Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/zM8O5WnEpFRBGRSwJUBuHSweYf4.roa
File:                     zM8O5WnEpFRBGRSwJUBuHSweYf4.roa (raw, json)
Hash identifier:          1pdH6h7ZMXpeHMmKV4Kx+CccHi8u3oK0iwhU+dFOStE=
Subject key identifier:   CC:CF:0E:E5:69:C4:A4:54:41:19:14:B0:25:40:6E:1D:2C:1E:61:FE
Certificate issuer:       /CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
Certificate serial:       018CC348BEFFBC91FB27CE6E6C8364D3C332
Authority key identifier: 4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/zM8O5WnEpFRBGRSwJUBuHSweYf4.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60130
IP address blocks:        185.56.184.0/22 maxlen: 24
                          2a02:5560::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:be:ff:bc:91:fb:27:ce:6e:6c:83:64:d3:c3:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cccf0ee569c4a454411914b025406e1d2c1e61fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:66:0c:56:3b:e2:e4:ff:79:10:d2:a5:d2:9e:
                    43:48:0e:52:76:dc:70:62:91:0f:61:d5:35:79:56:
                    bd:3e:01:14:55:f9:00:eb:b0:14:8c:c6:2b:0a:9d:
                    94:75:37:86:6d:1d:f7:b1:a4:f9:b5:ec:e1:17:7c:
                    04:96:43:03:05:5e:d4:34:98:fd:aa:40:5c:86:2b:
                    18:ef:09:54:51:d2:b8:0d:da:e1:f6:fe:ba:a9:b3:
                    8e:9b:c6:df:aa:02:d0:a9:ca:39:a1:96:00:bd:61:
                    8f:0f:d4:f0:a3:77:60:64:bd:ea:cc:64:bd:80:1f:
                    02:77:7a:82:9c:84:d3:fa:e5:2a:ed:f7:95:68:34:
                    38:5f:06:16:b7:15:a7:bd:b5:3d:af:fd:a4:b4:a6:
                    2f:cb:0a:0f:7e:94:04:18:3c:84:ae:b7:d4:c4:da:
                    c5:06:d1:58:c1:4d:b8:78:15:09:71:5b:5f:a0:21:
                    bb:46:8e:bd:92:89:c0:dc:aa:03:2f:40:6e:be:de:
                    86:b8:10:0c:7d:87:b9:bc:db:44:1f:98:06:51:48:
                    3d:9f:26:15:fd:38:96:04:db:68:1f:4a:6d:fa:a0:
                    01:e6:37:48:72:1f:34:91:08:ed:77:5c:fc:5d:2b:
                    7a:87:af:c9:fa:ba:94:3a:93:86:2d:4b:e4:e3:58:
                    a5:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:CF:0E:E5:69:C4:A4:54:41:19:14:B0:25:40:6E:1D:2C:1E:61:FE
            X509v3 Authority Key Identifier:
                keyid:4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/zM8O5WnEpFRBGRSwJUBuHSweYf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.184.0/22
                IPv6:
                  2a02:5560::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:4f:ef:4a:ad:2a:aa:a6:49:30:14:e0:26:96:31:d5:b7:5d:
         a3:0d:7c:c1:4e:b3:6c:50:ab:e6:43:29:e6:d0:ac:8b:70:d5:
         6a:fc:ee:bb:25:5c:65:37:6e:a2:f2:c3:83:74:7d:d0:87:7f:
         3d:7b:d8:bd:a3:61:76:07:55:a5:24:5d:24:f7:c7:6d:2b:10:
         84:b5:56:c8:fe:8c:0f:d8:fb:1e:a6:32:d9:53:db:63:34:99:
         78:13:b4:b0:85:af:86:34:5f:59:8e:b9:3d:d2:68:1c:5b:7f:
         79:4d:e3:ca:55:1a:08:e6:49:22:49:6d:7c:ef:0a:73:9e:50:
         4f:ad:fb:4e:22:aa:ba:70:09:f6:77:48:c2:0a:f5:a7:f6:c6:
         56:33:88:61:4f:48:42:06:d1:0d:bf:9c:f6:f5:31:01:a6:25:
         17:2d:55:bb:73:4b:0f:cb:ea:88:90:a0:49:f3:2f:1f:f1:bc:
         16:2a:0e:df:73:a6:8f:77:2e:c1:e4:26:61:02:1d:f8:8d:dd:
         5c:c4:ea:7d:8a:c6:69:68:b5:c7:e9:0e:b7:e2:14:5f:12:11:
         c0:63:ec:f7:42:a2:8e:47:c2:e6:f1:29:91:bc:8e:bd:2f:c4:
         50:fc:bc:6a:a0:7c:af:3b:9d:38:70:cd:88:a1:05:a3:20:c7:
         82:44:a7:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSL7/vJH7J85ubINk08MyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGFkZTU0YzI3ZTZmY2RkYWNlMjYyYzRmZGY3OTBmMzIw
ZmVkOWMwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2NmMGVlNTY5YzRhNDU0NDExOTE0YjAyNTQwNmUxZDJjMWU2MWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmYMVjvi5P95ENKl0p5DSA5Sdtxw
YpEPYdU1eVa9PgEUVfkA67AUjMYrCp2UdTeGbR33saT5tezhF3wElkMDBV7UNJj9
qkBchisY7wlUUdK4Ddrh9v66qbOOm8bfqgLQqco5oZYAvWGPD9Two3dgZL3qzGS9
gB8Cd3qCnITT+uUq7feVaDQ4XwYWtxWnvbU9r/2ktKYvywoPfpQEGDyErrfUxNrF
BtFYwU24eBUJcVtfoCG7Ro69konA3KoDL0Buvt6GuBAMfYe5vNtEH5gGUUg9nyYV
/TiWBNtoH0pt+qAB5jdIch80kQjtd1z8XSt6h6/J+rqUOpOGLUvk41ilYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMzPDuVpxKRUQRkUsCVAbh0sHmH+MB8GA1UdIwQY
MBaAFE0K3lTCfm/N2s4mLE/feQ8yD+2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2It
ODkyOTZjY2IzNWY1LzEvek04TzVXbkVwRlJCR1JTd0pVQnVIU3dlWWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2ItODkyOTZjY2IzNWY1
LzEvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTi4MA0E
AgACMAcDBQAqAlVgMA0GCSqGSIb3DQEBCwUAA4IBAQBtT+9KrSqqpkkwFOAmljHV
t12jDXzBTrNsUKvmQynm0KyLcNVq/O67JVxlN26i8sODdH3Qh389e9i9o2F2B1Wl
JF0k98dtKxCEtVbI/owP2PsepjLZU9tjNJl4E7Swha+GNF9Zjrk90mgcW395TePK
VRoI5kkiSW187wpznlBPrftOIqq6cAn2d0jCCvWn9sZWM4hhT0hCBtENv5z29TEB
piUXLVW7c0sPy+qIkKBJ8y8f8bwWKg7fc6aPdy7B5CZhAh34jd1cxOp9isZpaLXH
6Q634hRfEhHAY+z3QqKOR8Lm8SmRvI69L8RQ/LxqoHyvO504cM2IoQWjIMeCRKf1
-----END CERTIFICATE-----