Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/OOL6LlrsT-9zRLPtWlNMr_TAB_w.roa
File:                     OOL6LlrsT-9zRLPtWlNMr_TAB_w.roa (raw, json)
Hash identifier:          sHxORi4bAAuxpW1fSuQvDE7MveRKu4azSPqFJZsUqf4=
Subject key identifier:   38:E2:FA:2E:5A:EC:4F:EF:73:44:B3:ED:5A:53:4C:AF:F4:C0:07:FC
Certificate issuer:       /CN=bfd09a87743817c56f8088007a5746eb69ff2e30
Certificate serial:       018CC793641E4904CF8BC5E52E0E1C22AAA9
Authority key identifier: BF:D0:9A:87:74:38:17:C5:6F:80:88:00:7A:57:46:EB:69:FF:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/OOL6LlrsT-9zRLPtWlNMr_TAB_w.roa
Signing time:             Tue 02 Jan 2024 00:29:34 +0000
ROA not before:           Tue 02 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30722
IP address blocks:        185.82.224.0/22 maxlen: 22
                          2a05:9540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:64:1e:49:04:cf:8b:c5:e5:2e:0e:1c:22:aa:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd09a87743817c56f8088007a5746eb69ff2e30
        Validity
            Not Before: Jan  2 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38e2fa2e5aec4fef7344b3ed5a534caff4c007fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d4:07:85:3e:7d:ec:a8:b3:6f:33:d5:51:70:
                    92:2c:bd:97:a8:6c:1e:88:08:2e:89:06:30:24:0d:
                    a3:07:23:18:fb:01:ff:ac:1a:0e:7a:96:32:65:ac:
                    41:c7:6c:1b:3f:ed:a9:a1:b8:3d:98:26:25:eb:04:
                    7d:58:c9:79:0c:1d:e9:f4:0d:64:80:88:00:73:a3:
                    3a:d2:7b:25:2e:ef:21:be:f2:31:e0:e1:42:e0:71:
                    87:9c:06:d0:4b:2e:cc:be:97:7a:90:83:18:01:3a:
                    69:9a:fa:dc:58:b0:02:e0:88:2b:3f:d2:e0:8f:c1:
                    ec:7f:18:77:ad:ea:1c:ae:2b:89:da:1d:aa:74:c0:
                    26:a9:7e:7a:19:70:80:6d:c8:97:4b:8a:0f:1c:e1:
                    6b:6b:3e:ca:73:bd:7e:46:cc:b3:b8:55:01:2b:44:
                    d7:ae:e2:0c:2c:d7:10:83:70:ea:94:68:62:2f:68:
                    98:d7:7f:28:b9:2a:52:ec:ed:d9:64:4e:81:fd:e2:
                    55:9d:9f:fb:59:e6:16:6b:d1:c8:f5:58:c0:2a:c3:
                    89:63:fe:d8:a9:44:3b:38:36:a4:8e:9f:68:08:ff:
                    4b:14:3d:a5:36:e6:8e:0b:4a:92:11:76:79:d4:55:
                    81:eb:f0:a5:fa:0e:f9:83:7d:97:a0:7e:32:af:64:
                    a7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E2:FA:2E:5A:EC:4F:EF:73:44:B3:ED:5A:53:4C:AF:F4:C0:07:FC
            X509v3 Authority Key Identifier:
                keyid:BF:D0:9A:87:74:38:17:C5:6F:80:88:00:7A:57:46:EB:69:FF:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/OOL6LlrsT-9zRLPtWlNMr_TAB_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.224.0/22
                IPv6:
                  2a05:9540::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:f2:b5:91:40:22:b8:ca:b7:d1:6e:fc:ad:59:52:f2:84:eb:
         da:d1:bf:a0:57:ff:21:56:ec:44:a3:a8:36:bc:83:f6:51:f5:
         5d:c8:ce:a0:f7:61:ef:f1:b0:60:2e:83:cc:42:f6:b4:d8:70:
         06:a2:84:53:21:7b:c3:57:0d:0c:7f:a0:2c:fe:96:20:30:f1:
         af:c7:57:e8:ec:23:4b:96:9a:d1:90:25:a3:5c:d0:69:43:f2:
         5e:b3:d8:a2:af:7d:ba:46:be:ea:43:a2:b6:6c:1f:fa:8b:dd:
         1a:6a:8e:e5:c9:fd:c4:ac:46:bc:af:11:d3:84:77:9b:61:04:
         91:87:d7:b8:11:27:17:53:15:d8:f3:66:a5:d4:da:9b:c5:ad:
         26:75:de:c5:a4:53:5e:c5:b0:ad:fb:33:50:7b:61:ac:03:d5:
         b9:0b:6a:be:26:4b:4b:d1:11:23:e9:5c:3a:02:62:97:ad:26:
         b8:40:89:e8:11:4d:da:9e:9e:d8:0a:01:61:35:c2:bf:88:4c:
         e0:e8:4c:25:78:93:3b:b2:f4:d2:b3:6b:3a:4f:57:62:9f:e4:
         ff:d6:ad:62:dd:40:c5:f3:55:35:54:46:26:c1:2d:4d:30:21:
         f7:14:75:83:b0:1d:cd:19:49:8d:bf:76:a1:9c:7a:c1:59:01:
         94:66:c9:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk2QeSQTPi8XlLg4cIqqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA5YTg3NzQzODE3YzU2ZjgwODgwMDdhNTc0NmViNjlm
ZjJlMzAwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGUyZmEyZTVhZWM0ZmVmNzM0NGIzZWQ1YTUzNGNhZmY0YzAwN2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNQHhT597KizbzPVUXCSLL2XqGwe
iAguiQYwJA2jByMY+wH/rBoOepYyZaxBx2wbP+2pobg9mCYl6wR9WMl5DB3p9A1k
gIgAc6M60nslLu8hvvIx4OFC4HGHnAbQSy7Mvpd6kIMYATppmvrcWLAC4IgrP9Lg
j8Hsfxh3reocriuJ2h2qdMAmqX56GXCAbciXS4oPHOFraz7Kc71+RsyzuFUBK0TX
ruIMLNcQg3DqlGhiL2iY138ouSpS7O3ZZE6B/eJVnZ/7WeYWa9HI9VjAKsOJY/7Y
qUQ7ODakjp9oCP9LFD2lNuaOC0qSEXZ51FWB6/Cl+g75g32XoH4yr2SnvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDji+i5a7E/vc0Sz7VpTTK/0wAf8MB8GA1UdIwQY
MBaAFL/Qmod0OBfFb4CIAHpXRutp/y4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlDYWgzUTRGOFZ2Z0lnQWVsZEc2Mm5fTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wOTI1NzAtNTEyYS00NGZhLWE0ZmUt
ZGJjYThjMzFlYmM4LzEvT09MNkxscnNULTl6UkxQdFdsTk1yX1RBQl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wOTI1NzAtNTEyYS00NGZhLWE0ZmUtZGJjYThjMzFlYmM4
LzEvdjlDYWgzUTRGOFZ2Z0lnQWVsZEc2Mm5fTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVLgMA0E
AgACMAcDBQMqBZVAMA0GCSqGSIb3DQEBCwUAA4IBAQCF8rWRQCK4yrfRbvytWVLy
hOva0b+gV/8hVuxEo6g2vIP2UfVdyM6g92Hv8bBgLoPMQva02HAGooRTIXvDVw0M
f6As/pYgMPGvx1fo7CNLlprRkCWjXNBpQ/Jes9iir326Rr7qQ6K2bB/6i90aao7l
yf3ErEa8rxHThHebYQSRh9e4EScXUxXY82al1Nqbxa0mdd7FpFNexbCt+zNQe2Gs
A9W5C2q+JktL0REj6Vw6AmKXrSa4QInoEU3anp7YCgFhNcK/iEzg6EwleJM7svTS
s2s6T1din+T/1q1i3UDF81U1VEYmwS1NMCH3FHWDsB3NGUmNv3ahnHrBWQGUZsnA
-----END CERTIFICATE-----