Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/doHFe5eTYwac-_6QvtPODYaDS4g.roa
File:                     doHFe5eTYwac-_6QvtPODYaDS4g.roa (raw, json)
Hash identifier:          2gZF3tM1WRcRMTKtMv+7ElXCkK8C3wB/XbR1cVpuDVo=
Subject key identifier:   76:81:C5:7B:97:93:63:06:9C:FB:FE:90:BE:D3:CE:0D:86:83:4B:88
Certificate issuer:       /CN=0cc81d074357de5d32f8a65cd9ee7a585bf3ec6f
Certificate serial:       018CC8013CFFA8A59D450E2F00BB3B9022C1
Authority key identifier: 0C:C8:1D:07:43:57:DE:5D:32:F8:A6:5C:D9:EE:7A:58:5B:F3:EC:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DMgdB0NX3l0y-KZc2e56WFvz7G8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/doHFe5eTYwac-_6QvtPODYaDS4g.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203092
IP address blocks:        185.218.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/DMgdB0NX3l0y-KZc2e56WFvz7G8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/DMgdB0NX3l0y-KZc2e56WFvz7G8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DMgdB0NX3l0y-KZc2e56WFvz7G8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3c:ff:a8:a5:9d:45:0e:2f:00:bb:3b:90:22:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cc81d074357de5d32f8a65cd9ee7a585bf3ec6f
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7681c57b979363069cfbfe90bed3ce0d86834b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0a:3a:8c:fd:54:af:71:ba:40:30:de:6a:a3:
                    42:63:c6:74:b9:84:7e:96:4d:83:9b:b6:fb:f6:92:
                    23:69:e6:1e:6f:44:90:93:15:24:2d:f7:69:a1:8a:
                    31:5f:ce:19:5d:14:79:e5:cb:39:08:bd:ec:02:5a:
                    ef:91:71:a8:6c:58:d8:13:13:e9:42:3d:f3:d3:b2:
                    95:0d:9b:3b:45:27:ce:c8:96:0f:aa:f1:76:65:a1:
                    70:a0:ec:a8:75:ad:2a:1e:9c:05:eb:31:3d:77:7b:
                    84:85:ba:2c:56:1d:98:45:94:74:19:a6:7f:5f:63:
                    2a:11:20:4d:4c:68:0f:9f:6d:f8:ea:e4:0b:47:1a:
                    97:34:96:3c:dd:cd:9d:a5:46:15:eb:7b:0a:e8:1d:
                    a0:db:40:84:a5:1a:5b:c7:c0:e4:ae:f1:20:33:27:
                    ee:e5:26:07:32:16:0b:7e:94:f6:4b:ba:b3:f6:58:
                    df:ff:fa:32:e0:b2:c8:a0:74:d0:dd:59:ca:ff:0b:
                    b9:ed:e9:09:ac:1f:4b:97:e6:18:c2:b7:cf:01:50:
                    ed:85:ec:57:a0:a4:78:26:90:c2:5b:1b:94:dc:9b:
                    e0:0e:8f:0e:74:b9:ca:8b:db:41:b2:2b:a3:b2:6d:
                    a2:b1:8e:bc:48:1a:4d:67:65:08:e6:ac:41:51:a6:
                    07:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:81:C5:7B:97:93:63:06:9C:FB:FE:90:BE:D3:CE:0D:86:83:4B:88
            X509v3 Authority Key Identifier:
                keyid:0C:C8:1D:07:43:57:DE:5D:32:F8:A6:5C:D9:EE:7A:58:5B:F3:EC:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DMgdB0NX3l0y-KZc2e56WFvz7G8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/doHFe5eTYwac-_6QvtPODYaDS4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b2d604-ddfb-4eff-b49a-df5ce56e7b4b/1/DMgdB0NX3l0y-KZc2e56WFvz7G8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:4a:75:bd:72:6e:b1:a3:3f:a0:82:7b:4f:23:77:fc:af:43:
         d7:52:66:d2:c1:07:5e:40:81:f6:3e:f5:35:fd:80:31:f7:c5:
         22:a4:7d:c0:80:fc:1d:71:e7:b0:5f:4e:a6:57:d0:38:ea:74:
         d0:59:1e:5f:6f:ed:68:d5:38:7c:c9:01:3b:97:13:9e:0c:f3:
         6b:2f:4b:a0:be:72:fa:df:8b:ae:c4:5f:7c:cd:75:5c:44:0f:
         92:55:e9:17:c7:8b:1d:9d:4f:32:c7:bb:2d:dc:eb:89:b5:74:
         16:f7:86:22:cb:b2:7a:b6:53:99:f7:b4:25:15:9e:5f:c4:0d:
         e4:34:7d:a7:6f:a0:13:24:24:83:59:d0:1e:72:b1:68:43:85:
         1e:a3:b4:32:37:eb:2e:44:0d:81:a4:58:3d:c7:d1:74:51:d6:
         ba:a6:e0:da:e7:4d:f3:2a:cb:21:01:cb:99:04:0a:56:a0:8b:
         ce:7b:4c:18:5d:db:7b:f9:7a:ff:7c:f5:9e:ba:f4:72:ac:b7:
         db:ff:21:fd:94:aa:bb:62:95:ba:43:4c:6d:54:c1:82:2f:e0:
         17:32:00:06:e7:e2:c4:88:76:83:33:02:64:a0:49:0e:a6:11:
         43:2e:bb:50:c8:e1:73:dc:98:2b:f4:b4:18:d7:62:fc:78:9e:
         15:25:2a:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATz/qKWdRQ4vALs7kCLBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYzgxZDA3NDM1N2RlNWQzMmY4YTY1Y2Q5ZWU3YTU4NWJm
M2VjNmYwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgxYzU3Yjk3OTM2MzA2OWNmYmZlOTBiZWQzY2UwZDg2ODM0Yjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwo6jP1Ur3G6QDDeaqNCY8Z0uYR+
lk2Dm7b79pIjaeYeb0SQkxUkLfdpoYoxX84ZXRR55cs5CL3sAlrvkXGobFjYExPp
Qj3z07KVDZs7RSfOyJYPqvF2ZaFwoOyoda0qHpwF6zE9d3uEhbosVh2YRZR0GaZ/
X2MqESBNTGgPn2346uQLRxqXNJY83c2dpUYV63sK6B2g20CEpRpbx8DkrvEgMyfu
5SYHMhYLfpT2S7qz9ljf//oy4LLIoHTQ3VnK/wu57ekJrB9Ll+YYwrfPAVDthexX
oKR4JpDCWxuU3JvgDo8OdLnKi9tBsiujsm2isY68SBpNZ2UI5qxBUaYHowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaBxXuXk2MGnPv+kL7Tzg2Gg0uIMB8GA1UdIwQY
MBaAFAzIHQdDV95dMvimXNnuelhb8+xvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE1nZEIwTlgzbDB5LUtaYzJlNTZXRnZ6N0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMmQ2MDQtZGRmYi00ZWZmLWI0OWEt
ZGY1Y2U1NmU3YjRiLzEvZG9IRmU1ZVRZd2FjLV82UXZ0UE9EWWFEUzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMmQ2MDQtZGRmYi00ZWZmLWI0OWEtZGY1Y2U1NmU3YjRi
LzEvRE1nZEIwTlgzbDB5LUtaYzJlNTZXRnZ6N0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudoYMA0G
CSqGSIb3DQEBCwUAA4IBAQANSnW9cm6xoz+ggntPI3f8r0PXUmbSwQdeQIH2PvU1
/YAx98UipH3AgPwdceewX06mV9A46nTQWR5fb+1o1Th8yQE7lxOeDPNrL0ugvnL6
34uuxF98zXVcRA+SVekXx4sdnU8yx7st3OuJtXQW94Yiy7J6tlOZ97QlFZ5fxA3k
NH2nb6ATJCSDWdAecrFoQ4Ueo7QyN+suRA2BpFg9x9F0Uda6puDa503zKsshAcuZ
BApWoIvOe0wYXdt7+Xr/fPWeuvRyrLfb/yH9lKq7YpW6Q0xtVMGCL+AXMgAG5+LE
iHaDMwJkoEkOphFDLrtQyOFz3Jgr9LQY12L8eJ4VJSqU
-----END CERTIFICATE-----