Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/5mwY5bVf9jsXec1e8QF-QmhVGi8.roa
File:                     5mwY5bVf9jsXec1e8QF-QmhVGi8.roa (raw, json)
Hash identifier:          tNUsn27to4ihAImB+Y03sLqLLgQCEI417lSGL+r9BHU=
Subject key identifier:   E6:6C:18:E5:B5:5F:F6:3B:17:79:CD:5E:F1:01:7E:42:68:55:1A:2F
Certificate issuer:       /CN=57711f20883a62bc06391ba7b2582ce72b3fe91c
Certificate serial:       018CC9BCA58EC116E9148B3603B4D14205D6
Authority key identifier: 57:71:1F:20:88:3A:62:BC:06:39:1B:A7:B2:58:2C:E7:2B:3F:E9:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3EfIIg6YrwGORunslgs5ys_6Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/5mwY5bVf9jsXec1e8QF-QmhVGi8.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        185.210.20.0/22 maxlen: 22
                          2a09:dd40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/V3EfIIg6YrwGORunslgs5ys_6Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/V3EfIIg6YrwGORunslgs5ys_6Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3EfIIg6YrwGORunslgs5ys_6Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a5:8e:c1:16:e9:14:8b:36:03:b4:d1:42:05:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57711f20883a62bc06391ba7b2582ce72b3fe91c
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e66c18e5b55ff63b1779cd5ef1017e4268551a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:15:15:19:48:89:2a:35:e3:83:26:34:d4:f1:
                    25:23:8f:3e:c6:18:42:f0:da:b1:a2:1e:40:81:f2:
                    b8:df:c1:e7:b8:1a:78:ae:26:18:eb:8b:07:f9:a8:
                    fe:af:75:59:64:6f:b5:1f:19:10:1e:d0:d0:16:f0:
                    42:6d:8d:ca:d8:66:e9:9d:52:a7:92:ce:c5:83:88:
                    b6:b8:3c:70:6a:68:27:2a:b8:f4:d9:07:aa:49:e0:
                    f3:cd:8a:d7:de:67:0e:f0:a2:26:eb:2f:2c:6f:61:
                    2a:6e:ea:1b:ab:a1:42:bb:13:a6:b4:5c:56:c0:b7:
                    50:8e:9b:4e:7e:ce:3b:1c:f9:b5:34:03:88:65:48:
                    cd:c4:a3:39:a3:4c:81:32:a2:da:1b:d1:5f:b7:0d:
                    63:bb:70:2b:90:ad:3e:e2:13:a7:4b:30:0f:16:f0:
                    c2:70:9d:75:14:1a:b3:9d:c1:46:60:c3:08:fc:3e:
                    05:0f:06:a7:03:f7:bd:e1:30:ab:d3:e3:b3:09:7d:
                    5a:b5:1c:b0:fb:7c:28:b9:98:c4:cd:0f:1e:ac:93:
                    b5:5c:48:70:95:fb:9f:a5:ca:8b:5b:be:36:5e:54:
                    14:f0:b1:c4:06:b1:89:4b:89:7d:d8:6b:09:b6:13:
                    37:0e:58:6a:02:43:1e:69:75:1a:d4:e2:d6:2c:f9:
                    b6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:6C:18:E5:B5:5F:F6:3B:17:79:CD:5E:F1:01:7E:42:68:55:1A:2F
            X509v3 Authority Key Identifier:
                keyid:57:71:1F:20:88:3A:62:BC:06:39:1B:A7:B2:58:2C:E7:2B:3F:E9:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3EfIIg6YrwGORunslgs5ys_6Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/5mwY5bVf9jsXec1e8QF-QmhVGi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/V3EfIIg6YrwGORunslgs5ys_6Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.20.0/22
                IPv6:
                  2a09:dd40::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:85:0b:c6:61:84:ce:53:4e:a2:1b:54:b5:8e:f4:e7:e4:f3:
         5c:52:6b:52:05:d7:f6:0d:d9:e2:fa:f2:e6:cd:2e:c3:39:c3:
         bb:a9:32:ba:5f:0c:9e:eb:88:94:a1:91:c7:63:53:74:14:f5:
         c6:71:6c:dd:e0:43:96:3e:c5:4c:4f:84:a3:6c:82:86:c9:8b:
         4b:ed:3a:f2:e6:a3:fb:93:df:87:4f:06:98:60:83:21:2f:ac:
         27:43:81:9d:1c:d9:49:de:4b:2c:a8:11:6e:14:4d:49:85:fe:
         29:f9:d4:46:97:66:b6:bc:67:8a:02:31:89:cd:df:b3:d3:e6:
         89:3b:63:33:eb:99:f3:48:a9:5e:30:c6:f8:a6:d0:4c:82:a9:
         47:74:08:0a:c5:1d:72:f3:76:b3:75:9e:1e:14:83:ce:41:de:
         51:14:78:59:6e:16:5d:22:60:71:0f:35:a4:aa:c2:83:34:a0:
         a6:0c:75:32:6f:ba:be:5f:48:ad:29:74:bd:4c:9d:f5:84:0c:
         a1:3b:d5:69:8f:21:3f:8d:31:f7:df:c6:ef:cf:97:be:ce:78:
         38:98:39:50:d7:fa:1d:bb:1c:69:51:6e:98:7c:a6:6a:f6:81:
         43:3a:a9:31:bd:93:16:db:41:a1:32:04:44:1c:89:63:35:9f:
         86:40:8d:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvKWOwRbpFIs2A7TRQgXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzExZjIwODgzYTYyYmMwNjM5MWJhN2IyNTgyY2U3MmIz
ZmU5MWMwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjZjMThlNWI1NWZmNjNiMTc3OWNkNWVmMTAxN2U0MjY4NTUxYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxUVGUiJKjXjgyY01PElI48+xhhC
8Nqxoh5AgfK438HnuBp4riYY64sH+aj+r3VZZG+1HxkQHtDQFvBCbY3K2GbpnVKn
ks7Fg4i2uDxwamgnKrj02QeqSeDzzYrX3mcO8KIm6y8sb2Eqbuobq6FCuxOmtFxW
wLdQjptOfs47HPm1NAOIZUjNxKM5o0yBMqLaG9Fftw1ju3ArkK0+4hOnSzAPFvDC
cJ11FBqzncFGYMMI/D4FDwanA/e94TCr0+OzCX1atRyw+3wouZjEzQ8erJO1XEhw
lfufpcqLW742XlQU8LHEBrGJS4l92GsJthM3DlhqAkMeaXUa1OLWLPm2DQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOZsGOW1X/Y7F3nNXvEBfkJoVRovMB8GA1UdIwQY
MBaAFFdxHyCIOmK8Bjkbp7JYLOcrP+kcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNFZklJZzZZcndHT1J1bnNsZ3M1eXNfNlJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kMmIwYWEtMjYzNi00ZWVjLWExZTMt
NzE0ZDE5NThiNzdiLzEvNW13WTViVmY5anNYZWMxZThRRi1RbWhWR2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kMmIwYWEtMjYzNi00ZWVjLWExZTMtNzE0ZDE5NThiNzdi
LzEvVjNFZklJZzZZcndHT1J1bnNsZ3M1eXNfNlJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudIUMA0E
AgACMAcDBQAqCd1AMA0GCSqGSIb3DQEBCwUAA4IBAQCUhQvGYYTOU06iG1S1jvTn
5PNcUmtSBdf2Ddni+vLmzS7DOcO7qTK6Xwye64iUoZHHY1N0FPXGcWzd4EOWPsVM
T4SjbIKGyYtL7Try5qP7k9+HTwaYYIMhL6wnQ4GdHNlJ3kssqBFuFE1Jhf4p+dRG
l2a2vGeKAjGJzd+z0+aJO2Mz65nzSKleMMb4ptBMgqlHdAgKxR1y83azdZ4eFIPO
Qd5RFHhZbhZdImBxDzWkqsKDNKCmDHUyb7q+X0itKXS9TJ31hAyhO9VpjyE/jTH3
38bvz5e+zng4mDlQ1/oduxxpUW6YfKZq9oFDOqkxvZMW20GhMgREHIljNZ+GQI13
-----END CERTIFICATE-----