Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/5iowMNX8noyrKcWai2w-ZpWU1d4.roa
File:                     5iowMNX8noyrKcWai2w-ZpWU1d4.roa (raw, json)
Hash identifier:          60bw7vSWivtsetGpIZRpC9SPT5n6koPCJ9IIGvYU3Ww=
Subject key identifier:   E6:2A:30:30:D5:FC:9E:8C:AB:29:C5:9A:8B:6C:3E:66:95:94:D5:DE
Certificate issuer:       /CN=66d337d330ba44efcfef555355132a6a2c69783c
Certificate serial:       018CC42516480543DF72EE70B00721AD254F
Authority key identifier: 66:D3:37:D3:30:BA:44:EF:CF:EF:55:53:55:13:2A:6A:2C:69:78:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtM30zC6RO_P71VTVRMqaixpeDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/5iowMNX8noyrKcWai2w-ZpWU1d4.roa
Signing time:             Mon 01 Jan 2024 08:30:13 +0000
ROA not before:           Mon 01 Jan 2024 08:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206635
IP address blocks:        185.176.58.0/24 maxlen: 24
                          185.176.56.0/24 maxlen: 24
                          185.176.56.0/22 maxlen: 22
                          185.176.57.0/24 maxlen: 24
                          185.176.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/ZtM30zC6RO_P71VTVRMqaixpeDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/ZtM30zC6RO_P71VTVRMqaixpeDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtM30zC6RO_P71VTVRMqaixpeDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:16:48:05:43:df:72:ee:70:b0:07:21:ad:25:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d337d330ba44efcfef555355132a6a2c69783c
        Validity
            Not Before: Jan  1 08:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e62a3030d5fc9e8cab29c59a8b6c3e669594d5de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:91:7a:67:39:ef:93:12:0c:16:51:00:49:56:
                    8e:25:ed:09:41:fe:02:30:b6:17:6e:e4:08:e7:58:
                    f5:cf:f9:82:ef:27:ab:1d:d3:89:65:8e:5d:dd:15:
                    98:00:33:cf:26:ae:11:df:f3:bc:0d:98:14:50:19:
                    a0:3a:3a:f6:ba:15:1b:5a:33:88:90:86:a5:24:05:
                    32:f9:d1:6f:e4:ca:fb:55:4d:ec:cc:28:ac:7e:5b:
                    54:67:7c:da:79:ba:29:ab:b9:50:11:63:86:8b:9b:
                    cd:ca:71:20:a2:27:e2:f1:27:91:f4:93:7d:fe:20:
                    8a:f2:82:6a:f5:31:ec:08:de:fa:8b:9a:0b:14:fa:
                    dd:63:68:fd:f6:62:8f:37:1a:c5:5c:e3:c2:ae:b7:
                    e1:a3:a7:ae:c8:3a:a6:31:c3:ad:dd:b9:cb:0e:c4:
                    64:e6:12:ff:de:16:d0:20:5d:f4:36:25:68:19:24:
                    12:b9:1b:74:08:66:c9:af:ed:2c:8b:20:6f:76:40:
                    3a:f4:d6:54:d0:19:bc:52:50:8c:3b:7f:76:f7:3b:
                    29:af:32:9d:f3:7a:ac:2f:da:5c:0d:f6:1a:e0:67:
                    22:83:7d:5e:13:75:2b:77:aa:f1:03:c3:90:25:75:
                    c8:4b:cd:9c:97:6c:ca:19:95:52:af:5c:20:ce:f1:
                    f4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:2A:30:30:D5:FC:9E:8C:AB:29:C5:9A:8B:6C:3E:66:95:94:D5:DE
            X509v3 Authority Key Identifier:
                keyid:66:D3:37:D3:30:BA:44:EF:CF:EF:55:53:55:13:2A:6A:2C:69:78:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtM30zC6RO_P71VTVRMqaixpeDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/5iowMNX8noyrKcWai2w-ZpWU1d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/ZtM30zC6RO_P71VTVRMqaixpeDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:3b:2f:c5:30:76:67:02:30:4e:92:f2:bc:2c:d8:34:45:b0:
         f3:ab:9f:f2:6a:91:6e:f7:6a:0f:1b:a0:63:27:e7:41:f1:65:
         9a:97:96:15:1f:cb:fd:6d:c5:ce:e0:a5:b4:42:8f:98:67:27:
         a3:c8:62:a7:4b:03:58:d8:db:fe:60:7f:98:20:4b:93:4f:d5:
         fe:1b:5f:cc:49:a8:b6:77:ff:f9:32:53:7a:6b:9a:48:d1:3b:
         08:9d:be:76:64:10:b6:44:da:8e:2a:f7:5f:40:a6:9b:51:b8:
         e7:0e:9e:a6:f5:87:68:e7:68:76:99:a1:10:a6:8e:92:fc:96:
         65:53:4f:32:86:43:38:01:d2:f7:08:c1:24:3d:89:f0:33:a4:
         ed:56:e1:af:f6:4d:0e:94:88:f9:e6:d5:e6:18:31:0b:5b:14:
         65:5a:62:85:92:67:5b:fd:f7:8b:f8:25:e3:ea:8c:62:37:ab:
         ac:48:01:5b:3c:3b:35:7d:d2:b4:0e:11:15:e8:3d:5d:a7:bb:
         d5:b7:1f:a2:0c:b5:ad:b5:cd:64:24:d2:21:cf:4c:79:c1:27:
         9a:28:bc:95:a8:0d:b5:5d:42:31:09:6f:39:bb:3c:21:02:87:
         e4:f8:9e:5d:a4:26:e6:02:c2:f0:a1:3f:24:82:56:df:11:f6:
         2e:57:81:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRZIBUPfcu5wsAchrSVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDMzN2QzMzBiYTQ0ZWZjZmVmNTU1MzU1MTMyYTZhMmM2
OTc4M2MwHhcNMjQwMTAxMDgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjJhMzAzMGQ1ZmM5ZThjYWIyOWM1OWE4YjZjM2U2Njk1OTRkNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5F6ZznvkxIMFlEASVaOJe0JQf4C
MLYXbuQI51j1z/mC7yerHdOJZY5d3RWYADPPJq4R3/O8DZgUUBmgOjr2uhUbWjOI
kIalJAUy+dFv5Mr7VU3szCisfltUZ3zaebopq7lQEWOGi5vNynEgoifi8SeR9JN9
/iCK8oJq9THsCN76i5oLFPrdY2j99mKPNxrFXOPCrrfho6euyDqmMcOt3bnLDsRk
5hL/3hbQIF30NiVoGSQSuRt0CGbJr+0siyBvdkA69NZU0Bm8UlCMO3929zsprzKd
83qsL9pcDfYa4Gcig31eE3Urd6rxA8OQJXXIS82cl2zKGZVSr1wgzvH0nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYqMDDV/J6MqynFmotsPmaVlNXeMB8GA1UdIwQY
MBaAFGbTN9MwukTvz+9VU1UTKmosaXg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRNMzB6QzZST19QNzFWVFZSTXFhaXhwZUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yYjVlN2MtNjdiMS00NzdkLTg5NWYt
OGY1ZmM5MjEyNWRiLzEvNWlvd01OWDhub3lyS2NXYWkydy1acFdVMWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yYjVlN2MtNjdiMS00NzdkLTg5NWYtOGY1ZmM5MjEyNWRi
LzEvWnRNMzB6QzZST19QNzFWVFZSTXFhaXhwZUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubA4MA0G
CSqGSIb3DQEBCwUAA4IBAQCnOy/FMHZnAjBOkvK8LNg0RbDzq5/yapFu92oPG6Bj
J+dB8WWal5YVH8v9bcXO4KW0Qo+YZyejyGKnSwNY2Nv+YH+YIEuTT9X+G1/MSai2
d//5MlN6a5pI0TsInb52ZBC2RNqOKvdfQKabUbjnDp6m9Ydo52h2maEQpo6S/JZl
U08yhkM4AdL3CMEkPYnwM6TtVuGv9k0OlIj55tXmGDELWxRlWmKFkmdb/feL+CXj
6oxiN6usSAFbPDs1fdK0DhEV6D1dp7vVtx+iDLWttc1kJNIhz0x5wSeaKLyVqA21
XUIxCW85uzwhAofk+J5dpCbmAsLwoT8kglbfEfYuV4Fg
-----END CERTIFICATE-----