Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/D1eR3_i3vTxs9UYK0NxF1GM2O4g.roa
File:                     D1eR3_i3vTxs9UYK0NxF1GM2O4g.roa (raw, json)
Hash identifier:          nK+8ZNRXHBWodHmqMaYBDyJmp2MVVr+JpC+aVhB5YFc=
Subject key identifier:   0F:57:91:DF:F8:B7:BD:3C:6C:F5:46:0A:D0:DC:45:D4:63:36:3B:88
Certificate issuer:       /CN=9f2bc3c5564d434381cb78ba47ad58be4d3deaa8
Certificate serial:       018CC64B6FB0DBA416BFAD64AA251B1182C5
Authority key identifier: 9F:2B:C3:C5:56:4D:43:43:81:CB:78:BA:47:AD:58:BE:4D:3D:EA:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/D1eR3_i3vTxs9UYK0NxF1GM2O4g.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199231
IP address blocks:        185.4.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6f:b0:db:a4:16:bf:ad:64:aa:25:1b:11:82:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f2bc3c5564d434381cb78ba47ad58be4d3deaa8
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f5791dff8b7bd3c6cf5460ad0dc45d463363b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e7:f7:1f:8b:c4:e6:96:63:d9:56:e0:89:dc:
                    e4:45:14:5b:dd:62:f7:c7:c7:79:19:6d:90:c4:8c:
                    31:48:8d:65:4a:ae:08:10:aa:5f:38:1f:14:ad:6c:
                    f3:84:fe:a7:9c:f2:07:e1:4a:c7:07:aa:41:a3:96:
                    1b:d1:fa:4c:93:14:69:0c:04:35:b0:15:54:17:62:
                    79:0e:b1:c4:6e:98:86:30:1b:91:bc:c3:0a:5b:a8:
                    9e:7b:50:c9:19:54:73:b3:98:ce:b5:03:88:5a:ad:
                    ec:63:9b:7e:08:6d:4b:5c:cf:3b:c0:50:e8:9c:9e:
                    95:70:2e:8d:26:8b:ac:2e:d3:6c:1d:b2:1d:1f:c9:
                    8c:4f:40:e8:00:68:e4:00:d6:d1:f4:b5:df:eb:e7:
                    62:df:6d:07:e0:8f:0c:f2:86:16:42:fa:03:7a:d8:
                    70:18:69:08:43:b8:b0:84:91:2e:8c:02:c2:62:ee:
                    95:90:88:7a:25:cc:27:4b:54:42:90:52:fa:1f:f8:
                    82:79:a2:e6:8a:d2:96:84:96:6f:34:ce:b6:5c:d7:
                    82:e3:8c:46:c5:36:14:ed:e9:76:4c:08:3b:82:eb:
                    41:7d:e9:7f:d9:da:e7:3a:16:12:86:dd:68:d9:6f:
                    bf:06:70:bf:8c:5a:da:92:6c:66:fd:d2:d8:ef:73:
                    98:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:57:91:DF:F8:B7:BD:3C:6C:F5:46:0A:D0:DC:45:D4:63:36:3B:88
            X509v3 Authority Key Identifier:
                keyid:9F:2B:C3:C5:56:4D:43:43:81:CB:78:BA:47:AD:58:BE:4D:3D:EA:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nyvDxVZNQ0OBy3i6R61Yvk096qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/D1eR3_i3vTxs9UYK0NxF1GM2O4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36bb6d-fc73-4449-a527-55426381953c/1/nyvDxVZNQ0OBy3i6R61Yvk096qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:1e:d5:21:b3:7b:db:d8:85:c4:9b:15:99:68:9a:c8:ad:90:
         14:29:33:df:44:78:f2:8f:49:9b:b5:5b:08:44:58:d6:b5:2f:
         94:23:4e:a3:28:77:60:63:fd:17:f8:88:e9:36:b6:c0:b3:ef:
         e6:65:bb:8c:d7:4d:70:f3:42:5a:a1:1b:f4:b4:12:af:d8:bf:
         51:e3:69:08:61:65:d3:70:3c:3b:c9:69:31:a0:9c:4d:de:84:
         24:fc:96:e0:19:f0:ec:4f:00:ec:09:36:a7:d0:ff:6c:50:95:
         2e:0a:86:2b:8d:0b:44:52:4c:24:6b:a9:71:ae:44:52:15:75:
         11:07:11:f8:ea:78:a8:a3:62:6c:49:61:14:b0:7b:8f:c2:81:
         36:4e:91:bf:10:ac:51:3f:d6:30:c1:30:a5:e4:e1:88:47:8c:
         59:31:a2:96:8b:e4:64:47:d0:9c:94:c1:d4:33:81:63:cd:3d:
         5c:3d:36:a6:ac:f2:43:59:31:b7:f1:fe:df:a3:1f:fc:12:2b:
         bd:a2:28:76:58:87:dd:1c:dd:df:b0:52:5d:5d:3c:1d:e0:41:
         87:7e:46:f1:e5:98:25:40:ca:cd:b2:24:75:5f:e2:7c:6e:fc:
         ad:ec:2d:27:b3:71:1e:e9:8d:be:06:4b:69:58:1f:1c:28:b8:
         82:94:87:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2+w26QWv61kqiUbEYLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMmJjM2M1NTY0ZDQzNDM4MWNiNzhiYTQ3YWQ1OGJlNGQz
ZGVhYTgwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU3OTFkZmY4YjdiZDNjNmNmNTQ2MGFkMGRjNDVkNDYzMzYzYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqef3H4vE5pZj2VbgidzkRRRb3WL3
x8d5GW2QxIwxSI1lSq4IEKpfOB8UrWzzhP6nnPIH4UrHB6pBo5Yb0fpMkxRpDAQ1
sBVUF2J5DrHEbpiGMBuRvMMKW6iee1DJGVRzs5jOtQOIWq3sY5t+CG1LXM87wFDo
nJ6VcC6NJousLtNsHbIdH8mMT0DoAGjkANbR9LXf6+di320H4I8M8oYWQvoDethw
GGkIQ7iwhJEujALCYu6VkIh6JcwnS1RCkFL6H/iCeaLmitKWhJZvNM62XNeC44xG
xTYU7el2TAg7gutBfel/2drnOhYSht1o2W+/BnC/jFrakmxm/dLY73OYKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9Xkd/4t708bPVGCtDcRdRjNjuIMB8GA1UdIwQY
MBaAFJ8rw8VWTUNDgct4uketWL5NPeqoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnl2RHhWWk5RME9CeTNpNlI2MVl2azA5NnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNmJiNmQtZmM3My00NDQ5LWE1Mjct
NTU0MjYzODE5NTNjLzEvRDFlUjNfaTN2VHhzOVVZSzBOeEYxR00yTzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNmJiNmQtZmM3My00NDQ5LWE1MjctNTU0MjYzODE5NTNj
LzEvbnl2RHhWWk5RME9CeTNpNlI2MVl2azA5NnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQTkMA0G
CSqGSIb3DQEBCwUAA4IBAQBzHtUhs3vb2IXEmxWZaJrIrZAUKTPfRHjyj0mbtVsI
RFjWtS+UI06jKHdgY/0X+IjpNrbAs+/mZbuM101w80JaoRv0tBKv2L9R42kIYWXT
cDw7yWkxoJxN3oQk/JbgGfDsTwDsCTan0P9sUJUuCoYrjQtEUkwka6lxrkRSFXUR
BxH46nioo2JsSWEUsHuPwoE2TpG/EKxRP9YwwTCl5OGIR4xZMaKWi+RkR9CclMHU
M4FjzT1cPTamrPJDWTG38f7fox/8Eiu9oih2WIfdHN3fsFJdXTwd4EGHfkbx5Zgl
QMrNsiR1X+J8bvyt7C0ns3Ee6Y2+BktpWB8cKLiClIdJ
-----END CERTIFICATE-----