Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/tLAu2MNg_WCsJYkDt3cdfv_RIOY.roa
File:                     tLAu2MNg_WCsJYkDt3cdfv_RIOY.roa (raw, json)
Hash identifier:          GpIhjEUiDfDzAVFGrf7Oe+IL3e9PH3VSKFtDiC6V3ow=
Subject key identifier:   B4:B0:2E:D8:C3:60:FD:60:AC:25:89:03:B7:77:1D:7E:FF:D1:20:E6
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018CC94CC6E3D85C5E0CE53676FD5C2E9777
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/tLAu2MNg_WCsJYkDt3cdfv_RIOY.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61432
IP address blocks:        185.156.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c6:e3:d8:5c:5e:0c:e5:36:76:fd:5c:2e:97:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4b02ed8c360fd60ac258903b7771d7effd120e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e6:81:83:d3:35:df:96:99:75:0d:92:21:68:
                    85:a5:6b:3f:60:ef:ee:03:86:9a:2c:f0:8f:cc:fc:
                    58:09:71:ad:87:ad:b7:b7:8a:e0:c0:3e:d8:1e:3b:
                    19:1e:97:c0:ec:a8:b0:b4:3c:2b:64:6b:10:7f:15:
                    b1:84:7d:32:42:e3:5b:08:17:04:3c:6e:ea:20:6f:
                    7a:95:96:34:da:f3:db:a5:9d:fa:d3:fd:f3:67:a6:
                    10:0f:e4:aa:8f:9a:1f:df:53:c7:cb:6a:0e:50:40:
                    ec:b3:f6:19:1e:3d:0d:c1:62:57:20:e9:fb:06:f1:
                    23:4c:63:1c:1e:c4:e7:ec:d6:68:f5:7d:f4:96:98:
                    a0:8c:48:0c:33:b2:8a:78:27:ed:4d:0a:84:d0:3e:
                    c2:7a:fc:0f:2f:1a:67:2c:8e:ca:10:87:10:34:01:
                    c2:91:6e:5b:df:84:f3:4e:57:38:41:b0:cd:51:6a:
                    f7:5c:b1:70:c7:f4:37:c9:86:a1:ca:a1:73:69:d4:
                    f0:ba:76:75:34:40:6f:6a:4e:30:d4:9a:cb:cc:0b:
                    b5:f5:0b:04:d6:df:fe:f2:16:4e:5d:02:e1:d6:c6:
                    e0:36:fa:2f:a2:df:1b:76:d6:ed:5b:a8:f9:44:2c:
                    d4:1e:65:cc:17:73:05:00:62:30:bb:65:35:03:50:
                    35:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B0:2E:D8:C3:60:FD:60:AC:25:89:03:B7:77:1D:7E:FF:D1:20:E6
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/tLAu2MNg_WCsJYkDt3cdfv_RIOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:fe:4e:22:39:16:6b:01:a4:08:3e:5e:ab:4d:0f:3f:ce:e1:
         4b:7a:d6:d2:d4:1b:8c:ed:e4:ec:0a:da:30:8c:4f:f1:3c:e7:
         96:7a:fe:61:a8:d3:bc:1e:db:20:a9:d9:96:37:b9:d2:85:db:
         ca:d2:7c:82:52:e6:ca:a0:07:3b:3b:e7:c4:10:c2:4c:3d:66:
         39:02:80:f9:a1:8f:2c:7b:7a:40:67:52:e6:d9:3f:2d:d5:89:
         08:c1:c2:b0:95:dc:4d:9a:54:f6:d0:4f:b8:0e:17:fb:2c:a7:
         e0:2b:f9:fa:67:b8:f7:33:51:67:2f:28:02:84:ba:08:16:c9:
         82:47:81:38:cf:54:55:cb:ad:1a:38:62:aa:ac:b6:d8:94:92:
         75:ad:99:80:ef:06:50:05:2d:ce:12:00:39:a1:46:ca:d2:36:
         fd:e4:f1:45:f2:53:2f:2f:5b:90:b9:86:51:d1:27:7e:b6:76:
         f0:cb:be:4a:9e:b4:86:4a:64:b1:42:25:28:62:3b:f3:0e:9d:
         77:99:b1:d4:99:04:fe:cf:17:6b:bc:4e:c9:9a:7b:0a:27:7c:
         54:40:48:8a:8a:f1:df:84:a2:86:35:5c:c5:23:46:b0:ea:13:
         7d:ee:6f:d3:2a:00:b3:57:b7:14:23:ef:e5:51:b0:77:45:f5:
         41:a9:cd:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTMbj2FxeDOU2dv1cLpd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGIwMmVkOGMzNjBmZDYwYWMyNTg5MDNiNzc3MWQ3ZWZmZDEyMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuaBg9M135aZdQ2SIWiFpWs/YO/u
A4aaLPCPzPxYCXGth623t4rgwD7YHjsZHpfA7KiwtDwrZGsQfxWxhH0yQuNbCBcE
PG7qIG96lZY02vPbpZ360/3zZ6YQD+Sqj5of31PHy2oOUEDss/YZHj0NwWJXIOn7
BvEjTGMcHsTn7NZo9X30lpigjEgMM7KKeCftTQqE0D7CevwPLxpnLI7KEIcQNAHC
kW5b34TzTlc4QbDNUWr3XLFwx/Q3yYahyqFzadTwunZ1NEBvak4w1JrLzAu19QsE
1t/+8hZOXQLh1sbgNvovot8bdtbtW6j5RCzUHmXMF3MFAGIwu2U1A1A1GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSwLtjDYP1grCWJA7d3HX7/0SDmMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvdExBdTJNTmdfV0NzSllrRHQzY2Rmdl9SSU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZxIMA0G
CSqGSIb3DQEBCwUAA4IBAQBt/k4iORZrAaQIPl6rTQ8/zuFLetbS1BuM7eTsCtow
jE/xPOeWev5hqNO8HtsgqdmWN7nShdvK0nyCUubKoAc7O+fEEMJMPWY5AoD5oY8s
e3pAZ1Lm2T8t1YkIwcKwldxNmlT20E+4Dhf7LKfgK/n6Z7j3M1FnLygChLoIFsmC
R4E4z1RVy60aOGKqrLbYlJJ1rZmA7wZQBS3OEgA5oUbK0jb95PFF8lMvL1uQuYZR
0Sd+tnbwy75KnrSGSmSxQiUoYjvzDp13mbHUmQT+zxdrvE7JmnsKJ3xUQEiKivHf
hKKGNVzFI0aw6hN97m/TKgCzV7cUI+/lUbB3RfVBqc1h
-----END CERTIFICATE-----