Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/ITtnTNd_rwh2goslSfH3ShqxcDw.roa
File:                     ITtnTNd_rwh2goslSfH3ShqxcDw.roa (raw, json)
Hash identifier:          nVr6QEFC4rxvEUKj9HxqtdY1Ns+iWteMwHc3gCHBUok=
Subject key identifier:   21:3B:67:4C:D7:7F:AF:08:76:82:8B:25:49:F1:F7:4A:1A:B1:70:3C
Certificate issuer:       /CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
Certificate serial:       018CC348FE473A5E4C333CD439E3315D93C4
Authority key identifier: 47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/ITtnTNd_rwh2goslSfH3ShqxcDw.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55933
IP address blocks:        85.208.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fe:47:3a:5e:4c:33:3c:d4:39:e3:31:5d:93:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=213b674cd77faf0876828b2549f1f74a1ab1703c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5b:a1:cc:6c:97:d7:92:3a:36:09:6d:20:af:
                    e0:f6:b9:27:a5:fe:86:1c:fd:04:2a:ae:47:40:19:
                    96:0f:ca:49:5c:56:3c:c0:aa:e9:08:25:89:e9:7b:
                    15:5d:f2:07:4a:ed:b6:d6:c5:3f:92:44:b4:db:2d:
                    49:2a:8f:31:08:ff:3c:4a:a2:dc:c0:06:2c:23:ab:
                    11:e5:0b:da:a4:b5:aa:b1:1d:c5:bc:d8:cd:a2:31:
                    ef:5e:a9:46:5d:22:c6:fb:c4:1a:b5:4d:cb:eb:d7:
                    83:06:33:25:5a:63:11:e7:82:a0:0a:94:ae:ed:e4:
                    56:01:dc:a0:16:91:41:7d:d4:31:8a:9e:7f:55:93:
                    18:34:78:70:a3:a9:ee:42:a7:57:35:a2:a6:d3:83:
                    48:b6:29:91:d8:16:3c:46:6c:51:53:c3:5f:55:35:
                    d7:06:23:94:be:60:80:98:6e:59:c0:a6:d6:d3:3b:
                    52:bc:65:9c:a9:64:49:e9:63:f6:54:5b:95:3c:86:
                    32:86:cd:9d:fb:11:ae:87:ad:63:f7:28:b0:5e:d9:
                    c2:f4:f3:3c:30:02:d6:3c:cc:96:95:f6:2d:b1:c5:
                    06:31:90:38:1f:56:7d:f2:1b:52:fa:f0:57:12:00:
                    92:b1:d0:dd:c8:9a:41:1c:e7:5e:78:ec:74:a0:93:
                    a2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3B:67:4C:D7:7F:AF:08:76:82:8B:25:49:F1:F7:4A:1A:B1:70:3C
            X509v3 Authority Key Identifier:
                keyid:47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/ITtnTNd_rwh2goslSfH3ShqxcDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:51:35:da:fa:c9:63:64:1e:7c:42:87:09:38:be:b1:47:75:
         72:a9:b6:ab:f9:40:52:f3:28:a5:a5:ab:9b:0c:aa:30:bc:82:
         3e:2c:42:f5:44:c6:91:0e:e5:38:48:9a:9b:cd:d5:98:8a:8c:
         e6:b9:d5:2e:a0:e4:51:42:cf:9b:2a:1e:6f:2d:d1:9e:63:36:
         b8:06:94:ef:22:e6:7c:9b:83:fd:73:6d:42:72:07:3d:95:d0:
         bd:62:91:34:a7:ad:7f:4d:d5:8a:13:48:c3:13:43:61:40:ac:
         14:7d:94:07:eb:66:75:6f:7d:b8:8b:d2:66:e1:e8:72:a7:43:
         31:d1:26:5c:8a:c1:92:0e:ac:4a:be:bc:0f:87:29:54:3a:39:
         c5:4e:6c:f7:92:97:97:f2:a6:66:81:2b:2d:1a:4d:8d:e9:ad:
         bc:fa:2a:27:f1:81:d5:06:59:8d:1e:13:44:e5:33:1a:6f:cd:
         87:1b:bb:be:d0:a8:16:18:91:76:28:a5:0b:57:97:2e:fb:aa:
         c4:fb:6f:3c:b6:f6:32:04:d3:ad:7a:53:b1:e5:8e:a5:78:bc:
         36:c2:20:32:ed:6d:9b:51:c7:57:79:f4:1a:d3:da:e8:2a:01:
         ce:ea:29:9d:0a:85:71:fc:0f:8e:d5:59:87:16:f0:be:38:c4:
         50:03:3f:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSP5HOl5MMzzUOeMxXZPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MDVkM2M2YTViMDUxMjY4MmNkZmRmMzYzYjE5YTljNTY3
ZjFmNmMwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNiNjc0Y2Q3N2ZhZjA4NzY4MjhiMjU0OWYxZjc0YTFhYjE3MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVuhzGyX15I6NgltIK/g9rknpf6G
HP0EKq5HQBmWD8pJXFY8wKrpCCWJ6XsVXfIHSu221sU/kkS02y1JKo8xCP88SqLc
wAYsI6sR5QvapLWqsR3FvNjNojHvXqlGXSLG+8QatU3L69eDBjMlWmMR54KgCpSu
7eRWAdygFpFBfdQxip5/VZMYNHhwo6nuQqdXNaKm04NItimR2BY8RmxRU8NfVTXX
BiOUvmCAmG5ZwKbW0ztSvGWcqWRJ6WP2VFuVPIYyhs2d+xGuh61j9yiwXtnC9PM8
MALWPMyWlfYtscUGMZA4H1Z98htS+vBXEgCSsdDdyJpBHOdeeOx0oJOibQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE7Z0zXf68IdoKLJUnx90oasXA8MB8GA1UdIwQY
MBaAFEcF08alsFEmgs3982OxmpxWfx9sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAt
MGRmYTZiMjJlZmYyLzEvSVR0blROZF9yd2gyZ29zbFNmSDNTaHF4Y0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAtMGRmYTZiMjJlZmYy
LzEvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdDUMA0G
CSqGSIb3DQEBCwUAA4IBAQAyUTXa+sljZB58QocJOL6xR3Vyqbar+UBS8yilpaub
DKowvII+LEL1RMaRDuU4SJqbzdWYiozmudUuoORRQs+bKh5vLdGeYza4BpTvIuZ8
m4P9c21Ccgc9ldC9YpE0p61/TdWKE0jDE0NhQKwUfZQH62Z1b324i9Jm4ehyp0Mx
0SZcisGSDqxKvrwPhylUOjnFTmz3kpeX8qZmgSstGk2N6a28+ion8YHVBlmNHhNE
5TMab82HG7u+0KgWGJF2KKULV5cu+6rE+288tvYyBNOtelOx5Y6leLw2wiAy7W2b
UcdXefQa09roKgHO6imdCoVx/A+O1VmHFvC+OMRQAz83
-----END CERTIFICATE-----