Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/tEeZNp3eI83jWsZIpV-3sThjalU.roa
File:                     tEeZNp3eI83jWsZIpV-3sThjalU.roa (raw, json)
Hash identifier:          EUmmDBXogt4WLO+q+we99vQ77vz+5IgPDK+VD8+PYsA=
Subject key identifier:   B4:47:99:36:9D:DE:23:CD:E3:5A:C6:48:A5:5F:B7:B1:38:63:6A:55
Certificate issuer:       /CN=3b8fe2465843031b778bb8d8b7bd35a094fccf48
Certificate serial:       018F5713A6908DED2E7AD61ECEB06EC18206
Authority key identifier: 3B:8F:E2:46:58:43:03:1B:77:8B:B8:D8:B7:BD:35:A0:94:FC:CF:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/tEeZNp3eI83jWsZIpV-3sThjalU.roa
Signing time:             Wed 08 May 2024 07:20:56 +0000
ROA not before:           Wed 08 May 2024 07:20:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205225
IP address blocks:        185.117.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:13:a6:90:8d:ed:2e:7a:d6:1e:ce:b0:6e:c1:82:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b8fe2465843031b778bb8d8b7bd35a094fccf48
        Validity
            Not Before: May  8 07:20:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44799369dde23cde35ac648a55fb7b138636a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:68:f5:f2:6c:38:f1:4e:59:78:af:b9:8a:b0:
                    cb:c8:d3:5c:2a:bc:c7:04:3f:03:62:1f:6d:69:dc:
                    07:1e:f4:6d:36:fa:02:47:48:c2:85:3e:e8:6d:5c:
                    23:62:78:59:18:36:0f:f0:7d:ba:d3:2f:ad:05:b6:
                    9b:c5:2a:35:35:a3:bf:20:22:99:e2:e9:22:75:2a:
                    d5:73:ab:a9:3a:e3:74:e2:2d:82:11:ba:07:08:24:
                    65:dd:1a:19:53:d6:c8:52:f4:97:f7:d6:f0:8e:86:
                    51:c1:20:4f:a6:53:64:5e:18:5e:0b:a1:75:00:30:
                    2b:35:91:e2:82:4f:c6:e3:85:b0:dd:a2:a4:fc:ea:
                    36:89:0f:44:1f:34:46:56:d7:6a:7b:d1:04:59:55:
                    cb:7f:5f:97:89:19:13:3e:12:ea:5d:7e:c6:14:6e:
                    46:02:2c:62:77:be:a8:04:a5:75:f2:44:0c:d4:f3:
                    c5:8b:88:59:65:bc:db:8d:d2:82:8a:4d:ef:14:c2:
                    ce:c1:d1:be:df:f9:e6:d3:52:00:d0:1e:9a:14:88:
                    c7:99:d9:da:e0:97:4f:94:36:0a:22:f6:fa:5b:84:
                    08:41:44:5e:b0:cf:e6:5e:c1:2b:f8:e0:78:cc:08:
                    2b:47:eb:e7:06:fa:a9:8e:4b:f7:e1:0b:8d:00:a7:
                    4d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:47:99:36:9D:DE:23:CD:E3:5A:C6:48:A5:5F:B7:B1:38:63:6A:55
            X509v3 Authority Key Identifier:
                keyid:3B:8F:E2:46:58:43:03:1B:77:8B:B8:D8:B7:BD:35:A0:94:FC:CF:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/tEeZNp3eI83jWsZIpV-3sThjalU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:0d:6f:41:c4:21:cb:56:eb:6d:16:bf:d5:5d:31:59:c9:1c:
         d0:d7:93:e6:e5:43:df:a1:19:96:eb:6d:cc:a3:15:9b:ec:ef:
         18:84:6b:32:33:35:8d:03:2a:42:13:af:76:c3:80:8b:97:66:
         d6:d0:e0:ee:df:84:9c:7e:bf:d1:4c:5c:d7:71:99:3e:dd:83:
         ad:4e:69:50:10:4b:8f:5a:e0:cb:14:36:dd:d6:5c:e8:a3:8b:
         17:98:9a:bf:b7:5d:0e:15:cd:29:2d:10:0b:a5:46:b0:ce:42:
         42:da:37:1e:df:e2:50:74:d5:2c:62:c8:0b:0b:f5:5f:5e:73:
         10:45:16:84:08:21:8c:4e:48:fe:50:b1:c7:70:00:33:fc:25:
         47:9c:a7:18:36:2b:84:20:96:94:7c:db:5f:a1:a1:0b:e7:5d:
         c8:b6:a1:f9:5f:46:12:63:eb:52:4f:85:de:1c:b1:86:ac:94:
         bf:d8:11:0a:80:e2:7f:db:64:2d:9d:4b:e0:a9:1e:22:d1:aa:
         05:b5:96:bb:be:83:6b:b3:bd:a6:68:be:39:8b:5d:43:c3:1f:
         65:e9:1b:83:0e:0b:74:68:c2:4a:8c:db:5a:a1:1e:8c:6f:95:
         16:60:f7:14:a8:de:36:44:53:0d:bb:7e:8b:2a:c2:8c:a6:5f:
         d5:28:75:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9XE6aQje0uetYezrBuwYIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOGZlMjQ2NTg0MzAzMWI3NzhiYjhkOGI3YmQzNWEwOTRm
Y2NmNDgwHhcNMjQwNTA4MDcyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDQ3OTkzNjlkZGUyM2NkZTM1YWM2NDhhNTVmYjdiMTM4NjM2YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymj18mw48U5ZeK+5irDLyNNcKrzH
BD8DYh9tadwHHvRtNvoCR0jChT7obVwjYnhZGDYP8H260y+tBbabxSo1NaO/ICKZ
4ukidSrVc6upOuN04i2CEboHCCRl3RoZU9bIUvSX99bwjoZRwSBPplNkXhheC6F1
ADArNZHigk/G44Ww3aKk/Oo2iQ9EHzRGVtdqe9EEWVXLf1+XiRkTPhLqXX7GFG5G
Aixid76oBKV18kQM1PPFi4hZZbzbjdKCik3vFMLOwdG+3/nm01IA0B6aFIjHmdna
4JdPlDYKIvb6W4QIQUResM/mXsEr+OB4zAgrR+vnBvqpjkv34QuNAKdNWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRHmTad3iPN41rGSKVft7E4Y2pVMB8GA1UdIwQY
MBaAFDuP4kZYQwMbd4u42Le9NaCU/M9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzRfaVJsaERBeHQzaTdqWXQ3MDFvSlQ4ejBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lZjIwY2YtNGMzOS00NzA3LTg1N2Mt
N2MzNTAwNmUwN2ExLzEvdEVlWk5wM2VJODNqV3NaSXBWLTNzVGhqYWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lZjIwY2YtNGMzOS00NzA3LTg1N2MtN2MzNTAwNmUwN2Ex
LzEvTzRfaVJsaERBeHQzaTdqWXQ3MDFvSlQ4ejBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXU8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5DW9BxCHLVuttFr/VXTFZyRzQ15Pm5UPfoRmW623M
oxWb7O8YhGsyMzWNAypCE692w4CLl2bW0ODu34Scfr/RTFzXcZk+3YOtTmlQEEuP
WuDLFDbd1lzoo4sXmJq/t10OFc0pLRALpUawzkJC2jce3+JQdNUsYsgLC/VfXnMQ
RRaECCGMTkj+ULHHcAAz/CVHnKcYNiuEIJaUfNtfoaEL513ItqH5X0YSY+tST4Xe
HLGGrJS/2BEKgOJ/22QtnUvgqR4i0aoFtZa7voNrs72maL45i11Dwx9l6RuDDgt0
aMJKjNtaoR6Mb5UWYPcUqN42RFMNu36LKsKMpl/VKHWc
-----END CERTIFICATE-----