Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ae3323-0a49-4d7a-8955-b6f7aed856c0/1/_Vu3PBQkCXxiKoxyM69eHP_BPug.roa
File:                     _Vu3PBQkCXxiKoxyM69eHP_BPug.roa (raw, json)
Hash identifier:          totVFeBcn3DY7SrU2MP092iE7cLWqTeGwyKTE943RyM=
Subject key identifier:   FD:5B:B7:3C:14:24:09:7C:62:2A:8C:72:33:AF:5E:1C:FF:C1:3E:E8
Certificate issuer:       /CN=5ece10f13c46806926a67946cc6a1102aa09031a
Certificate serial:       018CC2DAC2BA3DFEB629856246A5827971F9
Authority key identifier: 5E:CE:10:F1:3C:46:80:69:26:A6:79:46:CC:6A:11:02:AA:09:03:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xs4Q8TxGgGkmpnlGzGoRAqoJAxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ae3323-0a49-4d7a-8955-b6f7aed856c0/1/_Vu3PBQkCXxiKoxyM69eHP_BPug.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205279
IP address blocks:        185.223.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/ae3323-0a49-4d7a-8955-b6f7aed856c0/1/Xs4Q8TxGgGkmpnlGzGoRAqoJAxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/ae3323-0a49-4d7a-8955-b6f7aed856c0/1/Xs4Q8TxGgGkmpnlGzGoRAqoJAxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xs4Q8TxGgGkmpnlGzGoRAqoJAxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c2:ba:3d:fe:b6:29:85:62:46:a5:82:79:71:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ece10f13c46806926a67946cc6a1102aa09031a
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd5bb73c1424097c622a8c7233af5e1cffc13ee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d5:e9:4f:9a:30:e9:d3:df:5c:dc:a0:16:9d:
                    1a:83:e7:a0:76:fa:7a:57:ea:2d:56:3a:84:7b:34:
                    b4:df:92:a2:de:b5:61:56:be:d5:79:b1:85:e0:4b:
                    fe:e7:84:0c:53:c6:9c:03:ac:b5:5b:4e:d5:dd:6c:
                    8c:42:15:df:f5:20:e2:8f:2f:2e:cb:a4:72:f9:f7:
                    ac:02:a5:7e:b0:76:f1:8e:d0:67:2a:2d:75:0d:9c:
                    07:49:64:62:0c:97:0b:44:3f:a2:67:c4:4f:0d:d7:
                    97:7b:97:26:f0:bc:8c:1d:be:2b:fd:ea:9c:43:07:
                    06:3f:e4:d6:9a:59:b8:03:bc:c9:9c:8f:f6:ac:d9:
                    41:6c:00:9b:df:57:b7:aa:01:23:16:88:80:27:f9:
                    0d:7c:f2:7d:0e:11:39:14:af:19:81:c2:e3:7f:1c:
                    62:c4:1c:71:6a:03:a7:ce:ee:80:49:c6:b0:e1:02:
                    a8:e0:7d:e2:ef:72:21:cd:54:05:8e:51:19:f7:0d:
                    e9:15:7d:b3:60:92:7f:4e:43:14:00:c2:06:42:64:
                    31:b1:75:8d:da:20:af:05:64:77:a7:67:15:d3:9f:
                    53:30:1d:24:7e:a1:cf:37:79:34:26:07:b4:b5:3c:
                    1e:10:69:fc:17:49:e9:31:ea:8e:61:65:31:0d:3f:
                    c7:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5B:B7:3C:14:24:09:7C:62:2A:8C:72:33:AF:5E:1C:FF:C1:3E:E8
            X509v3 Authority Key Identifier:
                keyid:5E:CE:10:F1:3C:46:80:69:26:A6:79:46:CC:6A:11:02:AA:09:03:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xs4Q8TxGgGkmpnlGzGoRAqoJAxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ae3323-0a49-4d7a-8955-b6f7aed856c0/1/_Vu3PBQkCXxiKoxyM69eHP_BPug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ae3323-0a49-4d7a-8955-b6f7aed856c0/1/Xs4Q8TxGgGkmpnlGzGoRAqoJAxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:ae:9b:e3:76:74:8c:5e:61:92:4d:99:ed:3c:39:fc:ee:70:
         c9:8e:de:26:3e:5a:86:6d:7e:c7:50:de:cc:d4:d3:6e:09:9f:
         7d:15:d1:4d:42:37:5b:b5:54:50:93:63:23:4e:b3:12:90:a7:
         6e:36:1b:74:5c:d5:a1:26:19:52:a2:3d:40:ae:91:4a:eb:fa:
         46:1f:a4:1b:6c:73:2f:94:12:22:53:c3:64:c1:06:4b:cb:93:
         ea:b7:62:75:0e:0a:9e:7e:55:81:a3:d4:1f:4d:d0:0c:62:02:
         51:b9:14:39:c9:da:a3:49:3b:e1:77:00:1c:ca:f0:3a:09:47:
         07:6d:e3:ec:f2:e4:34:0a:fd:86:7c:30:8e:75:d6:f8:34:71:
         04:24:3c:e6:6b:4f:98:d8:a4:fc:d3:68:fd:ae:dd:40:46:5a:
         8b:57:3b:c6:29:a0:01:89:6f:dc:ae:d5:5b:b4:9f:9c:19:bf:
         98:e7:22:99:e9:9c:1d:e2:57:00:ac:60:bb:1f:ca:f8:84:4f:
         fe:ae:7e:1c:77:ca:44:94:31:94:4d:92:62:f2:7d:ab:c1:7e:
         25:01:fb:57:22:9a:b6:8b:ed:e9:3b:70:11:f2:c6:ee:59:8a:
         a1:7b:dd:22:45:e1:c8:b2:fc:32:26:5f:21:81:71:72:c0:8f:
         1a:70:21:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sK6Pf62KYViRqWCeXH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlY2UxMGYxM2M0NjgwNjkyNmE2Nzk0NmNjNmExMTAyYWEw
OTAzMWEwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDViYjczYzE0MjQwOTdjNjIyYThjNzIzM2FmNWUxY2ZmYzEzZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdXpT5ow6dPfXNygFp0ag+egdvp6
V+otVjqEezS035Ki3rVhVr7VebGF4Ev+54QMU8acA6y1W07V3WyMQhXf9SDijy8u
y6Ry+fesAqV+sHbxjtBnKi11DZwHSWRiDJcLRD+iZ8RPDdeXe5cm8LyMHb4r/eqc
QwcGP+TWmlm4A7zJnI/2rNlBbACb31e3qgEjFoiAJ/kNfPJ9DhE5FK8ZgcLjfxxi
xBxxagOnzu6AScaw4QKo4H3i73IhzVQFjlEZ9w3pFX2zYJJ/TkMUAMIGQmQxsXWN
2iCvBWR3p2cV059TMB0kfqHPN3k0Jge0tTweEGn8F0npMeqOYWUxDT/HKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1btzwUJAl8YiqMcjOvXhz/wT7oMB8GA1UdIwQY
MBaAFF7OEPE8RoBpJqZ5RsxqEQKqCQMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHM0UThUeEdnR2ttcG5sR3pHb1JBcW9KQXhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hZTMzMjMtMGE0OS00ZDdhLTg5NTUt
YjZmN2FlZDg1NmMwLzEvX1Z1M1BCUWtDWHhpS294eU02OWVIUF9CUHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hZTMzMjMtMGE0OS00ZDdhLTg5NTUtYjZmN2FlZDg1NmMw
LzEvWHM0UThUeEdnR2ttcG5sR3pHb1JBcW9KQXhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud94MA0G
CSqGSIb3DQEBCwUAA4IBAQCZrpvjdnSMXmGSTZntPDn87nDJjt4mPlqGbX7HUN7M
1NNuCZ99FdFNQjdbtVRQk2MjTrMSkKduNht0XNWhJhlSoj1ArpFK6/pGH6QbbHMv
lBIiU8NkwQZLy5Pqt2J1DgqeflWBo9QfTdAMYgJRuRQ5ydqjSTvhdwAcyvA6CUcH
bePs8uQ0Cv2GfDCOddb4NHEEJDzma0+Y2KT802j9rt1ARlqLVzvGKaABiW/crtVb
tJ+cGb+Y5yKZ6Zwd4lcArGC7H8r4hE/+rn4cd8pElDGUTZJi8n2rwX4lAftXIpq2
i+3pO3AR8sbuWYqhe90iReHIsvwyJl8hgXFywI8acCHI
-----END CERTIFICATE-----