Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/eFidgy0gQaopaU7JCsh9VyOvHp8.roa
File:                     eFidgy0gQaopaU7JCsh9VyOvHp8.roa (raw, json)
Hash identifier:          Ra4UxaCS4WUjqaROld22ALQB3mrDZCO+2cK7BNTuGyo=
Subject key identifier:   78:58:9D:83:2D:20:41:AA:29:69:4E:C9:0A:C8:7D:57:23:AF:1E:9F
Certificate issuer:       /CN=1acbdd00d27b8a8befc866caf378f19027684769
Certificate serial:       018CC3B71B5ACDE80A676D3E2C1AB9E649AA
Authority key identifier: 1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/eFidgy0gQaopaU7JCsh9VyOvHp8.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.162.80.0/22 maxlen: 22
                          185.200.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:5a:cd:e8:0a:67:6d:3e:2c:1a:b9:e6:49:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acbdd00d27b8a8befc866caf378f19027684769
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78589d832d2041aa29694ec90ac87d5723af1e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:76:12:c2:97:12:5b:84:81:db:f4:5a:aa:55:
                    29:61:71:ff:53:1c:40:36:31:20:bd:0c:7b:31:0c:
                    95:86:d3:75:fd:64:59:24:a3:21:6a:b3:11:b2:78:
                    68:dd:16:03:20:d3:76:eb:f3:44:5c:6a:62:60:2f:
                    9d:6f:c0:32:ba:25:dc:45:24:9e:67:09:18:53:f9:
                    79:a4:6d:41:25:5d:90:85:d3:6b:0a:32:20:b9:90:
                    30:6d:4e:71:0d:3e:0e:a5:46:14:21:a6:dd:d2:e7:
                    75:27:c0:70:fa:dc:e8:65:77:be:d0:2a:8f:d4:0f:
                    4f:22:bc:4e:88:20:f3:c4:dc:d1:8a:63:76:f7:36:
                    09:ec:bd:b4:7b:3a:bb:f2:78:85:15:f0:70:29:bc:
                    7d:9b:e9:7e:69:6e:07:3c:36:66:5c:3b:a8:94:37:
                    1f:10:89:89:0e:fb:73:22:d9:ca:cd:57:2d:86:33:
                    87:ab:79:5c:08:95:f6:0b:ac:8f:43:3a:86:1e:3b:
                    fb:89:bf:a5:f5:c9:c3:2b:44:6a:92:46:ca:08:28:
                    1e:ab:cc:c0:55:15:2d:d9:12:2f:9f:a5:3a:a7:ce:
                    75:bf:04:40:1a:62:84:f9:40:aa:7c:2a:3d:b6:e7:
                    cd:d9:96:58:58:b4:8f:6c:62:64:01:74:4c:14:42:
                    26:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:58:9D:83:2D:20:41:AA:29:69:4E:C9:0A:C8:7D:57:23:AF:1E:9F
            X509v3 Authority Key Identifier:
                keyid:1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/eFidgy0gQaopaU7JCsh9VyOvHp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.80.0/22
                  185.200.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:7e:28:c9:d2:2f:da:09:53:e1:9d:b4:6d:9c:b6:57:d2:55:
         84:e9:53:ff:29:f2:84:0b:8c:73:53:85:fc:7c:f0:6b:0a:7a:
         cf:ed:57:6b:22:c0:c9:5b:d3:18:b1:4c:da:44:60:bd:1d:e2:
         eb:40:15:d3:9b:bf:fd:72:59:92:91:85:ff:8f:16:8f:12:11:
         bc:5f:4d:81:b5:87:3c:e2:fe:ce:5f:48:56:b4:3b:79:f7:10:
         98:15:24:a3:35:a4:db:19:8d:75:82:2d:6f:e5:e4:22:78:de:
         60:97:47:44:01:c8:f4:2b:3c:c1:06:55:88:70:48:9b:9a:68:
         e5:8d:11:79:c9:5c:25:10:ed:60:34:a1:af:e5:f2:2b:4d:cc:
         05:56:48:da:3a:1c:bb:cb:f1:98:4c:23:9c:28:15:42:61:a8:
         f4:80:47:eb:cb:a5:60:90:e6:7b:a1:49:ad:ab:1d:ad:2e:91:
         ae:0a:da:7d:3f:42:08:9f:5a:62:c1:13:7c:10:4a:c0:65:75:
         6a:62:e5:15:2e:03:d7:29:f4:c5:a3:2c:e1:43:4e:de:26:3f:
         24:ef:67:36:1e:f2:57:0e:30:5d:6a:01:c8:64:ce:0d:a3:a8:
         8c:e3:8e:93:da:d4:b5:26:f4:e5:c5:1f:88:29:47:d7:ec:74:
         86:27:a6:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtxtazegKZ20+LBq55kmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2JkZDAwZDI3YjhhOGJlZmM4NjZjYWYzNzhmMTkwMjc2
ODQ3NjkwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODU4OWQ4MzJkMjA0MWFhMjk2OTRlYzkwYWM4N2Q1NzIzYWYxZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3YSwpcSW4SB2/RaqlUpYXH/UxxA
NjEgvQx7MQyVhtN1/WRZJKMharMRsnho3RYDINN26/NEXGpiYC+db8AyuiXcRSSe
ZwkYU/l5pG1BJV2QhdNrCjIguZAwbU5xDT4OpUYUIabd0ud1J8Bw+tzoZXe+0CqP
1A9PIrxOiCDzxNzRimN29zYJ7L20ezq78niFFfBwKbx9m+l+aW4HPDZmXDuolDcf
EImJDvtzItnKzVcthjOHq3lcCJX2C6yPQzqGHjv7ib+l9cnDK0RqkkbKCCgeq8zA
VRUt2RIvn6U6p851vwRAGmKE+UCqfCo9tufN2ZZYWLSPbGJkAXRMFEImkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHhYnYMtIEGqKWlOyQrIfVcjrx6fMB8GA1UdIwQY
MBaAFBrL3QDSe4qL78hmyvN48ZAnaEdpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQt
OWY5NTM2YmIyYzM3LzEvZUZpZGd5MGdRYW9wYVU3SkNzaDlWeU92SHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQtOWY5NTM2YmIyYzM3
LzEvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuaJQAwQC
ucjAMA0GCSqGSIb3DQEBCwUAA4IBAQBIfijJ0i/aCVPhnbRtnLZX0lWE6VP/KfKE
C4xzU4X8fPBrCnrP7VdrIsDJW9MYsUzaRGC9HeLrQBXTm7/9clmSkYX/jxaPEhG8
X02BtYc84v7OX0hWtDt59xCYFSSjNaTbGY11gi1v5eQieN5gl0dEAcj0KzzBBlWI
cEibmmjljRF5yVwlEO1gNKGv5fIrTcwFVkjaOhy7y/GYTCOcKBVCYaj0gEfry6Vg
kOZ7oUmtqx2tLpGuCtp9P0IIn1piwRN8EErAZXVqYuUVLgPXKfTFoyzhQ07eJj8k
72c2HvJXDjBdagHIZM4No6iM446T2tS1JvTlxR+IKUfX7HSGJ6Yz
-----END CERTIFICATE-----