Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/706fa8-52a2-4ed2-a2e1-04e4e4dc5fba/1/tvVmBokwmPtZUbK0bEwW9Q5YpQQ.roa
File:                     tvVmBokwmPtZUbK0bEwW9Q5YpQQ.roa (raw, json)
Hash identifier:          axANsarz1ZUsjfMBbDNzNEHnnVX1Mzj/uswzI6s2GHw=
Subject key identifier:   B6:F5:66:06:89:30:98:FB:59:51:B2:B4:6C:4C:16:F5:0E:58:A5:04
Certificate issuer:       /CN=b2df00f38cced92197993076cb3685bf32bc5e69
Certificate serial:       018CC94ACAB61559615E459E6CE8F236D0C3
Authority key identifier: B2:DF:00:F3:8C:CE:D9:21:97:99:30:76:CB:36:85:BF:32:BC:5E:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st8A84zO2SGXmTB2yzaFvzK8Xmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/706fa8-52a2-4ed2-a2e1-04e4e4dc5fba/1/tvVmBokwmPtZUbK0bEwW9Q5YpQQ.roa
Signing time:             Tue 02 Jan 2024 08:29:31 +0000
ROA not before:           Tue 02 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57111
IP address blocks:        185.103.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/706fa8-52a2-4ed2-a2e1-04e4e4dc5fba/1/st8A84zO2SGXmTB2yzaFvzK8Xmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/706fa8-52a2-4ed2-a2e1-04e4e4dc5fba/1/st8A84zO2SGXmTB2yzaFvzK8Xmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st8A84zO2SGXmTB2yzaFvzK8Xmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ca:b6:15:59:61:5e:45:9e:6c:e8:f2:36:d0:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2df00f38cced92197993076cb3685bf32bc5e69
        Validity
            Not Before: Jan  2 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f56606893098fb5951b2b46c4c16f50e58a504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fc:6d:d4:ec:07:84:02:f7:ee:f8:23:c2:ab:
                    9a:6b:c8:9e:ca:0d:bf:53:d0:ea:82:d4:e1:e9:ff:
                    5b:ba:d0:ab:0b:bf:3a:67:b1:8a:52:9b:a2:49:df:
                    82:a0:72:fb:3f:25:e8:a9:d4:ef:1d:67:80:44:c8:
                    5a:e7:89:68:62:fa:30:cc:50:a4:39:40:f6:b8:e4:
                    45:d1:0a:77:cd:c0:19:ac:6a:8a:93:71:e2:c3:0d:
                    6c:cb:ef:b7:91:dc:c5:50:b6:c9:76:fb:46:14:d4:
                    42:e5:25:26:d6:b7:49:71:55:b7:cd:97:ac:8c:7e:
                    a7:ac:20:0e:da:d3:9c:f2:0a:f7:85:2a:9b:9c:e7:
                    5d:96:05:b1:68:9d:5a:21:40:8f:03:2a:10:f9:99:
                    eb:f1:8f:3c:41:1f:20:a8:0d:93:3b:a7:b1:31:11:
                    c7:c9:ae:61:74:b9:c4:82:6c:2b:30:0f:1c:00:a2:
                    72:8a:ef:5d:f9:75:6d:24:b8:af:d6:1c:e8:16:dd:
                    de:3e:7d:09:ea:ec:1e:91:6b:47:f8:e7:fa:7a:47:
                    4f:d0:37:50:0e:ac:1c:82:32:e8:0c:fc:b5:a7:2e:
                    1e:b2:86:0c:b9:a5:4f:06:ab:39:a0:ca:56:10:90:
                    3e:3c:1d:b7:73:5d:2b:4a:21:d6:20:f3:a4:ce:b7:
                    30:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F5:66:06:89:30:98:FB:59:51:B2:B4:6C:4C:16:F5:0E:58:A5:04
            X509v3 Authority Key Identifier:
                keyid:B2:DF:00:F3:8C:CE:D9:21:97:99:30:76:CB:36:85:BF:32:BC:5E:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st8A84zO2SGXmTB2yzaFvzK8Xmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/706fa8-52a2-4ed2-a2e1-04e4e4dc5fba/1/tvVmBokwmPtZUbK0bEwW9Q5YpQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/706fa8-52a2-4ed2-a2e1-04e4e4dc5fba/1/st8A84zO2SGXmTB2yzaFvzK8Xmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:61:94:dd:94:67:88:30:59:0d:d3:fb:ab:0d:e8:53:6c:09:
         05:2d:f6:6c:fa:f3:c9:48:0c:a5:4a:c1:ce:34:d8:18:1c:5c:
         ec:b5:42:19:31:6b:16:7c:28:df:90:8b:e4:66:d8:71:a3:d1:
         bc:af:1f:26:f9:ea:f9:af:df:18:50:58:d3:54:22:cd:0f:b8:
         6b:a8:af:7a:60:ad:7a:9a:18:3f:64:31:22:69:90:33:22:be:
         c1:76:e0:1f:43:8d:9d:88:2a:28:17:9b:14:31:1a:49:93:fe:
         e3:74:54:a8:bf:cb:1e:fb:bb:3a:02:b5:c2:93:e6:41:7b:03:
         9c:88:95:29:1b:1f:2b:cb:2a:c2:a4:b7:f5:ef:2c:40:46:cb:
         08:2e:01:4b:cc:70:b9:4a:3c:f3:69:d6:4b:c2:80:54:46:89:
         f5:e8:3e:0c:57:5f:f1:00:43:5f:a4:6f:ea:de:24:2b:cc:ba:
         7c:d6:8f:e2:b7:2f:9e:56:3e:94:da:3a:ba:97:9b:82:a2:04:
         5f:de:2a:1c:a1:58:76:71:2a:54:b5:b8:48:1d:66:59:0c:2b:
         1d:7d:c5:6f:99:fc:91:a7:83:9d:ac:31:db:a0:85:9c:e3:78:
         de:88:dd:43:f7:d4:07:4f:3f:a8:c4:09:47:f2:92:0d:52:12:
         36:6a:b1:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsq2FVlhXkWebOjyNtDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGYwMGYzOGNjZWQ5MjE5Nzk5MzA3NmNiMzY4NWJmMzJi
YzVlNjkwHhcNMjQwMTAyMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY1NjYwNjg5MzA5OGZiNTk1MWIyYjQ2YzRjMTZmNTBlNThhNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPxt1OwHhAL37vgjwquaa8ieyg2/
U9DqgtTh6f9butCrC786Z7GKUpuiSd+CoHL7PyXoqdTvHWeARMha54loYvowzFCk
OUD2uORF0Qp3zcAZrGqKk3Hiww1sy++3kdzFULbJdvtGFNRC5SUm1rdJcVW3zZes
jH6nrCAO2tOc8gr3hSqbnOddlgWxaJ1aIUCPAyoQ+Znr8Y88QR8gqA2TO6exMRHH
ya5hdLnEgmwrMA8cAKJyiu9d+XVtJLiv1hzoFt3ePn0J6uwekWtH+Of6ekdP0DdQ
DqwcgjLoDPy1py4esoYMuaVPBqs5oMpWEJA+PB23c10rSiHWIPOkzrcwmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLb1ZgaJMJj7WVGytGxMFvUOWKUEMB8GA1UdIwQY
MBaAFLLfAPOMztkhl5kwdss2hb8yvF5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q4QTg0ek8yU0dYbVRCMnl6YUZ2eks4WG1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MDZmYTgtNTJhMi00ZWQyLWEyZTEt
MDRlNGU0ZGM1ZmJhLzEvdHZWbUJva3dtUHRaVWJLMGJFd1c5UTVZcFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MDZmYTgtNTJhMi00ZWQyLWEyZTEtMDRlNGU0ZGM1ZmJh
LzEvc3Q4QTg0ek8yU0dYbVRCMnl6YUZ2eks4WG1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWdwMA0G
CSqGSIb3DQEBCwUAA4IBAQCQYZTdlGeIMFkN0/urDehTbAkFLfZs+vPJSAylSsHO
NNgYHFzstUIZMWsWfCjfkIvkZthxo9G8rx8m+er5r98YUFjTVCLND7hrqK96YK16
mhg/ZDEiaZAzIr7BduAfQ42diCooF5sUMRpJk/7jdFSov8se+7s6ArXCk+ZBewOc
iJUpGx8ryyrCpLf17yxARssILgFLzHC5SjzzadZLwoBURon16D4MV1/xAENfpG/q
3iQrzLp81o/ity+eVj6U2jq6l5uCogRf3iocoVh2cSpUtbhIHWZZDCsdfcVvmfyR
p4OdrDHboIWc43jeiN1D99QHTz+oxAlH8pINUhI2arE0
-----END CERTIFICATE-----