Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/xROFnJ1H2xbH026VkyiPn1_lbmo.roa
File:                     xROFnJ1H2xbH026VkyiPn1_lbmo.roa (raw, json)
Hash identifier:          inooLxf+98ZDBFywlXJ3Sg8xDC2dLy6UzJrjAybls7c=
Subject key identifier:   C5:13:85:9C:9D:47:DB:16:C7:D3:6E:95:93:28:8F:9F:5F:E5:6E:6A
Certificate issuer:       /CN=b307c87e7b6e294f2700790eef19e82939d85cd6
Certificate serial:       018CC425305FE38EF4D2F8DCB29160BE8B68
Authority key identifier: B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/xROFnJ1H2xbH026VkyiPn1_lbmo.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211100
IP address blocks:        185.53.34.0/24 maxlen: 24
                          2a10:fa40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:30:5f:e3:8e:f4:d2:f8:dc:b2:91:60:be:8b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b307c87e7b6e294f2700790eef19e82939d85cd6
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c513859c9d47db16c7d36e9593288f9f5fe56e6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:06:0c:91:64:e5:d2:9c:1d:d0:60:36:90:7c:
                    3a:83:58:d9:eb:47:ba:ea:ca:8f:f1:d4:99:1f:e1:
                    3f:18:1b:e2:0d:40:a3:13:62:06:84:c6:14:e8:c7:
                    8e:4e:de:89:09:7e:63:d6:f1:b0:aa:40:73:17:7a:
                    7c:43:3f:29:0a:b7:89:ef:dc:a1:36:04:5f:90:32:
                    53:48:15:c8:b8:54:e6:ee:00:9f:c7:7a:01:22:96:
                    3d:29:a6:5d:ac:95:7b:dc:d5:3c:2a:c9:72:9b:b5:
                    a5:2e:36:b7:09:50:9f:50:b9:6c:d3:ec:f8:33:48:
                    0e:aa:29:88:55:7c:a6:6c:b4:e3:d8:e3:e4:02:a7:
                    a4:1c:d6:68:f6:9c:5e:35:54:16:54:09:1d:7c:50:
                    c6:59:f8:7b:ae:94:e4:95:b4:61:56:74:86:af:a3:
                    7d:bc:8e:94:f9:b6:80:1f:b9:5c:ca:dc:26:de:37:
                    25:a7:96:6e:53:f0:c8:45:76:29:1d:e6:07:e2:db:
                    4f:24:71:43:ad:50:3d:08:e6:25:6d:02:71:c6:ab:
                    78:1e:2f:e6:42:f5:ed:fc:5a:8e:48:71:d3:69:65:
                    f1:70:93:d5:45:80:8e:76:77:e0:22:04:2c:98:d5:
                    7c:af:3b:25:70:ad:b6:82:b2:b1:fe:27:17:9a:9d:
                    50:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:13:85:9C:9D:47:DB:16:C7:D3:6E:95:93:28:8F:9F:5F:E5:6E:6A
            X509v3 Authority Key Identifier:
                keyid:B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/xROFnJ1H2xbH026VkyiPn1_lbmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.34.0/24
                IPv6:
                  2a10:fa40::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:0e:cb:5e:25:c6:7d:65:c9:3e:a4:f9:ae:92:ad:59:87:b5:
         2d:d5:7f:d9:06:49:91:00:b4:73:07:e5:96:53:82:bb:67:df:
         98:6f:48:ba:5d:63:99:de:cd:71:b0:91:e7:9a:e4:81:76:b8:
         78:61:e0:1b:6b:03:5c:03:fa:e3:ef:b3:28:98:82:50:f8:6a:
         dc:55:79:dc:f6:b3:af:4a:21:8a:ca:73:22:4f:df:25:71:b3:
         0b:bc:e0:8c:bf:07:68:83:37:1d:5c:a5:9c:13:f3:95:5e:c7:
         65:58:48:59:29:20:89:18:a7:de:a3:e0:6a:1a:b5:31:97:df:
         7c:b2:5c:b9:9d:72:c3:50:39:34:00:94:2f:a1:a2:fa:c6:6b:
         07:e3:73:91:14:e9:a7:04:ca:cb:e6:3e:b7:86:21:d0:91:52:
         dc:ea:f7:02:80:b1:8d:3d:6a:d7:77:ec:a7:3b:06:e6:38:41:
         53:36:4e:d9:fd:35:e4:27:4f:0c:23:20:b4:b7:64:66:20:1a:
         73:61:e8:7a:a1:07:02:f5:75:af:5e:94:a8:cf:8c:1c:41:26:
         9d:26:41:39:d2:f0:9e:84:4d:32:8d:18:cd:c0:ed:19:dd:be:
         47:c8:5c:a7:15:f8:5b:dd:9a:7b:e6:38:0b:ca:d5:23:e8:36:
         60:76:41:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJTBf44700vjcspFgvotoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMDdjODdlN2I2ZTI5NGYyNzAwNzkwZWVmMTllODI5Mzlk
ODVjZDYwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTEzODU5YzlkNDdkYjE2YzdkMzZlOTU5MzI4OGY5ZjVmZTU2ZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQYMkWTl0pwd0GA2kHw6g1jZ60e6
6sqP8dSZH+E/GBviDUCjE2IGhMYU6MeOTt6JCX5j1vGwqkBzF3p8Qz8pCreJ79yh
NgRfkDJTSBXIuFTm7gCfx3oBIpY9KaZdrJV73NU8Kslym7WlLja3CVCfULls0+z4
M0gOqimIVXymbLTj2OPkAqekHNZo9pxeNVQWVAkdfFDGWfh7rpTklbRhVnSGr6N9
vI6U+baAH7lcytwm3jclp5ZuU/DIRXYpHeYH4ttPJHFDrVA9COYlbQJxxqt4Hi/m
QvXt/FqOSHHTaWXxcJPVRYCOdnfgIgQsmNV8rzslcK22grKx/icXmp1QrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMUThZydR9sWx9NulZMoj59f5W5qMB8GA1UdIwQY
MBaAFLMHyH57bilPJwB5Du8Z6Ck52FzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODct
NjQ5NDVhNGY4ZTEyLzEveFJPRm5KMUgyeGJIMDI2Vmt5aVBuMV9sYm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODctNjQ5NDVhNGY4ZTEy
LzEvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTUiMA0E
AgACMAcDBQAqEPpAMA0GCSqGSIb3DQEBCwUAA4IBAQCFDsteJcZ9Zck+pPmukq1Z
h7Ut1X/ZBkmRALRzB+WWU4K7Z9+Yb0i6XWOZ3s1xsJHnmuSBdrh4YeAbawNcA/rj
77MomIJQ+GrcVXnc9rOvSiGKynMiT98lcbMLvOCMvwdogzcdXKWcE/OVXsdlWEhZ
KSCJGKfeo+BqGrUxl998sly5nXLDUDk0AJQvoaL6xmsH43ORFOmnBMrL5j63hiHQ
kVLc6vcCgLGNPWrXd+ynOwbmOEFTNk7Z/TXkJ08MIyC0t2RmIBpzYeh6oQcC9XWv
XpSoz4wcQSadJkE50vCehE0yjRjNwO0Z3b5HyFynFfhb3Zp75jgLytUj6DZgdkH3
-----END CERTIFICATE-----