Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/t5qpPRU2oLtcBX_Cng5vAqe6F3U.roa
File:                     t5qpPRU2oLtcBX_Cng5vAqe6F3U.roa (raw, json)
Hash identifier:          ogMu1OouGOGcTl3DU/k8296zqtq+TRdff5LeSDddyHo=
Subject key identifier:   B7:9A:A9:3D:15:36:A0:BB:5C:05:7F:C2:9E:0E:6F:02:A7:BA:17:75
Certificate issuer:       /CN=62e5ec9df4dd03b9f500a6a0947d147b6ed21666
Certificate serial:       018CC4247E33562D23AC72E94F72457C7880
Authority key identifier: 62:E5:EC:9D:F4:DD:03:B9:F5:00:A6:A0:94:7D:14:7B:6E:D2:16:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/t5qpPRU2oLtcBX_Cng5vAqe6F3U.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205225
IP address blocks:        185.188.95.0/24 maxlen: 24
                          185.188.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7e:33:56:2d:23:ac:72:e9:4f:72:45:7c:78:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62e5ec9df4dd03b9f500a6a0947d147b6ed21666
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b79aa93d1536a0bb5c057fc29e0e6f02a7ba1775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:e8:8f:be:b1:9e:2e:88:82:21:8f:ad:7f:d1:
                    14:33:6c:16:bc:e0:62:14:ec:32:2b:ed:84:70:b0:
                    de:88:e4:2c:bf:cf:04:3f:fa:d9:43:37:50:ec:2c:
                    96:eb:25:09:13:f5:53:00:56:7d:b1:5f:5f:c7:89:
                    2d:d5:96:6a:8b:f7:bb:33:c1:95:15:50:9c:fb:6e:
                    17:13:f0:6c:23:10:cd:35:a7:d2:b5:4f:ce:a6:ef:
                    88:68:1e:16:86:4f:d2:96:a3:7d:ff:26:8d:68:a6:
                    e8:85:a2:c5:01:13:97:2f:59:24:a4:f9:cb:7d:f1:
                    f4:60:ff:ca:4f:78:f7:aa:77:ed:d5:5f:09:8d:97:
                    fc:30:0a:76:33:a3:d8:97:84:72:eb:31:b3:fd:cd:
                    58:0f:05:8d:df:34:df:69:67:2e:18:36:07:1d:62:
                    e8:19:71:2a:08:06:88:d7:f7:fc:ed:12:4a:fd:11:
                    3d:ff:a3:2d:2f:5b:78:14:30:57:a1:50:b3:21:92:
                    33:f0:b8:b0:10:09:cc:6f:b0:e7:35:83:e7:bf:d1:
                    ed:53:c3:9b:b1:db:5d:aa:22:ef:b4:45:4f:40:6f:
                    0c:b6:62:37:99:c9:f6:fa:e8:d4:6d:c3:80:66:fa:
                    e1:a6:90:bb:84:98:3c:c3:da:e3:9f:33:62:20:a1:
                    e5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:9A:A9:3D:15:36:A0:BB:5C:05:7F:C2:9E:0E:6F:02:A7:BA:17:75
            X509v3 Authority Key Identifier:
                keyid:62:E5:EC:9D:F4:DD:03:B9:F5:00:A6:A0:94:7D:14:7B:6E:D2:16:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/t5qpPRU2oLtcBX_Cng5vAqe6F3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.93.0/24
                  185.188.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:a7:45:93:cb:f7:c4:0b:b6:75:aa:b7:a3:91:97:f6:e7:39:
         cf:ad:78:6a:80:57:2d:79:9b:65:04:55:94:be:c9:8c:df:f8:
         1f:f0:73:93:56:7c:4a:a7:b1:ca:e0:30:bd:e3:0a:ed:38:0e:
         82:89:fe:2a:d4:fe:3c:52:5c:6b:19:49:2c:72:a4:35:85:dc:
         b6:56:f7:0f:c6:8c:f5:e3:1c:fe:5f:46:fc:16:d9:0a:86:0a:
         c0:4f:72:ac:bd:c8:d5:a1:6b:10:f2:ed:64:1e:e6:73:56:f9:
         ca:8a:a7:00:10:3b:19:65:e8:8f:11:a2:b0:d9:da:7b:a7:f8:
         4d:63:3c:9b:71:9a:ce:6c:26:cd:3c:55:97:88:81:44:13:bf:
         4a:19:a9:19:28:a9:c3:1f:04:a4:f9:da:f5:0b:af:a1:33:4e:
         a1:82:3a:0c:10:48:a6:6b:6f:b4:6d:8f:b2:92:56:75:e6:68:
         e7:6b:93:eb:12:b2:39:04:ea:77:01:d0:6f:10:0d:f8:0b:dd:
         37:ff:66:56:49:f6:23:36:cc:82:6f:4a:01:c1:48:8f:15:87:
         ed:26:79:19:09:f6:aa:c2:fe:03:e6:3d:9c:cb:b8:38:89:c6:
         a5:38:2c:bf:4b:99:3e:ef:62:af:93:fb:b4:63:55:2d:97:2f:
         e6:fc:68:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJH4zVi0jrHLpT3JFfHiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZTVlYzlkZjRkZDAzYjlmNTAwYTZhMDk0N2QxNDdiNmVk
MjE2NjYwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzlhYTkzZDE1MzZhMGJiNWMwNTdmYzI5ZTBlNmYwMmE3YmExNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uiPvrGeLoiCIY+tf9EUM2wWvOBi
FOwyK+2EcLDeiOQsv88EP/rZQzdQ7CyW6yUJE/VTAFZ9sV9fx4kt1ZZqi/e7M8GV
FVCc+24XE/BsIxDNNafStU/Opu+IaB4Whk/SlqN9/yaNaKbohaLFAROXL1kkpPnL
ffH0YP/KT3j3qnft1V8JjZf8MAp2M6PYl4Ry6zGz/c1YDwWN3zTfaWcuGDYHHWLo
GXEqCAaI1/f87RJK/RE9/6MtL1t4FDBXoVCzIZIz8LiwEAnMb7DnNYPnv9HtU8Ob
sdtdqiLvtEVPQG8MtmI3mcn2+ujUbcOAZvrhppC7hJg8w9rjnzNiIKHlrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLeaqT0VNqC7XAV/wp4ObwKnuhd1MB8GA1UdIwQY
MBaAFGLl7J303QO59QCmoJR9FHtu0hZmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVYc25mVGRBN24xQUthZ2xIMFVlMjdTRm1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hN2NlMDMtMWYxNS00ZGJjLTlhOGQt
YTgxNTQ0ZWE1YjY3LzEvdDVxcFBSVTJvTHRjQlhfQ25nNXZBcWU2RjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hN2NlMDMtMWYxNS00ZGJjLTlhOGQtYTgxNTQ0ZWE1YjY3
LzEvWXVYc25mVGRBN24xQUthZ2xIMFVlMjdTRm1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubxdAwQA
ubxfMA0GCSqGSIb3DQEBCwUAA4IBAQCsp0WTy/fEC7Z1qrejkZf25znPrXhqgFct
eZtlBFWUvsmM3/gf8HOTVnxKp7HK4DC94wrtOA6Cif4q1P48UlxrGUkscqQ1hdy2
VvcPxoz14xz+X0b8FtkKhgrAT3KsvcjVoWsQ8u1kHuZzVvnKiqcAEDsZZeiPEaKw
2dp7p/hNYzybcZrObCbNPFWXiIFEE79KGakZKKnDHwSk+dr1C6+hM06hgjoMEEim
a2+0bY+yklZ15mjna5PrErI5BOp3AdBvEA34C903/2ZWSfYjNsyCb0oBwUiPFYft
JnkZCfaqwv4D5j2cy7g4icalOCy/S5k+72Kvk/u0Y1Utly/m/GiS
-----END CERTIFICATE-----