Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/DOoBOLh68tL2yDoT20vD5zDwXoA.roa
File:                     DOoBOLh68tL2yDoT20vD5zDwXoA.roa (raw, json)
Hash identifier:          NXYsXc4E2fhe0PKpGyMFjJmvWJfftvvqg8yWpvOiBYQ=
Subject key identifier:   0C:EA:01:38:B8:7A:F2:D2:F6:C8:3A:13:DB:4B:C3:E7:30:F0:5E:80
Certificate issuer:       /CN=849d5c1ca865b04b6f2b3ccd9016e92ddad99aab
Certificate serial:       018CC9BBC3EF39FD199028A55085F07DE67D
Authority key identifier: 84:9D:5C:1C:A8:65:B0:4B:6F:2B:3C:CD:90:16:E9:2D:DA:D9:9A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/DOoBOLh68tL2yDoT20vD5zDwXoA.roa
Signing time:             Tue 02 Jan 2024 10:32:54 +0000
ROA not before:           Tue 02 Jan 2024 10:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        185.110.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c3:ef:39:fd:19:90:28:a5:50:85:f0:7d:e6:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=849d5c1ca865b04b6f2b3ccd9016e92ddad99aab
        Validity
            Not Before: Jan  2 10:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cea0138b87af2d2f6c83a13db4bc3e730f05e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4e:81:78:25:2d:71:a3:1c:d5:f6:b5:c2:93:
                    52:21:be:a0:88:e8:08:ed:5a:0a:2f:34:cb:b9:62:
                    f4:a2:99:12:cf:48:88:dd:9e:ad:bd:80:60:5e:c1:
                    b8:36:a2:d8:b9:4b:f2:82:b3:24:84:9c:26:d6:6f:
                    c5:bc:3a:a4:07:7a:42:ac:f3:4f:a2:ba:0e:ab:5d:
                    54:fb:5d:6c:a3:b7:b0:e4:d5:a5:fb:40:5d:9a:72:
                    a1:cd:aa:de:6e:ad:f8:28:3b:bf:36:90:55:cd:4a:
                    d6:c2:27:f7:db:1f:fe:1f:86:b4:1a:a6:40:fe:30:
                    fb:80:75:1c:0f:93:28:ca:10:49:d8:3b:88:4c:e5:
                    1e:a7:fb:fb:42:f8:ef:e0:c6:fb:ce:b5:82:74:8c:
                    07:07:10:ce:05:35:b2:12:14:c7:6c:c7:6f:8d:d7:
                    fd:1e:17:7c:9c:d0:13:55:c0:0c:90:37:50:fd:18:
                    87:ff:a3:ea:9d:72:4a:8f:9e:3f:01:39:ba:dc:2a:
                    68:51:44:eb:32:22:ce:11:da:85:0a:12:1c:18:2d:
                    71:35:10:f4:dd:48:36:0c:8d:4d:f2:ff:6e:d6:84:
                    aa:7b:90:1d:27:95:a7:0e:b4:35:be:88:78:c3:be:
                    68:85:21:fd:aa:e0:ef:d8:91:15:4f:5f:22:24:6d:
                    02:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:EA:01:38:B8:7A:F2:D2:F6:C8:3A:13:DB:4B:C3:E7:30:F0:5E:80
            X509v3 Authority Key Identifier:
                keyid:84:9D:5C:1C:A8:65:B0:4B:6F:2B:3C:CD:90:16:E9:2D:DA:D9:9A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/DOoBOLh68tL2yDoT20vD5zDwXoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c418b-ec7d-46d2-99d5-dde0d12735c6/1/hJ1cHKhlsEtvKzzNkBbpLdrZmqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:0e:70:f0:ef:60:d9:f0:27:0f:ae:9f:f5:40:47:f4:6e:39:
         f0:9c:81:b0:69:f0:ba:11:71:33:52:d0:89:f0:22:51:68:c5:
         bb:97:2c:f8:8c:aa:b7:71:2f:c9:1b:a5:ae:f0:92:3a:60:3a:
         9d:28:f8:ac:3d:c3:01:47:95:f4:7f:1e:a3:f6:b0:f0:f4:17:
         24:18:9a:77:07:ab:1f:ba:b7:ac:1c:a2:78:c1:40:d2:bc:50:
         fa:39:50:ae:60:f6:4c:fc:5c:ad:7e:fa:a5:b2:62:c7:68:ed:
         9e:9e:2b:8c:81:44:8e:23:bb:8b:b9:42:fd:37:87:85:d5:87:
         0a:ad:53:05:81:e9:90:ae:3e:17:1f:5c:a8:c1:8f:39:ed:14:
         03:cf:99:f7:49:eb:f2:c5:bf:46:d3:77:e2:f2:aa:ae:62:00:
         5a:cb:3f:c0:e3:db:b8:ce:02:a4:1f:41:e7:cc:38:54:64:86:
         e1:dd:1e:0d:08:36:14:99:40:ea:29:84:ec:d4:3a:10:47:f9:
         88:56:92:50:17:ca:c6:70:ec:bf:6f:6a:c7:e3:a6:49:7c:11:
         09:56:be:10:82:3e:b1:49:3c:88:fa:db:18:2d:b3:f8:11:ae:
         62:5c:82:bd:25:c5:b3:95:1d:cb:4e:d3:e5:7f:29:94:13:b7:
         99:a7:02:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8PvOf0ZkCilUIXwfeZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OWQ1YzFjYTg2NWIwNGI2ZjJiM2NjZDkwMTZlOTJkZGFk
OTlhYWIwHhcNMjQwMTAyMTAzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2VhMDEzOGI4N2FmMmQyZjZjODNhMTNkYjRiYzNlNzMwZjA1ZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnU6BeCUtcaMc1fa1wpNSIb6giOgI
7VoKLzTLuWL0opkSz0iI3Z6tvYBgXsG4NqLYuUvygrMkhJwm1m/FvDqkB3pCrPNP
oroOq11U+11so7ew5NWl+0BdmnKhzarebq34KDu/NpBVzUrWwif32x/+H4a0GqZA
/jD7gHUcD5MoyhBJ2DuITOUep/v7Qvjv4Mb7zrWCdIwHBxDOBTWyEhTHbMdvjdf9
Hhd8nNATVcAMkDdQ/RiH/6PqnXJKj54/ATm63CpoUUTrMiLOEdqFChIcGC1xNRD0
3Ug2DI1N8v9u1oSqe5AdJ5WnDrQ1voh4w75ohSH9quDv2JEVT18iJG0CuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzqATi4evLS9sg6E9tLw+cw8F6AMB8GA1UdIwQY
MBaAFISdXByoZbBLbys8zZAW6S3a2ZqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEoxY0hLaGxzRXR2S3p6TmtCYnBMZHJabXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzQxOGItZWM3ZC00NmQyLTk5ZDUt
ZGRlMGQxMjczNWM2LzEvRE9vQk9MaDY4dEwyeURvVDIwdkQ1ekR3WG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzQxOGItZWM3ZC00NmQyLTk5ZDUtZGRlMGQxMjczNWM2
LzEvaEoxY0hLaGxzRXR2S3p6TmtCYnBMZHJabXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW7EMA0G
CSqGSIb3DQEBCwUAA4IBAQCZDnDw72DZ8CcPrp/1QEf0bjnwnIGwafC6EXEzUtCJ
8CJRaMW7lyz4jKq3cS/JG6Wu8JI6YDqdKPisPcMBR5X0fx6j9rDw9BckGJp3B6sf
uresHKJ4wUDSvFD6OVCuYPZM/FytfvqlsmLHaO2eniuMgUSOI7uLuUL9N4eF1YcK
rVMFgemQrj4XH1yowY857RQDz5n3Sevyxb9G03fi8qquYgBayz/A49u4zgKkH0Hn
zDhUZIbh3R4NCDYUmUDqKYTs1DoQR/mIVpJQF8rGcOy/b2rH46ZJfBEJVr4Qgj6x
STyI+tsYLbP4Ea5iXIK9JcWzlR3LTtPlfymUE7eZpwLJ
-----END CERTIFICATE-----