Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/d60548-8608-401c-a2b5-cd7b288d6ea0/1/7qU6w7ZIwG2fz8UnlRH6K_XtZV8.roa
File:                     7qU6w7ZIwG2fz8UnlRH6K_XtZV8.roa (raw, json)
Hash identifier:          g0uIyeyeELYMf/Su8P9/q41q9CB+NJIOMElhks2mW7Y=
Subject key identifier:   EE:A5:3A:C3:B6:48:C0:6D:9F:CF:C5:27:95:11:FA:2B:F5:ED:65:5F
Certificate issuer:       /CN=bf2631a89940c779fbd9da231a1d2e9840c9c7c6
Certificate serial:       018CC8DED07AFD241BB3D9189E824C8C7AB5
Authority key identifier: BF:26:31:A8:99:40:C7:79:FB:D9:DA:23:1A:1D:2E:98:40:C9:C7:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyYxqJlAx3n72dojGh0umEDJx8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/d60548-8608-401c-a2b5-cd7b288d6ea0/1/7qU6w7ZIwG2fz8UnlRH6K_XtZV8.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50596
IP address blocks:        185.235.64.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/d60548-8608-401c-a2b5-cd7b288d6ea0/1/vyYxqJlAx3n72dojGh0umEDJx8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/d60548-8608-401c-a2b5-cd7b288d6ea0/1/vyYxqJlAx3n72dojGh0umEDJx8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyYxqJlAx3n72dojGh0umEDJx8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d0:7a:fd:24:1b:b3:d9:18:9e:82:4c:8c:7a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf2631a89940c779fbd9da231a1d2e9840c9c7c6
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eea53ac3b648c06d9fcfc5279511fa2bf5ed655f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:92:c1:96:67:c5:c6:2b:24:a8:c0:e7:7d:d4:
                    7e:d8:34:11:5b:3a:0f:f2:5f:8e:c5:f3:2b:39:1f:
                    88:0a:3a:37:ed:d9:12:6d:ac:c3:25:15:43:c7:e9:
                    5d:56:68:bc:9d:67:c3:2b:a0:9d:1d:c9:e3:fc:42:
                    3a:b9:d1:d7:3a:ac:30:90:80:e3:32:21:49:02:f1:
                    8d:14:06:48:35:27:98:b7:99:d6:d6:3c:af:8f:75:
                    7a:6f:40:5d:78:b0:00:9e:7e:86:22:3c:db:b9:5b:
                    00:d0:53:63:d1:2d:5b:28:ac:6c:9e:4b:64:75:77:
                    f6:52:f1:c3:64:c4:1b:8e:15:e6:b8:83:6c:ec:d1:
                    68:0f:2a:b7:ef:a8:43:26:2b:37:ee:d2:41:8e:01:
                    86:66:35:62:50:fb:7d:ec:a0:70:e3:bb:fc:42:ab:
                    d4:9c:a8:a3:08:94:25:52:59:23:02:54:78:96:ac:
                    bf:86:1c:37:3f:af:7f:9e:88:fb:26:10:dd:72:84:
                    76:c1:ed:69:3e:eb:48:15:14:dc:04:33:90:1e:be:
                    ef:1c:15:bd:e3:ab:1f:8b:08:da:d6:a1:85:20:64:
                    c8:4c:67:a8:d9:39:cb:c2:21:38:bc:37:a2:0e:6d:
                    7c:de:03:0e:c8:2f:04:13:6b:43:55:b5:40:b1:4a:
                    65:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A5:3A:C3:B6:48:C0:6D:9F:CF:C5:27:95:11:FA:2B:F5:ED:65:5F
            X509v3 Authority Key Identifier:
                keyid:BF:26:31:A8:99:40:C7:79:FB:D9:DA:23:1A:1D:2E:98:40:C9:C7:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyYxqJlAx3n72dojGh0umEDJx8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/d60548-8608-401c-a2b5-cd7b288d6ea0/1/7qU6w7ZIwG2fz8UnlRH6K_XtZV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/d60548-8608-401c-a2b5-cd7b288d6ea0/1/vyYxqJlAx3n72dojGh0umEDJx8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:51:65:71:b3:41:84:95:fd:12:81:82:5a:04:f4:cb:c9:20:
         e4:d7:08:c8:f0:fd:b3:b6:53:3d:4f:f4:f3:51:86:b4:22:fe:
         1b:ed:23:92:08:23:45:ec:80:f8:b6:a8:32:c1:af:de:bf:16:
         4e:2c:52:a0:c9:2d:3e:85:3c:61:1e:75:fa:66:a7:17:56:15:
         cc:02:f5:e9:32:4c:78:53:c6:d9:32:26:2e:0f:f6:4f:b8:2b:
         57:00:33:47:a6:45:59:b6:35:7e:ee:6e:31:b4:38:97:98:c2:
         5e:a5:54:0c:63:96:5f:16:d5:90:39:b3:40:04:9d:7c:86:55:
         e3:c5:3d:5c:7b:d5:6f:93:98:83:ca:81:7d:6c:d3:5c:1d:b8:
         09:01:dd:58:1a:fb:59:f5:c4:3a:20:82:9c:f6:42:52:bc:b3:
         bb:a2:0d:dd:94:4f:16:00:34:e5:b0:d2:f8:18:d3:a3:14:00:
         07:2e:3a:ea:62:46:c8:5c:bd:56:5a:a4:ee:f8:38:da:47:fe:
         9f:f0:fb:7f:45:e9:a2:87:eb:02:b9:7b:37:d8:11:b8:36:be:
         a6:be:62:b4:33:90:7b:1b:fa:1c:58:46:ae:3e:bb:3c:7a:87:
         bf:81:00:b1:a2:40:47:dd:24:3b:d8:a3:32:59:30:5b:0b:8f:
         72:84:78:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tB6/SQbs9kYnoJMjHq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjYzMWE4OTk0MGM3NzlmYmQ5ZGEyMzFhMWQyZTk4NDBj
OWM3YzYwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE1M2FjM2I2NDhjMDZkOWZjZmM1Mjc5NTExZmEyYmY1ZWQ2NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJLBlmfFxiskqMDnfdR+2DQRWzoP
8l+OxfMrOR+ICjo37dkSbazDJRVDx+ldVmi8nWfDK6CdHcnj/EI6udHXOqwwkIDj
MiFJAvGNFAZINSeYt5nW1jyvj3V6b0BdeLAAnn6GIjzbuVsA0FNj0S1bKKxsnktk
dXf2UvHDZMQbjhXmuINs7NFoDyq376hDJis37tJBjgGGZjViUPt97KBw47v8QqvU
nKijCJQlUlkjAlR4lqy/hhw3P69/noj7JhDdcoR2we1pPutIFRTcBDOQHr7vHBW9
46sfiwja1qGFIGTITGeo2TnLwiE4vDeiDm183gMOyC8EE2tDVbVAsUplLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6lOsO2SMBtn8/FJ5UR+iv17WVfMB8GA1UdIwQY
MBaAFL8mMaiZQMd5+9naIxodLphAycfGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlZeHFKbEF4M243MmRvakdoMHVtRURKeDhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9kNjA1NDgtODYwOC00MDFjLWEyYjUt
Y2Q3YjI4OGQ2ZWEwLzEvN3FVNnc3Wkl3RzJmejhVbmxSSDZLX1h0WlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9kNjA1NDgtODYwOC00MDFjLWEyYjUtY2Q3YjI4OGQ2ZWEw
LzEvdnlZeHFKbEF4M243MmRvakdoMHVtRURKeDhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuetAMA0G
CSqGSIb3DQEBCwUAA4IBAQBcUWVxs0GElf0SgYJaBPTLySDk1wjI8P2ztlM9T/Tz
UYa0Iv4b7SOSCCNF7ID4tqgywa/evxZOLFKgyS0+hTxhHnX6ZqcXVhXMAvXpMkx4
U8bZMiYuD/ZPuCtXADNHpkVZtjV+7m4xtDiXmMJepVQMY5ZfFtWQObNABJ18hlXj
xT1ce9Vvk5iDyoF9bNNcHbgJAd1YGvtZ9cQ6IIKc9kJSvLO7og3dlE8WADTlsNL4
GNOjFAAHLjrqYkbIXL1WWqTu+DjaR/6f8Pt/Remih+sCuXs32BG4Nr6mvmK0M5B7
G/ocWEauPrs8eoe/gQCxokBH3SQ72KMyWTBbC49yhHg1
-----END CERTIFICATE-----