Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/d119f6-880d-4f5b-b079-5ddafb5954ba/1/bPYLWAvj__VQgOzlQJIqI8uwIqE.roa
File:                     bPYLWAvj__VQgOzlQJIqI8uwIqE.roa (raw, json)
Hash identifier:          +jN842Me95SQEhg3XN4xkcsDvX6AfQh4cWyMoXAIXVE=
Subject key identifier:   6C:F6:0B:58:0B:E3:FF:F5:50:80:EC:E5:40:92:2A:23:CB:B0:22:A1
Certificate issuer:       /CN=553f4bc416639a7e1b6c4f0199e02e3160a1e642
Certificate serial:       018CC94BF156D68617E3EEEDEB1EB805275C
Authority key identifier: 55:3F:4B:C4:16:63:9A:7E:1B:6C:4F:01:99:E0:2E:31:60:A1:E6:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VT9LxBZjmn4bbE8BmeAuMWCh5kI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/d119f6-880d-4f5b-b079-5ddafb5954ba/1/bPYLWAvj__VQgOzlQJIqI8uwIqE.roa
Signing time:             Tue 02 Jan 2024 08:30:46 +0000
ROA not before:           Tue 02 Jan 2024 08:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60320
IP address blocks:        185.242.184.0/24 maxlen: 24
                          2a13:6000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/d119f6-880d-4f5b-b079-5ddafb5954ba/1/VT9LxBZjmn4bbE8BmeAuMWCh5kI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/d119f6-880d-4f5b-b079-5ddafb5954ba/1/VT9LxBZjmn4bbE8BmeAuMWCh5kI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VT9LxBZjmn4bbE8BmeAuMWCh5kI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:f1:56:d6:86:17:e3:ee:ed:eb:1e:b8:05:27:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=553f4bc416639a7e1b6c4f0199e02e3160a1e642
        Validity
            Not Before: Jan  2 08:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cf60b580be3fff55080ece540922a23cbb022a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ca:7f:ff:9c:81:df:6c:71:97:8d:49:17:d4:
                    a3:41:19:ab:34:d9:fe:6c:09:52:f7:f6:0c:2f:d1:
                    9d:71:5c:f6:05:98:ae:ef:97:8b:61:1e:c4:c0:ab:
                    0a:41:77:da:ae:d9:b0:04:cb:65:88:d2:f2:7e:82:
                    82:11:b2:fe:a1:11:c5:f0:84:19:92:2b:3a:cf:a4:
                    94:b6:63:56:83:cd:ce:f5:86:ab:2a:29:29:b8:75:
                    c3:1d:2b:aa:64:fe:80:ad:6d:65:0c:a9:08:0c:6d:
                    b2:35:fb:8a:5b:44:d8:22:33:7b:c6:24:e0:7e:d4:
                    61:f4:27:0f:89:3b:46:86:93:f7:f9:88:4c:08:a8:
                    05:c8:46:78:19:14:49:29:bb:ed:e8:e9:03:e2:25:
                    1f:12:cc:a1:0d:de:6f:13:44:05:3c:c4:62:bc:f5:
                    12:27:dc:aa:16:11:3f:3e:95:c4:fa:74:c1:04:b0:
                    43:e2:05:ba:0d:66:89:0e:1e:f7:42:09:85:4e:56:
                    a0:73:dc:e8:86:36:93:0d:21:74:63:cc:43:f4:32:
                    a1:83:74:dd:d8:4f:e2:5b:b3:1b:a0:e8:20:9c:c5:
                    82:6f:92:e4:e6:8b:8f:0d:ab:36:59:e3:64:9c:02:
                    2a:92:55:a1:f7:4c:14:3f:1d:bf:cf:60:58:d5:f4:
                    00:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F6:0B:58:0B:E3:FF:F5:50:80:EC:E5:40:92:2A:23:CB:B0:22:A1
            X509v3 Authority Key Identifier:
                keyid:55:3F:4B:C4:16:63:9A:7E:1B:6C:4F:01:99:E0:2E:31:60:A1:E6:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VT9LxBZjmn4bbE8BmeAuMWCh5kI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d119f6-880d-4f5b-b079-5ddafb5954ba/1/bPYLWAvj__VQgOzlQJIqI8uwIqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d119f6-880d-4f5b-b079-5ddafb5954ba/1/VT9LxBZjmn4bbE8BmeAuMWCh5kI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.184.0/24
                IPv6:
                  2a13:6000::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:a9:43:3a:35:fc:60:24:d8:0c:45:6b:74:8a:bc:71:21:ca:
         98:ab:66:75:76:98:1a:4c:77:a4:24:27:0a:7d:9e:c0:fe:83:
         fc:25:40:44:33:71:cc:ff:02:6b:a0:4c:14:be:bf:53:20:d3:
         8d:35:1b:66:bc:78:04:a1:c8:17:2b:0e:3c:f9:93:0e:92:b0:
         72:07:f6:be:e4:67:45:b5:43:05:3f:4b:d4:eb:83:45:6f:76:
         b9:09:15:77:a0:05:24:1e:ed:8f:68:db:8b:92:50:59:3e:b3:
         1a:e0:dd:82:11:e0:eb:32:93:a3:3c:c6:86:e2:0b:98:f8:72:
         43:0b:38:c6:cb:ba:27:cc:b9:a8:46:5a:12:8e:75:2e:ef:1d:
         c6:50:53:fe:5f:7b:59:33:0a:95:d8:fd:bf:d3:e4:09:9b:01:
         25:5e:bc:63:28:5f:08:37:98:a2:ad:d4:fe:32:a4:90:55:8a:
         7a:83:c3:f6:47:cf:85:82:e0:49:a8:63:19:84:8c:db:74:ba:
         53:71:0e:16:2c:9b:5d:32:81:f9:98:42:3f:bf:13:69:b6:5f:
         cc:2b:66:ff:4d:42:b1:47:1b:73:db:d1:d5:92:e6:4e:60:64:
         e2:9f:7b:6e:b3:d4:b0:12:65:3f:84:d0:15:66:49:1d:06:d4:
         5c:20:21:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJS/FW1oYX4+7t6x64BSdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1M2Y0YmM0MTY2MzlhN2UxYjZjNGYwMTk5ZTAyZTMxNjBh
MWU2NDIwHhcNMjQwMTAyMDgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Y2MGI1ODBiZTNmZmY1NTA4MGVjZTU0MDkyMmEyM2NiYjAyMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMp//5yB32xxl41JF9SjQRmrNNn+
bAlS9/YML9GdcVz2BZiu75eLYR7EwKsKQXfartmwBMtliNLyfoKCEbL+oRHF8IQZ
kis6z6SUtmNWg83O9YarKikpuHXDHSuqZP6ArW1lDKkIDG2yNfuKW0TYIjN7xiTg
ftRh9CcPiTtGhpP3+YhMCKgFyEZ4GRRJKbvt6OkD4iUfEsyhDd5vE0QFPMRivPUS
J9yqFhE/PpXE+nTBBLBD4gW6DWaJDh73QgmFTlagc9zohjaTDSF0Y8xD9DKhg3Td
2E/iW7MboOggnMWCb5Lk5ouPDas2WeNknAIqklWh90wUPx2/z2BY1fQADQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGz2C1gL4//1UIDs5UCSKiPLsCKhMB8GA1UdIwQY
MBaAFFU/S8QWY5p+G2xPAZngLjFgoeZCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlQ5THhCWmptbjRiYkU4Qm1lQXVNV0NoNWtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9kMTE5ZjYtODgwZC00ZjViLWIwNzkt
NWRkYWZiNTk1NGJhLzEvYlBZTFdBdmpfX1ZRZ096bFFKSXFJOHV3SXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9kMTE5ZjYtODgwZC00ZjViLWIwNzktNWRkYWZiNTk1NGJh
LzEvVlQ5THhCWmptbjRiYkU4Qm1lQXVNV0NoNWtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufK4MA0E
AgACMAcDBQMqE2AAMA0GCSqGSIb3DQEBCwUAA4IBAQCuqUM6NfxgJNgMRWt0irxx
IcqYq2Z1dpgaTHekJCcKfZ7A/oP8JUBEM3HM/wJroEwUvr9TINONNRtmvHgEocgX
Kw48+ZMOkrByB/a+5GdFtUMFP0vU64NFb3a5CRV3oAUkHu2PaNuLklBZPrMa4N2C
EeDrMpOjPMaG4guY+HJDCzjGy7onzLmoRloSjnUu7x3GUFP+X3tZMwqV2P2/0+QJ
mwElXrxjKF8IN5iirdT+MqSQVYp6g8P2R8+FguBJqGMZhIzbdLpTcQ4WLJtdMoH5
mEI/vxNptl/MK2b/TUKxRxtz29HVkuZOYGTin3tus9SwEmU/hNAVZkkdBtRcICEH
-----END CERTIFICATE-----