Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/476BomY9m3jW0IaLTX7PZGBCMbQ.roa
File:                     476BomY9m3jW0IaLTX7PZGBCMbQ.roa (raw, json)
Hash identifier:          ctkv84p7TVSM/vbA6R8qRGLwbdRt3J6Vg60b6FeTn28=
Subject key identifier:   E3:BE:81:A2:66:3D:9B:78:D6:D0:86:8B:4D:7E:CF:64:60:42:31:B4
Certificate issuer:       /CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
Certificate serial:       018CC500F6E9A23A2023295151C6AE20F7B7
Authority key identifier: 04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/476BomY9m3jW0IaLTX7PZGBCMbQ.roa
Signing time:             Mon 01 Jan 2024 12:30:23 +0000
ROA not before:           Mon 01 Jan 2024 12:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15695
IP address blocks:        185.86.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f6:e9:a2:3a:20:23:29:51:51:c6:ae:20:f7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
        Validity
            Not Before: Jan  1 12:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3be81a2663d9b78d6d0868b4d7ecf64604231b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5a:c5:e8:79:f4:d3:48:41:4a:87:69:75:3c:
                    66:d0:2e:9b:22:45:8e:88:c7:20:34:e3:0d:eb:8b:
                    eb:11:67:13:b2:e7:f8:89:c3:14:79:54:81:6e:70:
                    bb:d4:fe:fe:fc:f1:96:9e:f3:31:15:e9:ef:c8:93:
                    cd:6d:42:c2:ea:4d:f0:5a:8e:96:dd:5c:ca:09:f0:
                    a1:ff:34:87:6d:50:75:7a:be:b9:02:04:da:58:d7:
                    4a:0d:a6:0e:f1:63:6b:16:f9:24:1b:88:b3:13:80:
                    fb:c3:2b:c0:51:e6:72:aa:84:a0:64:66:2b:33:d5:
                    af:99:a9:7f:cd:e3:fd:de:53:d5:d7:b9:15:4f:49:
                    10:a7:c1:5c:ed:2c:be:91:5a:fd:c3:5a:6d:8b:82:
                    fb:dc:46:e2:dc:7f:72:5a:49:09:14:1e:b0:50:98:
                    96:36:74:8d:b9:a6:26:32:0e:6c:70:45:e1:d3:5f:
                    66:cf:35:95:80:45:be:de:aa:60:d6:99:59:ac:3b:
                    f6:c6:7e:ea:77:a0:8c:e9:8f:1a:07:01:59:01:b9:
                    03:6a:17:c3:5d:3f:22:5c:79:5e:54:7d:cf:84:7c:
                    cf:69:bb:e8:6d:0c:ca:43:e5:f7:fd:69:52:a8:a3:
                    ab:25:cb:23:86:e8:99:db:d4:fc:83:80:52:8d:98:
                    3a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BE:81:A2:66:3D:9B:78:D6:D0:86:8B:4D:7E:CF:64:60:42:31:B4
            X509v3 Authority Key Identifier:
                keyid:04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/476BomY9m3jW0IaLTX7PZGBCMbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:c1:e1:ff:e2:3e:bd:8c:6b:f6:5c:d1:e9:39:ce:5f:f6:09:
         5d:f7:2f:58:a5:f3:f2:a8:e8:94:3b:e0:a3:25:7d:48:3f:43:
         44:e9:bb:16:7d:c4:92:da:5e:79:5c:48:0f:a4:ae:00:b9:32:
         a3:1e:a6:99:82:1d:92:f6:0c:ee:86:5a:13:ba:d3:ac:fa:77:
         2e:54:52:8d:9d:54:58:43:59:d3:15:f3:cd:17:23:ba:b3:e9:
         57:4e:51:c8:65:f5:a2:d8:57:3c:c2:b8:38:70:96:8a:88:8d:
         6c:21:cf:1b:33:19:a6:cc:14:6b:43:58:e7:65:dd:2b:48:58:
         8d:ef:b4:bf:a1:6a:19:dc:be:6d:83:94:c7:cb:dc:0a:79:be:
         9f:7e:01:5e:14:05:bb:b1:64:c3:12:84:56:4a:26:3d:3d:5b:
         31:1a:04:ea:11:8e:46:eb:29:8d:0c:f5:d8:0a:e5:2f:c5:fc:
         50:2e:ea:bc:b3:94:c5:69:e0:5c:5b:61:0c:f0:63:e4:cc:0a:
         4a:81:88:8f:05:08:cf:fa:d3:7e:11:46:62:d1:69:aa:6f:ce:
         f4:53:5e:5d:c8:e2:68:4f:a6:f6:2f:c0:b0:c4:8e:5c:2c:13:
         43:e0:87:ce:76:3b:34:21:d5:0b:cd:8f:31:fd:c9:2a:cc:d8:
         3c:0c:c1:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAPbpojogIylRUcauIPe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NzMyYjk4NWY4ZjYzZmY4YWU4ZWFjN2M3MDgzMmIzMGNl
ZTgwYWQwHhcNMjQwMTAxMTIzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2JlODFhMjY2M2Q5Yjc4ZDZkMDg2OGI0ZDdlY2Y2NDYwNDIzMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVrF6Hn000hBSodpdTxm0C6bIkWO
iMcgNOMN64vrEWcTsuf4icMUeVSBbnC71P7+/PGWnvMxFenvyJPNbULC6k3wWo6W
3VzKCfCh/zSHbVB1er65AgTaWNdKDaYO8WNrFvkkG4izE4D7wyvAUeZyqoSgZGYr
M9Wvmal/zeP93lPV17kVT0kQp8Fc7Sy+kVr9w1pti4L73Ebi3H9yWkkJFB6wUJiW
NnSNuaYmMg5scEXh019mzzWVgEW+3qpg1plZrDv2xn7qd6CM6Y8aBwFZAbkDahfD
XT8iXHleVH3PhHzPabvobQzKQ+X3/WlSqKOrJcsjhuiZ29T8g4BSjZg6pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOO+gaJmPZt41tCGi01+z2RgQjG0MB8GA1UdIwQY
MBaAFARzK5hfj2P/iujqx8cIMrMM7oCtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDct
YWRhMjcwODI1MjE4LzEvNDc2Qm9tWTltM2pXMElhTFRYN1BaR0JDTWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDctYWRhMjcwODI1MjE4
LzEvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVY3MA0G
CSqGSIb3DQEBCwUAA4IBAQB6weH/4j69jGv2XNHpOc5f9gld9y9YpfPyqOiUO+Cj
JX1IP0NE6bsWfcSS2l55XEgPpK4AuTKjHqaZgh2S9gzuhloTutOs+ncuVFKNnVRY
Q1nTFfPNFyO6s+lXTlHIZfWi2Fc8wrg4cJaKiI1sIc8bMxmmzBRrQ1jnZd0rSFiN
77S/oWoZ3L5tg5THy9wKeb6ffgFeFAW7sWTDEoRWSiY9PVsxGgTqEY5G6ymNDPXY
CuUvxfxQLuq8s5TFaeBcW2EM8GPkzApKgYiPBQjP+tN+EUZi0Wmqb870U15dyOJo
T6b2L8CwxI5cLBND4IfOdjs0IdULzY8x/ckqzNg8DMGu
-----END CERTIFICATE-----