Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/bO2ZdwM21enGaKwe_1iSEPBIIts.roa
File:                     bO2ZdwM21enGaKwe_1iSEPBIIts.roa (raw, json)
Hash identifier:          uBMm/tJP0uLUJeJM+1YEtRm4BQYL1PFKNrER1Hr5ksk=
Subject key identifier:   6C:ED:99:77:03:36:D5:E9:C6:68:AC:1E:FF:58:92:10:F0:48:22:DB
Certificate issuer:       /CN=be6c497ff4d4a8bb5a24bdd2051575b49a083c75
Certificate serial:       01942745C523CF5B894B3690D93BC0F3637D
Authority key identifier: BE:6C:49:7F:F4:D4:A8:BB:5A:24:BD:D2:05:15:75:B4:9A:08:3C:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/bO2ZdwM21enGaKwe_1iSEPBIIts.roa
Signing time:             Thu 02 Jan 2025 13:47:51 +0000
ROA not before:           Thu 02 Jan 2025 13:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        185.194.232.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 10:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:c5:23:cf:5b:89:4b:36:90:d9:3b:c0:f3:63:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be6c497ff4d4a8bb5a24bdd2051575b49a083c75
        Validity
            Not Before: Jan  2 13:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ced99770336d5e9c668ac1eff589210f04822db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:b6:78:b7:bd:8b:7d:d3:cc:11:57:8b:b0:
                    22:87:a7:27:9e:98:85:46:1e:96:ef:bd:af:3c:04:
                    ef:44:68:f7:9b:7f:b8:4f:a4:ac:a2:2f:ee:f9:01:
                    de:04:f8:f5:e4:be:bf:45:c2:f6:7e:32:9d:f3:b9:
                    56:f2:ca:ea:07:d2:ff:3e:d8:e5:e2:26:6c:fe:85:
                    5e:6a:eb:32:74:d9:c1:dc:ba:d1:13:7f:10:ee:0f:
                    64:a9:98:68:75:56:d8:7e:2c:80:f3:2a:42:bf:9a:
                    b5:da:9a:0c:bb:9b:c1:1a:94:e0:3a:33:81:86:4d:
                    ad:56:97:11:70:b4:08:a2:de:90:77:b1:69:07:9a:
                    15:de:46:93:0d:2e:8e:b6:ab:1c:94:74:87:c0:dd:
                    dd:f0:2e:d5:7a:9b:63:39:8d:1b:eb:46:3d:a9:fd:
                    7c:7c:65:55:ab:47:54:0d:c5:f8:d9:8a:59:81:2f:
                    99:d4:5f:9b:74:76:d8:46:e2:63:ad:bb:2d:e0:51:
                    74:e5:72:71:63:8f:3d:f6:a8:cd:42:e6:4d:01:65:
                    25:42:90:bd:fa:74:08:3c:0a:2c:29:87:42:56:c7:
                    33:98:9e:cf:82:f5:6b:86:1f:63:ba:7b:cf:5a:d5:
                    96:df:14:f0:a1:c1:3f:0c:5f:63:14:ae:80:32:dc:
                    44:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:ED:99:77:03:36:D5:E9:C6:68:AC:1E:FF:58:92:10:F0:48:22:DB
            X509v3 Authority Key Identifier:
                keyid:BE:6C:49:7F:F4:D4:A8:BB:5A:24:BD:D2:05:15:75:B4:9A:08:3C:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vmxJf_TUqLtaJL3SBRV1tJoIPHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/bO2ZdwM21enGaKwe_1iSEPBIIts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5db8eb-cccc-498a-81cb-65ae58a9bee8/1/vmxJf_TUqLtaJL3SBRV1tJoIPHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:8f:bf:54:fc:05:22:c8:fc:bf:ed:74:fd:51:1b:ff:0c:32:
         55:4d:6c:07:a7:e7:91:22:dd:0a:1c:3a:02:08:22:39:44:d0:
         ba:3d:ac:09:9a:f3:f5:59:d0:39:bb:ab:00:d5:77:fe:85:63:
         ec:a1:a5:45:a7:da:55:64:4e:d3:ce:cf:cf:3f:b6:6e:bb:22:
         fd:10:06:6f:21:1f:9a:b3:7d:14:3f:48:38:33:b8:82:d2:7d:
         dd:af:b8:90:01:ab:d3:3b:81:4f:93:e1:89:4b:61:ca:21:c9:
         d5:44:6d:29:4b:87:5f:f6:f3:13:35:71:ad:7e:21:d6:98:39:
         79:d8:da:ae:cc:e3:45:a8:25:11:14:ce:ea:b2:00:28:ea:69:
         ae:83:bb:d6:a7:60:dc:30:68:36:0c:21:0c:5a:08:1a:f6:8d:
         07:da:46:de:e4:74:23:f0:82:ec:ac:14:7d:9a:e2:68:d7:1e:
         28:2f:68:84:f0:32:9c:91:75:a0:8d:67:40:b3:e2:99:2e:0d:
         9d:05:0d:a4:4f:ad:ba:d9:98:8d:c2:83:fd:c1:12:2e:f6:6b:
         98:ec:04:6a:b6:17:0c:ff:a9:88:40:a2:38:92:ae:48:2f:8e:
         31:66:5b:f8:cb:b2:d8:e3:81:05:47:a4:e2:5f:35:ca:f3:d8:
         b5:75:82:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRcUjz1uJSzaQ2TvA82N9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNmM0OTdmZjRkNGE4YmI1YTI0YmRkMjA1MTU3NWI0OWEw
ODNjNzUwHhcNMjUwMTAyMTM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2VkOTk3NzAzMzZkNWU5YzY2OGFjMWVmZjU4OTIxMGYwNDgyMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmK2eLe9i33TzBFXi7Aih6cnnpiF
Rh6W772vPATvRGj3m3+4T6Ssoi/u+QHeBPj15L6/RcL2fjKd87lW8srqB9L/Ptjl
4iZs/oVeausydNnB3LrRE38Q7g9kqZhodVbYfiyA8ypCv5q12poMu5vBGpTgOjOB
hk2tVpcRcLQIot6Qd7FpB5oV3kaTDS6OtqsclHSHwN3d8C7VeptjOY0b60Y9qf18
fGVVq0dUDcX42YpZgS+Z1F+bdHbYRuJjrbst4FF05XJxY4899qjNQuZNAWUlQpC9
+nQIPAosKYdCVsczmJ7PgvVrhh9junvPWtWW3xTwocE/DF9jFK6AMtxEbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGztmXcDNtXpxmisHv9YkhDwSCLbMB8GA1UdIwQY
MBaAFL5sSX/01Ki7WiS90gUVdbSaCDx1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm14SmZfVFVxTHRhSkwzU0JSVjF0Sm9JUEhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81ZGI4ZWItY2NjYy00OThhLTgxY2It
NjVhZTU4YTliZWU4LzEvYk8yWmR3TTIxZW5HYUt3ZV8xaVNFUEJJSXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81ZGI4ZWItY2NjYy00OThhLTgxY2ItNjVhZTU4YTliZWU4
LzEvdm14SmZfVFVxTHRhSkwzU0JSVjF0Sm9JUEhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucLoMA0G
CSqGSIb3DQEBCwUAA4IBAQCsj79U/AUiyPy/7XT9URv/DDJVTWwHp+eRIt0KHDoC
CCI5RNC6PawJmvP1WdA5u6sA1Xf+hWPsoaVFp9pVZE7Tzs/PP7ZuuyL9EAZvIR+a
s30UP0g4M7iC0n3dr7iQAavTO4FPk+GJS2HKIcnVRG0pS4df9vMTNXGtfiHWmDl5
2NquzONFqCURFM7qsgAo6mmug7vWp2DcMGg2DCEMWgga9o0H2kbe5HQj8ILsrBR9
muJo1x4oL2iE8DKckXWgjWdAs+KZLg2dBQ2kT6262ZiNwoP9wRIu9muY7ARqthcM
/6mIQKI4kq5IL44xZlv4y7LY44EFR6TiXzXK89i1dYJ/
-----END CERTIFICATE-----