Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a2cfb0-0e68-4e47-8881-b8c9a2a9da46/1/T_Tu6KY40dBrqR0_mCRthTcTMBk.roa
File:                     T_Tu6KY40dBrqR0_mCRthTcTMBk.roa (raw, json)
Hash identifier:          q7/RuNyibOD07nXTT3lC1j4xnzg46C08AoS1caAYeGw=
Subject key identifier:   4F:F4:EE:E8:A6:38:D1:D0:6B:A9:1D:3F:98:24:6D:85:37:13:30:19
Certificate issuer:       /CN=c85f510c72ce0b79c2899b35845ffe3670693f05
Certificate serial:       018CC7273D57CB72B32710EE21A419117863
Authority key identifier: C8:5F:51:0C:72:CE:0B:79:C2:89:9B:35:84:5F:FE:36:70:69:3F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yF9RDHLOC3nCiZs1hF_-NnBpPwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a2cfb0-0e68-4e47-8881-b8c9a2a9da46/1/T_Tu6KY40dBrqR0_mCRthTcTMBk.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35681
IP address blocks:        185.160.69.0/24 maxlen: 24
                          185.160.70.0/24 maxlen: 24
                          185.160.71.0/24 maxlen: 24
                          185.160.68.0/22 maxlen: 22
                          185.160.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a2cfb0-0e68-4e47-8881-b8c9a2a9da46/1/yF9RDHLOC3nCiZs1hF_-NnBpPwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a2cfb0-0e68-4e47-8881-b8c9a2a9da46/1/yF9RDHLOC3nCiZs1hF_-NnBpPwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yF9RDHLOC3nCiZs1hF_-NnBpPwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3d:57:cb:72:b3:27:10:ee:21:a4:19:11:78:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c85f510c72ce0b79c2899b35845ffe3670693f05
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ff4eee8a638d1d06ba91d3f98246d8537133019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f4:4c:17:66:93:85:5d:88:7a:47:ef:21:07:
                    71:df:c7:a3:57:f0:a3:ec:dc:27:15:a6:b9:0a:68:
                    88:54:5d:76:b8:d5:98:30:7b:38:b7:43:7e:13:6a:
                    7a:d3:67:45:99:ac:d2:9f:ed:e2:79:34:ec:bd:ff:
                    93:20:6d:13:22:b7:90:84:48:da:c0:bc:fd:f8:a9:
                    22:b4:58:e0:88:fa:f4:b6:20:3c:60:3e:9f:de:91:
                    2f:bf:a5:4e:de:01:13:23:66:a6:72:7d:03:bb:fa:
                    be:31:3a:5c:d7:c7:88:43:06:95:9c:6e:ec:d5:85:
                    62:a0:37:76:7d:9f:b7:f4:ea:ef:9d:a8:0d:94:4d:
                    34:28:f0:88:4f:95:7d:c1:ae:75:2a:26:8c:b1:60:
                    96:71:aa:a8:a7:26:63:9e:ec:3f:02:bd:72:d9:13:
                    b1:f8:d2:09:5f:4b:5d:82:0c:c3:c3:b8:76:5b:f8:
                    1c:f4:a5:59:bf:45:ae:bb:9d:98:ea:0c:26:3e:e7:
                    ee:48:e5:2f:a4:22:2c:65:68:b3:90:0b:ec:16:42:
                    fa:4b:c1:1f:7e:18:46:8c:31:37:c1:cd:18:f2:89:
                    4d:7e:42:15:c5:fc:f7:85:2a:d4:5a:02:6a:d8:a1:
                    fe:88:3c:7e:81:ba:5a:c1:1f:0e:97:42:18:87:e6:
                    4f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F4:EE:E8:A6:38:D1:D0:6B:A9:1D:3F:98:24:6D:85:37:13:30:19
            X509v3 Authority Key Identifier:
                keyid:C8:5F:51:0C:72:CE:0B:79:C2:89:9B:35:84:5F:FE:36:70:69:3F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yF9RDHLOC3nCiZs1hF_-NnBpPwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a2cfb0-0e68-4e47-8881-b8c9a2a9da46/1/T_Tu6KY40dBrqR0_mCRthTcTMBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a2cfb0-0e68-4e47-8881-b8c9a2a9da46/1/yF9RDHLOC3nCiZs1hF_-NnBpPwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:fe:02:86:3e:29:7f:e3:83:9c:44:1e:c2:94:62:0f:dc:c6:
         37:15:a7:34:19:60:bb:f9:5c:45:3e:27:80:f7:5f:7b:f8:a7:
         b1:96:40:ca:23:27:91:2a:91:fb:1f:61:63:d2:c1:ec:cb:15:
         37:eb:57:c9:5d:ca:50:30:40:24:fd:1c:3b:c1:cf:b9:3d:10:
         aa:ca:7d:d0:0b:24:19:da:b8:14:f2:a4:b9:25:73:77:cc:e6:
         ea:16:d7:10:82:1a:0d:d0:ba:7c:1d:77:50:6b:e4:b7:b9:80:
         4c:30:c0:fb:9c:8b:5e:18:98:c1:76:e0:3d:2b:81:d6:5f:4a:
         f6:0f:b4:bb:bb:6b:dd:5f:73:ef:ba:99:66:99:30:10:e1:94:
         b5:d9:fa:8b:ca:da:30:fa:44:5e:f1:02:65:12:44:79:f0:db:
         10:2c:aa:bc:c4:83:1f:9a:30:23:b8:72:4d:07:01:e5:64:ed:
         e9:c7:9b:bd:20:f0:48:5f:d6:4b:26:49:5a:04:14:e9:96:91:
         66:61:98:ef:1c:61:7f:b0:49:76:ad:8b:8f:76:3b:5c:9f:34:
         78:d2:27:5a:93:50:c5:fd:17:ba:29:f2:3d:b3:7b:7e:fc:6a:
         ca:da:82:7f:29:19:e5:31:76:80:1a:7f:c0:f4:92:fe:46:80:
         c7:89:27:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJz1Xy3KzJxDuIaQZEXhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NWY1MTBjNzJjZTBiNzljMjg5OWIzNTg0NWZmZTM2NzA2
OTNmMDUwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmY0ZWVlOGE2MzhkMWQwNmJhOTFkM2Y5ODI0NmQ4NTM3MTMzMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPRMF2aThV2IekfvIQdx38ejV/Cj
7NwnFaa5CmiIVF12uNWYMHs4t0N+E2p602dFmazSn+3ieTTsvf+TIG0TIreQhEja
wLz9+KkitFjgiPr0tiA8YD6f3pEvv6VO3gETI2amcn0Du/q+MTpc18eIQwaVnG7s
1YVioDd2fZ+39OrvnagNlE00KPCIT5V9wa51KiaMsWCWcaqopyZjnuw/Ar1y2ROx
+NIJX0tdggzDw7h2W/gc9KVZv0Wuu52Y6gwmPufuSOUvpCIsZWizkAvsFkL6S8Ef
fhhGjDE3wc0Y8olNfkIVxfz3hSrUWgJq2KH+iDx+gbpawR8Ol0IYh+ZPmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/07uimONHQa6kdP5gkbYU3EzAZMB8GA1UdIwQY
MBaAFMhfUQxyzgt5wombNYRf/jZwaT8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUY5UkRITE9DM25DaVpzMWhGXy1ObkJwUHdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hMmNmYjAtMGU2OC00ZTQ3LTg4ODEt
YjhjOWEyYTlkYTQ2LzEvVF9UdTZLWTQwZEJycVIwX21DUnRoVGNUTUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hMmNmYjAtMGU2OC00ZTQ3LTg4ODEtYjhjOWEyYTlkYTQ2
LzEveUY5UkRITE9DM25DaVpzMWhGXy1ObkJwUHdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaBEMA0G
CSqGSIb3DQEBCwUAA4IBAQAI/gKGPil/44OcRB7ClGIP3MY3Fac0GWC7+VxFPieA
9197+KexlkDKIyeRKpH7H2Fj0sHsyxU361fJXcpQMEAk/Rw7wc+5PRCqyn3QCyQZ
2rgU8qS5JXN3zObqFtcQghoN0Lp8HXdQa+S3uYBMMMD7nIteGJjBduA9K4HWX0r2
D7S7u2vdX3PvuplmmTAQ4ZS12fqLytow+kRe8QJlEkR58NsQLKq8xIMfmjAjuHJN
BwHlZO3px5u9IPBIX9ZLJklaBBTplpFmYZjvHGF/sEl2rYuPdjtcnzR40idak1DF
/Re6KfI9s3t+/GrK2oJ/KRnlMXaAGn/A9JL+RoDHiScw
-----END CERTIFICATE-----