Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4c8eac-bdcb-4f0d-b2d8-ea41832ad172/1/EwLczmRRDxAQrwdk3Htm78gh8vs.roa
File:                     EwLczmRRDxAQrwdk3Htm78gh8vs.roa (raw, json)
Hash identifier:          SX5dbAWldfZnS6nEDYbEV6FOJKOgnjpCym5scqet1Ro=
Subject key identifier:   13:02:DC:CE:64:51:0F:10:10:AF:07:64:DC:7B:66:EF:C8:21:F2:FB
Certificate issuer:       /CN=656b53255e6c8fb76fac1ccb848fee45600b55f7
Certificate serial:       018CC5DC1CFB418950240728C8610E37572A
Authority key identifier: 65:6B:53:25:5E:6C:8F:B7:6F:AC:1C:CB:84:8F:EE:45:60:0B:55:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZWtTJV5sj7dvrBzLhI_uRWALVfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4c8eac-bdcb-4f0d-b2d8-ea41832ad172/1/EwLczmRRDxAQrwdk3Htm78gh8vs.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        185.229.196.0/22 maxlen: 22
                          2a09:c5c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4c8eac-bdcb-4f0d-b2d8-ea41832ad172/1/ZWtTJV5sj7dvrBzLhI_uRWALVfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4c8eac-bdcb-4f0d-b2d8-ea41832ad172/1/ZWtTJV5sj7dvrBzLhI_uRWALVfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZWtTJV5sj7dvrBzLhI_uRWALVfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1c:fb:41:89:50:24:07:28:c8:61:0e:37:57:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656b53255e6c8fb76fac1ccb848fee45600b55f7
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1302dcce64510f1010af0764dc7b66efc821f2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ed:27:e9:2c:24:47:e9:88:b7:16:fc:dd:2c:
                    a9:ea:cf:fc:d8:9b:bb:3b:9b:90:8a:2a:ba:2b:9b:
                    3e:99:a4:16:e9:0a:22:5a:11:b3:88:26:dd:7f:a2:
                    b5:eb:2a:8d:42:f3:4c:86:a1:1a:d8:18:b0:ca:88:
                    1f:b4:8b:68:3f:83:54:b6:b7:8b:15:ae:63:b3:9b:
                    bc:54:75:51:da:ed:af:64:73:25:ba:fc:7b:36:c9:
                    a5:bd:5d:41:f8:2d:57:a4:77:ab:fb:3d:3a:55:86:
                    2d:c6:97:10:18:27:88:d0:75:37:2f:3b:0d:3e:84:
                    34:1e:03:53:29:98:47:29:c4:4d:a9:89:a3:ea:cb:
                    7b:7a:03:a1:8b:b6:38:2f:37:f5:58:dc:26:bb:24:
                    dc:f7:89:aa:2d:29:4f:36:f3:67:fb:cb:a2:0c:84:
                    46:cf:14:76:25:e1:cc:44:d4:b9:da:00:fb:27:19:
                    e1:75:7d:46:90:61:b9:e6:a2:77:e1:ac:26:13:4d:
                    d2:82:0d:ff:38:bd:d3:f3:f0:18:22:ab:79:8d:b5:
                    95:a2:8c:f2:08:7a:38:81:4b:55:9c:36:ca:70:e3:
                    c3:65:1e:20:b9:4a:34:a5:09:1e:88:b8:93:e5:22:
                    f3:a9:83:cd:6d:06:8f:7e:ae:0c:13:78:9f:12:ca:
                    54:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:02:DC:CE:64:51:0F:10:10:AF:07:64:DC:7B:66:EF:C8:21:F2:FB
            X509v3 Authority Key Identifier:
                keyid:65:6B:53:25:5E:6C:8F:B7:6F:AC:1C:CB:84:8F:EE:45:60:0B:55:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWtTJV5sj7dvrBzLhI_uRWALVfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4c8eac-bdcb-4f0d-b2d8-ea41832ad172/1/EwLczmRRDxAQrwdk3Htm78gh8vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4c8eac-bdcb-4f0d-b2d8-ea41832ad172/1/ZWtTJV5sj7dvrBzLhI_uRWALVfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.196.0/22
                IPv6:
                  2a09:c5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:f7:34:16:58:95:fc:2d:e2:17:fd:83:12:ff:57:3f:fb:95:
         69:6c:f7:27:8b:a9:95:eb:11:70:bb:b4:4c:fa:18:e3:ca:77:
         c2:fc:b5:fc:f2:b1:7a:5d:67:49:81:ca:82:9b:27:7b:c5:a4:
         77:88:26:b4:8a:37:c2:ec:36:85:db:67:49:c3:92:45:1e:26:
         fc:c3:e4:d7:0f:92:03:ca:37:18:a4:70:13:03:8d:e9:dd:80:
         31:42:0f:44:1a:bf:2d:57:11:af:63:19:59:f1:9b:fb:ff:6e:
         69:e3:33:03:6c:68:93:fb:a1:cc:1d:f0:05:b1:84:54:11:08:
         16:92:3e:47:30:34:ce:2b:a3:8f:31:b3:72:27:46:74:f0:c0:
         67:85:45:0e:e1:0c:a4:2f:6e:5f:94:71:f6:39:cb:88:ef:dc:
         f8:19:7d:f6:92:fa:92:10:9f:9b:6c:73:67:e6:3e:80:2f:f3:
         e0:7b:02:4b:c7:b4:48:7f:9e:70:11:50:7e:bd:91:34:a2:ee:
         e8:58:83:99:35:41:c3:20:57:f0:b4:d6:52:b2:4f:51:d1:4c:
         cc:4e:a5:83:5c:99:b7:ce:24:e2:d3:63:4d:4e:b0:64:a1:a8:
         a5:4f:9e:0b:9d:f6:9b:d3:40:0f:76:4c:a2:f7:25:28:fc:2d:
         12:1f:5c:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Bz7QYlQJAcoyGEON1cqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmI1MzI1NWU2YzhmYjc2ZmFjMWNjYjg0OGZlZTQ1NjAw
YjU1ZjcwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzAyZGNjZTY0NTEwZjEwMTBhZjA3NjRkYzdiNjZlZmM4MjFmMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAru0n6SwkR+mItxb83Syp6s/82Ju7
O5uQiiq6K5s+maQW6QoiWhGziCbdf6K16yqNQvNMhqEa2BiwyogftItoP4NUtreL
Fa5js5u8VHVR2u2vZHMluvx7NsmlvV1B+C1XpHer+z06VYYtxpcQGCeI0HU3LzsN
PoQ0HgNTKZhHKcRNqYmj6st7egOhi7Y4Lzf1WNwmuyTc94mqLSlPNvNn+8uiDIRG
zxR2JeHMRNS52gD7JxnhdX1GkGG55qJ34awmE03Sgg3/OL3T8/AYIqt5jbWVoozy
CHo4gUtVnDbKcOPDZR4guUo0pQkeiLiT5SLzqYPNbQaPfq4ME3ifEspUjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBMC3M5kUQ8QEK8HZNx7Zu/IIfL7MB8GA1UdIwQY
MBaAFGVrUyVebI+3b6wcy4SP7kVgC1X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWld0VEpWNXNqN2R2ckJ6TGhJX3VSV0FMVmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YzhlYWMtYmRjYi00ZjBkLWIyZDgt
ZWE0MTgzMmFkMTcyLzEvRXdMY3ptUlJEeEFRcndkazNIdG03OGdoOHZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YzhlYWMtYmRjYi00ZjBkLWIyZDgtZWE0MTgzMmFkMTcy
LzEvWld0VEpWNXNqN2R2ckJ6TGhJX3VSV0FMVmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueXEMA0E
AgACMAcDBQAqCcXAMA0GCSqGSIb3DQEBCwUAA4IBAQAK9zQWWJX8LeIX/YMS/1c/
+5VpbPcni6mV6xFwu7RM+hjjynfC/LX88rF6XWdJgcqCmyd7xaR3iCa0ijfC7DaF
22dJw5JFHib8w+TXD5IDyjcYpHATA43p3YAxQg9EGr8tVxGvYxlZ8Zv7/25p4zMD
bGiT+6HMHfAFsYRUEQgWkj5HMDTOK6OPMbNyJ0Z08MBnhUUO4QykL25flHH2OcuI
79z4GX32kvqSEJ+bbHNn5j6AL/PgewJLx7RIf55wEVB+vZE0ou7oWIOZNUHDIFfw
tNZSsk9R0UzMTqWDXJm3ziTi02NNTrBkoailT54Lnfab00APdkyi9yUo/C0SH1xy
-----END CERTIFICATE-----