Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/u7aISHEwyP4Yh9sfrubu0iNyYKA.roa
File:                     u7aISHEwyP4Yh9sfrubu0iNyYKA.roa (raw, json)
Hash identifier:          esTaYvPKs9wWW2L374jH9YELaZ2dKB2ln0dHpoDjrKQ=
Subject key identifier:   BB:B6:88:48:71:30:C8:FE:18:87:DB:1F:AE:E6:EE:D2:23:72:60:A0
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B698BDCCAC92BA00DCFD5EC5D4B2C
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/u7aISHEwyP4Yh9sfrubu0iNyYKA.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213363
IP address blocks:        185.114.226.0/24 maxlen: 32
                          185.166.236.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:69:8b:dc:ca:c9:2b:a0:0d:cf:d5:ec:5d:4b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbb688487130c8fe1887db1faee6eed2237260a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:89:c1:fe:95:20:5d:f9:41:ce:76:9f:0a:08:
                    c7:ac:51:8b:55:18:8f:34:f6:cc:11:9c:5e:27:b1:
                    f7:63:45:8c:72:39:b2:fb:fb:16:2e:96:5d:c4:bc:
                    1d:bd:47:d5:70:0e:d7:04:ff:00:bc:b5:e0:b2:16:
                    ab:65:dc:58:0b:ad:e6:8d:66:f2:34:05:a7:e3:d9:
                    19:9b:39:53:a3:77:aa:28:dc:69:70:f5:68:cb:5a:
                    db:d4:fc:e0:1e:d8:92:9b:a5:ef:21:b2:ec:09:77:
                    ed:6b:ca:53:1e:95:69:d4:2e:f6:35:7d:29:25:8c:
                    68:f8:2d:e7:21:25:46:0f:35:13:e1:19:bf:3d:83:
                    92:f5:0a:5d:7d:26:b1:e1:9d:17:7b:da:da:66:09:
                    69:c8:73:33:d2:df:85:6b:90:5f:07:f4:3a:ff:55:
                    47:aa:64:52:26:c8:9a:ad:0b:11:6f:d9:7f:d1:a6:
                    d0:b0:fc:50:64:33:d4:f9:70:ac:41:e5:46:94:af:
                    f6:a1:e5:d9:4a:fc:e2:d6:88:71:84:e5:e2:f8:72:
                    50:23:f5:75:a0:74:79:6e:75:91:8f:37:da:4a:82:
                    83:79:b7:be:15:be:d9:67:63:3f:44:3a:b8:e1:a7:
                    50:98:7e:2c:23:0d:10:16:0c:45:b5:cc:f4:7c:db:
                    1a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B6:88:48:71:30:C8:FE:18:87:DB:1F:AE:E6:EE:D2:23:72:60:A0
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/u7aISHEwyP4Yh9sfrubu0iNyYKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.226.0/24
                  185.166.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:2c:73:87:a7:02:07:61:fc:49:70:d8:4a:ea:a6:de:f3:1a:
         35:6e:c9:8b:00:a6:7d:28:7d:f6:06:a3:b1:c1:d8:3a:13:51:
         35:94:3e:5c:45:9c:3a:7b:47:56:fb:14:7d:e0:20:42:9b:90:
         23:e3:19:18:b4:7e:e0:48:da:6b:68:e6:55:59:4f:3a:91:4c:
         2f:24:1b:a8:41:ce:ea:4e:99:a1:b5:39:ef:02:be:12:fe:80:
         4f:b4:5c:bf:c0:d0:d4:2c:5e:89:72:f9:21:c2:ab:86:ca:d1:
         1e:0d:60:7b:d5:e4:88:0d:c9:90:d0:c4:4a:b9:98:64:97:c7:
         bb:3f:ad:bc:f0:d0:ed:f8:03:e1:5e:76:fb:2a:8a:66:53:56:
         ea:2c:9b:93:22:84:df:2e:f3:bd:88:c2:85:79:92:8e:c2:bb:
         11:8b:c4:54:99:eb:98:75:bd:e1:70:18:fc:ea:a1:3a:d3:eb:
         f5:36:b3:81:b8:7f:5c:81:6b:7e:34:fe:66:88:98:a7:d4:74:
         94:e7:72:0f:10:24:5d:26:84:48:f7:06:b9:18:65:2f:48:32:
         a8:bb:c7:ba:d5:04:e0:08:4f:6b:d0:4e:71:b9:3a:9a:ac:8d:
         95:e6:d8:86:60:dc:cb:14:fd:3a:23:3c:60:fc:4a:32:1a:86:
         8b:c0:10:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK2mL3MrJK6ANz9XsXUssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI2ODg0ODcxMzBjOGZlMTg4N2RiMWZhZWU2ZWVkMjIzNzI2MGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwInB/pUgXflBznafCgjHrFGLVRiP
NPbMEZxeJ7H3Y0WMcjmy+/sWLpZdxLwdvUfVcA7XBP8AvLXgsharZdxYC63mjWby
NAWn49kZmzlTo3eqKNxpcPVoy1rb1PzgHtiSm6XvIbLsCXfta8pTHpVp1C72NX0p
JYxo+C3nISVGDzUT4Rm/PYOS9QpdfSax4Z0Xe9raZglpyHMz0t+Fa5BfB/Q6/1VH
qmRSJsiarQsRb9l/0abQsPxQZDPU+XCsQeVGlK/2oeXZSvzi1ohxhOXi+HJQI/V1
oHR5bnWRjzfaSoKDebe+Fb7ZZ2M/RDq44adQmH4sIw0QFgxFtcz0fNsarwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLu2iEhxMMj+GIfbH67m7tIjcmCgMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvdTdhSVNIRXd5UDRZaDlzZnJ1YnUwaU55WUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXLiAwQA
uabsMA0GCSqGSIb3DQEBCwUAA4IBAQCrLHOHpwIHYfxJcNhK6qbe8xo1bsmLAKZ9
KH32BqOxwdg6E1E1lD5cRZw6e0dW+xR94CBCm5Aj4xkYtH7gSNpraOZVWU86kUwv
JBuoQc7qTpmhtTnvAr4S/oBPtFy/wNDULF6JcvkhwquGytEeDWB71eSIDcmQ0MRK
uZhkl8e7P6288NDt+APhXnb7KopmU1bqLJuTIoTfLvO9iMKFeZKOwrsRi8RUmeuY
db3hcBj86qE60+v1NrOBuH9cgWt+NP5miJin1HSU53IPECRdJoRI9wa5GGUvSDKo
u8e61QTgCE9r0E5xuTqarI2V5tiGYNzLFP06Izxg/EoyGoaLwBAV
-----END CERTIFICATE-----