Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/458501-acab-42ed-8a6a-7bebbb70c050/1/klXM3DkdRnCi9p_j4cGDFzsFB70.roa
File:                     klXM3DkdRnCi9p_j4cGDFzsFB70.roa (raw, json)
Hash identifier:          eLSipvKdxW0lDPQGfLVk4QuD8CgikLgzCyl1VMgJr48=
Subject key identifier:   92:55:CC:DC:39:1D:46:70:A2:F6:9F:E3:E1:C1:83:17:3B:05:07:BD
Certificate issuer:       /CN=a8604356c7501ae2104b2cced3cedc5dbdc1163b
Certificate serial:       018CC500447FE6699A0118418022B46836AF
Authority key identifier: A8:60:43:56:C7:50:1A:E2:10:4B:2C:CE:D3:CE:DC:5D:BD:C1:16:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGBDVsdQGuIQSyzO087cXb3BFjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/458501-acab-42ed-8a6a-7bebbb70c050/1/klXM3DkdRnCi9p_j4cGDFzsFB70.roa
Signing time:             Mon 01 Jan 2024 12:29:38 +0000
ROA not before:           Mon 01 Jan 2024 12:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        185.94.32.0/22 maxlen: 22
                          185.68.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/458501-acab-42ed-8a6a-7bebbb70c050/1/qGBDVsdQGuIQSyzO087cXb3BFjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/458501-acab-42ed-8a6a-7bebbb70c050/1/qGBDVsdQGuIQSyzO087cXb3BFjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGBDVsdQGuIQSyzO087cXb3BFjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:44:7f:e6:69:9a:01:18:41:80:22:b4:68:36:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8604356c7501ae2104b2cced3cedc5dbdc1163b
        Validity
            Not Before: Jan  1 12:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9255ccdc391d4670a2f69fe3e1c183173b0507bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3e:51:87:7c:93:e2:11:59:5a:ad:ad:1b:88:
                    e9:06:ea:99:17:1b:1e:6f:0f:73:c1:1e:5f:97:13:
                    6e:07:69:83:9f:05:c4:bc:a1:ce:4c:31:bc:8a:8d:
                    be:aa:6e:7b:56:fd:67:04:06:60:cc:87:f9:d5:e9:
                    43:a3:cb:12:db:ee:d7:80:6f:05:66:ed:97:be:1f:
                    3e:ad:5f:37:5f:f1:63:df:65:8a:38:01:ef:c8:1e:
                    66:fe:76:ca:52:02:e9:5a:3f:d2:9c:0c:f7:33:9f:
                    bc:ba:96:fd:c7:eb:c5:e0:7a:c2:35:13:e3:bd:c7:
                    ec:7a:b4:77:91:65:ca:d7:bb:25:8a:d0:10:33:15:
                    ef:4b:07:ce:7e:84:c9:fc:bb:63:53:f6:7d:29:32:
                    73:d9:0c:16:0c:69:43:18:82:ae:34:71:17:6f:61:
                    2f:a9:58:36:24:b1:95:90:5a:1f:17:65:a7:f0:ab:
                    6c:37:1b:00:42:5b:d9:5f:d2:6d:d0:6b:a5:ed:46:
                    3d:5d:d5:ac:9f:27:66:fd:5f:99:c7:78:da:09:91:
                    85:ff:19:9b:f7:4d:90:cd:d6:e9:41:5d:8c:79:0b:
                    0d:1b:69:fc:0d:ee:a5:3f:e6:37:b9:7b:d8:23:4e:
                    92:62:30:2d:3c:f7:15:6f:d2:bb:70:76:ba:3d:d2:
                    62:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:55:CC:DC:39:1D:46:70:A2:F6:9F:E3:E1:C1:83:17:3B:05:07:BD
            X509v3 Authority Key Identifier:
                keyid:A8:60:43:56:C7:50:1A:E2:10:4B:2C:CE:D3:CE:DC:5D:BD:C1:16:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGBDVsdQGuIQSyzO087cXb3BFjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/458501-acab-42ed-8a6a-7bebbb70c050/1/klXM3DkdRnCi9p_j4cGDFzsFB70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/458501-acab-42ed-8a6a-7bebbb70c050/1/qGBDVsdQGuIQSyzO087cXb3BFjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.152.0/22
                  185.94.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:6d:5d:b9:f8:ff:e6:05:01:e6:39:58:9e:70:08:24:56:79:
         97:97:14:97:17:82:e2:c2:6d:4c:75:6a:7d:c3:00:80:7a:4b:
         da:f5:1c:89:2a:9d:ab:52:e2:17:2c:20:83:25:ab:8c:42:97:
         ef:7d:06:c7:6f:46:70:e1:c9:1f:bb:4a:81:08:56:ec:73:29:
         ec:8e:b6:1f:89:c1:7b:eb:ea:fe:f1:a7:41:42:aa:0c:ea:c6:
         89:9a:14:ce:b1:be:43:63:da:3a:ea:24:c5:99:7f:91:5d:1c:
         f3:88:dd:f3:c4:6f:c8:b7:f4:12:1b:54:76:af:a1:6e:70:36:
         e5:f8:eb:c3:af:c3:78:ad:a8:a1:8a:8d:7b:3e:bc:a2:c0:34:
         8f:04:ed:94:c7:ae:ef:52:4f:a9:d0:11:dd:67:a0:2d:48:5f:
         a7:c5:7a:49:7e:1a:ff:b6:a7:eb:49:43:1f:91:bb:b4:f4:e6:
         4d:a4:0a:4e:86:35:42:ae:c0:78:80:30:ed:f3:0a:3a:e8:09:
         57:ee:1f:a6:9e:a6:b4:ff:09:56:b9:e7:9b:68:3d:3e:57:2e:
         93:80:48:df:b4:02:bb:14:46:43:ee:9c:1d:4f:31:02:ac:c9:
         1c:2a:e0:d1:e3:ef:23:0c:c7:95:85:20:ef:19:68:4d:a6:50:
         2c:7c:c3:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAER/5mmaARhBgCK0aDavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjA0MzU2Yzc1MDFhZTIxMDRiMmNjZWQzY2VkYzVkYmRj
MTE2M2IwHhcNMjQwMTAxMTIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjU1Y2NkYzM5MWQ0NjcwYTJmNjlmZTNlMWMxODMxNzNiMDUwN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsz5Rh3yT4hFZWq2tG4jpBuqZFxse
bw9zwR5flxNuB2mDnwXEvKHOTDG8io2+qm57Vv1nBAZgzIf51elDo8sS2+7XgG8F
Zu2Xvh8+rV83X/Fj32WKOAHvyB5m/nbKUgLpWj/SnAz3M5+8upb9x+vF4HrCNRPj
vcfserR3kWXK17slitAQMxXvSwfOfoTJ/LtjU/Z9KTJz2QwWDGlDGIKuNHEXb2Ev
qVg2JLGVkFofF2Wn8KtsNxsAQlvZX9Jt0Gul7UY9XdWsnydm/V+Zx3jaCZGF/xmb
902QzdbpQV2MeQsNG2n8De6lP+Y3uXvYI06SYjAtPPcVb9K7cHa6PdJiSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJJVzNw5HUZwovaf4+HBgxc7BQe9MB8GA1UdIwQY
MBaAFKhgQ1bHUBriEEssztPO3F29wRY7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdCRFZzZFFHdUlRU3l6TzA4N2NYYjNCRmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80NTg1MDEtYWNhYi00MmVkLThhNmEt
N2JlYmJiNzBjMDUwLzEva2xYTTNEa2RSbkNpOXBfajRjR0RGenNGQjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80NTg1MDEtYWNhYi00MmVkLThhNmEtN2JlYmJiNzBjMDUw
LzEvcUdCRFZzZFFHdUlRU3l6TzA4N2NYYjNCRmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuUSYAwQC
uV4gMA0GCSqGSIb3DQEBCwUAA4IBAQB3bV25+P/mBQHmOViecAgkVnmXlxSXF4Li
wm1MdWp9wwCAekva9RyJKp2rUuIXLCCDJauMQpfvfQbHb0Zw4ckfu0qBCFbscyns
jrYficF76+r+8adBQqoM6saJmhTOsb5DY9o66iTFmX+RXRzziN3zxG/It/QSG1R2
r6FucDbl+OvDr8N4raihio17PryiwDSPBO2Ux67vUk+p0BHdZ6AtSF+nxXpJfhr/
tqfrSUMfkbu09OZNpApOhjVCrsB4gDDt8wo66AlX7h+mnqa0/wlWueebaD0+Vy6T
gEjftAK7FEZD7pwdTzECrMkcKuDR4+8jDMeVhSDvGWhNplAsfMMm
-----END CERTIFICATE-----