Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f85b3d-624e-4b1a-ad33-10a206da7b6b/1/XxBBbf5QFpZFrqmJJDaDsbpuWE4.roa
File:                     XxBBbf5QFpZFrqmJJDaDsbpuWE4.roa (raw, json)
Hash identifier:          FISRaHfyE3vzklssifmE7ROo6L8xBbC31HqC8H7V5lg=
Subject key identifier:   5F:10:41:6D:FE:50:16:96:45:AE:A9:89:24:36:83:B1:BA:6E:58:4E
Certificate issuer:       /CN=79ee11d8c4297bec54bd305430ca4772dfac847a
Certificate serial:       018E52135EFA6ACD3326455C4DAD5B2B38D0
Authority key identifier: 79:EE:11:D8:C4:29:7B:EC:54:BD:30:54:30:CA:47:72:DF:AC:84:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ee4R2MQpe-xUvTBUMMpHct-shHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f85b3d-624e-4b1a-ad33-10a206da7b6b/1/XxBBbf5QFpZFrqmJJDaDsbpuWE4.roa
Signing time:             Mon 18 Mar 2024 14:59:44 +0000
ROA not before:           Mon 18 Mar 2024 14:59:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        185.62.104.0/22 maxlen: 24
                          2a13:7440::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f85b3d-624e-4b1a-ad33-10a206da7b6b/1/ee4R2MQpe-xUvTBUMMpHct-shHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f85b3d-624e-4b1a-ad33-10a206da7b6b/1/ee4R2MQpe-xUvTBUMMpHct-shHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ee4R2MQpe-xUvTBUMMpHct-shHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:52:13:5e:fa:6a:cd:33:26:45:5c:4d:ad:5b:2b:38:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79ee11d8c4297bec54bd305430ca4772dfac847a
        Validity
            Not Before: Mar 18 14:59:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f10416dfe50169645aea989243683b1ba6e584e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:c5:98:3e:5b:76:fa:2c:5c:d1:4f:56:01:d0:
                    e4:43:32:ea:d0:6c:84:70:a4:0f:1a:4e:96:58:a8:
                    a0:0c:b8:38:fe:b7:66:b7:60:f6:f8:3e:72:f9:44:
                    da:25:3c:17:29:6d:77:56:85:8b:8e:c6:54:6f:bb:
                    9a:89:ba:54:4c:4d:43:18:be:2c:32:be:9f:9b:30:
                    5e:46:cd:6d:f0:16:4c:a6:2c:32:41:3a:52:f3:25:
                    4a:23:65:26:81:ef:21:a0:70:ec:26:72:9c:c7:bc:
                    66:ea:87:7b:4c:bd:28:30:02:69:2a:2a:ae:6b:da:
                    ff:b7:1e:41:a6:39:6b:14:83:6a:ae:fe:a0:fe:84:
                    70:4c:1a:f0:be:cc:59:b0:9f:26:08:2a:98:2d:b7:
                    23:a6:3f:44:c6:f0:ed:ed:5f:6d:40:9d:d0:9f:62:
                    c4:7b:72:45:3a:93:fb:37:66:ed:91:39:78:58:04:
                    d7:8d:4a:06:02:bd:83:f5:dc:fe:b5:a8:a1:f8:5a:
                    42:39:6b:f2:d4:4c:38:c5:57:57:48:16:18:c0:98:
                    d6:64:8a:9b:bc:b7:45:0f:64:10:5b:c2:13:9c:0c:
                    84:99:cf:f2:ea:fa:ad:e0:2f:aa:35:9e:23:65:5a:
                    3e:86:59:54:f4:58:2f:e3:48:79:4c:a3:61:b4:2e:
                    ae:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:10:41:6D:FE:50:16:96:45:AE:A9:89:24:36:83:B1:BA:6E:58:4E
            X509v3 Authority Key Identifier:
                keyid:79:EE:11:D8:C4:29:7B:EC:54:BD:30:54:30:CA:47:72:DF:AC:84:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee4R2MQpe-xUvTBUMMpHct-shHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f85b3d-624e-4b1a-ad33-10a206da7b6b/1/XxBBbf5QFpZFrqmJJDaDsbpuWE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f85b3d-624e-4b1a-ad33-10a206da7b6b/1/ee4R2MQpe-xUvTBUMMpHct-shHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.104.0/22
                IPv6:
                  2a13:7440::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:da:0a:f3:0a:e9:5e:37:39:db:c3:52:2e:a9:92:7b:ac:f5:
         ea:7f:f8:90:17:55:7c:2e:a3:15:a1:0b:59:a5:4a:a6:5b:15:
         84:36:ef:49:12:c8:af:61:19:e7:b9:f0:43:0c:04:20:3c:91:
         d3:85:33:05:5f:60:6c:66:7b:b6:af:ef:5f:14:ca:07:c9:05:
         fe:cb:bd:54:4f:17:25:33:c2:36:81:99:69:aa:c0:da:26:f7:
         82:3d:60:01:aa:3f:6c:d4:d9:c5:33:1f:84:d0:4b:d9:a1:47:
         b6:b0:5e:2c:ba:b6:67:1d:c3:ba:65:e2:c2:e5:e3:e9:c6:55:
         10:73:5f:c0:99:41:d5:b4:8f:ac:8c:82:a8:ae:6a:66:a2:4a:
         66:6f:ee:fe:b2:ee:16:4c:72:59:d2:31:30:b3:34:83:4b:be:
         61:50:f5:bb:7a:4e:67:9b:fb:3e:05:7b:86:0a:3e:70:7d:b9:
         f2:16:e3:3e:73:be:32:3e:58:02:82:aa:a2:09:a1:07:52:d0:
         7d:7c:a9:7f:ae:5a:77:cb:06:75:34:67:f4:3b:0e:26:81:07:
         ed:63:61:db:8b:77:37:65:81:3f:cd:db:08:a2:2b:1a:92:54:
         97:84:99:69:9f:a7:b6:3d:84:e4:26:cc:23:79:8d:d9:e6:e8:
         33:a2:26:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5SE176as0zJkVcTa1bKzjQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZWUxMWQ4YzQyOTdiZWM1NGJkMzA1NDMwY2E0NzcyZGZh
Yzg0N2EwHhcNMjQwMzE4MTQ1OTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjEwNDE2ZGZlNTAxNjk2NDVhZWE5ODkyNDM2ODNiMWJhNmU1ODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9cWYPlt2+ixc0U9WAdDkQzLq0GyE
cKQPGk6WWKigDLg4/rdmt2D2+D5y+UTaJTwXKW13VoWLjsZUb7uaibpUTE1DGL4s
Mr6fmzBeRs1t8BZMpiwyQTpS8yVKI2Umge8hoHDsJnKcx7xm6od7TL0oMAJpKiqu
a9r/tx5BpjlrFINqrv6g/oRwTBrwvsxZsJ8mCCqYLbcjpj9ExvDt7V9tQJ3Qn2LE
e3JFOpP7N2btkTl4WATXjUoGAr2D9dz+taih+FpCOWvy1Ew4xVdXSBYYwJjWZIqb
vLdFD2QQW8ITnAyEmc/y6vqt4C+qNZ4jZVo+hllU9Fgv40h5TKNhtC6utQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF8QQW3+UBaWRa6piSQ2g7G6blhOMB8GA1UdIwQY
MBaAFHnuEdjEKXvsVL0wVDDKR3LfrIR6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWU0UjJNUXBlLXhVdlRCVU1NcEhjdC1zaEhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mODViM2QtNjI0ZS00YjFhLWFkMzMt
MTBhMjA2ZGE3YjZiLzEvWHhCQmJmNVFGcFpGcnFtSkpEYURzYnB1V0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mODViM2QtNjI0ZS00YjFhLWFkMzMtMTBhMjA2ZGE3YjZi
LzEvZWU0UjJNUXBlLXhVdlRCVU1NcEhjdC1zaEhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuT5oMA0E
AgACMAcDBQMqE3RAMA0GCSqGSIb3DQEBCwUAA4IBAQC72grzCuleNznbw1IuqZJ7
rPXqf/iQF1V8LqMVoQtZpUqmWxWENu9JEsivYRnnufBDDAQgPJHThTMFX2BsZnu2
r+9fFMoHyQX+y71UTxclM8I2gZlpqsDaJveCPWABqj9s1NnFMx+E0EvZoUe2sF4s
urZnHcO6ZeLC5ePpxlUQc1/AmUHVtI+sjIKormpmokpmb+7+su4WTHJZ0jEwszSD
S75hUPW7ek5nm/s+BXuGCj5wfbnyFuM+c74yPlgCgqqiCaEHUtB9fKl/rlp3ywZ1
NGf0Ow4mgQftY2Hbi3c3ZYE/zdsIoisaklSXhJlpn6e2PYTkJswjeY3Z5ugzoiYw
-----END CERTIFICATE-----