Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/dQAz2Zf54Q7Ka4wGxYdD99wpl1w.roa
File:                     dQAz2Zf54Q7Ka4wGxYdD99wpl1w.roa (raw, json)
Hash identifier:          rcrwGK4nfOtkPvqXjMYu0Rs6tUGxoqIm//OHGHV3Mno=
Subject key identifier:   75:00:33:D9:97:F9:E1:0E:CA:6B:8C:06:C5:87:43:F7:DC:29:97:5C
Certificate issuer:       /CN=93a10fa9eca8ec8ddd5e125426438e8df8c87abc
Certificate serial:       018CCA96F8D7201502A2679AF8B22CADEC1C
Authority key identifier: 93:A1:0F:A9:EC:A8:EC:8D:DD:5E:12:54:26:43:8E:8D:F8:C8:7A:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6EPqeyo7I3dXhJUJkOOjfjIerw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/dQAz2Zf54Q7Ka4wGxYdD99wpl1w.roa
Signing time:             Tue 02 Jan 2024 14:32:20 +0000
ROA not before:           Tue 02 Jan 2024 14:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62031
IP address blocks:        185.198.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/k6EPqeyo7I3dXhJUJkOOjfjIerw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/k6EPqeyo7I3dXhJUJkOOjfjIerw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k6EPqeyo7I3dXhJUJkOOjfjIerw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:f8:d7:20:15:02:a2:67:9a:f8:b2:2c:ad:ec:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a10fa9eca8ec8ddd5e125426438e8df8c87abc
        Validity
            Not Before: Jan  2 14:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=750033d997f9e10eca6b8c06c58743f7dc29975c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:31:e1:fb:c6:c0:46:a7:8f:ef:b4:e6:0a:ac:
                    d4:f4:ac:ca:b6:8b:de:91:75:bc:3e:a5:b6:8f:eb:
                    64:72:01:01:49:88:76:f6:d2:df:94:9b:0b:2a:f5:
                    9a:76:ff:4a:95:cc:b0:84:ed:9e:4e:da:ae:52:14:
                    a0:c1:1a:bf:40:ed:86:e6:e0:64:11:ed:ad:fa:96:
                    10:ef:84:e0:f3:14:76:e6:c2:a9:76:65:09:09:9d:
                    bd:ba:b7:da:2f:59:05:03:9e:60:57:d0:91:87:bf:
                    2b:12:ce:7c:0f:50:bb:26:6f:79:21:fa:c3:85:b8:
                    25:a7:fe:a4:1f:ea:3a:72:e0:b0:46:9b:1c:66:75:
                    82:d5:1a:82:8c:91:7c:b3:66:f7:23:64:d0:55:54:
                    6e:5d:15:c8:f8:4e:9d:78:b3:e3:ad:b3:a4:01:83:
                    08:df:06:7f:c7:a3:9c:06:9a:e1:5f:57:ec:94:2b:
                    9a:fe:9c:b3:c0:da:bf:29:62:a5:84:b7:1a:dd:23:
                    70:ef:bb:ee:d8:61:63:9a:d5:76:3e:9f:0f:cf:6e:
                    7b:d7:6a:b9:44:32:50:ff:37:35:3b:bd:90:71:c4:
                    17:6b:1e:b4:46:1e:e7:71:59:a3:50:21:71:45:c8:
                    ca:15:04:36:f4:c7:e4:dd:5d:bb:52:5c:94:48:72:
                    aa:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:00:33:D9:97:F9:E1:0E:CA:6B:8C:06:C5:87:43:F7:DC:29:97:5C
            X509v3 Authority Key Identifier:
                keyid:93:A1:0F:A9:EC:A8:EC:8D:DD:5E:12:54:26:43:8E:8D:F8:C8:7A:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6EPqeyo7I3dXhJUJkOOjfjIerw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/dQAz2Zf54Q7Ka4wGxYdD99wpl1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/k6EPqeyo7I3dXhJUJkOOjfjIerw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:2d:dd:5c:0e:a2:73:81:61:6a:d2:be:c1:2c:ff:b9:95:37:
         e1:12:78:d9:29:51:8c:d7:f8:fa:5c:2e:c5:81:15:94:ea:6d:
         72:b0:bb:bb:50:1b:21:6b:a0:c3:1b:79:4a:49:e8:ad:b7:fa:
         a6:3f:e6:22:5d:4d:4a:53:5f:ae:0b:57:e5:5b:2e:fa:2a:e8:
         f6:db:6a:84:fe:db:05:eb:bf:cf:c7:3e:7b:05:17:58:61:2c:
         12:85:42:93:9d:fa:53:25:3a:c9:41:20:64:ab:8d:31:08:c8:
         40:8f:1a:52:c0:bd:b6:88:6b:7d:f8:e3:af:41:f5:f4:82:e4:
         dc:f7:c5:e2:63:39:b7:60:3c:0b:e6:a6:1e:da:de:f0:c4:8f:
         bb:e7:40:4e:77:c6:af:10:1f:1b:2d:d2:a6:78:83:12:fd:cd:
         42:d4:ab:e5:1f:a7:3f:8d:a3:03:69:5a:d7:13:c3:98:be:c4:
         67:c1:cf:2e:a0:4a:b5:2e:04:38:e0:36:b0:00:2e:fb:5e:ef:
         37:ef:6e:30:39:1e:7f:ec:a9:5d:42:0a:88:91:53:5e:56:b3:
         63:d1:cd:da:25:d6:52:ac:c2:f1:bb:b1:5b:b9:e2:d6:35:37:
         e9:97:ba:60:68:a3:de:38:96:57:38:2f:82:3c:5e:eb:f1:61:
         3e:4e:9f:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKlvjXIBUComea+LIsrewcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTEwZmE5ZWNhOGVjOGRkZDVlMTI1NDI2NDM4ZThkZjhj
ODdhYmMwHhcNMjQwMTAyMTQzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTAwMzNkOTk3ZjllMTBlY2E2YjhjMDZjNTg3NDNmN2RjMjk5NzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDHh+8bARqeP77TmCqzU9KzKtove
kXW8PqW2j+tkcgEBSYh29tLflJsLKvWadv9KlcywhO2eTtquUhSgwRq/QO2G5uBk
Ee2t+pYQ74Tg8xR25sKpdmUJCZ29urfaL1kFA55gV9CRh78rEs58D1C7Jm95IfrD
hbglp/6kH+o6cuCwRpscZnWC1RqCjJF8s2b3I2TQVVRuXRXI+E6deLPjrbOkAYMI
3wZ/x6OcBprhX1fslCua/pyzwNq/KWKlhLca3SNw77vu2GFjmtV2Pp8Pz25712q5
RDJQ/zc1O72QccQXax60Rh7ncVmjUCFxRcjKFQQ29Mfk3V27UlyUSHKquQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUAM9mX+eEOymuMBsWHQ/fcKZdcMB8GA1UdIwQY
MBaAFJOhD6nsqOyN3V4SVCZDjo34yHq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZFUHFleW83STNkWGhKVUprT09qZmpJZXJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84NWUwMGUtZDlhZS00MDc0LTk2NjIt
NDg3OTBmNjAwYzY0LzEvZFFBejJaZjU0UTdLYTR3R3hZZEQ5OXdwbDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84NWUwMGUtZDlhZS00MDc0LTk2NjItNDg3OTBmNjAwYzY0
LzEvazZFUHFleW83STNkWGhKVUprT09qZmpJZXJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucYQMA0G
CSqGSIb3DQEBCwUAA4IBAQCWLd1cDqJzgWFq0r7BLP+5lTfhEnjZKVGM1/j6XC7F
gRWU6m1ysLu7UBsha6DDG3lKSeitt/qmP+YiXU1KU1+uC1flWy76Kuj222qE/tsF
67/Pxz57BRdYYSwShUKTnfpTJTrJQSBkq40xCMhAjxpSwL22iGt9+OOvQfX0guTc
98XiYzm3YDwL5qYe2t7wxI+750BOd8avEB8bLdKmeIMS/c1C1KvlH6c/jaMDaVrX
E8OYvsRnwc8uoEq1LgQ44DawAC77Xu83724wOR5/7KldQgqIkVNeVrNj0c3aJdZS
rMLxu7FbueLWNTfpl7pgaKPeOJZXOC+CPF7r8WE+Tp/H
-----END CERTIFICATE-----