Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/15e53d-70b0-4268-9124-4b01d63e795c/1/acfBZ_3u_EB1ThVk3XcJQ0BSBGc.roa
File:                     acfBZ_3u_EB1ThVk3XcJQ0BSBGc.roa (raw, json)
Hash identifier:          AyBGe4pkyUwL3nFQvBhJBl2V87IF09pwdNMGGrRlOOc=
Subject key identifier:   69:C7:C1:67:FD:EE:FC:40:75:4E:15:64:DD:77:09:43:40:52:04:67
Certificate issuer:       /CN=5e7fd9586f9ccb0fb4487b208cdf4675e5bbf330
Certificate serial:       018CC79554F133A59974E252082E5D0C2599
Authority key identifier: 5E:7F:D9:58:6F:9C:CB:0F:B4:48:7B:20:8C:DF:46:75:E5:BB:F3:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xn_ZWG-cyw-0SHsgjN9GdeW78zA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/15e53d-70b0-4268-9124-4b01d63e795c/1/acfBZ_3u_EB1ThVk3XcJQ0BSBGc.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9208
IP address blocks:        185.205.232.0/22 maxlen: 24
                          212.166.0.0/18 maxlen: 24
                          2a01:5a00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/15e53d-70b0-4268-9124-4b01d63e795c/1/Xn_ZWG-cyw-0SHsgjN9GdeW78zA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/15e53d-70b0-4268-9124-4b01d63e795c/1/Xn_ZWG-cyw-0SHsgjN9GdeW78zA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xn_ZWG-cyw-0SHsgjN9GdeW78zA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:54:f1:33:a5:99:74:e2:52:08:2e:5d:0c:25:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e7fd9586f9ccb0fb4487b208cdf4675e5bbf330
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c7c167fdeefc40754e1564dd77094340520467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:62:78:59:01:1a:4b:c9:a3:94:28:db:9c:90:
                    3c:d3:42:07:4d:32:2f:84:9b:63:48:43:0f:c2:a1:
                    fb:23:0b:60:b0:51:a6:04:72:3b:c0:7d:c9:ed:eb:
                    3f:30:3e:95:bf:41:ef:c2:36:e9:d0:49:0c:d0:b5:
                    ea:0f:48:0c:72:ae:ab:ca:09:d5:b1:6e:fa:8b:78:
                    3e:fe:85:49:84:04:9a:08:e2:fd:eb:65:d5:b2:32:
                    82:9e:2a:b5:ee:0d:7c:c5:d3:eb:5e:af:af:6d:ae:
                    3f:4a:3d:24:1e:54:70:b7:64:fb:09:c8:10:0c:07:
                    28:fd:68:e5:f4:7b:5c:30:6d:c1:7d:2b:e1:23:b1:
                    3b:c2:55:ad:53:64:cd:df:3a:0e:f1:21:11:cd:4b:
                    44:b9:e5:6a:b5:14:ef:22:ba:1e:a5:22:fb:89:63:
                    54:e5:9f:6a:4f:fa:7e:cb:92:08:81:d5:58:00:1a:
                    6e:68:7d:b2:73:8b:cd:e9:8e:ff:62:a0:29:9c:56:
                    74:9f:5a:a3:37:ed:a4:e6:c9:d7:45:3d:c7:bd:85:
                    25:1c:05:12:06:23:1f:fb:6b:be:89:9c:9c:14:cd:
                    95:e6:5b:d7:03:c0:91:b9:6d:7f:13:f4:8a:f1:07:
                    cf:17:a3:75:7f:61:65:56:fd:1f:7a:83:97:dd:6c:
                    1a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C7:C1:67:FD:EE:FC:40:75:4E:15:64:DD:77:09:43:40:52:04:67
            X509v3 Authority Key Identifier:
                keyid:5E:7F:D9:58:6F:9C:CB:0F:B4:48:7B:20:8C:DF:46:75:E5:BB:F3:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xn_ZWG-cyw-0SHsgjN9GdeW78zA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/15e53d-70b0-4268-9124-4b01d63e795c/1/acfBZ_3u_EB1ThVk3XcJQ0BSBGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/15e53d-70b0-4268-9124-4b01d63e795c/1/Xn_ZWG-cyw-0SHsgjN9GdeW78zA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.232.0/22
                  212.166.0.0/18
                IPv6:
                  2a01:5a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:c8:92:d2:b0:8f:ac:71:d6:b7:81:77:ab:d6:c4:94:70:0e:
         25:d8:a4:b9:08:25:50:76:f0:77:87:25:b7:31:07:97:d9:9f:
         34:db:85:ba:fd:b4:29:0d:91:04:50:3a:63:e4:77:d6:b0:6d:
         53:61:31:65:6e:7e:b2:85:97:a3:ec:48:93:10:0e:3e:b9:64:
         e7:de:2b:b9:51:58:df:9d:6f:20:25:5e:9d:c3:2b:87:0a:6c:
         40:c4:e1:5b:f0:a0:be:c0:11:fe:b1:a9:15:7e:38:c4:48:cd:
         e4:5c:e9:00:c3:30:8c:3f:eb:21:96:51:47:0e:5a:47:0f:61:
         ba:a6:f4:2c:c3:3b:eb:00:3b:d1:7e:22:a0:8b:19:22:24:eb:
         d1:4c:98:dc:5e:27:ca:a9:de:0f:5d:da:02:7c:7d:dd:62:96:
         cc:1e:85:88:d3:82:1e:16:54:17:d6:73:9c:32:1a:1e:7f:13:
         75:ce:45:d3:88:15:61:32:0e:cb:c1:c0:e1:48:99:d4:0d:00:
         55:4e:7e:2e:be:bb:05:6d:ab:14:df:aa:ff:31:54:ef:8b:50:
         55:f3:30:29:dd:47:ee:0e:60:05:a6:69:3f:b0:5e:73:70:57:
         0b:9c:b1:c8:89:26:e7:54:0d:24:f8:f2:b6:10:ae:d8:03:6a:
         1f:63:5e:9a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlVTxM6WZdOJSCC5dDCWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlN2ZkOTU4NmY5Y2NiMGZiNDQ4N2IyMDhjZGY0Njc1ZTVi
YmYzMzAwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM3YzE2N2ZkZWVmYzQwNzU0ZTE1NjRkZDc3MDk0MzQwNTIwNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGJ4WQEaS8mjlCjbnJA800IHTTIv
hJtjSEMPwqH7IwtgsFGmBHI7wH3J7es/MD6Vv0Hvwjbp0EkM0LXqD0gMcq6rygnV
sW76i3g+/oVJhASaCOL962XVsjKCniq17g18xdPrXq+vba4/Sj0kHlRwt2T7CcgQ
DAco/Wjl9HtcMG3BfSvhI7E7wlWtU2TN3zoO8SERzUtEueVqtRTvIroepSL7iWNU
5Z9qT/p+y5IIgdVYABpuaH2yc4vN6Y7/YqApnFZ0n1qjN+2k5snXRT3HvYUlHAUS
BiMf+2u+iZycFM2V5lvXA8CRuW1/E/SK8QfPF6N1f2FlVv0feoOX3WwaywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGnHwWf97vxAdU4VZN13CUNAUgRnMB8GA1UdIwQY
MBaAFF5/2VhvnMsPtEh7IIzfRnXlu/MwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG5fWldHLWN5dy0wU0hzZ2pOOUdkZVc3OHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8xNWU1M2QtNzBiMC00MjY4LTkxMjQt
NGIwMWQ2M2U3OTVjLzEvYWNmQlpfM3VfRUIxVGhWazNYY0pRMEJTQkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8xNWU1M2QtNzBiMC00MjY4LTkxMjQtNGIwMWQ2M2U3OTVj
LzEvWG5fWldHLWN5dy0wU0hzZ2pOOUdkZVc3OHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuc3oAwQG
1KYAMA0EAgACMAcDBQAqAVoAMA0GCSqGSIb3DQEBCwUAA4IBAQCqyJLSsI+scda3
gXer1sSUcA4l2KS5CCVQdvB3hyW3MQeX2Z8024W6/bQpDZEEUDpj5HfWsG1TYTFl
bn6yhZej7EiTEA4+uWTn3iu5UVjfnW8gJV6dwyuHCmxAxOFb8KC+wBH+sakVfjjE
SM3kXOkAwzCMP+shllFHDlpHD2G6pvQswzvrADvRfiKgixkiJOvRTJjcXifKqd4P
XdoCfH3dYpbMHoWI04IeFlQX1nOcMhoefxN1zkXTiBVhMg7LwcDhSJnUDQBVTn4u
vrsFbasU36r/MVTvi1BV8zAp3UfuDmAFpmk/sF5zcFcLnLHIiSbnVA0k+PK2EK7Y
A2ofY16a
-----END CERTIFICATE-----