Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/0d0300-74ee-4677-ad62-c24b7db20de7/1/D7OSoUl5-I2sFo3_4FA9nhLAGio.roa
File:                     D7OSoUl5-I2sFo3_4FA9nhLAGio.roa (raw, json)
Hash identifier:          QeXE0zZM4AvsvXbuE7NbCYPi0T2tBcpSq53SQdBRnTE=
Subject key identifier:   0F:B3:92:A1:49:79:F8:8D:AC:16:8D:FF:E0:50:3D:9E:12:C0:1A:2A
Certificate issuer:       /CN=d016cc56a995507b4fa87c6490442f06b6186687
Certificate serial:       018CC726C9209BDCD55F9208EA63F55B7C1C
Authority key identifier: D0:16:CC:56:A9:95:50:7B:4F:A8:7C:64:90:44:2F:06:B6:18:66:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BbMVqmVUHtPqHxkkEQvBrYYZoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/0d0300-74ee-4677-ad62-c24b7db20de7/1/D7OSoUl5-I2sFo3_4FA9nhLAGio.roa
Signing time:             Mon 01 Jan 2024 22:30:57 +0000
ROA not before:           Mon 01 Jan 2024 22:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203538
IP address blocks:        185.131.104.0/22 maxlen: 24
                          2a03:a060::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/0d0300-74ee-4677-ad62-c24b7db20de7/1/0BbMVqmVUHtPqHxkkEQvBrYYZoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/0d0300-74ee-4677-ad62-c24b7db20de7/1/0BbMVqmVUHtPqHxkkEQvBrYYZoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BbMVqmVUHtPqHxkkEQvBrYYZoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c9:20:9b:dc:d5:5f:92:08:ea:63:f5:5b:7c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d016cc56a995507b4fa87c6490442f06b6186687
        Validity
            Not Before: Jan  1 22:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fb392a14979f88dac168dffe0503d9e12c01a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:ea:00:5a:98:0e:6b:a8:bc:a8:95:a2:fe:
                    35:71:ee:38:6f:c0:86:84:fe:45:98:ce:6f:3d:c8:
                    80:75:8c:ca:4e:df:39:b2:b0:51:0a:43:a9:13:cc:
                    7b:53:31:aa:67:d6:f0:05:27:b0:eb:c5:32:c6:22:
                    43:dd:2c:59:49:16:84:24:5a:ad:4c:ea:e3:f1:2c:
                    28:4e:a3:63:40:50:b5:40:7a:2d:fc:32:65:04:00:
                    ef:7d:03:0b:1c:8f:60:b2:e2:35:fa:38:d4:62:1c:
                    f3:5e:83:99:70:b4:33:8d:83:3c:bf:b6:6f:77:fc:
                    27:6b:31:e5:7f:80:ad:11:f5:e7:da:df:2e:89:3d:
                    80:9f:5c:30:cf:0d:21:03:e7:fb:82:cd:a7:5c:5c:
                    ce:20:1e:be:ff:a8:ba:15:d3:84:d2:03:73:00:c4:
                    26:1f:ce:c0:f5:c9:1c:ec:89:42:e6:a7:e7:d2:43:
                    15:8f:e0:ce:d2:c1:51:a6:65:1e:71:43:0f:ed:37:
                    97:f3:9c:8a:51:ab:cf:21:26:41:0c:90:3a:76:14:
                    5a:dd:2f:12:87:11:c7:f3:91:3d:13:b1:39:13:23:
                    0f:30:2f:05:ba:8f:db:09:12:38:a5:dc:b3:ad:31:
                    ad:33:cc:56:06:5a:0d:4f:93:d4:8c:1a:3f:3d:41:
                    f4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B3:92:A1:49:79:F8:8D:AC:16:8D:FF:E0:50:3D:9E:12:C0:1A:2A
            X509v3 Authority Key Identifier:
                keyid:D0:16:CC:56:A9:95:50:7B:4F:A8:7C:64:90:44:2F:06:B6:18:66:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BbMVqmVUHtPqHxkkEQvBrYYZoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0d0300-74ee-4677-ad62-c24b7db20de7/1/D7OSoUl5-I2sFo3_4FA9nhLAGio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0d0300-74ee-4677-ad62-c24b7db20de7/1/0BbMVqmVUHtPqHxkkEQvBrYYZoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.104.0/22
                IPv6:
                  2a03:a060::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:67:e1:b6:df:bf:ba:1b:74:b7:9c:87:5a:50:08:83:ee:9c:
         e7:5a:26:42:88:34:e9:24:83:af:83:e5:57:3e:a2:f9:33:e6:
         ef:2e:81:a4:8f:0c:af:9f:dc:91:c0:dd:66:e1:11:d1:4b:43:
         54:65:38:e5:59:86:a1:89:a8:9e:e5:2a:73:6b:a8:ff:23:eb:
         82:01:7a:59:f4:29:19:4b:56:b2:bf:42:30:af:ac:ac:8c:51:
         2d:b8:2e:c4:44:bf:a2:40:eb:59:bb:43:ef:c5:ef:3e:35:4b:
         28:1f:4b:ae:4c:0c:dc:33:22:8f:42:36:d0:57:39:1c:56:d6:
         2d:e2:66:7a:29:24:fe:10:72:19:a9:e1:52:a6:d4:5e:c7:13:
         a8:e1:19:cb:9c:2f:82:12:f2:91:62:03:db:54:fb:7b:da:8f:
         5e:a2:19:4e:88:25:ac:3b:38:6a:b5:8b:2b:f5:5d:f5:a5:16:
         14:28:4a:8b:bb:8f:9e:2b:80:85:0b:26:8b:48:90:05:9e:42:
         cc:be:db:94:79:14:aa:3a:42:a9:ae:36:f1:0a:46:15:77:00:
         01:6f:88:2e:71:1e:cd:90:6f:21:af:9f:33:b4:37:19:6f:5c:
         bb:6c:7f:2e:e3:7c:48:68:27:af:32:15:b6:25:dc:c1:d2:1b:
         5e:c0:a8:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJskgm9zVX5II6mP1W3wcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMTZjYzU2YTk5NTUwN2I0ZmE4N2M2NDkwNDQyZjA2YjYx
ODY2ODcwHhcNMjQwMTAxMjIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmIzOTJhMTQ5NzlmODhkYWMxNjhkZmZlMDUwM2Q5ZTEyYzAxYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaLqAFqYDmuovKiVov41ce44b8CG
hP5FmM5vPciAdYzKTt85srBRCkOpE8x7UzGqZ9bwBSew68UyxiJD3SxZSRaEJFqt
TOrj8SwoTqNjQFC1QHot/DJlBADvfQMLHI9gsuI1+jjUYhzzXoOZcLQzjYM8v7Zv
d/wnazHlf4CtEfXn2t8uiT2An1wwzw0hA+f7gs2nXFzOIB6+/6i6FdOE0gNzAMQm
H87A9ckc7IlC5qfn0kMVj+DO0sFRpmUecUMP7TeX85yKUavPISZBDJA6dhRa3S8S
hxHH85E9E7E5EyMPMC8Fuo/bCRI4pdyzrTGtM8xWBloNT5PUjBo/PUH01QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA+zkqFJefiNrBaN/+BQPZ4SwBoqMB8GA1UdIwQY
MBaAFNAWzFaplVB7T6h8ZJBELwa2GGaHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEJiTVZxbVZVSHRQcUh4a2tFUXZCcllZWm9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8wZDAzMDAtNzRlZS00Njc3LWFkNjIt
YzI0YjdkYjIwZGU3LzEvRDdPU29VbDUtSTJzRm8zXzRGQTluaExBR2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8wZDAzMDAtNzRlZS00Njc3LWFkNjItYzI0YjdkYjIwZGU3
LzEvMEJiTVZxbVZVSHRQcUh4a2tFUXZCcllZWm9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYNoMA0E
AgACMAcDBQAqA6BgMA0GCSqGSIb3DQEBCwUAA4IBAQB8Z+G237+6G3S3nIdaUAiD
7pznWiZCiDTpJIOvg+VXPqL5M+bvLoGkjwyvn9yRwN1m4RHRS0NUZTjlWYahiaie
5Spza6j/I+uCAXpZ9CkZS1ayv0Iwr6ysjFEtuC7ERL+iQOtZu0Pvxe8+NUsoH0uu
TAzcMyKPQjbQVzkcVtYt4mZ6KST+EHIZqeFSptRexxOo4RnLnC+CEvKRYgPbVPt7
2o9eohlOiCWsOzhqtYsr9V31pRYUKEqLu4+eK4CFCyaLSJAFnkLMvtuUeRSqOkKp
rjbxCkYVdwABb4gucR7NkG8hr58ztDcZb1y7bH8u43xIaCevMhW2JdzB0htewKgM
-----END CERTIFICATE-----