Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/0tqGOQLd3qSjXZ49KGNLFRmEOSk.roa
File:                     0tqGOQLd3qSjXZ49KGNLFRmEOSk.roa (raw, json)
Hash identifier:          SmZVSy2rStS80vBCBm2Y4v2ekVrPYhpo2YTbGxkhHKs=
Subject key identifier:   D2:DA:86:39:02:DD:DE:A4:A3:5D:9E:3D:28:63:4B:15:19:84:39:29
Certificate issuer:       /CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
Certificate serial:       018D0CC431B53CDB89A4224D02FC1FD2E468
Authority key identifier: CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/0tqGOQLd3qSjXZ49KGNLFRmEOSk.roa
Signing time:             Mon 15 Jan 2024 10:56:40 +0000
ROA not before:           Mon 15 Jan 2024 10:56:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215836
IP address blocks:        185.71.156.0/24 maxlen: 24
                          2a02:250:fffe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:c4:31:b5:3c:db:89:a4:22:4d:02:fc:1f:d2:e4:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
        Validity
            Not Before: Jan 15 10:56:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2da863902dddea4a35d9e3d28634b1519843929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:df:7e:4e:dc:d1:c2:78:d1:6e:d5:da:a8:d6:
                    b4:9b:f0:4d:93:a1:7e:95:09:bd:36:1f:d2:01:50:
                    36:78:4a:02:de:0d:81:b4:6d:91:3a:b3:bf:b2:f6:
                    ca:70:71:ba:27:e4:de:26:a7:01:67:57:65:29:3b:
                    2a:5c:80:e6:8f:c4:50:63:42:ef:29:e4:0c:74:92:
                    4e:c2:46:e1:09:71:8d:6e:c4:b1:ee:29:42:e3:06:
                    2c:b5:90:ce:c9:73:30:d0:db:bf:1b:37:fb:c7:0b:
                    88:b1:db:aa:4f:0f:de:5c:15:f1:ae:2e:cb:76:26:
                    2a:51:5d:c0:f8:f7:3b:45:af:bf:77:c3:e6:36:9a:
                    5b:f9:b8:8e:04:22:25:e5:ad:3f:d9:39:47:d4:55:
                    60:7c:5e:15:5c:ac:ac:6f:3e:8b:67:e7:be:c0:f9:
                    df:30:6a:17:c7:21:aa:52:29:17:6e:f2:c9:af:db:
                    50:f0:b5:8a:b0:fa:a5:65:ba:9d:91:e7:12:2d:dd:
                    47:28:19:bb:c3:64:35:98:14:1c:30:72:36:97:09:
                    f7:44:d6:ea:24:02:15:68:02:df:d6:e4:2e:20:d9:
                    dc:c0:59:51:52:95:7e:de:22:78:57:8c:37:57:6f:
                    65:b5:29:2a:20:3a:14:22:89:e1:a9:5e:93:bf:49:
                    9f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DA:86:39:02:DD:DE:A4:A3:5D:9E:3D:28:63:4B:15:19:84:39:29
            X509v3 Authority Key Identifier:
                keyid:CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/0tqGOQLd3qSjXZ49KGNLFRmEOSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.156.0/24
                IPv6:
                  2a02:250:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:d3:1f:85:ef:61:a2:53:33:6a:ad:b7:81:8a:f6:a5:2e:f0:
         cb:02:ae:83:6d:00:3a:38:d2:8d:29:a9:84:77:02:0b:77:63:
         21:8a:21:bc:22:c7:03:c9:a9:da:73:1d:a1:ac:d0:ba:da:a3:
         a5:89:da:57:6d:62:da:38:bb:14:14:c6:43:9d:09:6d:49:fa:
         b7:54:b5:f7:04:61:74:ed:22:9d:1d:a3:a0:4b:0a:01:b9:07:
         ca:58:66:34:8e:d0:c2:6d:2d:d7:b0:3b:b8:f5:a7:1b:ae:d5:
         74:54:16:25:bd:18:13:1d:93:34:ea:b4:0e:38:2c:55:42:44:
         f9:bd:8e:bd:87:1e:c3:96:7c:ce:c5:00:ea:97:58:e8:1b:11:
         1c:01:d8:99:36:75:2b:91:c2:65:7d:6a:4b:5d:6f:d2:f0:a2:
         30:0d:f2:e0:b9:c3:93:3e:c2:89:76:82:1d:e1:24:8d:a7:c3:
         88:5d:29:51:e4:74:00:21:cd:2c:2b:4a:dc:38:f0:56:12:c2:
         3d:30:d1:57:98:23:10:43:42:75:fc:93:98:7d:d7:42:19:b5:
         4b:af:e5:fd:ef:61:5e:f1:f2:e4:47:cb:ca:80:c6:d2:54:2a:
         ea:6e:4d:72:b7:bd:30:58:69:10:28:54:41:8c:fc:93:5a:44:
         58:7f:99:e3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY0MxDG1PNuJpCJNAvwf0uRoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjVlZTIzYmZmNDJjY2Y2NzlkNzM3N2ZlNGRhNjk1ZDM0
MWFlZjAwHhcNMjQwMTE1MTA1NjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRhODYzOTAyZGRkZWE0YTM1ZDllM2QyODYzNGIxNTE5ODQzOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjN9+TtzRwnjRbtXaqNa0m/BNk6F+
lQm9Nh/SAVA2eEoC3g2BtG2ROrO/svbKcHG6J+TeJqcBZ1dlKTsqXIDmj8RQY0Lv
KeQMdJJOwkbhCXGNbsSx7ilC4wYstZDOyXMw0Nu/Gzf7xwuIsduqTw/eXBXxri7L
diYqUV3A+Pc7Ra+/d8PmNppb+biOBCIl5a0/2TlH1FVgfF4VXKysbz6LZ+e+wPnf
MGoXxyGqUikXbvLJr9tQ8LWKsPqlZbqdkecSLd1HKBm7w2Q1mBQcMHI2lwn3RNbq
JAIVaALf1uQuINncwFlRUpV+3iJ4V4w3V29ltSkqIDoUIonhqV6Tv0mfuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNLahjkC3d6ko12ePShjSxUZhDkpMB8GA1UdIwQY
MBaAFM1l7iO/9CzPZ51zd/5NppXTQa7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQt
NWRjMmZhNmEzNTAzLzEvMHRxR09RTGQzcVNqWFo0OUtHTkxGUm1FT1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQtNWRjMmZhNmEzNTAz
LzEveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuUecMA8E
AgACMAkDBwAqAgJQ//4wDQYJKoZIhvcNAQELBQADggEBAKfTH4XvYaJTM2qtt4GK
9qUu8MsCroNtADo40o0pqYR3Agt3YyGKIbwixwPJqdpzHaGs0Lrao6WJ2ldtYto4
uxQUxkOdCW1J+rdUtfcEYXTtIp0do6BLCgG5B8pYZjSO0MJtLdewO7j1pxuu1XRU
FiW9GBMdkzTqtA44LFVCRPm9jr2HHsOWfM7FAOqXWOgbERwB2Jk2dSuRwmV9aktd
b9LwojAN8uC5w5M+wol2gh3hJI2nw4hdKVHkdAAhzSwrStw48FYSwj0w0VeYIxBD
QnX8k5h910IZtUuv5f3vYV7x8uRHy8qAxtJUKupuTXK3vTBYaRAoVEGM/JNaRFh/
meM=
-----END CERTIFICATE-----