E7:12:3D:BD:88:0E:90:A0:68:A8:5D:F2:18:B8:12:C5
Certificate issuer:       /CN=fd538aae4ec4d0a2f3c0a65f89f48746b515e57b
Certificate serial:       018CC5012156AD83B66FC0E10BF2BB359B44
Authority key identifier: FD:53:8A:AE:4E:C4:D0:A2:F3:C0:A6:5F:89:F4:87:46:B5:15:E5:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_VOKrk7E0KLzwKZfifSHRrUV5Xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/a69fd7-8e1f-4176-a5df-42837cca00c3/1/xAPGFOcSPb2IDpCgaKhd8hi4EsU.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205604
IP address blocks:        185.212.64.0/24 maxlen: 24
                          185.212.65.0/24 maxlen: 24
                          185.212.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/a69fd7-8e1f-4176-a5df-42837cca00c3/1/_VOKrk7E0KLzwKZfifSHRrUV5Xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/a69fd7-8e1f-4176-a5df-42837cca00c3/1/_VOKrk7E0KLzwKZfifSHRrUV5Xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_VOKrk7E0KLzwKZfifSHRrUV5Xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:21:56:ad:83:b6:6f:c0:e1:0b:f2:bb:35:9b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd538aae4ec4d0a2f3c0a65f89f48746b515e57b
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c403c614e7123dbd880e90a068a85df218b812c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:1e:11:7d:e7:50:3a:b4:09:ee:f5:ec:6a:
                    f4:09:9d:30:55:be:f3:cd:c6:08:25:07:a8:5f:6a:
                    e2:56:6e:c6:7a:8a:24:25:80:a5:f9:a9:52:ae:6a:
                    a9:3c:19:66:e7:d2:71:47:58:36:a8:02:5d:82:d0:
                    eb:90:60:de:a6:dd:62:43:31:2c:27:e3:72:5d:18:
                    cb:aa:af:67:df:b8:7d:07:8e:79:7c:ce:ca:4d:31:
                    7a:b1:5a:4f:ad:7c:87:09:e5:d7:31:35:f3:2d:77:
                    af:87:4b:0b:73:82:09:97:55:24:dc:bb:b6:67:48:
                    a0:1a:04:fd:d5:2d:56:36:a6:94:29:39:5f:df:c9:
                    fc:7e:31:55:8f:0f:a6:63:84:a2:51:72:01:88:94:
                    01:79:c9:10:09:c4:9c:fb:b9:99:eb:c0:1e:6a:b4:
                    4c:8e:1e:f7:83:74:b5:82:b3:e9:bc:d0:7b:4c:15:
                    00:a7:f4:27:ba:f3:48:e5:a1:e6:d9:12:db:68:48:
                    2e:c2:54:db:a7:d2:bb:f0:f1:fc:73:29:34:92:3d:
                    37:79:81:48:67:5f:07:1a:ed:14:4d:18:0e:9a:4a:
                    39:03:5e:cb:fa:48:3d:e6:8b:f7:37:f4:26:5d:f1:
                    ac:9d:7c:bf:c0:ad:6a:22:79:7a:7e:de:48:cf:2a:
                    b4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:03:C6:14:E7:12:3D:BD:88:0E:90:A0:68:A8:5D:F2:18:B8:12:C5
            X509v3 Authority Key Identifier:
                keyid:FD:53:8A:AE:4E:C4:D0:A2:F3:C0:A6:5F:89:F4:87:46:B5:15:E5:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_VOKrk7E0KLzwKZfifSHRrUV5Xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/a69fd7-8e1f-4176-a5df-42837cca00c3/1/xAPGFOcSPb2IDpCgaKhd8hi4EsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/a69fd7-8e1f-4176-a5df-42837cca00c3/1/_VOKrk7E0KLzwKZfifSHRrUV5Xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.64.0-185.212.66.255

    Signature Algorithm: sha256WithRSAEncryption
         91:db:c4:fe:f5:4e:e9:29:00:42:93:60:3a:4a:45:74:12:09:
         0a:9a:fb:81:5f:5b:bf:55:e6:a5:80:de:33:01:6b:ad:9c:bc:
         0a:a8:6a:75:b0:9b:ed:89:29:26:c2:4f:fd:1e:42:cf:dc:9a:
         65:3c:d1:0a:37:be:82:bb:a4:99:2a:f5:5a:1a:82:ff:cd:e7:
         b4:d3:d8:36:62:b6:e4:8b:96:3c:4b:cb:70:00:b6:ee:32:d6:
         04:61:0e:ff:e4:06:c0:ad:12:cf:9c:c0:4d:c1:83:2c:e4:13:
         ec:c6:29:27:49:3a:7b:50:bb:ea:cd:97:66:32:0f:28:91:75:
         75:d4:64:2d:fc:03:ca:6a:a3:83:9f:69:87:b7:7f:61:da:7b:
         86:08:9a:1c:25:d0:30:9f:2a:db:fa:79:60:dc:4a:ab:fe:61:
         d0:c6:52:c7:ca:e4:9f:30:33:55:0c:ae:b8:67:41:d3:03:7d:
         70:65:97:59:af:02:a2:20:37:79:a0:c2:82:67:bf:a0:78:9a:
         92:96:e0:37:d2:7d:2e:66:ad:9f:52:48:5a:ff:60:a6:ec:b4:
         49:e7:cb:50:b6:76:9c:eb:2f:56:2e:a5:1e:5d:40:c9:85:3b:
         a4:f1:98:bb:39:b3:58:86:a0:66:03:c7:94:8c:57:2e:30:32:
         40:3d:94:4e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFASFWrYO2b8DhC/K7NZtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNTM4YWFlNGVjNGQwYTJmM2MwYTY1Zjg5ZjQ4NzQ2YjUx
NWU1N2IwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDAzYzYxNGU3MTIzZGJkODgwZTkwYTA2OGE4NWRmMjE4YjgxMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2weEX3nUDq0Ce717Gr0CZ0wVb7z
zcYIJQeoX2riVm7GeookJYCl+alSrmqpPBlm59JxR1g2qAJdgtDrkGDept1iQzEs
J+NyXRjLqq9n37h9B455fM7KTTF6sVpPrXyHCeXXMTXzLXevh0sLc4IJl1Uk3Lu2
Z0igGgT91S1WNqaUKTlf38n8fjFVjw+mY4SiUXIBiJQBeckQCcSc+7mZ68AearRM
jh73g3S1grPpvNB7TBUAp/QnuvNI5aHm2RLbaEguwlTbp9K78PH8cyk0kj03eYFI
Z18HGu0UTRgOmko5A17L+kg95ov3N/QmXfGsnXy/wK1qInl6ft5Izyq0lQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMQDxhTnEj29iA6QoGioXfIYuBLFMB8GA1UdIwQY
MBaAFP1Tiq5OxNCi88CmX4n0h0a1FeV7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1ZPS3JrN0UwS0x6d0taZmlmU0hSclVWNVhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9hNjlmZDctOGUxZi00MTc2LWE1ZGYt
NDI4MzdjY2EwMGMzLzEveEFQR0ZPY1NQYjJJRHBDZ2FLaGQ4aGk0RXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9hNjlmZDctOGUxZi00MTc2LWE1ZGYtNDI4MzdjY2EwMGMz
LzEvX1ZPS3JrN0UwS0x6d0taZmlmU0hSclVWNVhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAa51EAD
BAC51EIwDQYJKoZIhvcNAQELBQADggEBAJHbxP71TukpAEKTYDpKRXQSCQqa+4Ff
W79V5qWA3jMBa62cvAqoanWwm+2JKSbCT/0eQs/cmmU80Qo3voK7pJkq9Voagv/N
57TT2DZituSLljxLy3AAtu4y1gRhDv/kBsCtEs+cwE3BgyzkE+zGKSdJOntQu+rN
l2YyDyiRdXXUZC38A8pqo4OfaYe3f2Hae4YImhwl0DCfKtv6eWDcSqv+YdDGUsfK
5J8wM1UMrrhnQdMDfXBll1mvAqIgN3mgwoJnv6B4mpKW4DfSfS5mrZ9SSFr/YKbs
tEnny1C2dpzrL1YupR5dQMmFO6TxmLs5s1iGoGYDx5SMVy4wMkA9lE4=
-----END CERTIFICATE-----