Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/3f6929-ed0f-482d-9bf4-fdd0756065ce/1/b5UWF-EwFqQsdErBiXgdxhDsFKs.roa
File:                     b5UWF-EwFqQsdErBiXgdxhDsFKs.roa (raw, json)
Hash identifier:          ReWWMj6iE1AoNaOokluB7W7FZdCrFDh+WU3eoi4nUvY=
Subject key identifier:   6F:95:16:17:E1:30:16:A4:2C:74:4A:C1:89:78:1D:C6:10:EC:14:AB
Certificate issuer:       /CN=a5c65d3f8c4eecb461143bda67b1a85c1d7ab57a
Certificate serial:       018CD8EDF06AD43D0BCFA8D6EFA946FCB2F3
Authority key identifier: A5:C6:5D:3F:8C:4E:EC:B4:61:14:3B:DA:67:B1:A8:5C:1D:7A:B5:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcZdP4xO7LRhFDvaZ7GoXB16tXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/3f6929-ed0f-482d-9bf4-fdd0756065ce/1/b5UWF-EwFqQsdErBiXgdxhDsFKs.roa
Signing time:             Fri 05 Jan 2024 09:22:01 +0000
ROA not before:           Fri 05 Jan 2024 09:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61099
IP address blocks:        185.216.12.0/24 maxlen: 24
                          2a10:d740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/3f6929-ed0f-482d-9bf4-fdd0756065ce/1/pcZdP4xO7LRhFDvaZ7GoXB16tXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/3f6929-ed0f-482d-9bf4-fdd0756065ce/1/pcZdP4xO7LRhFDvaZ7GoXB16tXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcZdP4xO7LRhFDvaZ7GoXB16tXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d8:ed:f0:6a:d4:3d:0b:cf:a8:d6:ef:a9:46:fc:b2:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c65d3f8c4eecb461143bda67b1a85c1d7ab57a
        Validity
            Not Before: Jan  5 09:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f951617e13016a42c744ac189781dc610ec14ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:df:9d:cd:c5:d4:03:65:06:23:84:1e:0f:84:
                    2a:05:ae:df:39:a2:b2:89:e2:76:cc:4a:e1:a9:92:
                    b1:cf:b8:85:fa:fd:07:29:6b:9b:3e:13:b7:1d:ac:
                    a4:02:03:8c:4f:cc:b4:24:71:c7:5e:bd:93:7b:f8:
                    ac:40:e6:3f:33:2a:79:9b:44:3a:02:46:90:8f:95:
                    eb:94:93:4d:fb:de:02:80:ce:63:62:b7:36:a4:6f:
                    e8:c2:60:1c:12:5b:bd:fb:d6:e0:57:fb:07:88:d7:
                    d3:44:c0:f5:c8:66:a1:4c:7e:37:1e:5b:3c:96:68:
                    45:7b:64:a9:25:de:6a:97:50:17:1e:d6:3f:00:12:
                    2f:49:8e:f0:bf:ab:bb:ca:75:1b:c9:9c:a9:59:21:
                    8f:09:c8:49:e8:4a:38:02:0b:0a:14:af:d7:26:b6:
                    1b:ac:12:52:a3:b2:f9:68:a2:1d:ad:52:9d:71:9b:
                    ae:d7:1f:d6:d0:fe:0a:09:d1:0f:1f:6d:0b:78:b2:
                    4c:9b:dd:26:e0:03:d4:27:7f:82:1b:f6:4d:09:3c:
                    5d:c7:10:63:2a:e5:0e:56:9d:f4:05:6b:34:8a:10:
                    a9:c7:ea:14:d9:a5:db:f4:7d:17:b1:1b:ef:7a:e8:
                    6d:ff:3d:33:36:7d:3d:21:8d:75:55:32:5e:93:13:
                    d3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:95:16:17:E1:30:16:A4:2C:74:4A:C1:89:78:1D:C6:10:EC:14:AB
            X509v3 Authority Key Identifier:
                keyid:A5:C6:5D:3F:8C:4E:EC:B4:61:14:3B:DA:67:B1:A8:5C:1D:7A:B5:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcZdP4xO7LRhFDvaZ7GoXB16tXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/3f6929-ed0f-482d-9bf4-fdd0756065ce/1/b5UWF-EwFqQsdErBiXgdxhDsFKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/3f6929-ed0f-482d-9bf4-fdd0756065ce/1/pcZdP4xO7LRhFDvaZ7GoXB16tXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.12.0/24
                IPv6:
                  2a10:d740::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:d2:ac:6a:06:67:1f:51:40:cc:40:7d:ee:f4:2c:97:19:0a:
         11:3d:81:91:7e:aa:2d:e0:f2:1e:a8:fe:f5:6d:ae:a8:5f:f0:
         f1:15:99:22:27:4e:6d:61:89:a6:35:cd:fb:c5:6e:5c:97:ad:
         f5:99:ec:7b:b5:c2:97:ad:49:94:c1:02:67:64:51:85:de:4f:
         fe:54:f2:8d:6f:72:34:2e:27:84:1d:ca:a4:e9:17:23:58:7c:
         cf:d4:8b:be:83:5f:99:18:21:23:bc:23:2f:4e:3b:48:d0:eb:
         34:c8:4c:17:5f:e5:bd:fd:e4:fa:4e:73:32:6f:e6:f9:84:97:
         c3:15:5d:89:c2:a3:e8:5a:08:cb:a6:97:9a:f5:1e:30:23:8a:
         46:0c:b9:9f:ba:04:b9:18:b2:6a:51:87:a6:f7:ba:4f:0c:cd:
         3f:a0:3f:84:22:9d:31:17:b6:a3:84:33:4f:6b:bf:78:4f:36:
         d0:2f:d4:16:07:e1:15:1f:8f:2c:e8:a6:88:d7:7a:2e:86:14:
         62:a8:96:7b:a4:ca:e1:25:5f:92:3e:21:2c:0c:57:c3:d6:6b:
         48:26:4c:03:36:1a:5d:48:a8:05:83:1d:17:cf:df:f3:e0:f0:
         f5:47:97:ba:3b:e8:35:e1:2a:27:ea:a7:28:9c:81:15:60:0a:
         8e:3d:44:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzY7fBq1D0Lz6jW76lG/LLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzY1ZDNmOGM0ZWVjYjQ2MTE0M2JkYTY3YjFhODVjMWQ3
YWI1N2EwHhcNMjQwMTA1MDkyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjk1MTYxN2UxMzAxNmE0MmM3NDRhYzE4OTc4MWRjNjEwZWMxNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt+dzcXUA2UGI4QeD4QqBa7fOaKy
ieJ2zErhqZKxz7iF+v0HKWubPhO3HaykAgOMT8y0JHHHXr2Te/isQOY/Myp5m0Q6
AkaQj5XrlJNN+94CgM5jYrc2pG/owmAcElu9+9bgV/sHiNfTRMD1yGahTH43Hls8
lmhFe2SpJd5ql1AXHtY/ABIvSY7wv6u7ynUbyZypWSGPCchJ6Eo4AgsKFK/XJrYb
rBJSo7L5aKIdrVKdcZuu1x/W0P4KCdEPH20LeLJMm90m4APUJ3+CG/ZNCTxdxxBj
KuUOVp30BWs0ihCpx+oU2aXb9H0XsRvveuht/z0zNn09IY11VTJekxPTFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG+VFhfhMBakLHRKwYl4HcYQ7BSrMB8GA1UdIwQY
MBaAFKXGXT+MTuy0YRQ72mexqFwderV6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNaZFA0eE83TFJoRkR2YVo3R29YQjE2dFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8zZjY5MjktZWQwZi00ODJkLTliZjQt
ZmRkMDc1NjA2NWNlLzEvYjVVV0YtRXdGcVFzZEVyQmlYZ2R4aERzRktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8zZjY5MjktZWQwZi00ODJkLTliZjQtZmRkMDc1NjA2NWNl
LzEvcGNaZFA0eE83TFJoRkR2YVo3R29YQjE2dFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudgMMA0E
AgACMAcDBQMqENdAMA0GCSqGSIb3DQEBCwUAA4IBAQCl0qxqBmcfUUDMQH3u9CyX
GQoRPYGRfqot4PIeqP71ba6oX/DxFZkiJ05tYYmmNc37xW5cl631mex7tcKXrUmU
wQJnZFGF3k/+VPKNb3I0LieEHcqk6RcjWHzP1Iu+g1+ZGCEjvCMvTjtI0Os0yEwX
X+W9/eT6TnMyb+b5hJfDFV2JwqPoWgjLppea9R4wI4pGDLmfugS5GLJqUYem97pP
DM0/oD+EIp0xF7ajhDNPa794TzbQL9QWB+EVH48s6KaI13ouhhRiqJZ7pMrhJV+S
PiEsDFfD1mtIJkwDNhpdSKgFgx0Xz9/z4PD1R5e6O+g14Son6qconIEVYAqOPUQD
-----END CERTIFICATE-----