Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/c0b283-88b9-43cd-b08f-a8ea43253ed5/1/espcbVBoyb_DCbKrFORWK0ksV1k.roa
File:                     espcbVBoyb_DCbKrFORWK0ksV1k.roa (raw, json)
Hash identifier:          OKoQU7vZ0nkdc0l6MQ1AvAaqs9obOuZ983i3rkTLJYo=
Subject key identifier:   7A:CA:5C:6D:50:68:C9:BF:C3:09:B2:AB:14:E4:56:2B:49:2C:57:59
Certificate issuer:       /CN=1ba8ea3a2288a6af8f64a8383002c74085579a07
Certificate serial:       018CC50156158C96FD81B29F58ACF94AB18C
Authority key identifier: 1B:A8:EA:3A:22:88:A6:AF:8F:64:A8:38:30:02:C7:40:85:57:9A:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6jqOiKIpq-PZKg4MALHQIVXmgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/c0b283-88b9-43cd-b08f-a8ea43253ed5/1/espcbVBoyb_DCbKrFORWK0ksV1k.roa
Signing time:             Mon 01 Jan 2024 12:30:48 +0000
ROA not before:           Mon 01 Jan 2024 12:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212975
IP address blocks:        185.115.72.0/23 maxlen: 23
                          185.115.74.0/23 maxlen: 23
                          2a01:9647::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/c0b283-88b9-43cd-b08f-a8ea43253ed5/1/G6jqOiKIpq-PZKg4MALHQIVXmgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/c0b283-88b9-43cd-b08f-a8ea43253ed5/1/G6jqOiKIpq-PZKg4MALHQIVXmgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6jqOiKIpq-PZKg4MALHQIVXmgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:56:15:8c:96:fd:81:b2:9f:58:ac:f9:4a:b1:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba8ea3a2288a6af8f64a8383002c74085579a07
        Validity
            Not Before: Jan  1 12:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7aca5c6d5068c9bfc309b2ab14e4562b492c5759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b8:38:c6:82:c2:ad:b5:9b:d5:19:c7:39:69:
                    9a:4e:52:e6:c3:a5:08:de:db:ef:d3:0a:a4:5a:47:
                    4e:56:5e:f9:3c:cf:e1:bd:4e:7d:fd:a0:6c:3f:c0:
                    14:c8:42:d6:d4:5c:0d:5d:6e:44:b9:53:c8:3d:4b:
                    a4:9c:04:b6:49:b6:41:0d:ab:4c:c0:22:8a:40:8b:
                    b4:d3:b7:39:ee:21:29:59:06:92:4b:32:13:06:f5:
                    ae:a6:57:54:4e:c6:ae:e0:b9:32:59:ab:a7:29:8d:
                    05:29:b7:df:72:88:d8:a6:2c:05:f2:7e:3d:af:fb:
                    3b:48:03:a5:13:e7:4c:7b:d1:78:d9:03:6b:81:31:
                    c5:ac:98:eb:a4:36:63:7f:e4:34:20:f8:6d:de:d2:
                    81:e6:e6:36:41:f4:ba:af:4f:3b:ec:fa:89:59:80:
                    99:9e:c4:cb:23:0d:4c:cf:d1:c8:90:15:1d:ad:6d:
                    cb:1a:99:f4:e3:46:d4:df:07:74:0e:c3:1c:cc:b0:
                    2b:7c:88:7e:4c:4a:a5:1c:71:c4:34:93:c4:a7:10:
                    25:89:8c:dc:d9:72:4d:e5:5d:1b:51:13:45:5c:2e:
                    4a:e9:71:95:5e:01:81:d6:12:13:d7:91:69:07:b8:
                    74:5c:8d:29:e4:b5:f3:ac:28:6c:01:0a:39:21:46:
                    72:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:CA:5C:6D:50:68:C9:BF:C3:09:B2:AB:14:E4:56:2B:49:2C:57:59
            X509v3 Authority Key Identifier:
                keyid:1B:A8:EA:3A:22:88:A6:AF:8F:64:A8:38:30:02:C7:40:85:57:9A:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6jqOiKIpq-PZKg4MALHQIVXmgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c0b283-88b9-43cd-b08f-a8ea43253ed5/1/espcbVBoyb_DCbKrFORWK0ksV1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c0b283-88b9-43cd-b08f-a8ea43253ed5/1/G6jqOiKIpq-PZKg4MALHQIVXmgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.72.0/22
                IPv6:
                  2a01:9647::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:8f:7f:19:7d:a5:fc:01:5e:d6:1e:29:ab:8a:81:f3:20:3f:
         c9:5b:05:2d:3c:19:79:94:86:d4:ab:a2:67:ee:9a:c9:95:c8:
         3f:bc:65:a2:8a:91:f0:a9:24:92:4b:5d:6e:a2:63:b8:0b:11:
         95:ee:f5:d0:ea:97:44:87:4e:1b:e6:68:ad:34:e4:dc:3b:60:
         8f:63:39:0e:dd:4b:bd:7e:49:ea:a5:3a:75:b3:62:cb:6f:7a:
         4b:0e:4a:78:44:49:7c:e9:01:49:fd:24:77:9a:4c:dd:d0:6f:
         b2:2a:43:cb:a5:db:f3:6a:2c:2d:9b:15:06:d9:df:02:c3:5a:
         dc:96:bb:df:25:6f:20:17:59:d3:48:b4:dd:43:0c:96:6c:69:
         fd:f8:8c:82:41:9a:d4:7a:a0:64:c2:11:44:4f:c7:09:80:d4:
         99:cd:39:43:0a:8b:fa:48:4b:de:f7:0f:fa:da:6b:77:5a:aa:
         b9:76:ee:cb:32:67:43:a5:70:ad:bd:d2:3b:cb:b9:e9:d2:20:
         67:ff:fb:b9:dc:98:bb:bf:8c:46:88:3a:d0:70:38:67:f3:a6:
         8a:5b:a4:27:70:1f:2d:e7:fc:d8:af:30:cc:73:73:f4:52:33:
         c4:b0:91:05:44:e9:39:fc:2c:55:5a:76:a2:0e:29:bb:91:45:
         e7:bc:f7:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAVYVjJb9gbKfWKz5SrGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYThlYTNhMjI4OGE2YWY4ZjY0YTgzODMwMDJjNzQwODU1
NzlhMDcwHhcNMjQwMTAxMTIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWNhNWM2ZDUwNjhjOWJmYzMwOWIyYWIxNGU0NTYyYjQ5MmM1NzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLg4xoLCrbWb1RnHOWmaTlLmw6UI
3tvv0wqkWkdOVl75PM/hvU59/aBsP8AUyELW1FwNXW5EuVPIPUuknAS2SbZBDatM
wCKKQIu007c57iEpWQaSSzITBvWupldUTsau4LkyWaunKY0FKbffcojYpiwF8n49
r/s7SAOlE+dMe9F42QNrgTHFrJjrpDZjf+Q0IPht3tKB5uY2QfS6r0877PqJWYCZ
nsTLIw1Mz9HIkBUdrW3LGpn040bU3wd0DsMczLArfIh+TEqlHHHENJPEpxAliYzc
2XJN5V0bURNFXC5K6XGVXgGB1hIT15FpB7h0XI0p5LXzrChsAQo5IUZyQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHrKXG1QaMm/wwmyqxTkVitJLFdZMB8GA1UdIwQY
MBaAFBuo6joiiKavj2SoODACx0CFV5oHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZqcU9pS0lwcS1QWktnNE1BTEhRSVZYbWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9jMGIyODMtODhiOS00M2NkLWIwOGYt
YThlYTQzMjUzZWQ1LzEvZXNwY2JWQm95Yl9EQ2JLckZPUldLMGtzVjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9jMGIyODMtODhiOS00M2NkLWIwOGYtYThlYTQzMjUzZWQ1
LzEvRzZqcU9pS0lwcS1QWktnNE1BTEhRSVZYbWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXNIMA0E
AgACMAcDBQAqAZZHMA0GCSqGSIb3DQEBCwUAA4IBAQAqj38ZfaX8AV7WHimrioHz
ID/JWwUtPBl5lIbUq6Jn7prJlcg/vGWiipHwqSSSS11uomO4CxGV7vXQ6pdEh04b
5mitNOTcO2CPYzkO3Uu9fknqpTp1s2LLb3pLDkp4REl86QFJ/SR3mkzd0G+yKkPL
pdvzaiwtmxUG2d8Cw1rclrvfJW8gF1nTSLTdQwyWbGn9+IyCQZrUeqBkwhFET8cJ
gNSZzTlDCov6SEve9w/62mt3Wqq5du7LMmdDpXCtvdI7y7np0iBn//u53Ji7v4xG
iDrQcDhn86aKW6QncB8t5/zYrzDMc3P0UjPEsJEFROk5/CxVWnaiDim7kUXnvPcJ
-----END CERTIFICATE-----