Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9952b6-336f-4668-bafb-fdc258377301/1/lPBe3KdDE0h6RBNV6Ws2fiMIG_E.roa
File:                     lPBe3KdDE0h6RBNV6Ws2fiMIG_E.roa (raw, json)
Hash identifier:          F2gwKWZfokMKV3Ed3ieEqgGQ5NMB2bPpQrYc2V3vVFE=
Subject key identifier:   94:F0:5E:DC:A7:43:13:48:7A:44:13:55:E9:6B:36:7E:23:08:1B:F1
Certificate issuer:       /CN=edc260028cd2ab1d0e43774f4404decd27aef3cc
Certificate serial:       018CC7932B01DD3E18D6AB928ADBB2D71AD8
Authority key identifier: ED:C2:60:02:8C:D2:AB:1D:0E:43:77:4F:44:04:DE:CD:27:AE:F3:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7cJgAozSqx0OQ3dPRATezSeu88w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/9952b6-336f-4668-bafb-fdc258377301/1/lPBe3KdDE0h6RBNV6Ws2fiMIG_E.roa
Signing time:             Tue 02 Jan 2024 00:29:19 +0000
ROA not before:           Tue 02 Jan 2024 00:29:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64411
IP address blocks:        185.165.164.0/22 maxlen: 22
                          2a0a:3e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/9952b6-336f-4668-bafb-fdc258377301/1/7cJgAozSqx0OQ3dPRATezSeu88w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/9952b6-336f-4668-bafb-fdc258377301/1/7cJgAozSqx0OQ3dPRATezSeu88w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7cJgAozSqx0OQ3dPRATezSeu88w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2b:01:dd:3e:18:d6:ab:92:8a:db:b2:d7:1a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edc260028cd2ab1d0e43774f4404decd27aef3cc
        Validity
            Not Before: Jan  2 00:29:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94f05edca74313487a441355e96b367e23081bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5c:eb:20:d2:dd:1d:4c:30:2c:f9:5d:d5:18:
                    cc:d4:46:a6:3f:f1:19:d2:3b:00:da:92:ee:fe:a6:
                    0e:a1:76:1a:d2:cd:00:8d:19:33:ab:38:33:c5:1a:
                    e4:62:81:1f:20:f9:70:99:3e:50:5d:3d:1b:19:5a:
                    36:bf:19:9e:10:97:33:b4:d8:82:3b:47:ca:2b:03:
                    b8:a5:5e:56:96:14:a3:f3:1d:a7:01:64:d0:41:1c:
                    76:66:a2:d4:84:67:94:65:17:b8:6a:cf:36:66:27:
                    f0:b7:31:4e:40:f5:32:6f:4d:19:a5:07:e8:99:d5:
                    ff:54:d8:a1:d4:d5:a1:c3:55:42:df:23:aa:b7:d6:
                    5d:44:17:46:f8:4b:ce:a6:f2:f3:34:95:f1:13:0e:
                    cc:66:53:24:b1:4d:d9:44:81:f7:8e:76:5e:36:2c:
                    33:e3:4f:f9:e8:a9:ec:eb:e9:c5:94:98:f8:88:09:
                    cf:2c:b7:9d:b6:b4:9b:cd:34:d8:6e:71:cb:a8:89:
                    3f:26:79:a1:7b:f1:5a:3d:83:2b:e6:86:f9:72:05:
                    ba:54:3f:a3:b6:67:52:81:49:fc:a6:ce:af:a6:7b:
                    cb:6b:e4:f4:09:c4:fe:88:49:82:b0:fe:2a:34:0f:
                    67:ed:e2:eb:80:8e:74:7f:0e:44:30:7f:7f:a4:81:
                    62:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F0:5E:DC:A7:43:13:48:7A:44:13:55:E9:6B:36:7E:23:08:1B:F1
            X509v3 Authority Key Identifier:
                keyid:ED:C2:60:02:8C:D2:AB:1D:0E:43:77:4F:44:04:DE:CD:27:AE:F3:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7cJgAozSqx0OQ3dPRATezSeu88w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9952b6-336f-4668-bafb-fdc258377301/1/lPBe3KdDE0h6RBNV6Ws2fiMIG_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9952b6-336f-4668-bafb-fdc258377301/1/7cJgAozSqx0OQ3dPRATezSeu88w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.164.0/22
                IPv6:
                  2a0a:3e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:fa:ad:1a:e0:a0:8c:d6:b7:97:00:83:9f:83:20:62:62:f1:
         f9:36:36:4e:3d:c5:5b:88:f5:11:ff:3b:68:93:71:02:ba:da:
         b7:ed:6a:bc:4d:d2:51:3f:19:aa:0d:ab:f2:a4:18:fa:b1:3c:
         56:11:bb:41:9d:2d:5f:6d:0d:15:5d:2f:ea:0a:24:0d:f0:cc:
         9b:b0:bc:4b:ec:15:86:c0:6e:7b:05:f3:92:db:d0:93:68:5b:
         cd:00:45:0e:c9:68:b3:90:ce:c7:55:6f:4d:f6:38:3b:f6:5b:
         a1:f1:bc:1a:61:ce:60:48:6d:63:07:b9:6e:ff:28:c8:3a:26:
         4b:f0:df:1e:6e:76:24:bd:8b:f2:f0:78:44:38:f9:4d:05:85:
         8a:f7:ba:c4:2d:18:13:1b:7d:2f:ef:41:c6:4f:68:f6:42:08:
         77:47:b0:9e:8c:3a:bc:56:7d:b8:1f:44:12:d3:8c:c9:2f:f2:
         10:9a:fd:e2:b0:fe:63:ba:36:b6:45:05:d1:75:e4:1e:4c:9c:
         e5:bc:e9:2a:bd:a5:3c:cf:fc:38:86:7f:12:df:39:2a:23:b3:
         2f:5b:d6:84:6d:0c:47:86:39:91:6a:54:58:e8:ec:fd:83:c0:
         5f:e0:38:53:21:1b:9b:e8:c1:f0:14:e1:5a:af:95:8e:62:7e:
         40:c9:f5:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHkysB3T4Y1quSituy1xrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYzI2MDAyOGNkMmFiMWQwZTQzNzc0ZjQ0MDRkZWNkMjdh
ZWYzY2MwHhcNMjQwMTAyMDAyOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGYwNWVkY2E3NDMxMzQ4N2E0NDEzNTVlOTZiMzY3ZTIzMDgxYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlzrINLdHUwwLPld1RjM1EamP/EZ
0jsA2pLu/qYOoXYa0s0AjRkzqzgzxRrkYoEfIPlwmT5QXT0bGVo2vxmeEJcztNiC
O0fKKwO4pV5WlhSj8x2nAWTQQRx2ZqLUhGeUZRe4as82ZifwtzFOQPUyb00ZpQfo
mdX/VNih1NWhw1VC3yOqt9ZdRBdG+EvOpvLzNJXxEw7MZlMksU3ZRIH3jnZeNiwz
40/56Kns6+nFlJj4iAnPLLedtrSbzTTYbnHLqIk/Jnmhe/FaPYMr5ob5cgW6VD+j
tmdSgUn8ps6vpnvLa+T0CcT+iEmCsP4qNA9n7eLrgI50fw5EMH9/pIFiBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJTwXtynQxNIekQTVelrNn4jCBvxMB8GA1UdIwQY
MBaAFO3CYAKM0qsdDkN3T0QE3s0nrvPMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2NKZ0FvelNxeDBPUTNkUFJBVGV6U2V1ODh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85OTUyYjYtMzM2Zi00NjY4LWJhZmIt
ZmRjMjU4Mzc3MzAxLzEvbFBCZTNLZERFMGg2UkJOVjZXczJmaU1JR19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85OTUyYjYtMzM2Zi00NjY4LWJhZmItZmRjMjU4Mzc3MzAx
LzEvN2NKZ0FvelNxeDBPUTNkUFJBVGV6U2V1ODh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaWkMA0E
AgACMAcDBQMqCj4AMA0GCSqGSIb3DQEBCwUAA4IBAQBT+q0a4KCM1reXAIOfgyBi
YvH5NjZOPcVbiPUR/ztok3ECutq37Wq8TdJRPxmqDavypBj6sTxWEbtBnS1fbQ0V
XS/qCiQN8MybsLxL7BWGwG57BfOS29CTaFvNAEUOyWizkM7HVW9N9jg79luh8bwa
Yc5gSG1jB7lu/yjIOiZL8N8ebnYkvYvy8HhEOPlNBYWK97rELRgTG30v70HGT2j2
Qgh3R7CejDq8Vn24H0QS04zJL/IQmv3isP5juja2RQXRdeQeTJzlvOkqvaU8z/w4
hn8S3zkqI7MvW9aEbQxHhjmRalRY6Oz9g8Bf4DhTIRub6MHwFOFar5WOYn5AyfU1
-----END CERTIFICATE-----