Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/5iKBaL9vIDO32uPFmhRpUojfEd4.roa
File:                     5iKBaL9vIDO32uPFmhRpUojfEd4.roa (raw, json)
Hash identifier:          +WgvpiMgJxIbXFfIZdaWurS6dbON6K5A7r7Z/SmtP2Q=
Subject key identifier:   E6:22:81:68:BF:6F:20:33:B7:DA:E3:C5:9A:14:69:52:88:DF:11:DE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029E586F3AE87671528700B3E7CC93
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/5iKBaL9vIDO32uPFmhRpUojfEd4.roa
Signing time:             Tue 02 Jan 2024 02:31:03 +0000
ROA not before:           Tue 02 Jan 2024 02:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395839
IP address blocks:        185.209.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9e:58:6f:3a:e8:76:71:52:87:00:b3:e7:cc:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6228168bf6f2033b7dae3c59a14695288df11de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ce:2b:a9:d4:39:8f:21:b7:2d:e2:0a:74:0c:
                    d0:40:ff:d1:1a:5a:f8:6d:28:22:72:49:d1:40:51:
                    cd:37:4b:24:5d:be:a1:a2:39:f5:d5:2f:52:13:50:
                    6d:54:40:61:0f:97:bd:a4:35:c9:df:46:1a:27:9a:
                    fd:0a:1f:34:8e:0a:ef:e3:8e:af:f8:ba:f8:c9:05:
                    55:10:e4:a3:f2:e7:89:e1:a9:07:ae:ce:3e:ae:f3:
                    0e:6d:8d:80:1d:25:a3:0f:93:6b:8c:63:da:24:3c:
                    05:33:1f:88:ca:fd:24:f7:0e:d0:c0:86:fe:59:3d:
                    c2:94:af:a1:0c:d1:8b:c4:61:84:76:34:23:5f:c1:
                    17:ac:d4:32:af:82:ad:1a:a8:bc:5a:0b:c6:02:9f:
                    81:fd:b1:03:0d:1d:4f:f6:9c:0f:66:4e:f1:61:7d:
                    80:b0:36:4f:3d:5b:a1:e3:fe:99:aa:02:b8:d9:8b:
                    f0:c8:d6:18:e4:82:f7:4b:cd:8b:3d:d7:df:a4:fe:
                    35:db:eb:07:f7:09:7d:69:b2:7f:64:06:19:7f:68:
                    c1:6d:9a:06:64:5d:8f:40:8a:6a:92:73:2a:72:0e:
                    a3:75:b0:a8:40:cf:f9:56:42:c6:29:84:1f:44:90:
                    2d:e1:a9:98:b9:f7:5e:f7:70:d9:a0:aa:b6:c4:0a:
                    dc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:22:81:68:BF:6F:20:33:B7:DA:E3:C5:9A:14:69:52:88:DF:11:DE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/5iKBaL9vIDO32uPFmhRpUojfEd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:99:f2:11:ea:82:c3:9f:fe:36:e5:4a:19:9e:05:f6:cf:d3:
         11:97:fd:ed:d8:e9:f5:5d:00:76:a5:81:86:c2:a0:40:1c:12:
         89:6d:3d:9f:d0:29:8d:a6:5b:85:73:59:f0:fa:62:81:b2:ae:
         bd:7d:d7:5f:2a:4b:92:05:aa:ad:30:f1:9f:8a:e4:50:da:3b:
         72:82:89:fd:dd:74:ce:b6:b8:a2:22:2c:da:c9:17:3c:7f:69:
         2f:2c:3a:29:30:0d:31:c0:15:af:7b:3b:a8:ba:a2:9d:92:59:
         43:17:ba:60:32:f2:d7:f6:8d:2a:08:06:44:e8:e4:d0:31:a6:
         74:0d:f7:68:52:13:20:4a:f2:a0:56:33:8d:64:77:3e:4b:3e:
         13:12:17:35:ed:87:ee:32:11:7a:54:f4:7e:fc:38:33:11:d5:
         e2:c2:74:91:29:2a:f4:41:cb:38:c4:49:8a:35:0a:4e:9c:f0:
         82:12:c7:33:e1:6a:39:1a:e4:fe:1f:50:ee:b9:a0:df:72:fc:
         19:49:a9:c1:e4:09:9d:6f:39:c6:bb:fe:4d:81:4d:77:3b:80:
         66:29:d9:6e:22:63:45:51:d2:9f:ed:6c:48:4d:05:cb:0d:26:
         cf:46:cb:1f:8f:93:45:7c:d0:da:92:17:04:94:f6:de:80:0c:
         49:c7:fc:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAp5YbzrodnFShwCz58yTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjIyODE2OGJmNmYyMDMzYjdkYWUzYzU5YTE0Njk1Mjg4ZGYxMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis4rqdQ5jyG3LeIKdAzQQP/RGlr4
bSgicknRQFHNN0skXb6hojn11S9SE1BtVEBhD5e9pDXJ30YaJ5r9Ch80jgrv446v
+Lr4yQVVEOSj8ueJ4akHrs4+rvMObY2AHSWjD5NrjGPaJDwFMx+Iyv0k9w7QwIb+
WT3ClK+hDNGLxGGEdjQjX8EXrNQyr4KtGqi8WgvGAp+B/bEDDR1P9pwPZk7xYX2A
sDZPPVuh4/6ZqgK42YvwyNYY5IL3S82LPdffpP412+sH9wl9abJ/ZAYZf2jBbZoG
ZF2PQIpqknMqcg6jdbCoQM/5VkLGKYQfRJAt4amYufde93DZoKq2xArcwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYigWi/byAzt9rjxZoUaVKI3xHeMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNWlLQmFMOXZJRE8zMnVQRm1oUnBVb2pmRWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudEmMA0G
CSqGSIb3DQEBCwUAA4IBAQAcmfIR6oLDn/425UoZngX2z9MRl/3t2On1XQB2pYGG
wqBAHBKJbT2f0CmNpluFc1nw+mKBsq69fddfKkuSBaqtMPGfiuRQ2jtygon93XTO
triiIizayRc8f2kvLDopMA0xwBWvezuouqKdkllDF7pgMvLX9o0qCAZE6OTQMaZ0
DfdoUhMgSvKgVjONZHc+Sz4TEhc17YfuMhF6VPR+/DgzEdXiwnSRKSr0Qcs4xEmK
NQpOnPCCEscz4Wo5GuT+H1DuuaDfcvwZSanB5AmdbznGu/5NgU13O4BmKdluImNF
UdKf7WxITQXLDSbPRssfj5NFfNDakhcElPbegAxJx/xT
-----END CERTIFICATE-----