Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/7c3c40-87a1-482b-97f3-37d2b032ba57/1/bzW57DHdCMYHNZc1IXb9Q69kNUE.roa
File:                     bzW57DHdCMYHNZc1IXb9Q69kNUE.roa (raw, json)
Hash identifier:          g6DA6KThpYafDfhemxL7z1P6chS0oMYVamGTzS2+ujM=
Subject key identifier:   6F:35:B9:EC:31:DD:08:C6:07:35:97:35:21:76:FD:43:AF:64:35:41
Certificate issuer:       /CN=5c02f981bee79521a304b68f667feaed81ea3ff6
Certificate serial:       018CC8DE1EC65B5DBFFCAD92E9B5FFBFB0D0
Authority key identifier: 5C:02:F9:81:BE:E7:95:21:A3:04:B6:8F:66:7F:EA:ED:81:EA:3F:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XAL5gb7nlSGjBLaPZn_q7YHqP_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/7c3c40-87a1-482b-97f3-37d2b032ba57/1/bzW57DHdCMYHNZc1IXb9Q69kNUE.roa
Signing time:             Tue 02 Jan 2024 06:30:49 +0000
ROA not before:           Tue 02 Jan 2024 06:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211084
IP address blocks:        185.201.255.0/24 maxlen: 24
                          2a11:7c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/7c3c40-87a1-482b-97f3-37d2b032ba57/1/XAL5gb7nlSGjBLaPZn_q7YHqP_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/7c3c40-87a1-482b-97f3-37d2b032ba57/1/XAL5gb7nlSGjBLaPZn_q7YHqP_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XAL5gb7nlSGjBLaPZn_q7YHqP_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:1e:c6:5b:5d:bf:fc:ad:92:e9:b5:ff:bf:b0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c02f981bee79521a304b68f667feaed81ea3ff6
        Validity
            Not Before: Jan  2 06:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f35b9ec31dd08c6073597352176fd43af643541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3b:34:da:43:50:de:84:2e:7a:3f:f3:e2:ef:
                    9b:76:da:45:70:7f:0f:0d:df:32:d3:25:8e:2e:8e:
                    3a:1e:3b:b3:7e:f2:aa:15:8e:54:af:d4:32:6d:e0:
                    3b:c5:45:58:e3:bd:97:ab:83:f9:1c:80:c7:9c:af:
                    a6:ba:ea:28:77:7b:05:b5:08:49:76:2e:40:10:e5:
                    5e:6d:8d:c7:b4:05:2f:76:03:04:91:b4:e1:bb:c5:
                    52:a5:c6:49:57:d3:d1:97:3b:d8:d9:68:f5:00:11:
                    29:94:13:55:14:28:eb:b1:3e:ba:bd:ae:f9:1b:7b:
                    63:8f:39:f5:37:0c:14:0d:fd:c7:02:06:95:f8:97:
                    37:3f:9a:be:94:7d:a6:41:2a:02:1e:00:84:a1:07:
                    6a:0a:c1:ed:d4:85:4b:b7:70:91:0d:03:c5:5b:f8:
                    38:63:91:29:83:7d:c5:91:59:45:4e:a9:6b:6d:c6:
                    f0:9c:0c:58:7d:58:28:ca:00:3c:e1:13:30:6b:3f:
                    4c:bd:71:9c:6e:0f:cb:2b:f9:bd:75:dd:49:bc:a2:
                    d2:a8:5b:5a:9c:c8:38:43:8f:43:52:5b:26:01:77:
                    99:15:34:1d:3c:d9:1a:40:87:70:62:93:be:5d:c1:
                    64:a4:b9:5b:65:15:43:9e:84:ab:16:41:db:27:70:
                    53:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:35:B9:EC:31:DD:08:C6:07:35:97:35:21:76:FD:43:AF:64:35:41
            X509v3 Authority Key Identifier:
                keyid:5C:02:F9:81:BE:E7:95:21:A3:04:B6:8F:66:7F:EA:ED:81:EA:3F:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XAL5gb7nlSGjBLaPZn_q7YHqP_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7c3c40-87a1-482b-97f3-37d2b032ba57/1/bzW57DHdCMYHNZc1IXb9Q69kNUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7c3c40-87a1-482b-97f3-37d2b032ba57/1/XAL5gb7nlSGjBLaPZn_q7YHqP_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.255.0/24
                IPv6:
                  2a11:7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:f6:f6:c4:92:dc:22:7b:ed:04:f4:a9:73:46:a9:f7:2f:0c:
         4d:6b:0d:00:75:7a:09:a6:67:d6:d4:78:8d:bf:71:a8:99:10:
         83:09:91:0b:13:3f:e8:4b:55:b7:16:74:f6:18:e6:14:44:80:
         b0:3a:23:92:de:65:a8:e7:17:2e:6e:c1:cd:97:11:20:5b:f6:
         88:df:bc:80:db:96:d4:2d:10:10:b9:0e:45:02:c7:f8:d3:1c:
         57:b4:d1:0b:74:b5:6c:91:0f:e1:f3:f2:38:45:e0:9c:11:7b:
         2a:c4:db:60:9c:56:9e:19:34:69:c2:f7:c2:9b:9e:50:5e:15:
         b6:1c:c9:74:6b:34:df:2c:8d:4d:99:aa:05:77:f8:6c:10:8e:
         e5:ff:8e:d9:18:9f:2e:d1:09:e6:b1:bb:4d:b3:54:a9:8a:48:
         a4:c8:23:34:a5:1b:c2:5a:4c:87:b3:01:ee:5a:c0:a0:d3:19:
         1c:78:31:f9:c8:24:ee:76:f5:e3:c6:b4:25:e6:4a:5e:06:3d:
         5d:09:be:15:24:f8:53:22:f5:81:a8:47:f2:6f:14:f8:bc:58:
         5a:e8:40:c1:da:79:ff:07:25:f0:89:94:40:f7:8a:2b:fa:67:
         79:4c:45:e9:60:c4:34:28:1e:ed:35:9b:8e:9c:3b:b4:55:16:
         04:ab:b1:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3h7GW12//K2S6bX/v7DQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMDJmOTgxYmVlNzk1MjFhMzA0YjY4ZjY2N2ZlYWVkODFl
YTNmZjYwHhcNMjQwMTAyMDYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjM1YjllYzMxZGQwOGM2MDczNTk3MzUyMTc2ZmQ0M2FmNjQzNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zs02kNQ3oQuej/z4u+bdtpFcH8P
Dd8y0yWOLo46HjuzfvKqFY5Ur9QybeA7xUVY472Xq4P5HIDHnK+muuood3sFtQhJ
di5AEOVebY3HtAUvdgMEkbThu8VSpcZJV9PRlzvY2Wj1ABEplBNVFCjrsT66va75
G3tjjzn1NwwUDf3HAgaV+Jc3P5q+lH2mQSoCHgCEoQdqCsHt1IVLt3CRDQPFW/g4
Y5Epg33FkVlFTqlrbcbwnAxYfVgoygA84RMwaz9MvXGcbg/LK/m9dd1JvKLSqFta
nMg4Q49DUlsmAXeZFTQdPNkaQIdwYpO+XcFkpLlbZRVDnoSrFkHbJ3BTsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG81uewx3QjGBzWXNSF2/UOvZDVBMB8GA1UdIwQY
MBaAFFwC+YG+55UhowS2j2Z/6u2B6j/2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEFMNWdiN25sU0dqQkxhUFpuX3E3WUhxUF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi83YzNjNDAtODdhMS00ODJiLTk3ZjMt
MzdkMmIwMzJiYTU3LzEvYnpXNTdESGRDTVlITlpjMUlYYjlRNjlrTlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi83YzNjNDAtODdhMS00ODJiLTk3ZjMtMzdkMmIwMzJiYTU3
LzEvWEFMNWdiN25sU0dqQkxhUFpuX3E3WUhxUF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucn/MA0E
AgACMAcDBQMqEQfAMA0GCSqGSIb3DQEBCwUAA4IBAQBp9vbEktwie+0E9KlzRqn3
LwxNaw0AdXoJpmfW1HiNv3GomRCDCZELEz/oS1W3FnT2GOYURICwOiOS3mWo5xcu
bsHNlxEgW/aI37yA25bULRAQuQ5FAsf40xxXtNELdLVskQ/h8/I4ReCcEXsqxNtg
nFaeGTRpwvfCm55QXhW2HMl0azTfLI1NmaoFd/hsEI7l/47ZGJ8u0QnmsbtNs1Sp
ikikyCM0pRvCWkyHswHuWsCg0xkceDH5yCTudvXjxrQl5kpeBj1dCb4VJPhTIvWB
qEfybxT4vFha6EDB2nn/ByXwiZRA94or+md5TEXpYMQ0KB7tNZuOnDu0VRYEq7Fx
-----END CERTIFICATE-----