Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/iNVxfYhANa5830uv5yIcuuNIQOo.roa
File:                     iNVxfYhANa5830uv5yIcuuNIQOo.roa (raw, json)
Hash identifier:          ck5ooL8Ec0Hn7v75e54Lt5NxGZyiuNHiChuolnTw1nI=
Subject key identifier:   88:D5:71:7D:88:40:35:AE:7C:DF:4B:AF:E7:22:1C:BA:E3:48:40:EA
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD311C4E2B982A68BC2BB67760CF7
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/iNVxfYhANa5830uv5yIcuuNIQOo.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206208
IP address blocks:        185.158.52.0/22 maxlen: 24
                          95.178.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 00:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d3:11:c4:e2:b9:82:a6:8b:c2:bb:67:76:0c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88d5717d884035ae7cdf4bafe7221cbae34840ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d9:60:90:2b:60:8c:c9:11:af:8c:da:ef:fb:
                    04:b2:0c:14:8f:05:01:da:ee:4d:b1:e6:73:9a:ad:
                    ba:a5:86:4e:ae:27:ae:62:f4:a2:bd:1f:da:d1:bc:
                    24:22:56:87:8f:fc:52:c3:9a:b8:0b:e0:4b:23:8f:
                    71:bc:04:1d:92:c7:66:ca:63:d7:a4:37:22:18:b8:
                    24:a9:43:dc:a9:a4:97:62:38:46:c2:35:74:80:59:
                    ed:84:f8:19:22:92:e9:bc:71:c5:5f:3e:ab:a1:8b:
                    15:fe:d4:a4:9e:45:61:c2:7f:7b:da:a1:63:6b:2c:
                    cb:7f:7a:d4:fb:d0:f5:e0:fd:f1:ff:5f:d4:f9:cf:
                    43:f4:26:82:05:85:6e:11:81:f7:c5:5f:a2:82:e7:
                    e8:76:dd:13:00:b8:ac:2c:3f:79:96:ce:17:d2:0e:
                    fa:d8:a0:bc:1f:0f:09:3c:fd:dc:26:22:4b:ed:69:
                    db:97:8c:ea:06:60:f3:3f:fb:c5:fa:4a:36:dd:c3:
                    51:e0:00:03:50:49:ed:8b:db:90:b4:7d:a0:8b:7a:
                    1c:d5:15:88:55:0b:6e:79:45:9f:ed:eb:7d:e9:b5:
                    dd:6a:21:bd:c3:b2:67:8d:0f:16:6b:c4:d1:00:36:
                    39:10:3b:98:0e:60:15:6b:0d:a0:17:f0:08:56:4b:
                    bc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D5:71:7D:88:40:35:AE:7C:DF:4B:AF:E7:22:1C:BA:E3:48:40:EA
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/iNVxfYhANa5830uv5yIcuuNIQOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.178.39.0/24
                  185.158.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b9:03:b6:5a:61:1c:24:b3:6c:c1:e3:ec:b1:75:81:a7:e8:b4:
         14:a0:98:0d:0e:02:59:0e:ed:cb:f6:64:4f:da:b5:f2:c1:86:
         ef:53:a1:64:89:1a:52:52:fc:b0:fc:fc:70:e6:1e:9d:e5:da:
         56:ec:9c:41:7f:25:7d:a8:70:81:00:ae:36:f2:c8:39:ab:41:
         ec:e8:7f:7c:9c:e7:93:f8:5d:df:32:ac:1f:be:b7:2f:8a:f7:
         62:8a:54:30:92:12:3b:04:0d:4c:92:db:e9:c7:d6:b8:96:cc:
         c1:ee:4a:6d:c9:e7:0c:5a:63:2c:46:02:82:50:dc:81:e0:bc:
         ca:2a:69:2d:6f:cb:57:36:11:38:8b:6f:98:bf:7c:da:09:a4:
         d8:1a:40:84:bd:d1:31:a4:ff:c2:a6:a9:88:33:31:ff:94:da:
         0b:40:1a:9d:64:f1:5c:6d:ff:16:b3:0f:ac:b7:7b:a2:55:c6:
         00:84:0b:17:a1:22:1a:fa:c4:c8:91:4d:eb:cd:75:f0:d3:15:
         e4:b0:de:35:83:3d:a7:a1:d5:fa:fb:32:a6:a5:7e:c9:0a:c9:
         f8:60:3e:23:8a:1f:61:4a:04:36:9b:46:71:a3:c7:31:e4:9a:
         d2:85:3d:3a:dd:42:f0:05:da:58:9f:d1:58:8c:d6:be:2d:07:
         3f:34:2f:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tMRxOK5gqaLwrtndgz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ1NzE3ZDg4NDAzNWFlN2NkZjRiYWZlNzIyMWNiYWUzNDg0MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNlgkCtgjMkRr4za7/sEsgwUjwUB
2u5NseZzmq26pYZOrieuYvSivR/a0bwkIlaHj/xSw5q4C+BLI49xvAQdksdmymPX
pDciGLgkqUPcqaSXYjhGwjV0gFnthPgZIpLpvHHFXz6roYsV/tSknkVhwn972qFj
ayzLf3rU+9D14P3x/1/U+c9D9CaCBYVuEYH3xV+igufodt0TALisLD95ls4X0g76
2KC8Hw8JPP3cJiJL7Wnbl4zqBmDzP/vF+ko23cNR4AADUEnti9uQtH2gi3oc1RWI
VQtueUWf7et96bXdaiG9w7JnjQ8Wa8TRADY5EDuYDmAVaw2gF/AIVku8pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIjVcX2IQDWufN9Lr+ciHLrjSEDqMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvaU5WeGZZaEFOYTU4MzB1djV5SWN1dU5JUU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX7InAwQC
uZ40MA0GCSqGSIb3DQEBCwUAA4IBAQC5A7ZaYRwks2zB4+yxdYGn6LQUoJgNDgJZ
Du3L9mRP2rXywYbvU6FkiRpSUvyw/Pxw5h6d5dpW7JxBfyV9qHCBAK428sg5q0Hs
6H98nOeT+F3fMqwfvrcvivdiilQwkhI7BA1Mktvpx9a4lszB7kptyecMWmMsRgKC
UNyB4LzKKmktb8tXNhE4i2+Yv3zaCaTYGkCEvdExpP/CpqmIMzH/lNoLQBqdZPFc
bf8Wsw+st3uiVcYAhAsXoSIa+sTIkU3rzXXw0xXksN41gz2nodX6+zKmpX7JCsn4
YD4jih9hSgQ2m0Zxo8cx5JrShT063ULwBdpYn9FYjNa+LQc/NC+8
-----END CERTIFICATE-----