Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/Mi13p50Q15wKRoOpSTa41ffmJPQ.roa
File:                     Mi13p50Q15wKRoOpSTa41ffmJPQ.roa (raw, json)
Hash identifier:          ppnQjiDFYPTPEoA4IY/TsMqsXGs6rtl0thWlCh9He0Y=
Subject key identifier:   32:2D:77:A7:9D:10:D7:9C:0A:46:83:A9:49:36:B8:D5:F7:E6:24:F4
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       018CC6B7B28658DA6274C9D0DDBC4A78E182
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/Mi13p50Q15wKRoOpSTa41ffmJPQ.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216097
IP address blocks:        185.188.18.0/24 maxlen: 24
                          2a0a:d6c0:185::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b2:86:58:da:62:74:c9:d0:dd:bc:4a:78:e1:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=322d77a79d10d79c0a4683a94936b8d5f7e624f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d8:be:99:c0:39:21:56:60:d9:29:43:fe:b5:
                    a0:67:09:68:d2:ad:1f:aa:a8:07:79:67:56:d0:f4:
                    64:44:48:b2:41:88:03:16:6b:eb:57:62:16:61:36:
                    4e:99:ff:25:c6:3a:08:6d:60:22:d6:5f:10:70:67:
                    fb:1b:13:8e:96:c0:5f:d7:15:1f:c4:08:f5:81:4f:
                    65:2e:4c:9f:21:17:6d:bd:ca:ec:12:54:2e:9e:9c:
                    cf:0d:5e:be:dc:c0:08:74:a4:6f:bd:02:95:19:cf:
                    1c:64:8f:70:12:e6:f3:4e:97:16:01:2d:ef:86:0f:
                    19:aa:50:b1:e0:22:ce:ec:c6:22:64:c0:0c:cb:55:
                    da:7e:18:20:87:b2:94:82:97:a7:ca:70:3a:8c:6d:
                    a3:71:46:a5:0a:0e:0b:97:b5:90:f3:73:e3:ae:65:
                    ba:9b:c7:f8:7d:3a:80:cf:32:22:36:cb:c1:db:c1:
                    d3:7a:44:8f:c9:3c:a1:7e:b1:06:ec:35:4a:a2:3b:
                    89:d2:fb:b6:c4:89:39:0e:8c:9c:b7:79:48:9e:f6:
                    c8:5f:39:f3:e6:7c:44:ce:c6:5c:e3:64:ad:b0:c1:
                    83:77:aa:b3:8d:10:52:30:45:56:ed:79:08:66:d0:
                    17:ec:39:55:f9:96:f4:cc:60:f2:c5:2d:5e:70:58:
                    c7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:2D:77:A7:9D:10:D7:9C:0A:46:83:A9:49:36:B8:D5:F7:E6:24:F4
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/Mi13p50Q15wKRoOpSTa41ffmJPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.18.0/24
                IPv6:
                  2a0a:d6c0:185::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:64:46:95:fc:e9:7e:94:b1:29:1e:b0:f7:58:04:f7:b1:6d:
         41:f6:2f:4a:1e:3a:92:66:36:ec:63:e4:ee:0a:a0:a8:04:9d:
         57:96:5c:48:bb:2a:7f:42:f5:d7:22:24:3f:5d:82:7a:ec:d2:
         2b:c9:24:ac:94:1e:ae:bf:32:92:e7:6b:0b:9d:c3:c4:d4:39:
         e0:40:73:e9:7b:c7:61:78:01:b8:83:75:71:cf:38:07:fe:d5:
         fb:a6:b0:60:cb:3d:e4:2b:5b:6c:a0:c6:e9:2b:62:be:3c:f2:
         44:db:86:a2:23:02:b5:f2:36:5b:97:7e:19:0f:84:f3:27:6c:
         63:d8:74:f5:0e:b1:cb:06:25:5e:5d:91:c3:02:d4:51:fa:77:
         91:3b:56:ee:1e:92:a9:02:bb:b1:3d:49:a9:49:80:b8:c4:4c:
         f7:60:d7:57:72:78:de:20:21:62:f9:cb:1d:36:94:0e:30:23:
         7a:52:e7:f3:9b:06:df:a0:59:62:da:47:34:09:e8:a0:61:e4:
         ef:a6:6f:e9:b1:5a:5b:46:4e:a2:63:70:65:25:dd:88:62:94:
         56:99:15:63:80:00:72:87:5b:9a:a3:59:9b:5b:70:80:6b:c5:
         49:fa:db:50:1b:c1:7e:fe:7f:13:50:dc:45:fd:90:7d:9a:73:
         76:44:b6:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt7KGWNpidMnQ3bxKeOGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjJkNzdhNzlkMTBkNzljMGE0NjgzYTk0OTM2YjhkNWY3ZTYyNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnti+mcA5IVZg2SlD/rWgZwlo0q0f
qqgHeWdW0PRkREiyQYgDFmvrV2IWYTZOmf8lxjoIbWAi1l8QcGf7GxOOlsBf1xUf
xAj1gU9lLkyfIRdtvcrsElQunpzPDV6+3MAIdKRvvQKVGc8cZI9wEubzTpcWAS3v
hg8ZqlCx4CLO7MYiZMAMy1Xafhggh7KUgpenynA6jG2jcUalCg4Ll7WQ83PjrmW6
m8f4fTqAzzIiNsvB28HTekSPyTyhfrEG7DVKojuJ0vu2xIk5Doyct3lInvbIXznz
5nxEzsZc42StsMGDd6qzjRBSMEVW7XkIZtAX7DlV+Zb0zGDyxS1ecFjHqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDItd6edENecCkaDqUk2uNX35iT0MB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvTWkxM3A1MFExNXdLUm9PcFNUYTQxZmZtSlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAubwSMA8E
AgACMAkDBwAqCtbAAYUwDQYJKoZIhvcNAQELBQADggEBAGBkRpX86X6UsSkesPdY
BPexbUH2L0oeOpJmNuxj5O4KoKgEnVeWXEi7Kn9C9dciJD9dgnrs0ivJJKyUHq6/
MpLnawudw8TUOeBAc+l7x2F4AbiDdXHPOAf+1fumsGDLPeQrW2ygxukrYr488kTb
hqIjArXyNluXfhkPhPMnbGPYdPUOscsGJV5dkcMC1FH6d5E7Vu4ekqkCu7E9SalJ
gLjETPdg11dyeN4gIWL5yx02lA4wI3pS5/ObBt+gWWLaRzQJ6KBh5O+mb+mxWltG
TqJjcGUl3YhilFaZFWOAAHKHW5qjWZtbcIBrxUn621AbwX7+fxNQ3EX9kH2ac3ZE
tv8=
-----END CERTIFICATE-----