Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/bRmAkwkFpN2FZAMy58qwBlE4LsI.roa
File:                     bRmAkwkFpN2FZAMy58qwBlE4LsI.roa (raw, json)
Hash identifier:          Llbj+QvAYlqFX5lGV9DeJznL9UuCMLAuFf0PnhnsjJg=
Subject key identifier:   6D:19:80:93:09:05:A4:DD:85:64:03:32:E7:CA:B0:06:51:38:2E:C2
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       018CC6B812A154139118EDB89CC7E44FB035
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/bRmAkwkFpN2FZAMy58qwBlE4LsI.roa
Signing time:             Mon 01 Jan 2024 20:30:01 +0000
ROA not before:           Mon 01 Jan 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61292
IP address blocks:        185.12.56.0/24 maxlen: 24
                          185.152.34.0/24 maxlen: 24
                          2a02:ed03::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:12:a1:54:13:91:18:ed:b8:9c:c7:e4:4f:b0:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d1980930905a4dd85640332e7cab00651382ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:44:08:6d:c9:f8:8c:a3:10:d2:5a:66:fc:f7:
                    3a:8e:f3:f4:ee:b1:21:4d:47:6c:8f:89:28:fb:f3:
                    db:94:47:0b:78:81:fc:87:e6:e5:21:a3:5e:09:28:
                    03:19:77:54:e6:96:03:8b:f3:2c:37:4f:6d:9a:c2:
                    e2:05:4f:80:1c:29:99:d3:b7:49:ac:61:a0:85:d6:
                    15:8a:61:4e:54:37:03:4a:1a:d9:64:d6:50:8f:96:
                    71:72:c5:29:d6:89:55:fe:6b:65:92:75:df:a0:db:
                    c1:5f:8c:70:e1:71:65:ec:78:59:e0:64:70:ad:c2:
                    e6:e7:a1:f8:8c:f4:1c:b6:3c:f0:57:2d:4e:8c:0a:
                    4a:ec:9a:31:1d:1a:5a:bb:a4:e2:55:b9:fe:2d:fa:
                    b2:b0:6f:c9:bd:95:ad:76:8f:a5:b3:6b:ff:d5:19:
                    c3:19:30:cb:1b:d9:50:f6:e0:50:f1:a5:4e:9f:ce:
                    73:e4:e9:da:79:4f:73:ef:53:aa:4c:a7:27:b7:71:
                    fe:ba:5c:0b:79:40:95:44:ef:c6:64:a1:c6:a6:21:
                    1f:14:3c:ea:24:3b:32:c4:92:30:4b:7c:39:da:0d:
                    f2:2c:e3:cd:93:98:b2:01:f0:70:7a:1e:1a:7e:94:
                    3a:d2:d7:27:c5:84:1a:a3:ce:d9:e2:3b:74:67:a0:
                    b6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:19:80:93:09:05:A4:DD:85:64:03:32:E7:CA:B0:06:51:38:2E:C2
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/bRmAkwkFpN2FZAMy58qwBlE4LsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.56.0/24
                  185.152.34.0/24
                IPv6:
                  2a02:ed03::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:05:73:6f:2f:c5:1a:ff:d8:d7:14:f4:d4:34:92:fb:8d:ee:
         e7:01:6a:5c:49:8f:bc:d3:3e:8b:57:2b:bf:df:ce:a7:f1:63:
         13:a9:c2:bc:6c:35:56:e3:48:d7:a3:f8:07:7e:c8:5c:65:4b:
         77:a0:fe:a1:77:fb:d8:a5:21:fb:d1:ea:26:d6:25:26:6a:c7:
         84:7f:9d:f1:62:10:2c:c6:b3:b1:b7:f6:d2:ce:50:cc:e5:0c:
         25:f2:a5:d2:94:2c:e8:66:53:e5:9a:47:f8:38:f3:77:19:99:
         bf:34:c9:a5:b8:b7:6b:5f:ee:3d:3a:1b:88:c4:15:ef:ae:16:
         f4:e7:69:81:c5:29:f3:02:ac:08:78:d5:8f:e6:46:91:4e:91:
         3b:07:f3:36:cc:1f:f6:aa:0f:6e:95:42:32:9c:ca:32:82:37:
         01:07:36:c2:67:ba:90:1e:c0:8d:2f:4c:9c:0b:c2:3a:e5:47:
         65:a7:d3:78:00:92:37:66:88:d2:02:b0:16:f4:f4:6f:4d:ea:
         97:9e:a6:be:dc:34:c8:ee:bc:e0:3e:bf:84:19:ed:2b:4f:c2:
         9b:d8:1d:70:ba:1c:c5:4a:2c:83:33:8a:18:81:c6:f5:06:31:
         99:0a:89:cf:f4:9f:f4:17:0f:8b:05:f1:d7:a8:bd:ea:a5:9c:
         81:10:af:44
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuBKhVBORGO24nMfkT7A1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDE5ODA5MzA5MDVhNGRkODU2NDAzMzJlN2NhYjAwNjUxMzgyZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0QIbcn4jKMQ0lpm/Pc6jvP07rEh
TUdsj4ko+/PblEcLeIH8h+blIaNeCSgDGXdU5pYDi/MsN09tmsLiBU+AHCmZ07dJ
rGGghdYVimFOVDcDShrZZNZQj5ZxcsUp1olV/mtlknXfoNvBX4xw4XFl7HhZ4GRw
rcLm56H4jPQctjzwVy1OjApK7JoxHRpau6TiVbn+LfqysG/JvZWtdo+ls2v/1RnD
GTDLG9lQ9uBQ8aVOn85z5OnaeU9z71OqTKcnt3H+ulwLeUCVRO/GZKHGpiEfFDzq
JDsyxJIwS3w52g3yLOPNk5iyAfBweh4afpQ60tcnxYQao87Z4jt0Z6C20wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG0ZgJMJBaTdhWQDMufKsAZROC7CMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvYlJtQWt3a0ZwTjJGWkFNeTU4cXdCbEU0THNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuQw4AwQA
uZgiMA0EAgACMAcDBQAqAu0DMA0GCSqGSIb3DQEBCwUAA4IBAQBTBXNvL8Ua/9jX
FPTUNJL7je7nAWpcSY+80z6LVyu/386n8WMTqcK8bDVW40jXo/gHfshcZUt3oP6h
d/vYpSH70eom1iUmaseEf53xYhAsxrOxt/bSzlDM5Qwl8qXSlCzoZlPlmkf4OPN3
GZm/NMmluLdrX+49OhuIxBXvrhb052mBxSnzAqwIeNWP5kaRTpE7B/M2zB/2qg9u
lUIynMoygjcBBzbCZ7qQHsCNL0ycC8I65Udlp9N4AJI3ZojSArAW9PRvTeqXnqa+
3DTI7rzgPr+EGe0rT8Kb2B1wuhzFSiyDM4oYgcb1BjGZConP9J/0Fw+LBfHXqL3q
pZyBEK9E
-----END CERTIFICATE-----