Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/Be0GercjQbxYZ6whVfr2XB5rOdo.roa
File:                     Be0GercjQbxYZ6whVfr2XB5rOdo.roa (raw, json)
Hash identifier:          uHTKCRD795E+pASSREcvF5nHBLDRufTA6E5DjMGjLGo=
Subject key identifier:   05:ED:06:7A:B7:23:41:BC:58:67:AC:21:55:FA:F6:5C:1E:6B:39:DA
Certificate issuer:       /CN=d6f357c54949f20b400883ed8c98d3731c3cb495
Certificate serial:       018CC6B8EB9E0BB6E1A65958DA2DAB1A7C6D
Authority key identifier: D6:F3:57:C5:49:49:F2:0B:40:08:83:ED:8C:98:D3:73:1C:3C:B4:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vNXxUlJ8gtACIPtjJjTcxw8tJU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/Be0GercjQbxYZ6whVfr2XB5rOdo.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31631
IP address blocks:        185.249.80.0/22 maxlen: 22
                          2a0c:140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/1vNXxUlJ8gtACIPtjJjTcxw8tJU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/1vNXxUlJ8gtACIPtjJjTcxw8tJU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vNXxUlJ8gtACIPtjJjTcxw8tJU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:eb:9e:0b:b6:e1:a6:59:58:da:2d:ab:1a:7c:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6f357c54949f20b400883ed8c98d3731c3cb495
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05ed067ab72341bc5867ac2155faf65c1e6b39da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:64:25:cc:73:25:b4:30:e0:81:5c:d3:ad:56:
                    20:57:77:40:d1:c7:8c:4b:b6:61:71:09:0e:aa:88:
                    83:52:90:2b:ea:79:53:d1:20:7f:e2:93:6f:98:b9:
                    b4:02:2a:5f:ce:92:e9:54:1c:45:fc:40:e8:3e:e8:
                    d4:91:97:f8:66:b6:95:09:83:5e:23:f3:58:53:e8:
                    b3:46:4b:66:d7:d8:85:ff:3f:24:a0:0c:3d:a7:3b:
                    5e:d8:15:68:32:fc:e0:43:48:35:bc:f9:1e:17:0e:
                    12:a0:0c:af:be:ef:61:79:19:5f:32:b1:77:4d:86:
                    7a:36:59:da:0e:bf:9d:f3:22:66:08:75:e3:eb:25:
                    d0:d7:2f:4a:93:55:02:62:01:78:66:79:91:0e:33:
                    68:ff:7f:9b:bb:ea:e1:f1:3e:6f:3c:f0:68:6b:c3:
                    a8:13:7c:36:cb:32:09:6c:dc:5f:0b:6a:4b:c5:eb:
                    2d:25:b7:d6:d4:42:5c:b1:ca:ee:a7:d8:22:15:06:
                    63:86:37:df:b9:b0:d0:a6:ad:a1:78:fe:0b:39:64:
                    b0:35:b9:82:53:f1:3b:cb:f7:b7:a7:fb:e5:05:24:
                    f4:b2:72:2f:1b:2c:6c:8f:f0:9f:8b:57:81:7f:3f:
                    ee:a2:71:f6:56:2c:63:31:3c:3c:ca:0b:32:9d:3c:
                    42:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:ED:06:7A:B7:23:41:BC:58:67:AC:21:55:FA:F6:5C:1E:6B:39:DA
            X509v3 Authority Key Identifier:
                keyid:D6:F3:57:C5:49:49:F2:0B:40:08:83:ED:8C:98:D3:73:1C:3C:B4:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vNXxUlJ8gtACIPtjJjTcxw8tJU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/Be0GercjQbxYZ6whVfr2XB5rOdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/281edb-0d42-407a-b459-05f09ef86e7b/1/1vNXxUlJ8gtACIPtjJjTcxw8tJU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.80.0/22
                IPv6:
                  2a0c:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:27:72:18:42:aa:20:75:85:9c:63:9b:b1:89:5c:0b:3c:99:
         45:a8:75:8a:a2:6f:f0:b0:c6:6f:96:68:33:2e:b0:ee:d3:13:
         bb:62:1c:2b:ee:d4:11:df:9b:62:a0:64:02:05:48:80:47:2e:
         54:6b:8b:d2:e8:dd:75:b1:08:79:c9:32:ba:bd:3a:b2:d9:ef:
         78:7c:10:c1:8e:0a:c7:a2:3f:99:d3:d6:87:1e:74:c1:bd:79:
         0a:f8:e9:f3:c9:2f:16:2a:1b:e9:5b:3f:e4:f2:c5:c1:d5:6f:
         45:6a:74:18:51:a9:bd:89:95:cd:9e:56:ab:bc:bb:c8:aa:de:
         98:bf:ae:c0:30:5b:e2:5c:63:ca:0f:03:38:e0:9e:fa:c5:fc:
         c6:5c:2d:79:47:aa:2d:95:9e:73:f3:b2:0f:02:b9:37:cf:f0:
         ce:9e:24:7d:37:78:a7:57:38:2f:41:9e:c6:e6:da:d3:3e:aa:
         17:a3:b1:6c:45:01:98:ca:65:7c:2d:22:3c:f8:7a:ba:80:fe:
         1b:d4:b4:35:5b:d8:0f:35:4d:5a:2e:19:bd:ab:c7:dd:6f:17:
         c1:e8:03:02:84:fd:00:85:0f:d5:6c:d7:c4:69:7d:14:83:a2:
         19:13:1c:77:2a:88:be:9d:3f:91:53:db:d8:15:df:7c:31:22:
         2b:4e:1e:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuOueC7bhpllY2i2rGnxtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZjM1N2M1NDk0OWYyMGI0MDA4ODNlZDhjOThkMzczMWMz
Y2I0OTUwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWVkMDY3YWI3MjM0MWJjNTg2N2FjMjE1NWZhZjY1YzFlNmIzOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmQlzHMltDDggVzTrVYgV3dA0ceM
S7ZhcQkOqoiDUpAr6nlT0SB/4pNvmLm0AipfzpLpVBxF/EDoPujUkZf4ZraVCYNe
I/NYU+izRktm19iF/z8koAw9pzte2BVoMvzgQ0g1vPkeFw4SoAyvvu9heRlfMrF3
TYZ6NlnaDr+d8yJmCHXj6yXQ1y9Kk1UCYgF4ZnmRDjNo/3+bu+rh8T5vPPBoa8Oo
E3w2yzIJbNxfC2pLxestJbfW1EJcscrup9giFQZjhjffubDQpq2heP4LOWSwNbmC
U/E7y/e3p/vlBST0snIvGyxsj/Cfi1eBfz/uonH2VixjMTw8ygsynTxC8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAXtBnq3I0G8WGesIVX69lweaznaMB8GA1UdIwQY
MBaAFNbzV8VJSfILQAiD7YyY03McPLSVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZOWHhVbEo4Z3RBQ0lQdGpKalRjeHc4dEpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yODFlZGItMGQ0Mi00MDdhLWI0NTkt
MDVmMDllZjg2ZTdiLzEvQmUwR2VyY2pRYnhZWjZ3aFZmcjJYQjVyT2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yODFlZGItMGQ0Mi00MDdhLWI0NTktMDVmMDllZjg2ZTdi
LzEvMXZOWHhVbEo4Z3RBQ0lQdGpKalRjeHc4dEpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuflQMA0E
AgACMAcDBQMqDAFAMA0GCSqGSIb3DQEBCwUAA4IBAQBzJ3IYQqogdYWcY5uxiVwL
PJlFqHWKom/wsMZvlmgzLrDu0xO7Yhwr7tQR35tioGQCBUiARy5Ua4vS6N11sQh5
yTK6vTqy2e94fBDBjgrHoj+Z09aHHnTBvXkK+OnzyS8WKhvpWz/k8sXB1W9FanQY
Uam9iZXNnlarvLvIqt6Yv67AMFviXGPKDwM44J76xfzGXC15R6otlZ5z87IPArk3
z/DOniR9N3inVzgvQZ7G5trTPqoXo7FsRQGYymV8LSI8+Hq6gP4b1LQ1W9gPNU1a
Lhm9q8fdbxfB6AMChP0AhQ/VbNfEaX0Ug6IZExx3Koi+nT+RU9vYFd98MSIrTh40
-----END CERTIFICATE-----