Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/b265H0ZVNCPRVdDXryUTQvaqAPM.roa
File:                     b265H0ZVNCPRVdDXryUTQvaqAPM.roa (raw, json)
Hash identifier:          mrRPDt8OsdqKyRBimvrP4q6+bca+aUhXi8D2rArm5eM=
Subject key identifier:   6F:6E:B9:1F:46:55:34:23:D1:55:D0:D7:AF:25:13:42:F6:AA:00:F3
Certificate issuer:       /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial:       018CC6B8C3AF35FEE94265410BCD62F0F48D
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/b265H0ZVNCPRVdDXryUTQvaqAPM.roa
Signing time:             Mon 01 Jan 2024 20:30:46 +0000
ROA not before:           Mon 01 Jan 2024 20:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        185.207.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c3:af:35:fe:e9:42:65:41:0b:cd:62:f0:f4:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
        Validity
            Not Before: Jan  1 20:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f6eb91f46553423d155d0d7af251342f6aa00f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ad:15:41:c7:35:14:03:11:b4:eb:ac:4c:38:
                    ad:6e:bc:63:8b:03:ac:3e:9e:72:1a:ef:93:e0:c6:
                    c1:5e:02:f6:7b:2c:e8:34:d4:64:8d:70:7a:5b:ed:
                    0a:6f:bc:0c:5e:35:12:fb:d1:ce:12:b5:69:b9:d6:
                    5c:e5:c9:85:b8:45:35:18:eb:35:e9:c5:4a:56:02:
                    e2:56:6c:a3:ea:5b:1e:9d:15:19:9d:dd:18:45:3c:
                    69:90:17:4f:ea:b9:5b:77:9e:71:6a:2b:ee:ac:78:
                    f9:1b:f4:e9:7e:c7:9f:75:0d:8b:bc:6d:08:a2:76:
                    f0:79:2f:2f:d4:74:cf:93:e1:19:11:8e:39:5e:7a:
                    a4:03:8e:cc:6a:33:61:dc:fe:d9:d1:eb:cc:6e:41:
                    5d:58:ac:ed:98:28:ad:19:99:d1:dd:4f:51:2e:75:
                    00:e8:44:da:f9:65:38:a1:1f:cc:a4:65:c6:26:c6:
                    9d:ae:58:0a:2b:be:32:99:a5:80:ad:a9:59:e9:9c:
                    eb:4d:8b:bc:c5:cd:cf:17:67:de:f7:37:c3:75:9a:
                    fd:49:a7:50:1d:18:eb:a3:1a:36:50:80:3a:03:40:
                    0a:c8:fe:33:ba:5a:14:a3:df:26:d2:2b:34:ed:f8:
                    31:07:1d:9c:d3:fd:cc:8e:cf:e8:92:36:98:25:62:
                    78:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6E:B9:1F:46:55:34:23:D1:55:D0:D7:AF:25:13:42:F6:AA:00:F3
            X509v3 Authority Key Identifier:
                keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/b265H0ZVNCPRVdDXryUTQvaqAPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:68:af:d3:34:f6:67:31:af:29:3e:55:f0:31:4f:f3:b9:85:
         a1:7b:30:46:00:d7:64:ba:41:e4:fb:7b:3c:0a:82:88:05:9d:
         81:7c:bc:93:6c:f7:36:1b:4b:8e:b6:18:85:3f:50:b0:32:c3:
         c6:94:5a:69:82:b3:ba:d8:6e:b3:16:67:df:d9:1a:d2:a6:a4:
         60:98:10:7d:c7:6f:bd:79:26:ce:52:76:71:1a:88:f0:84:5c:
         0e:55:a0:b2:e0:a5:e7:38:9e:0c:a8:9c:10:04:8c:19:c7:c8:
         e3:81:90:c4:51:7f:58:50:d2:36:5e:e4:40:51:56:e4:86:34:
         da:8c:f7:ef:89:eb:1a:f4:dc:03:5c:0e:04:fc:1f:e4:4e:65:
         05:b8:55:92:94:1d:54:57:ec:2b:b8:98:d7:df:2a:89:f6:f9:
         15:23:80:d6:61:0c:3e:d5:69:1e:f4:b1:56:2d:4a:e8:7d:c3:
         27:ee:be:d7:10:37:2b:9d:4d:ab:81:24:54:9d:6b:66:d6:50:
         4c:05:cc:20:74:7b:ad:83:d2:b6:01:bf:59:66:4c:43:db:81:
         ef:ef:e1:98:a5:49:af:26:7f:de:8b:e5:0b:53:79:ae:48:f6:
         82:fd:6b:f5:64:f7:a4:93:79:fd:17:3f:14:39:39:b6:e6:72:
         d4:d1:15:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuMOvNf7pQmVBC81i8PSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjQwMTAxMjAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZlYjkxZjQ2NTUzNDIzZDE1NWQwZDdhZjI1MTM0MmY2YWEwMGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK0VQcc1FAMRtOusTDitbrxjiwOs
Pp5yGu+T4MbBXgL2eyzoNNRkjXB6W+0Kb7wMXjUS+9HOErVpudZc5cmFuEU1GOs1
6cVKVgLiVmyj6lsenRUZnd0YRTxpkBdP6rlbd55xaivurHj5G/TpfsefdQ2LvG0I
onbweS8v1HTPk+EZEY45XnqkA47MajNh3P7Z0evMbkFdWKztmCitGZnR3U9RLnUA
6ETa+WU4oR/MpGXGJsadrlgKK74ymaWAralZ6ZzrTYu8xc3PF2fe9zfDdZr9SadQ
HRjroxo2UIA6A0AKyP4zuloUo98m0is07fgxBx2c0/3Mjs/okjaYJWJ4sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9uuR9GVTQj0VXQ168lE0L2qgDzMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEvYjI2NUgwWlZOQ1BSVmREWHJ5VVRRdmFxQVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc+kMA0G
CSqGSIb3DQEBCwUAA4IBAQA/aK/TNPZnMa8pPlXwMU/zuYWhezBGANdkukHk+3s8
CoKIBZ2BfLyTbPc2G0uOthiFP1CwMsPGlFppgrO62G6zFmff2RrSpqRgmBB9x2+9
eSbOUnZxGojwhFwOVaCy4KXnOJ4MqJwQBIwZx8jjgZDEUX9YUNI2XuRAUVbkhjTa
jPfviesa9NwDXA4E/B/kTmUFuFWSlB1UV+wruJjX3yqJ9vkVI4DWYQw+1Wke9LFW
LUrofcMn7r7XEDcrnU2rgSRUnWtm1lBMBcwgdHutg9K2Ab9ZZkxD24Hv7+GYpUmv
Jn/ei+ULU3muSPaC/Wv1ZPekk3n9Fz8UOTm25nLU0RVa
-----END CERTIFICATE-----