Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/f70062-c16d-4e5c-9ae7-2a46f6fac4ca/1/AsBehFBPScLzEdH1taUpUuHl87k.roa
File:                     AsBehFBPScLzEdH1taUpUuHl87k.roa (raw, json)
Hash identifier:          ANBF3jYOPtoY/nFEMpNazMt93YHyO4Ds3MiiXOgHpcE=
Subject key identifier:   02:C0:5E:84:50:4F:49:C2:F3:11:D1:F5:B5:A5:29:52:E1:E5:F3:B9
Certificate issuer:       /CN=ee25026e5955dcdd111476f9b6849d728185469b
Certificate serial:       018FBF8CBD3F0F6F0DAFCD899198E152D3F6
Authority key identifier: EE:25:02:6E:59:55:DC:DD:11:14:76:F9:B6:84:9D:72:81:85:46:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7iUCbllV3N0RFHb5toSdcoGFRps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/f70062-c16d-4e5c-9ae7-2a46f6fac4ca/1/AsBehFBPScLzEdH1taUpUuHl87k.roa
Signing time:             Tue 28 May 2024 14:13:42 +0000
ROA not before:           Tue 28 May 2024 14:13:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200683
IP address blocks:        185.68.4.0/22 maxlen: 22
                          185.231.67.0/24 maxlen: 24
                          188.64.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/f70062-c16d-4e5c-9ae7-2a46f6fac4ca/1/7iUCbllV3N0RFHb5toSdcoGFRps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/f70062-c16d-4e5c-9ae7-2a46f6fac4ca/1/7iUCbllV3N0RFHb5toSdcoGFRps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7iUCbllV3N0RFHb5toSdcoGFRps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:8c:bd:3f:0f:6f:0d:af:cd:89:91:98:e1:52:d3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee25026e5955dcdd111476f9b6849d728185469b
        Validity
            Not Before: May 28 14:13:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02c05e84504f49c2f311d1f5b5a52952e1e5f3b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9c:76:63:64:91:70:01:a1:16:20:3f:9d:12:
                    c0:07:b9:2e:7d:f6:ba:13:26:fc:1b:c5:6f:e0:8d:
                    aa:c1:da:5e:42:20:0d:db:30:95:f2:94:db:12:ad:
                    d0:f2:3f:82:aa:ff:59:69:86:72:0f:0d:43:94:c7:
                    ec:6f:a1:ef:c8:c9:28:d3:04:f4:57:9b:7a:5f:99:
                    f9:ad:a7:77:f0:67:c0:89:74:72:d1:eb:d8:ce:a2:
                    e1:6a:29:90:d4:6f:fc:da:f1:bb:80:3a:38:25:db:
                    dc:51:42:90:31:b1:18:7e:19:68:3c:23:a8:c7:0d:
                    fd:7f:95:f4:26:d6:3b:79:d4:b3:87:ab:de:aa:5c:
                    5f:62:4f:2a:e4:11:9d:e5:3d:61:31:ac:94:14:c7:
                    4d:36:cd:bc:22:f2:4d:2f:81:7a:d6:38:fd:ad:35:
                    35:f0:dd:1a:f4:82:c6:7a:f8:b2:37:4c:46:e4:68:
                    6e:a7:a9:6b:f0:24:fe:8c:dd:0c:18:4a:60:a6:ac:
                    d3:a4:1a:09:11:f8:13:57:6b:bb:78:ae:21:b7:e8:
                    4a:b3:4b:fb:a3:09:39:1e:1e:18:71:6b:bf:4b:30:
                    0c:2c:61:70:f0:e6:31:ff:64:37:10:cf:a9:6d:37:
                    b3:0d:e5:45:ab:d1:c0:bb:27:b5:4a:2c:eb:04:87:
                    08:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C0:5E:84:50:4F:49:C2:F3:11:D1:F5:B5:A5:29:52:E1:E5:F3:B9
            X509v3 Authority Key Identifier:
                keyid:EE:25:02:6E:59:55:DC:DD:11:14:76:F9:B6:84:9D:72:81:85:46:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7iUCbllV3N0RFHb5toSdcoGFRps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f70062-c16d-4e5c-9ae7-2a46f6fac4ca/1/AsBehFBPScLzEdH1taUpUuHl87k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f70062-c16d-4e5c-9ae7-2a46f6fac4ca/1/7iUCbllV3N0RFHb5toSdcoGFRps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.4.0/22
                  185.231.67.0/24
                  188.64.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:59:2e:06:3e:08:bd:28:c6:56:d0:b4:5e:40:e1:45:b6:ba:
         94:24:a7:f7:79:de:84:f8:c1:0f:f5:c6:da:0b:2e:50:01:99:
         ec:c6:bb:59:e7:6a:3f:95:3c:90:e0:3a:97:83:af:dd:5c:7b:
         b1:10:38:f6:6e:da:01:8a:57:ef:33:94:85:36:ce:50:99:e9:
         bb:c3:e0:4c:c9:8c:86:73:4c:4e:26:ee:a5:ab:43:08:53:39:
         f2:c1:6b:bd:42:db:ee:a1:60:a3:e2:70:27:93:2b:d0:22:9a:
         5f:e8:72:2e:68:0d:a1:7e:2a:0a:98:55:b7:91:16:17:a5:f5:
         d3:8c:77:d6:b8:ed:fe:7b:f8:e3:cd:2a:37:c2:3f:ef:85:5c:
         03:a7:71:d4:d0:c4:9d:42:66:df:58:82:a2:8b:97:94:c8:45:
         23:a4:8f:e6:7c:bf:89:94:83:0d:1e:3d:00:66:f5:00:59:82:
         a3:08:19:f0:46:f0:55:86:6d:3c:e5:87:af:de:2f:d9:13:b8:
         ee:dc:c6:5a:13:87:71:67:6b:58:fc:9d:16:35:cb:35:b1:99:
         f9:d5:d4:89:c8:33:29:b0:e4:ea:f6:9b:26:95:c2:9a:54:5e:
         ea:62:f6:fd:86:1c:16:10:7a:fe:b6:85:44:53:9b:be:16:96:
         24:86:52:a3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+/jL0/D28Nr82JkZjhUtP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMjUwMjZlNTk1NWRjZGQxMTE0NzZmOWI2ODQ5ZDcyODE4
NTQ2OWIwHhcNMjQwNTI4MTQxMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmMwNWU4NDUwNGY0OWMyZjMxMWQxZjViNWE1Mjk1MmUxZTVmM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspx2Y2SRcAGhFiA/nRLAB7kuffa6
Eyb8G8Vv4I2qwdpeQiAN2zCV8pTbEq3Q8j+Cqv9ZaYZyDw1DlMfsb6HvyMko0wT0
V5t6X5n5rad38GfAiXRy0evYzqLhaimQ1G/82vG7gDo4JdvcUUKQMbEYfhloPCOo
xw39f5X0JtY7edSzh6veqlxfYk8q5BGd5T1hMayUFMdNNs28IvJNL4F61jj9rTU1
8N0a9ILGeviyN0xG5Ghup6lr8CT+jN0MGEpgpqzTpBoJEfgTV2u7eK4ht+hKs0v7
owk5Hh4YcWu/SzAMLGFw8OYx/2Q3EM+pbTezDeVFq9HAuye1SizrBIcIkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFALAXoRQT0nC8xHR9bWlKVLh5fO5MB8GA1UdIwQY
MBaAFO4lAm5ZVdzdERR2+baEnXKBhUabMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2lVQ2JsbFYzTjBSRkhiNXRvU2Rjb0dGUnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9mNzAwNjItYzE2ZC00ZTVjLTlhZTct
MmE0NmY2ZmFjNGNhLzEvQXNCZWhGQlBTY0x6RWRIMXRhVXBVdUhsODdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9mNzAwNjItYzE2ZC00ZTVjLTlhZTctMmE0NmY2ZmFjNGNh
LzEvN2lVQ2JsbFYzTjBSRkhiNXRvU2Rjb0dGUnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuUQEAwQA
uedDAwQCvEDUMA0GCSqGSIb3DQEBCwUAA4IBAQBqWS4GPgi9KMZW0LReQOFFtrqU
JKf3ed6E+MEP9cbaCy5QAZnsxrtZ52o/lTyQ4DqXg6/dXHuxEDj2btoBilfvM5SF
Ns5Qmem7w+BMyYyGc0xOJu6lq0MIUznywWu9QtvuoWCj4nAnkyvQIppf6HIuaA2h
fioKmFW3kRYXpfXTjHfWuO3+e/jjzSo3wj/vhVwDp3HU0MSdQmbfWIKii5eUyEUj
pI/mfL+JlIMNHj0AZvUAWYKjCBnwRvBVhm085Yev3i/ZE7ju3MZaE4dxZ2tY/J0W
Ncs1sZn51dSJyDMpsOTq9psmlcKaVF7qYvb9hhwWEHr+toVEU5u+FpYkhlKj
-----END CERTIFICATE-----