Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/VIVfZbRMgzxdXvp0h5wSSJCG8Ps.roa
File:                     VIVfZbRMgzxdXvp0h5wSSJCG8Ps.roa (raw, json)
Hash identifier:          zSBhKFCm0mZiqOC/rPqEXKWO5oyj8x5DnJQjAvWno0s=
Subject key identifier:   54:85:5F:65:B4:4C:83:3C:5D:5E:FA:74:87:9C:12:48:90:86:F0:FB
Certificate issuer:       /CN=6faae55613fc89586f7bd6de0edca097b8615a6a
Certificate serial:       018CC7953BC3D9AA07893C0592B1D9997FB0
Authority key identifier: 6F:AA:E5:56:13:FC:89:58:6F:7B:D6:DE:0E:DC:A0:97:B8:61:5A:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6rlVhP8iVhve9beDtygl7hhWmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/VIVfZbRMgzxdXvp0h5wSSJCG8Ps.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        185.208.36.0/22 maxlen: 22
                          2001:1a30:c000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/b6rlVhP8iVhve9beDtygl7hhWmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/b6rlVhP8iVhve9beDtygl7hhWmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6rlVhP8iVhve9beDtygl7hhWmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3b:c3:d9:aa:07:89:3c:05:92:b1:d9:99:7f:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6faae55613fc89586f7bd6de0edca097b8615a6a
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54855f65b44c833c5d5efa74879c12489086f0fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:68:c0:ee:25:67:f1:2e:83:e6:67:6b:1e:52:
                    40:97:d0:7f:63:3f:33:6b:b6:92:5e:d0:c8:c5:f4:
                    bd:3a:07:83:2d:fc:0a:b5:4c:17:9d:2e:7f:bd:d9:
                    92:5d:29:fd:a1:8a:7d:2e:2d:03:a7:80:5d:a9:e2:
                    43:4a:e1:b7:f5:c4:ac:0e:7b:7c:e1:ee:16:be:5f:
                    12:2a:8a:4e:42:0f:ad:dd:aa:5d:99:cf:82:cd:4f:
                    b9:a1:ec:4a:a5:37:8d:b3:8a:fe:c0:5b:f6:8d:6b:
                    e8:62:0e:c0:15:fd:8a:18:4d:86:25:c8:c5:d3:b4:
                    d2:2e:a9:cd:56:f9:f9:b5:12:bb:34:20:c8:9e:32:
                    a8:56:d3:f9:f0:e5:07:9e:c7:74:60:24:68:fb:90:
                    12:a1:bb:68:64:e6:a1:e0:d0:dc:91:4a:85:0d:b7:
                    98:09:97:03:63:c5:ce:fc:bd:c5:4a:2c:b7:12:d3:
                    55:90:7a:6d:d7:e8:e2:02:c8:a3:78:a0:37:e6:0b:
                    8a:cf:9a:61:eb:ea:05:37:94:f4:44:c2:78:10:13:
                    e9:dd:30:27:0e:db:ad:9b:0c:03:aa:10:ae:ae:b6:
                    a2:a4:09:a8:b5:86:3e:c6:9f:74:c3:23:3b:45:f0:
                    ba:ad:88:7e:bd:31:cf:fa:b8:7e:d7:9c:33:6c:9d:
                    0d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:85:5F:65:B4:4C:83:3C:5D:5E:FA:74:87:9C:12:48:90:86:F0:FB
            X509v3 Authority Key Identifier:
                keyid:6F:AA:E5:56:13:FC:89:58:6F:7B:D6:DE:0E:DC:A0:97:B8:61:5A:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6rlVhP8iVhve9beDtygl7hhWmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/VIVfZbRMgzxdXvp0h5wSSJCG8Ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/b6rlVhP8iVhve9beDtygl7hhWmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.36.0/22
                IPv6:
                  2001:1a30:c000::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:c7:79:e5:c7:e8:02:5d:7a:b8:61:17:6d:9f:29:44:c6:f7:
         55:1d:0d:71:bf:fe:9e:94:11:29:6a:f7:ee:d9:47:db:46:15:
         59:4b:e0:27:5e:da:4c:80:ca:27:5f:40:8d:06:76:a6:67:57:
         79:fa:be:f0:b4:97:e4:f1:a3:d2:14:c9:6d:f3:36:5e:07:0d:
         58:1a:b9:0f:c7:6c:6b:95:72:10:df:d5:c4:39:44:f9:14:5f:
         0a:cd:19:9e:73:95:2d:ed:ee:cb:9c:dd:3d:0d:25:36:c9:b9:
         a5:ac:e7:5d:8c:e9:08:08:77:2b:f9:4f:db:0b:45:51:71:e1:
         1b:ba:3d:08:86:a5:75:47:03:a8:24:73:1c:16:30:56:5a:93:
         c0:ed:00:73:af:9f:c0:e0:d2:c5:13:83:d7:21:8d:8b:22:6c:
         3e:66:68:a1:4b:17:8f:9d:5b:06:7d:7c:9c:b1:dd:4d:cb:e1:
         c2:cb:48:cf:d1:0d:ea:c7:4b:99:73:73:55:b3:1f:02:98:9c:
         ed:bf:5d:74:8d:51:92:cc:69:b7:3b:2f:4f:2d:f2:f8:28:af:
         ea:49:99:42:3a:ea:ff:7f:09:de:4c:fe:09:75:ec:34:3a:72:
         b2:51:38:c1:65:7f:f3:5b:72:e7:71:7d:3b:8e:1a:77:79:b0:
         12:90:ae:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlTvD2aoHiTwFkrHZmX+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYWFlNTU2MTNmYzg5NTg2ZjdiZDZkZTBlZGNhMDk3Yjg2
MTVhNmEwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDg1NWY2NWI0NGM4MzNjNWQ1ZWZhNzQ4NzljMTI0ODkwODZmMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmjA7iVn8S6D5mdrHlJAl9B/Yz8z
a7aSXtDIxfS9OgeDLfwKtUwXnS5/vdmSXSn9oYp9Li0Dp4BdqeJDSuG39cSsDnt8
4e4Wvl8SKopOQg+t3apdmc+CzU+5oexKpTeNs4r+wFv2jWvoYg7AFf2KGE2GJcjF
07TSLqnNVvn5tRK7NCDInjKoVtP58OUHnsd0YCRo+5ASobtoZOah4NDckUqFDbeY
CZcDY8XO/L3FSiy3EtNVkHpt1+jiAsijeKA35guKz5ph6+oFN5T0RMJ4EBPp3TAn
DtutmwwDqhCurraipAmotYY+xp90wyM7RfC6rYh+vTHP+rh+15wzbJ0NPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFSFX2W0TIM8XV76dIecEkiQhvD7MB8GA1UdIwQY
MBaAFG+q5VYT/IlYb3vW3g7coJe4YVpqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZybFZoUDhpVmh2ZTliZUR0eWdsN2hoV21vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi81Nzg4OWEtNTBkZi00YWJmLTgxZTUt
MWIxMjY0MWY0OTNiLzEvVklWZlpiUk1nenhkWHZwMGg1d1NTSkNHOFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi81Nzg4OWEtNTBkZi00YWJmLTgxZTUtMWIxMjY0MWY0OTNi
LzEvYjZybFZoUDhpVmh2ZTliZUR0eWdsN2hoV21vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCudAkMA8E
AgACMAkDBwAgARowwAAwDQYJKoZIhvcNAQELBQADggEBAEHHeeXH6AJderhhF22f
KUTG91UdDXG//p6UESlq9+7ZR9tGFVlL4Cde2kyAyidfQI0GdqZnV3n6vvC0l+Tx
o9IUyW3zNl4HDVgauQ/HbGuVchDf1cQ5RPkUXwrNGZ5zlS3t7suc3T0NJTbJuaWs
512M6QgIdyv5T9sLRVFx4Ru6PQiGpXVHA6gkcxwWMFZak8DtAHOvn8Dg0sUTg9ch
jYsibD5maKFLF4+dWwZ9fJyx3U3L4cLLSM/RDerHS5lzc1WzHwKYnO2/XXSNUZLM
abc7L08t8vgor+pJmUI66v9/Cd5M/gl17DQ6crJROMFlf/NbcudxfTuOGnd5sBKQ
rv4=
-----END CERTIFICATE-----