Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/b1pg9sI6thJ37A762QaE_okcX2k.roa
File:                     b1pg9sI6thJ37A762QaE_okcX2k.roa (raw, json)
Hash identifier:          yX6l+lN0MBlx0/bUJRFuE2FTDRzfoA60hEnPLL/+jIQ=
Subject key identifier:   6F:5A:60:F6:C2:3A:B6:12:77:EC:0E:FA:D9:06:84:FE:89:1C:5F:69
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018F4E293F1338E0DB0D8319269E43E1C32B
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/b1pg9sI6thJ37A762QaE_okcX2k.roa
Signing time:             Mon 06 May 2024 13:47:57 +0000
ROA not before:           Mon 06 May 2024 13:47:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208229
IP address blocks:        185.228.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:29:3f:13:38:e0:db:0d:83:19:26:9e:43:e1:c3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: May  6 13:47:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f5a60f6c23ab61277ec0efad90684fe891c5f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:23:e0:ff:08:03:66:f2:32:29:40:6f:41:80:
                    42:06:2a:e9:16:17:ab:87:12:0f:3a:84:3e:cd:ed:
                    7d:7d:bb:35:b7:ad:34:37:ad:dd:13:83:b6:84:e1:
                    ac:c6:ef:16:3d:4f:e8:2f:2f:33:b0:07:38:0b:b5:
                    17:12:10:9f:5c:5c:19:c3:a0:c3:99:21:7f:9b:f7:
                    ce:bf:71:1e:7a:33:8f:31:2c:1f:0d:b6:96:e9:80:
                    84:47:64:14:76:aa:16:c4:3b:f9:8f:54:74:24:9e:
                    15:95:1c:18:9b:15:10:89:ce:1f:c1:39:a2:ef:68:
                    2e:14:a6:a4:bc:4e:c5:c0:c3:cb:0b:24:e4:4b:95:
                    cc:38:8b:98:c7:89:ba:34:e8:89:e8:ce:04:79:25:
                    27:7d:5e:07:11:0e:88:9f:6a:0c:d7:ef:bf:1e:e3:
                    17:8d:fe:47:68:51:52:fd:1b:84:63:61:e7:86:dc:
                    07:e6:db:a4:5e:9e:1e:1f:67:c8:45:f4:ea:4e:12:
                    94:75:d6:92:d5:88:29:ac:60:bc:c1:40:7a:c4:d5:
                    2f:e6:da:3b:78:90:75:a4:1b:98:7e:0b:99:84:34:
                    8f:f9:53:3b:c3:84:5c:ff:c2:52:eb:3c:be:48:4a:
                    96:e5:83:58:f2:13:58:9d:d1:58:71:86:8a:d7:0f:
                    94:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:5A:60:F6:C2:3A:B6:12:77:EC:0E:FA:D9:06:84:FE:89:1C:5F:69
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/b1pg9sI6thJ37A762QaE_okcX2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:b8:af:1e:d7:ef:a9:e3:f2:ca:90:bd:65:36:34:e1:6d:1d:
         bf:7f:a2:e3:5d:7f:59:56:42:b5:6a:1a:b8:52:27:eb:7b:6e:
         01:d6:d8:e0:d5:b7:62:d8:0f:b3:b7:a2:c1:66:80:7d:03:93:
         fc:dc:fd:c9:61:1c:0b:5c:75:64:e1:c6:c7:22:99:f7:f8:2d:
         91:8a:86:ad:f4:dd:bb:f2:a6:8a:aa:00:ba:3e:6a:d1:34:37:
         09:37:a5:ac:c9:0b:7c:7a:69:73:ce:26:f9:5e:6d:9b:d2:19:
         03:01:f7:58:e4:51:af:3e:51:1f:ac:fd:06:69:d8:6c:d9:73:
         b0:53:29:d2:bd:c4:37:e4:a7:d6:7c:4b:57:74:22:17:3a:50:
         7b:54:db:bd:09:30:73:73:c7:1a:9f:27:ec:b1:d5:95:c0:4d:
         9c:b7:24:d9:26:05:67:b8:d7:21:ed:dc:10:b3:14:17:4e:16:
         10:e0:68:49:f9:ad:1d:02:dc:2e:ec:c6:3d:4d:28:18:1c:89:
         fe:c1:80:d1:46:bb:10:6f:7c:89:45:14:68:7c:cc:00:b6:a5:
         19:2c:26:ec:6b:a5:a3:15:8b:19:7f:1f:c0:79:cc:74:0f:d0:
         78:76:67:bc:3d:60:cc:a1:fc:66:06:32:ad:99:92:84:83:48:
         57:f8:cc:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9OKT8TOODbDYMZJp5D4cMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwNTA2MTM0NzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjVhNjBmNmMyM2FiNjEyNzdlYzBlZmFkOTA2ODRmZTg5MWM1ZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiPg/wgDZvIyKUBvQYBCBirpFher
hxIPOoQ+ze19fbs1t600N63dE4O2hOGsxu8WPU/oLy8zsAc4C7UXEhCfXFwZw6DD
mSF/m/fOv3EeejOPMSwfDbaW6YCER2QUdqoWxDv5j1R0JJ4VlRwYmxUQic4fwTmi
72guFKakvE7FwMPLCyTkS5XMOIuYx4m6NOiJ6M4EeSUnfV4HEQ6In2oM1++/HuMX
jf5HaFFS/RuEY2HnhtwH5tukXp4eH2fIRfTqThKUddaS1YgprGC8wUB6xNUv5to7
eJB1pBuYfguZhDSP+VM7w4Rc/8JS6zy+SEqW5YNY8hNYndFYcYaK1w+UqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9aYPbCOrYSd+wO+tkGhP6JHF9pMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvYjFwZzlzSTZ0aEozN0E3NjJRYUVfb2tjWDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBTuK8e1++p4/LKkL1lNjThbR2/f6LjXX9ZVkK1ahq4
Uifre24B1tjg1bdi2A+zt6LBZoB9A5P83P3JYRwLXHVk4cbHIpn3+C2Rioat9N27
8qaKqgC6PmrRNDcJN6WsyQt8emlzzib5Xm2b0hkDAfdY5FGvPlEfrP0Gadhs2XOw
UynSvcQ35KfWfEtXdCIXOlB7VNu9CTBzc8canyfssdWVwE2ctyTZJgVnuNch7dwQ
sxQXThYQ4GhJ+a0dAtwu7MY9TSgYHIn+wYDRRrsQb3yJRRRofMwAtqUZLCbsa6Wj
FYsZfx/Aecx0D9B4dme8PWDMofxmBjKtmZKEg0hX+Mya
-----END CERTIFICATE-----