Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/cd3f48-f7b2-4405-a159-ac1bf80544ca/1/CvMAjknImyyxnAljqbyguBH8RB0.roa
File:                     CvMAjknImyyxnAljqbyguBH8RB0.roa (raw, json)
Hash identifier:          NS5gCK1k/+oqTCjiwyY/zckpc4ef9Z1061VZy9BvsLw=
Subject key identifier:   0A:F3:00:8E:49:C8:9B:2C:B1:9C:09:63:A9:BC:A0:B8:11:FC:44:1D
Certificate issuer:       /CN=efcfc7cf5709588a7087e6c9e10ecaaa8aba59f5
Certificate serial:       018CC56F0372F46B805056DA8A5E2C4F3978
Authority key identifier: EF:CF:C7:CF:57:09:58:8A:70:87:E6:C9:E1:0E:CA:AA:8A:BA:59:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/78_Hz1cJWIpwh-bJ4Q7Kqoq6WfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/cd3f48-f7b2-4405-a159-ac1bf80544ca/1/CvMAjknImyyxnAljqbyguBH8RB0.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50115
IP address blocks:        194.54.160.0/22 maxlen: 24
                          185.236.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/cd3f48-f7b2-4405-a159-ac1bf80544ca/1/78_Hz1cJWIpwh-bJ4Q7Kqoq6WfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/cd3f48-f7b2-4405-a159-ac1bf80544ca/1/78_Hz1cJWIpwh-bJ4Q7Kqoq6WfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/78_Hz1cJWIpwh-bJ4Q7Kqoq6WfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:03:72:f4:6b:80:50:56:da:8a:5e:2c:4f:39:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efcfc7cf5709588a7087e6c9e10ecaaa8aba59f5
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0af3008e49c89b2cb19c0963a9bca0b811fc441d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:11:4f:8c:54:61:ca:78:db:0f:37:f2:7d:51:
                    90:bf:a6:3a:41:17:0f:e3:9b:7a:f6:6b:ff:10:8a:
                    b1:ed:2d:46:6c:f0:dd:29:11:97:49:f3:04:52:fc:
                    1b:72:b4:a2:cf:f4:bc:f0:7b:fd:5e:e6:6e:30:3d:
                    08:38:30:a9:d3:f7:fe:70:3c:43:8b:ea:c8:7e:6d:
                    70:92:34:46:c7:30:d0:43:26:8a:ee:10:22:04:aa:
                    b4:0c:d0:18:af:ad:d4:8f:c4:c3:4a:c4:e4:28:d7:
                    99:10:a2:63:7b:9d:d6:49:10:27:28:3d:d8:ef:b3:
                    9a:a1:14:a9:29:1b:4a:09:e3:e7:3f:99:73:e3:ae:
                    07:d0:00:3f:df:87:60:47:80:4b:dc:81:8e:cb:0c:
                    48:1b:1b:7f:84:0c:08:18:01:74:15:d1:f6:62:7d:
                    5c:5a:53:8f:61:61:c9:8d:b1:da:93:cc:d3:c7:08:
                    d7:a5:98:a3:eb:3a:71:a4:f4:ee:d6:1c:e5:d9:93:
                    0f:37:e6:56:9d:dc:3e:86:e7:80:4c:e5:25:d1:54:
                    71:c9:2e:6e:19:9d:32:07:1f:b9:a8:ed:2d:5e:7a:
                    3b:83:e3:8a:33:f9:c2:c3:3b:72:19:a6:f3:20:ae:
                    51:79:fb:cc:1f:29:85:42:1d:18:33:cb:84:69:f1:
                    f0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F3:00:8E:49:C8:9B:2C:B1:9C:09:63:A9:BC:A0:B8:11:FC:44:1D
            X509v3 Authority Key Identifier:
                keyid:EF:CF:C7:CF:57:09:58:8A:70:87:E6:C9:E1:0E:CA:AA:8A:BA:59:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/78_Hz1cJWIpwh-bJ4Q7Kqoq6WfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd3f48-f7b2-4405-a159-ac1bf80544ca/1/CvMAjknImyyxnAljqbyguBH8RB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd3f48-f7b2-4405-a159-ac1bf80544ca/1/78_Hz1cJWIpwh-bJ4Q7Kqoq6WfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.46.0/24
                  194.54.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:3a:23:88:54:22:96:db:4d:93:c6:d0:8a:2e:14:74:6d:1e:
         7b:ec:25:88:74:3e:96:71:96:16:b7:1c:2a:fb:77:e6:13:89:
         18:6b:72:64:2b:ff:ea:32:b0:0e:03:5c:52:df:65:02:be:d4:
         1c:32:3c:2f:a8:1d:fe:63:c0:24:bb:53:80:4b:d5:ac:40:47:
         37:d6:bf:1d:20:e5:c1:1d:fd:45:0d:6c:6f:9f:cb:eb:a9:84:
         c6:26:52:89:d0:e9:9b:36:2b:03:92:3f:95:fe:fb:ff:ba:ab:
         07:6f:41:04:f1:43:4c:70:6a:ca:30:6f:9e:db:44:3d:3c:62:
         85:f9:78:eb:85:4d:07:28:95:35:8f:fb:8d:d0:3d:81:8f:a5:
         c3:52:25:49:bd:d1:18:ea:2a:75:8c:dc:9e:78:48:0f:1a:3e:
         05:0b:06:93:f9:32:1a:76:70:08:fe:6e:98:db:31:26:4b:98:
         2d:67:88:5a:90:37:5f:d7:d5:a5:92:23:e8:16:40:04:84:a2:
         4f:d3:a5:3e:e6:a6:b3:cc:96:c6:75:b8:5d:1e:92:ae:fa:43:
         65:04:5b:87:88:38:f7:bc:01:40:b0:e3:0c:18:3c:a0:b8:b0:
         3a:a7:fe:be:54:0a:bf:08:f7:16:0b:8f:51:0b:f6:18:3e:40:
         b4:cc:b1:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbwNy9GuAUFbail4sTzl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmY2ZjN2NmNTcwOTU4OGE3MDg3ZTZjOWUxMGVjYWFhOGFi
YTU5ZjUwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWYzMDA4ZTQ5Yzg5YjJjYjE5YzA5NjNhOWJjYTBiODExZmM0NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRFPjFRhynjbDzfyfVGQv6Y6QRcP
45t69mv/EIqx7S1GbPDdKRGXSfMEUvwbcrSiz/S88Hv9XuZuMD0IODCp0/f+cDxD
i+rIfm1wkjRGxzDQQyaK7hAiBKq0DNAYr63Uj8TDSsTkKNeZEKJje53WSRAnKD3Y
77OaoRSpKRtKCePnP5lz464H0AA/34dgR4BL3IGOywxIGxt/hAwIGAF0FdH2Yn1c
WlOPYWHJjbHak8zTxwjXpZij6zpxpPTu1hzl2ZMPN+ZWndw+hueATOUl0VRxyS5u
GZ0yBx+5qO0tXno7g+OKM/nCwztyGabzIK5RefvMHymFQh0YM8uEafHwVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFArzAI5JyJsssZwJY6m8oLgR/EQdMB8GA1UdIwQY
MBaAFO/Px89XCViKcIfmyeEOyqqKuln1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzhfSHoxY0pXSXB3aC1iSjRRN0txb3E2V2ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jZDNmNDgtZjdiMi00NDA1LWExNTkt
YWMxYmY4MDU0NGNhLzEvQ3ZNQWprbklteXl4bkFsanFieWd1Qkg4UkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jZDNmNDgtZjdiMi00NDA1LWExNTktYWMxYmY4MDU0NGNh
LzEvNzhfSHoxY0pXSXB3aC1iSjRRN0txb3E2V2ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuewuAwQC
wjagMA0GCSqGSIb3DQEBCwUAA4IBAQCFOiOIVCKW202TxtCKLhR0bR577CWIdD6W
cZYWtxwq+3fmE4kYa3JkK//qMrAOA1xS32UCvtQcMjwvqB3+Y8Aku1OAS9WsQEc3
1r8dIOXBHf1FDWxvn8vrqYTGJlKJ0OmbNisDkj+V/vv/uqsHb0EE8UNMcGrKMG+e
20Q9PGKF+XjrhU0HKJU1j/uN0D2Bj6XDUiVJvdEY6ip1jNyeeEgPGj4FCwaT+TIa
dnAI/m6Y2zEmS5gtZ4hakDdf19WlkiPoFkAEhKJP06U+5qazzJbGdbhdHpKu+kNl
BFuHiDj3vAFAsOMMGDyguLA6p/6+VAq/CPcWC49RC/YYPkC0zLGf
-----END CERTIFICATE-----