Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/xrow0-ESHgBYU8kuva2IFWhtyOc.roa
File:                     xrow0-ESHgBYU8kuva2IFWhtyOc.roa (raw, json)
Hash identifier:          6xMg8GGyzAidylC0jt25OEWSLFkyx8AVzYkmlr/s38M=
Subject key identifier:   C6:BA:30:D3:E1:12:1E:00:58:53:C9:2E:BD:AD:88:15:68:6D:C8:E7
Certificate issuer:       /CN=80043f23936622824111e8865a50002067d95a62
Certificate serial:       018CC64B505CE89D870EA3EBEFBEA4B61CEB
Authority key identifier: 80:04:3F:23:93:66:22:82:41:11:E8:86:5A:50:00:20:67:D9:5A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/xrow0-ESHgBYU8kuva2IFWhtyOc.roa
Signing time:             Mon 01 Jan 2024 18:31:13 +0000
ROA not before:           Mon 01 Jan 2024 18:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42160
IP address blocks:        185.18.148.0/23 maxlen: 23
                          2a04:b80:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:50:5c:e8:9d:87:0e:a3:eb:ef:be:a4:b6:1c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80043f23936622824111e8865a50002067d95a62
        Validity
            Not Before: Jan  1 18:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6ba30d3e1121e005853c92ebdad8815686dc8e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:89:00:0a:c5:cf:da:77:55:ca:e5:70:cd:21:
                    8c:b7:62:fe:8b:39:4b:f1:84:83:c6:7d:fb:cd:17:
                    a4:47:93:b4:e9:be:de:5c:61:66:ce:c9:0f:33:42:
                    e6:53:be:ae:0b:8d:7a:10:f3:64:a8:fe:32:4c:d5:
                    c6:ed:68:9c:36:c4:78:aa:74:bc:38:41:36:42:93:
                    1a:8a:57:fb:d9:60:92:9c:45:42:b7:96:b6:3d:4e:
                    67:c3:8a:41:7d:c2:82:51:5a:5b:d7:8b:d7:49:f4:
                    9e:cc:43:30:1a:5d:01:25:71:59:ca:70:84:e4:f4:
                    44:c9:3f:0d:a1:ff:9e:b0:08:ca:b1:68:0c:fc:90:
                    31:16:c0:fb:db:3a:dc:9c:d5:13:80:f1:c3:77:28:
                    0a:3b:e1:bb:98:ec:bd:10:70:a3:62:73:b2:a2:31:
                    e1:d3:44:0b:89:13:77:9c:dc:e0:c4:34:3a:4c:5e:
                    e5:df:ee:50:cb:c7:99:51:34:bb:93:1d:7b:7f:63:
                    7d:ca:0c:b1:80:a0:a9:ba:64:5d:cc:b1:b3:37:70:
                    4b:8e:32:1b:7a:1d:5d:ea:4f:88:63:99:45:2f:2e:
                    38:67:c6:d5:20:e1:72:1e:5f:0d:3b:73:19:4d:16:
                    22:fa:62:34:4e:eb:c2:a0:84:12:30:cc:68:bd:c4:
                    7d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:BA:30:D3:E1:12:1E:00:58:53:C9:2E:BD:AD:88:15:68:6D:C8:E7
            X509v3 Authority Key Identifier:
                keyid:80:04:3F:23:93:66:22:82:41:11:E8:86:5A:50:00:20:67:D9:5A:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/xrow0-ESHgBYU8kuva2IFWhtyOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.148.0/23
                IPv6:
                  2a04:b80:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:46:d5:66:e0:06:50:74:e0:c2:0a:03:29:8c:22:e3:00:bd:
         54:5f:22:a6:99:ee:06:fb:e9:3c:95:3a:bd:67:cc:69:a0:ce:
         a1:20:63:22:47:df:f4:f1:91:84:6a:24:0d:29:47:76:37:5a:
         ab:ca:61:5f:7f:b1:e7:80:e3:b0:da:dd:45:2a:22:09:78:8d:
         10:ed:27:54:3c:ca:b2:17:d2:35:50:9a:f8:bf:30:18:7f:6a:
         6f:b2:fb:7e:4a:4d:7d:a9:2b:63:3a:f7:2c:fd:53:de:32:3c:
         e0:16:78:10:36:b1:92:ff:a8:7a:04:d2:51:25:19:f0:3d:3f:
         19:47:a3:8e:08:b4:5a:08:70:c2:99:c6:01:ac:40:97:ae:f4:
         61:97:50:3b:ad:0a:90:16:da:46:1a:6d:ed:a4:16:4c:38:20:
         ff:bf:63:85:d6:c0:f6:cb:b5:27:bd:00:48:a3:27:fc:17:af:
         eb:2e:06:99:fa:04:60:50:3b:6d:05:1d:e3:7e:7f:ad:c2:ff:
         1d:1c:88:08:e6:55:34:88:c5:17:0a:10:d3:28:1e:22:4b:ba:
         34:5e:09:e0:c4:ef:22:47:c3:1d:b4:12:97:4b:67:3d:92:25:
         a4:e3:47:44:78:de:dd:d3:a7:fa:f0:35:7f:cd:de:23:86:4d:
         68:27:a4:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGS1Bc6J2HDqPr776kthzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMDQzZjIzOTM2NjIyODI0MTExZTg4NjVhNTAwMDIwNjdk
OTVhNjIwHhcNMjQwMTAxMTgzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmJhMzBkM2UxMTIxZTAwNTg1M2M5MmViZGFkODgxNTY4NmRjOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4kACsXP2ndVyuVwzSGMt2L+izlL
8YSDxn37zRekR5O06b7eXGFmzskPM0LmU76uC416EPNkqP4yTNXG7WicNsR4qnS8
OEE2QpMailf72WCSnEVCt5a2PU5nw4pBfcKCUVpb14vXSfSezEMwGl0BJXFZynCE
5PREyT8Nof+esAjKsWgM/JAxFsD72zrcnNUTgPHDdygKO+G7mOy9EHCjYnOyojHh
00QLiRN3nNzgxDQ6TF7l3+5Qy8eZUTS7kx17f2N9ygyxgKCpumRdzLGzN3BLjjIb
eh1d6k+IY5lFLy44Z8bVIOFyHl8NO3MZTRYi+mI0TuvCoIQSMMxovcR9DQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMa6MNPhEh4AWFPJLr2tiBVobcjnMB8GA1UdIwQY
MBaAFIAEPyOTZiKCQRHohlpQACBn2VpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0FRX0k1Tm1Jb0pCRWVpR1dsQUFJR2ZaV21JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zOWYyOGMtOWViOC00Y2FlLThkOTgt
NjhjZGM2OTJhZDA5LzEveHJvdzAtRVNIZ0JZVThrdXZhMklGV2h0eU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zOWYyOGMtOWViOC00Y2FlLThkOTgtNjhjZGM2OTJhZDA5
LzEvZ0FRX0k1Tm1Jb0pCRWVpR1dsQUFJR2ZaV21JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuRKUMA8E
AgACMAkDBwAqBAuAAAEwDQYJKoZIhvcNAQELBQADggEBABRG1WbgBlB04MIKAymM
IuMAvVRfIqaZ7gb76TyVOr1nzGmgzqEgYyJH3/TxkYRqJA0pR3Y3WqvKYV9/seeA
47Da3UUqIgl4jRDtJ1Q8yrIX0jVQmvi/MBh/am+y+35KTX2pK2M69yz9U94yPOAW
eBA2sZL/qHoE0lElGfA9PxlHo44ItFoIcMKZxgGsQJeu9GGXUDutCpAW2kYabe2k
Fkw4IP+/Y4XWwPbLtSe9AEijJ/wXr+suBpn6BGBQO20FHeN+f63C/x0ciAjmVTSI
xRcKENMoHiJLujReCeDE7yJHwx20EpdLZz2SJaTjR0R43t3Tp/rwNX/N3iOGTWgn
pP8=
-----END CERTIFICATE-----