Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/sEuAnwuvVOL67xpacV1g6ypXi3o.roa
File:                     sEuAnwuvVOL67xpacV1g6ypXi3o.roa (raw, json)
Hash identifier:          VltiiNScmHOEe7T9wjFCm8loW8cig0tHIvNMjDqJ9xY=
Subject key identifier:   B0:4B:80:9F:0B:AF:54:E2:FA:EF:1A:5A:71:5D:60:EB:2A:57:8B:7A
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B6693172396C2E5D78E0AC0112289
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/sEuAnwuvVOL67xpacV1g6ypXi3o.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210405
IP address blocks:        185.223.164.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:66:93:17:23:96:c2:e5:d7:8e:0a:c0:11:22:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b04b809f0baf54e2faef1a5a715d60eb2a578b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fd:e3:f6:20:9c:cd:03:e4:18:53:17:ed:e3:
                    6e:82:f8:5b:77:d7:e9:50:d5:2c:2e:6b:55:16:23:
                    49:da:c2:08:e4:06:8c:c6:e5:f0:57:28:73:e1:00:
                    47:cf:40:02:ad:73:43:35:d0:6f:2e:5d:60:25:14:
                    67:be:b0:4d:77:dc:c9:f0:96:a0:3c:67:6c:23:df:
                    9e:51:c5:d6:30:1d:d2:2c:b1:d7:32:40:8e:41:38:
                    71:13:3f:81:a9:37:f8:0a:5d:f9:6f:8a:c2:8b:d6:
                    5b:05:47:21:bc:14:ba:2b:42:75:c9:b5:43:d7:ab:
                    70:3f:e3:88:da:a6:ed:87:7c:a1:29:29:b5:93:12:
                    60:10:2d:96:0c:b8:a4:27:73:35:d4:41:a9:0c:f2:
                    d3:3d:bf:77:2f:df:30:8a:df:7d:8a:f4:14:f9:1f:
                    71:54:b6:ce:40:4f:92:20:d8:2d:da:dd:1e:a5:ae:
                    4f:28:b8:85:5d:61:f2:fd:c0:45:0e:ec:0e:8d:b1:
                    1e:b6:73:17:f0:ca:0d:2a:26:ab:e1:5e:79:80:92:
                    08:41:fc:2c:4f:58:65:a9:eb:35:b9:0e:93:c3:17:
                    5c:7e:4d:43:31:54:ec:d1:da:27:c6:8d:63:c8:65:
                    5c:28:4a:2f:c7:22:77:a5:42:43:07:46:71:de:ff:
                    0f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:4B:80:9F:0B:AF:54:E2:FA:EF:1A:5A:71:5D:60:EB:2A:57:8B:7A
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/sEuAnwuvVOL67xpacV1g6ypXi3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:1c:c8:59:92:2b:fd:a2:3a:70:8e:53:d8:a9:a3:3d:d7:03:
         92:4f:44:be:d5:29:0b:46:e5:86:e0:d3:76:3c:9c:2a:e8:46:
         1b:ec:b7:6a:29:46:e7:03:aa:4c:a0:c0:c6:ee:43:6d:85:8e:
         fa:58:c9:73:b2:37:35:4a:85:64:a7:00:d0:a2:de:66:a0:90:
         f3:08:08:51:b1:24:62:c3:f3:ef:bf:4c:5e:10:47:4f:e5:be:
         e4:68:30:c9:5c:17:21:9c:0f:4b:04:28:73:53:11:93:0e:42:
         fb:94:33:9e:4c:f1:3e:d2:40:32:4e:b1:96:4b:53:13:e5:74:
         d4:9c:a9:34:6b:26:30:96:84:19:c0:e1:65:50:8f:2f:06:49:
         ac:a4:68:fc:62:c5:5e:a9:5a:c1:1a:b8:8d:0f:6e:9c:55:d6:
         43:72:69:65:7b:0f:bc:23:ba:88:9e:71:f5:5f:7e:20:27:7a:
         e4:f2:6b:ef:b8:35:fb:ce:dc:9b:f5:1d:49:28:b9:9a:fa:17:
         da:9e:06:9c:7c:04:b1:93:ad:25:13:43:65:c3:16:f5:1e:61:
         85:0e:89:f9:13:e3:f9:99:8b:27:e3:be:fd:5f:0a:1d:81:36:
         72:d2:51:15:bb:1a:c9:75:1e:77:99:bb:4f:33:a7:9d:48:c9:
         31:da:77:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2aTFyOWwuXXjgrAESKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDRiODA5ZjBiYWY1NGUyZmFlZjFhNWE3MTVkNjBlYjJhNTc4YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/3j9iCczQPkGFMX7eNugvhbd9fp
UNUsLmtVFiNJ2sII5AaMxuXwVyhz4QBHz0ACrXNDNdBvLl1gJRRnvrBNd9zJ8Jag
PGdsI9+eUcXWMB3SLLHXMkCOQThxEz+BqTf4Cl35b4rCi9ZbBUchvBS6K0J1ybVD
16twP+OI2qbth3yhKSm1kxJgEC2WDLikJ3M11EGpDPLTPb93L98wit99ivQU+R9x
VLbOQE+SINgt2t0epa5PKLiFXWHy/cBFDuwOjbEetnMX8MoNKiar4V55gJIIQfws
T1hlqes1uQ6Twxdcfk1DMVTs0donxo1jyGVcKEovxyJ3pUJDB0Zx3v8PYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBLgJ8Lr1Ti+u8aWnFdYOsqV4t6MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvc0V1QW53dXZWT0w2N3hwYWNWMWc2eXBYaTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+kMA0G
CSqGSIb3DQEBCwUAA4IBAQCWHMhZkiv9ojpwjlPYqaM91wOST0S+1SkLRuWG4NN2
PJwq6EYb7LdqKUbnA6pMoMDG7kNthY76WMlzsjc1SoVkpwDQot5moJDzCAhRsSRi
w/Pvv0xeEEdP5b7kaDDJXBchnA9LBChzUxGTDkL7lDOeTPE+0kAyTrGWS1MT5XTU
nKk0ayYwloQZwOFlUI8vBkmspGj8YsVeqVrBGriND26cVdZDcmllew+8I7qInnH1
X34gJ3rk8mvvuDX7ztyb9R1JKLma+hfangacfASxk60lE0Nlwxb1HmGFDon5E+P5
mYsn4779XwodgTZy0lEVuxrJdR53mbtPM6edSMkx2nf4
-----END CERTIFICATE-----