Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/cXwcb2ZKl96OrTPFWWge3hAWyfg.roa
File:                     cXwcb2ZKl96OrTPFWWge3hAWyfg.roa (raw, json)
Hash identifier:          TdnLtptQP/6Xx0PWWDZkit0pMTg8KtzNDmqFh7ltOno=
Subject key identifier:   71:7C:1C:6F:66:4A:97:DE:8E:AD:33:C5:59:68:1E:DE:10:16:C9:F8
Certificate issuer:       /CN=93f25b72758da58f0f3ec0f0727353ebd2b44774
Certificate serial:       018CC26D5EBB5C878068A24BA8A986CDAE74
Authority key identifier: 93:F2:5B:72:75:8D:A5:8F:0F:3E:C0:F0:72:73:53:EB:D2:B4:47:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k_JbcnWNpY8PPsDwcnNT69K0R3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/cXwcb2ZKl96OrTPFWWge3hAWyfg.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42487
IP address blocks:        185.230.8.0/22 maxlen: 22
                          2a0d:ee00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/k_JbcnWNpY8PPsDwcnNT69K0R3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/k_JbcnWNpY8PPsDwcnNT69K0R3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k_JbcnWNpY8PPsDwcnNT69K0R3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5e:bb:5c:87:80:68:a2:4b:a8:a9:86:cd:ae:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93f25b72758da58f0f3ec0f0727353ebd2b44774
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717c1c6f664a97de8ead33c559681ede1016c9f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:99:ae:5c:21:31:24:6b:86:ac:c7:97:a4:10:
                    9e:ee:a0:1b:e5:e1:cf:49:7d:54:ec:05:f4:d8:d2:
                    b2:a6:f5:d0:be:82:e8:70:29:12:e9:3c:60:d9:28:
                    55:6c:ad:00:2c:82:00:a9:a0:4a:7b:15:8e:ee:2a:
                    b9:2d:63:92:fd:a1:ac:c7:5f:b4:af:ef:73:c5:eb:
                    6a:ab:54:56:b1:44:33:28:93:4d:c0:5f:85:15:4d:
                    33:a8:33:88:b6:6f:d1:2f:10:a9:51:ad:8e:59:ba:
                    96:d5:30:a2:b0:e0:fb:0e:c1:9d:44:14:94:65:5c:
                    73:74:25:0a:4c:80:8c:16:47:e1:28:99:c9:a8:36:
                    eb:8b:89:fc:d2:22:75:0d:d8:85:19:85:45:9e:cd:
                    f0:9a:91:67:11:3c:ca:98:da:9f:6c:f6:d0:99:5d:
                    ee:c8:26:4e:b7:7e:cd:ed:ba:c0:0c:85:99:52:8a:
                    d6:29:d5:33:83:1f:5f:a3:1f:6e:48:c8:c2:41:50:
                    27:67:a1:88:89:28:23:d5:86:38:a8:50:20:34:43:
                    42:74:83:e7:63:0b:36:10:7e:d1:9e:7e:04:e4:c5:
                    0f:dd:26:57:70:99:98:f8:d6:bc:6f:06:b6:e8:85:
                    ea:d3:23:f5:38:40:cc:9e:ea:70:6b:20:82:f4:03:
                    2b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7C:1C:6F:66:4A:97:DE:8E:AD:33:C5:59:68:1E:DE:10:16:C9:F8
            X509v3 Authority Key Identifier:
                keyid:93:F2:5B:72:75:8D:A5:8F:0F:3E:C0:F0:72:73:53:EB:D2:B4:47:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k_JbcnWNpY8PPsDwcnNT69K0R3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/cXwcb2ZKl96OrTPFWWge3hAWyfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/k_JbcnWNpY8PPsDwcnNT69K0R3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.8.0/22
                IPv6:
                  2a0d:ee00::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:6f:a2:98:9d:52:5b:5b:14:25:15:e5:ba:7e:a8:21:cf:41:
         87:eb:10:25:21:8d:33:ae:5a:19:08:f8:3c:a8:4a:66:63:48:
         a6:ed:63:20:70:c3:38:51:3b:fb:66:99:7c:f6:a1:11:c0:fb:
         30:1d:8d:05:d0:26:6a:0d:25:ee:d5:ea:54:12:37:93:3c:6d:
         31:6b:ed:7e:2b:df:1a:0a:61:f4:e5:7e:b5:e3:82:87:db:19:
         36:33:f7:78:76:bb:76:5a:fb:1a:d0:6a:9a:a4:aa:3c:54:0c:
         c9:f3:07:8f:b5:51:88:1a:f3:a8:9a:60:13:8d:d9:34:37:3e:
         64:ab:2f:e1:15:9d:26:aa:b1:a1:03:12:0d:0f:b5:1e:b7:bc:
         d4:90:cc:da:77:b1:f5:2d:1f:bb:96:95:a5:dd:b8:33:4f:08:
         06:74:0a:85:7c:ca:0d:b7:9a:ad:64:68:3f:07:23:c4:8a:37:
         5a:43:1b:2d:34:f4:03:06:a5:a4:65:36:a0:54:39:84:e0:89:
         70:9b:9f:a8:6c:5e:62:c8:98:f5:90:26:96:77:ee:ef:bc:a1:
         e2:98:70:00:72:db:40:11:52:f5:24:ab:eb:ab:b1:20:77:78:
         f4:64:95:a8:0f:12:58:b3:b2:0b:a5:c4:83:16:a4:fd:9e:a5:
         bd:9a:df:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbV67XIeAaKJLqKmGza50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZjI1YjcyNzU4ZGE1OGYwZjNlYzBmMDcyNzM1M2ViZDJi
NDQ3NzQwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTdjMWM2ZjY2NGE5N2RlOGVhZDMzYzU1OTY4MWVkZTEwMTZjOWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZmuXCExJGuGrMeXpBCe7qAb5eHP
SX1U7AX02NKypvXQvoLocCkS6Txg2ShVbK0ALIIAqaBKexWO7iq5LWOS/aGsx1+0
r+9zxetqq1RWsUQzKJNNwF+FFU0zqDOItm/RLxCpUa2OWbqW1TCisOD7DsGdRBSU
ZVxzdCUKTICMFkfhKJnJqDbri4n80iJ1DdiFGYVFns3wmpFnETzKmNqfbPbQmV3u
yCZOt37N7brADIWZUorWKdUzgx9fox9uSMjCQVAnZ6GIiSgj1YY4qFAgNENCdIPn
Yws2EH7Rnn4E5MUP3SZXcJmY+Na8bwa26IXq0yP1OEDMnupwayCC9AMrHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHF8HG9mSpfejq0zxVloHt4QFsn4MB8GA1UdIwQY
MBaAFJPyW3J1jaWPDz7A8HJzU+vStEd0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva19KYmNuV05wWThQUHNEd2NuTlQ2OUswUjNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80ZTY2YTItYTM3Mi00OGI0LTkwYjQt
ODJhMzExMmY0OWM3LzEvY1h3Y2IyWktsOTZPclRQRldXZ2UzaEFXeWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80ZTY2YTItYTM3Mi00OGI0LTkwYjQtODJhMzExMmY0OWM3
LzEva19KYmNuV05wWThQUHNEd2NuTlQ2OUswUjNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueYIMA0E
AgACMAcDBQAqDe4AMA0GCSqGSIb3DQEBCwUAA4IBAQCdb6KYnVJbWxQlFeW6fqgh
z0GH6xAlIY0zrloZCPg8qEpmY0im7WMgcMM4UTv7Zpl89qERwPswHY0F0CZqDSXu
1epUEjeTPG0xa+1+K98aCmH05X6144KH2xk2M/d4drt2Wvsa0GqapKo8VAzJ8weP
tVGIGvOommATjdk0Nz5kqy/hFZ0mqrGhAxIND7Uet7zUkMzad7H1LR+7lpWl3bgz
TwgGdAqFfMoNt5qtZGg/ByPEijdaQxstNPQDBqWkZTagVDmE4Ilwm5+obF5iyJj1
kCaWd+7vvKHimHAActtAEVL1JKvrq7Egd3j0ZJWoDxJYs7ILpcSDFqT9nqW9mt8D
-----END CERTIFICATE-----