Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/XvYEymfLHUwNH0iBPmqE88uvmiQ.roa
File:                     XvYEymfLHUwNH0iBPmqE88uvmiQ.roa (raw, json)
Hash identifier:          y7RaL/I5pjFYhTCvSQ4B2HtjXTXwxD1wl5O0X1kgShk=
Subject key identifier:   5E:F6:04:CA:67:CB:1D:4C:0D:1F:48:81:3E:6A:84:F3:CB:AF:9A:24
Certificate issuer:       /CN=baf79127ee34a3aee9079c8e9799c40f0dc8dca2
Certificate serial:       018CC26D10670915FB29704676F3E7E142B5
Authority key identifier: BA:F7:91:27:EE:34:A3:AE:E9:07:9C:8E:97:99:C4:0F:0D:C8:DC:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/XvYEymfLHUwNH0iBPmqE88uvmiQ.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30873
IP address blocks:        185.71.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:67:09:15:fb:29:70:46:76:f3:e7:e1:42:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baf79127ee34a3aee9079c8e9799c40f0dc8dca2
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ef604ca67cb1d4c0d1f48813e6a84f3cbaf9a24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:93:71:0e:fa:48:21:31:d8:f6:dc:9f:7e:c6:
                    1c:d6:17:54:72:5c:46:68:b5:3b:a9:1f:28:ad:80:
                    b5:5c:69:c6:be:2e:3c:79:72:4d:4f:9c:ea:6c:91:
                    9f:a0:c8:00:7e:9a:cd:cd:09:55:26:c3:2b:80:76:
                    f1:27:7b:06:ef:20:8e:ca:31:4f:d9:99:db:ac:08:
                    54:55:72:53:a2:a6:e9:51:1d:3e:be:57:53:1f:64:
                    68:46:1d:43:ef:b2:cf:5e:73:35:f7:88:1b:df:e1:
                    34:46:1b:83:c5:1c:24:c9:b7:90:9a:7a:0a:d6:13:
                    19:94:bc:50:bc:53:02:8f:47:d5:18:39:1e:67:0b:
                    a5:17:bb:6e:f7:cf:3f:13:ca:1d:b9:47:c5:25:28:
                    bb:3e:07:02:19:61:c0:d0:b1:78:92:e7:19:a8:29:
                    50:05:56:fc:b3:c4:62:55:a3:b4:69:da:89:3e:29:
                    8a:2b:8a:f7:c6:28:cd:73:1f:9a:e6:d4:0d:9c:a4:
                    82:22:af:43:30:96:29:e9:6c:6f:ea:63:0c:56:69:
                    ff:ed:97:33:31:b1:16:55:99:60:0a:d4:4d:25:9a:
                    d9:db:fd:ec:18:51:cf:44:6e:65:6c:84:1b:08:f2:
                    c3:f4:64:80:bc:da:ac:dc:48:95:fb:15:46:83:e3:
                    ae:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F6:04:CA:67:CB:1D:4C:0D:1F:48:81:3E:6A:84:F3:CB:AF:9A:24
            X509v3 Authority Key Identifier:
                keyid:BA:F7:91:27:EE:34:A3:AE:E9:07:9C:8E:97:99:C4:0F:0D:C8:DC:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/XvYEymfLHUwNH0iBPmqE88uvmiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:95:81:75:f5:b7:02:b9:55:7b:38:8c:b6:c0:e7:3f:83:bb:
         bf:76:4c:d0:e1:75:87:84:42:2f:9e:e9:5b:d1:84:b8:f2:0b:
         18:3e:25:78:7a:09:c7:11:53:56:8e:b2:6d:d9:ad:64:32:d3:
         51:29:e8:73:f3:2c:ae:6d:1e:fa:30:c8:ff:41:b9:51:e8:ee:
         0b:ff:8a:2b:c9:fc:2b:4e:b9:e7:44:30:31:c5:57:d1:6e:21:
         c1:26:0d:b8:f1:ca:53:84:19:7c:0b:8e:0a:76:9d:55:7c:6f:
         68:b9:2e:01:72:50:57:16:cf:d8:98:5a:86:da:1a:d2:66:9b:
         fe:79:f5:b2:f4:2f:4a:78:eb:d7:b5:bc:b1:00:f8:0a:fa:b9:
         af:53:72:f8:f2:fd:bb:c7:0a:54:5a:11:40:85:1f:15:22:aa:
         b2:01:0f:b7:c9:59:64:9c:ab:bc:eb:4c:fc:40:56:25:8a:77:
         c2:69:5b:77:b6:22:31:ad:90:9d:ef:f2:1c:ef:f3:cf:32:9f:
         18:bf:f2:9b:cd:19:0b:18:5a:60:26:04:f0:b4:45:a6:4e:47:
         ac:47:3d:60:0f:45:81:f2:16:e0:03:ba:95:89:d0:42:2c:7a:
         c7:89:76:e5:80:5f:c7:39:d1:22:96:96:95:88:b1:da:d2:ab:
         a3:07:74:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRBnCRX7KXBGdvPn4UK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZjc5MTI3ZWUzNGEzYWVlOTA3OWM4ZTk3OTljNDBmMGRj
OGRjYTIwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWY2MDRjYTY3Y2IxZDRjMGQxZjQ4ODEzZTZhODRmM2NiYWY5YTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5NxDvpIITHY9tyffsYc1hdUclxG
aLU7qR8orYC1XGnGvi48eXJNT5zqbJGfoMgAfprNzQlVJsMrgHbxJ3sG7yCOyjFP
2ZnbrAhUVXJToqbpUR0+vldTH2RoRh1D77LPXnM194gb3+E0RhuDxRwkybeQmnoK
1hMZlLxQvFMCj0fVGDkeZwulF7tu988/E8oduUfFJSi7PgcCGWHA0LF4kucZqClQ
BVb8s8RiVaO0adqJPimKK4r3xijNcx+a5tQNnKSCIq9DMJYp6Wxv6mMMVmn/7Zcz
MbEWVZlgCtRNJZrZ2/3sGFHPRG5lbIQbCPLD9GSAvNqs3EiV+xVGg+Ou/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF72BMpnyx1MDR9IgT5qhPPLr5okMB8GA1UdIwQY
MBaAFLr3kSfuNKOu6QecjpeZxA8NyNyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXZlUkotNDBvNjdwQjV5T2w1bkVEdzNJM0tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNWZjMTEtNzJiNC00ZjlkLWFhNDUt
YTJhNWE4ZDk5ZGI4LzEvWHZZRXltZkxIVXdOSDBpQlBtcUU4OHV2bWlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNWZjMTEtNzJiNC00ZjlkLWFhNDUtYTJhNWE4ZDk5ZGI4
LzEvdXZlUkotNDBvNjdwQjV5T2w1bkVEdzNJM0tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUeEMA0G
CSqGSIb3DQEBCwUAA4IBAQAQlYF19bcCuVV7OIy2wOc/g7u/dkzQ4XWHhEIvnulb
0YS48gsYPiV4egnHEVNWjrJt2a1kMtNRKehz8yyubR76MMj/QblR6O4L/4oryfwr
TrnnRDAxxVfRbiHBJg248cpThBl8C44Kdp1VfG9ouS4BclBXFs/YmFqG2hrSZpv+
efWy9C9KeOvXtbyxAPgK+rmvU3L48v27xwpUWhFAhR8VIqqyAQ+3yVlknKu860z8
QFYlinfCaVt3tiIxrZCd7/Ic7/PPMp8Yv/KbzRkLGFpgJgTwtEWmTkesRz1gD0WB
8hbgA7qVidBCLHrHiXblgF/HOdEilpaViLHa0qujB3R7
-----END CERTIFICATE-----