Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/e6bf5b-2e6a-42a4-b711-019cf77e4788/1/IWbYRuJ5F-sk2EujcguygYe-ZjE.roa
File:                     IWbYRuJ5F-sk2EujcguygYe-ZjE.roa (raw, json)
Hash identifier:          3WwltnCRP39JKqIBizO8sp/SRHriEwL59m3WRzE1eCw=
Subject key identifier:   21:66:D8:46:E2:79:17:EB:24:D8:4B:A3:72:0B:B2:81:87:BE:66:31
Certificate issuer:       /CN=582f2e1533164ebb8d871cf6f2c49a567ea26635
Certificate serial:       018CC94CE1739B259894E539E5E53C5AD62C
Authority key identifier: 58:2F:2E:15:33:16:4E:BB:8D:87:1C:F6:F2:C4:9A:56:7E:A2:66:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WC8uFTMWTruNhxz28sSaVn6iZjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/e6bf5b-2e6a-42a4-b711-019cf77e4788/1/IWbYRuJ5F-sk2EujcguygYe-ZjE.roa
Signing time:             Tue 02 Jan 2024 08:31:48 +0000
ROA not before:           Tue 02 Jan 2024 08:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202093
IP address blocks:        185.53.65.0/24 maxlen: 24
                          185.53.67.0/24 maxlen: 24
                          185.53.66.0/24 maxlen: 24
                          185.53.64.0/24 maxlen: 24
                          185.53.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/e6bf5b-2e6a-42a4-b711-019cf77e4788/1/WC8uFTMWTruNhxz28sSaVn6iZjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/e6bf5b-2e6a-42a4-b711-019cf77e4788/1/WC8uFTMWTruNhxz28sSaVn6iZjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WC8uFTMWTruNhxz28sSaVn6iZjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:e1:73:9b:25:98:94:e5:39:e5:e5:3c:5a:d6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=582f2e1533164ebb8d871cf6f2c49a567ea26635
        Validity
            Not Before: Jan  2 08:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2166d846e27917eb24d84ba3720bb28187be6631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:56:99:6e:13:b4:4a:67:98:87:2b:c0:cd:f9:
                    2c:38:ef:9e:85:16:82:2a:0b:8b:71:50:8d:84:1c:
                    94:5a:64:f7:22:cd:8f:05:28:7f:a9:38:99:dc:a2:
                    19:f2:85:b9:f1:0d:00:e7:28:5f:1d:80:d5:3d:aa:
                    cd:6f:f8:d3:70:17:9b:10:3b:c8:0e:7e:11:2e:a4:
                    fd:79:c3:f2:74:57:ee:d3:a0:65:3f:90:79:8a:9a:
                    f2:1a:3d:f5:1f:e1:98:3e:a6:02:31:32:22:8c:ad:
                    23:12:af:88:8b:06:bf:84:71:11:9b:64:63:08:91:
                    fa:64:85:a2:98:ea:22:3c:b5:d1:76:fb:4f:cd:36:
                    51:eb:a6:69:19:ce:f2:43:11:ff:02:12:50:2b:eb:
                    98:66:f8:fb:df:84:d0:8d:cb:e3:18:83:9c:f7:7f:
                    cf:9c:1e:1d:d3:9c:9d:8c:40:31:9e:ab:99:cd:bc:
                    fd:44:32:db:c4:bb:ad:d2:28:e8:96:d6:d4:74:6f:
                    00:c2:da:70:60:e5:4f:92:39:91:0f:94:cc:4e:99:
                    00:33:a4:26:43:8a:8b:57:ce:20:13:14:5a:09:9d:
                    fc:ee:47:20:55:fd:2b:28:5b:36:ad:46:fe:70:57:
                    a9:a8:23:d7:e6:85:7e:cb:39:76:c9:78:dd:95:e5:
                    14:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:66:D8:46:E2:79:17:EB:24:D8:4B:A3:72:0B:B2:81:87:BE:66:31
            X509v3 Authority Key Identifier:
                keyid:58:2F:2E:15:33:16:4E:BB:8D:87:1C:F6:F2:C4:9A:56:7E:A2:66:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WC8uFTMWTruNhxz28sSaVn6iZjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/e6bf5b-2e6a-42a4-b711-019cf77e4788/1/IWbYRuJ5F-sk2EujcguygYe-ZjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/e6bf5b-2e6a-42a4-b711-019cf77e4788/1/WC8uFTMWTruNhxz28sSaVn6iZjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:a0:0d:93:ec:5a:e9:f8:18:fe:49:a0:50:22:56:42:e0:41:
         f5:8e:80:30:e6:c8:17:b2:00:ff:37:c1:89:f5:b6:82:df:b5:
         2d:04:8a:e6:e6:30:55:c4:0d:99:c0:a1:4c:7a:df:9a:14:db:
         69:69:20:af:0c:50:7a:95:98:43:51:cf:e8:0c:4a:f4:e6:4d:
         47:b0:d3:19:00:f6:a4:7d:e1:0c:05:a4:f8:64:01:24:86:8f:
         3d:19:f7:48:b8:31:78:92:2d:c3:ac:42:9f:5d:02:06:89:d3:
         81:20:30:76:c6:07:88:e6:b0:de:c5:62:d9:06:5d:bd:30:44:
         9d:ac:2a:68:de:ae:14:10:3c:ab:9a:c2:c4:52:73:8d:ba:d3:
         fe:91:10:f1:a2:c2:80:6f:76:d4:76:c4:da:fe:98:13:3a:20:
         d9:4a:e7:e9:4d:cf:63:4e:eb:c7:42:6d:77:ab:ed:a8:78:d8:
         dc:4e:e4:0c:eb:1c:6c:d5:54:9f:65:bb:1a:7a:21:3f:e9:25:
         ad:33:af:7b:cc:14:4b:2b:68:a3:1c:1a:44:8b:6c:ad:01:0f:
         a5:fa:00:e8:75:68:e1:0b:7b:d1:5b:75:3a:75:58:80:6c:4e:
         3a:7e:37:c2:b8:42:bd:d6:3c:49:be:27:cf:37:d0:01:af:71:
         a3:68:b8:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTOFzmyWYlOU55eU8WtYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MmYyZTE1MzMxNjRlYmI4ZDg3MWNmNmYyYzQ5YTU2N2Vh
MjY2MzUwHhcNMjQwMTAyMDgzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTY2ZDg0NmUyNzkxN2ViMjRkODRiYTM3MjBiYjI4MTg3YmU2NjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFaZbhO0SmeYhyvAzfksOO+ehRaC
KguLcVCNhByUWmT3Is2PBSh/qTiZ3KIZ8oW58Q0A5yhfHYDVParNb/jTcBebEDvI
Dn4RLqT9ecPydFfu06BlP5B5ipryGj31H+GYPqYCMTIijK0jEq+Iiwa/hHERm2Rj
CJH6ZIWimOoiPLXRdvtPzTZR66ZpGc7yQxH/AhJQK+uYZvj734TQjcvjGIOc93/P
nB4d05ydjEAxnquZzbz9RDLbxLut0ijoltbUdG8AwtpwYOVPkjmRD5TMTpkAM6Qm
Q4qLV84gExRaCZ387kcgVf0rKFs2rUb+cFepqCPX5oV+yzl2yXjdleUUAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFm2EbieRfrJNhLo3ILsoGHvmYxMB8GA1UdIwQY
MBaAFFgvLhUzFk67jYcc9vLEmlZ+omY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0M4dUZUTVdUcnVOaHh6MjhzU2FWbjZpWmpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9lNmJmNWItMmU2YS00MmE0LWI3MTEt
MDE5Y2Y3N2U0Nzg4LzEvSVdiWVJ1SjVGLXNrMkV1amNndXlnWWUtWmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9lNmJmNWItMmU2YS00MmE0LWI3MTEtMDE5Y2Y3N2U0Nzg4
LzEvV0M4dUZUTVdUcnVOaHh6MjhzU2FWbjZpWmpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTVAMA0G
CSqGSIb3DQEBCwUAA4IBAQBaoA2T7Frp+Bj+SaBQIlZC4EH1joAw5sgXsgD/N8GJ
9baC37UtBIrm5jBVxA2ZwKFMet+aFNtpaSCvDFB6lZhDUc/oDEr05k1HsNMZAPak
feEMBaT4ZAEkho89GfdIuDF4ki3DrEKfXQIGidOBIDB2xgeI5rDexWLZBl29MESd
rCpo3q4UEDyrmsLEUnONutP+kRDxosKAb3bUdsTa/pgTOiDZSufpTc9jTuvHQm13
q+2oeNjcTuQM6xxs1VSfZbsaeiE/6SWtM697zBRLK2ijHBpEi2ytAQ+l+gDodWjh
C3vRW3U6dViAbE46fjfCuEK91jxJvifPN9ABr3GjaLhB
-----END CERTIFICATE-----