Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/j-cWnWtJcQmXi-jwkG6ps7YdkHA.roa
File:                     j-cWnWtJcQmXi-jwkG6ps7YdkHA.roa (raw, json)
Hash identifier:          kwEBwkrqumzzaSnpV/4ljjORbE5R9RUxbF+QIkl7XOc=
Subject key identifier:   8F:E7:16:9D:6B:49:71:09:97:8B:E8:F0:90:6E:A9:B3:B6:1D:90:70
Certificate issuer:       /CN=5d6953db48404b0c66a15f0da6efa7fac0a9369e
Certificate serial:       018CC56E1646D6D2F945B9328486F89BC1C9
Authority key identifier: 5D:69:53:DB:48:40:4B:0C:66:A1:5F:0D:A6:EF:A7:FA:C0:A9:36:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWlT20hASwxmoV8Npu-n-sCpNp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/j-cWnWtJcQmXi-jwkG6ps7YdkHA.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200818
IP address blocks:        185.95.52.0/24 maxlen: 24
                          185.95.53.0/24 maxlen: 24
                          185.95.54.0/24 maxlen: 24
                          185.95.55.0/24 maxlen: 24
                          185.95.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/XWlT20hASwxmoV8Npu-n-sCpNp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/XWlT20hASwxmoV8Npu-n-sCpNp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWlT20hASwxmoV8Npu-n-sCpNp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:16:46:d6:d2:f9:45:b9:32:84:86:f8:9b:c1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d6953db48404b0c66a15f0da6efa7fac0a9369e
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fe7169d6b497109978be8f0906ea9b3b61d9070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d4:24:20:9a:5e:5c:f2:e1:18:e7:e4:73:6b:
                    6d:ee:7d:5a:4a:75:8c:66:09:8e:0a:0d:f1:59:ce:
                    c0:2b:fc:cd:5b:33:0a:89:33:27:67:1e:12:66:fa:
                    82:68:79:bf:e6:f6:dd:e5:e4:eb:3c:2d:43:87:5c:
                    ce:ee:c3:0b:17:8e:60:82:07:61:2e:eb:d9:d7:3e:
                    a6:ae:82:f0:53:1e:38:f3:0c:df:f3:92:f5:33:d3:
                    c1:b6:c3:f7:e1:03:1b:1d:e7:a2:90:e7:8c:95:a0:
                    50:bb:02:cd:85:ef:88:a9:bf:9b:0d:cb:e5:d6:89:
                    ff:98:21:4d:f0:93:72:15:3b:93:66:c5:c9:a1:09:
                    e3:bc:51:b5:6b:61:f3:27:7a:a2:45:a7:5d:15:fe:
                    4c:84:6c:06:f9:7d:8d:0e:de:b5:3b:63:35:70:b2:
                    65:f1:3f:9e:a4:01:6a:51:a7:70:84:ad:b7:bc:1b:
                    02:42:a0:88:47:38:7c:3c:6f:d3:2a:62:da:79:af:
                    c7:95:61:d5:42:13:55:5f:c4:92:4d:9e:28:d6:af:
                    e1:fa:b8:18:53:6f:40:80:1e:ca:d2:c5:ff:96:7f:
                    fa:92:b1:e8:af:38:d4:ae:0b:a3:98:88:ca:7f:e6:
                    94:58:35:0c:66:46:49:35:fe:88:45:45:0e:52:ca:
                    2f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E7:16:9D:6B:49:71:09:97:8B:E8:F0:90:6E:A9:B3:B6:1D:90:70
            X509v3 Authority Key Identifier:
                keyid:5D:69:53:DB:48:40:4B:0C:66:A1:5F:0D:A6:EF:A7:FA:C0:A9:36:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWlT20hASwxmoV8Npu-n-sCpNp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/j-cWnWtJcQmXi-jwkG6ps7YdkHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/XWlT20hASwxmoV8Npu-n-sCpNp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:ae:ec:71:96:b4:10:be:ef:ca:6b:53:58:32:e5:fb:14:ce:
         18:61:f4:9c:bc:16:68:56:e5:6d:02:a3:aa:65:dc:8f:29:2f:
         fb:4a:99:d9:f5:6e:86:fb:8e:8d:7c:1c:83:24:89:e8:71:08:
         23:bb:63:fc:72:84:af:cb:5a:d8:52:bf:e5:14:1c:c3:b1:4c:
         97:d7:89:27:47:d1:7f:fc:13:f8:55:25:86:87:94:79:00:59:
         41:14:d9:d2:b0:7e:3b:4e:e6:8c:84:db:5a:8a:c7:19:93:b4:
         08:c3:91:86:8c:38:ed:f3:e7:43:61:44:5c:ee:f9:db:e3:10:
         8e:e9:4d:b4:4a:d0:51:ff:0d:5f:ef:6a:0c:a9:56:ea:cf:f3:
         b0:de:1e:9e:ff:8f:10:db:ed:30:89:39:da:8b:da:8f:06:91:
         52:79:38:26:05:b2:a2:6e:6d:9c:b5:c0:f8:19:14:d7:f0:e9:
         36:1a:ec:e5:80:a9:e4:70:17:d8:96:a6:5a:fc:dc:e0:b4:27:
         db:5f:92:c2:1c:5a:7c:16:de:15:7f:47:a7:78:6e:a7:5f:e4:
         c3:50:d8:10:43:99:21:da:52:5d:6b:b2:b1:71:61:0e:d3:ce:
         17:9c:dd:4d:85:fe:d4:ab:e2:6a:5e:f7:eb:7d:fa:72:7d:f4:
         9b:a9:ff:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhZG1tL5RbkyhIb4m8HJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjk1M2RiNDg0MDRiMGM2NmExNWYwZGE2ZWZhN2ZhYzBh
OTM2OWUwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmU3MTY5ZDZiNDk3MTA5OTc4YmU4ZjA5MDZlYTliM2I2MWQ5MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtQkIJpeXPLhGOfkc2tt7n1aSnWM
ZgmOCg3xWc7AK/zNWzMKiTMnZx4SZvqCaHm/5vbd5eTrPC1Dh1zO7sMLF45gggdh
LuvZ1z6mroLwUx448wzf85L1M9PBtsP34QMbHeeikOeMlaBQuwLNhe+Iqb+bDcvl
1on/mCFN8JNyFTuTZsXJoQnjvFG1a2HzJ3qiRaddFf5MhGwG+X2NDt61O2M1cLJl
8T+epAFqUadwhK23vBsCQqCIRzh8PG/TKmLaea/HlWHVQhNVX8SSTZ4o1q/h+rgY
U29AgB7K0sX/ln/6krHorzjUrgujmIjKf+aUWDUMZkZJNf6IRUUOUsovjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/nFp1rSXEJl4vo8JBuqbO2HZBwMB8GA1UdIwQY
MBaAFF1pU9tIQEsMZqFfDabvp/rAqTaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdsVDIwaEFTd3htb1Y4TnB1LW4tc0NwTnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi81MzZmZGUtYTAyZC00OGY1LWE3NWQt
ZmEyZmI5NGRhMWEyLzEvai1jV25XdEpjUW1YaS1qd2tHNnBzN1lka0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi81MzZmZGUtYTAyZC00OGY1LWE3NWQtZmEyZmI5NGRhMWEy
LzEvWFdsVDIwaEFTd3htb1Y4TnB1LW4tc0NwTnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV80MA0G
CSqGSIb3DQEBCwUAA4IBAQAcruxxlrQQvu/Ka1NYMuX7FM4YYfScvBZoVuVtAqOq
ZdyPKS/7SpnZ9W6G+46NfByDJInocQgju2P8coSvy1rYUr/lFBzDsUyX14knR9F/
/BP4VSWGh5R5AFlBFNnSsH47TuaMhNtaiscZk7QIw5GGjDjt8+dDYURc7vnb4xCO
6U20StBR/w1f72oMqVbqz/Ow3h6e/48Q2+0wiTnai9qPBpFSeTgmBbKibm2ctcD4
GRTX8Ok2GuzlgKnkcBfYlqZa/NzgtCfbX5LCHFp8Ft4Vf0eneG6nX+TDUNgQQ5kh
2lJda7KxcWEO084XnN1Nhf7Uq+JqXvfrffpyffSbqf9f
-----END CERTIFICATE-----