Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/mB_ASZNO-_S5wCEnqsnZ-LC625I.roa
File:                     mB_ASZNO-_S5wCEnqsnZ-LC625I.roa (raw, json)
Hash identifier:          OUvcQXQR8Rot9mDD8fMt4AnXI2P5HxIQhp4rmIsBGfI=
Subject key identifier:   98:1F:C0:49:93:4E:FB:F4:B9:C0:21:27:AA:C9:D9:F8:B0:BA:DB:92
Certificate issuer:       /CN=4413bdf4dc7435faf51ba934d65570f71c21731a
Certificate serial:       018CC86F8A3CF41A78320B2AF99EFEFE33B7
Authority key identifier: 44:13:BD:F4:DC:74:35:FA:F5:1B:A9:34:D6:55:70:F7:1C:21:73:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/mB_ASZNO-_S5wCEnqsnZ-LC625I.roa
Signing time:             Tue 02 Jan 2024 04:30:02 +0000
ROA not before:           Tue 02 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43648
IP address blocks:        185.78.16.0/22 maxlen: 24
                          2a05:6680::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8a:3c:f4:1a:78:32:0b:2a:f9:9e:fe:fe:33:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4413bdf4dc7435faf51ba934d65570f71c21731a
        Validity
            Not Before: Jan  2 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=981fc049934efbf4b9c02127aac9d9f8b0badb92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:04:ee:1e:4f:46:96:b8:82:60:e4:09:6e:33:
                    6c:37:71:c3:c8:6c:4c:d6:64:e1:f7:06:db:93:25:
                    01:70:20:b9:ac:6e:26:91:4d:2e:e9:c6:d8:62:74:
                    c7:3c:89:e2:20:64:f8:db:bf:16:0a:e2:92:4d:1e:
                    53:ba:b0:2f:cf:c6:0a:63:dc:68:ac:cc:32:c3:16:
                    5f:e9:78:67:fb:0d:8a:a2:80:c4:72:d1:ff:28:e0:
                    d2:94:38:7a:bb:43:57:24:56:e9:78:a1:f0:2d:ec:
                    e2:85:57:08:75:d7:ee:f7:78:8e:05:37:e6:a8:f1:
                    39:5a:9c:c5:c7:63:b2:fe:f3:39:4a:04:50:01:2e:
                    14:f4:68:38:29:60:3c:6c:aa:37:5b:45:ca:31:f4:
                    cd:b7:87:de:5a:17:cf:db:15:c2:9e:aa:71:f5:07:
                    ae:ac:af:9e:b0:7a:16:73:b5:cd:25:66:32:e1:5c:
                    d3:8a:ca:a7:f6:bb:cd:d0:3d:bc:58:79:db:b0:66:
                    c3:56:17:0f:0e:0c:c3:79:8f:05:09:07:e2:41:ab:
                    67:1d:59:73:d3:67:5b:39:45:0a:08:44:2c:e9:7a:
                    0c:4a:92:91:b1:ea:1f:df:b9:32:9d:8b:ee:84:1e:
                    82:3e:67:7f:c1:7f:3c:b3:8e:0a:28:1a:56:94:b1:
                    71:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:1F:C0:49:93:4E:FB:F4:B9:C0:21:27:AA:C9:D9:F8:B0:BA:DB:92
            X509v3 Authority Key Identifier:
                keyid:44:13:BD:F4:DC:74:35:FA:F5:1B:A9:34:D6:55:70:F7:1C:21:73:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/mB_ASZNO-_S5wCEnqsnZ-LC625I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.16.0/22
                IPv6:
                  2a05:6680::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:17:5a:91:ee:04:1d:98:e1:9d:d6:b5:e5:78:7a:a9:ac:d7:
         72:2d:94:ca:02:9f:11:ea:79:96:f5:a9:d8:d5:c7:fc:7d:b0:
         f6:02:39:9d:0c:6a:95:50:a6:b4:9b:83:06:d0:e8:ce:9b:78:
         d9:7a:3c:d3:86:ad:c5:a9:d0:ab:3a:f5:52:9c:89:83:f8:93:
         91:9b:76:1c:14:ab:0a:e6:b8:6c:23:50:1d:66:37:f3:9a:3a:
         4d:74:ae:3f:ec:9e:a5:d2:38:85:10:63:df:04:fe:07:0b:e4:
         10:5b:47:95:58:00:c5:23:4d:80:5b:5b:fe:23:0b:53:37:23:
         5f:49:8b:48:74:69:50:5e:18:b4:2f:b5:63:8f:09:27:84:60:
         56:53:22:4e:dd:39:c2:52:20:59:33:b4:7a:db:d3:e0:8b:66:
         95:e1:0a:b2:de:6d:44:e5:b8:9c:28:12:5b:58:50:44:09:99:
         e5:b7:a8:e9:e7:35:08:19:08:d4:9b:7c:da:33:3e:c4:d2:30:
         61:e6:db:49:da:0f:d1:d4:a6:8a:1a:c3:b1:bb:83:cb:ad:fd:
         6f:93:64:68:c4:65:a4:6b:a3:ab:15:43:e2:f4:62:5e:ee:bb:
         b8:d7:85:6d:2e:cd:66:cc:56:26:1f:3c:69:b3:5c:50:50:f3:
         d5:d7:7a:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb4o89Bp4Mgsq+Z7+/jO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MTNiZGY0ZGM3NDM1ZmFmNTFiYTkzNGQ2NTU3MGY3MWMy
MTczMWEwHhcNMjQwMTAyMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODFmYzA0OTkzNGVmYmY0YjljMDIxMjdhYWM5ZDlmOGIwYmFkYjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQTuHk9GlriCYOQJbjNsN3HDyGxM
1mTh9wbbkyUBcCC5rG4mkU0u6cbYYnTHPIniIGT4278WCuKSTR5TurAvz8YKY9xo
rMwywxZf6Xhn+w2KooDEctH/KODSlDh6u0NXJFbpeKHwLezihVcIddfu93iOBTfm
qPE5WpzFx2Oy/vM5SgRQAS4U9Gg4KWA8bKo3W0XKMfTNt4feWhfP2xXCnqpx9Qeu
rK+esHoWc7XNJWYy4VzTisqn9rvN0D28WHnbsGbDVhcPDgzDeY8FCQfiQatnHVlz
02dbOUUKCEQs6XoMSpKRseof37kynYvuhB6CPmd/wX88s44KKBpWlLFxjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJgfwEmTTvv0ucAhJ6rJ2fiwutuSMB8GA1UdIwQY
MBaAFEQTvfTcdDX69RupNNZVcPccIXMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkJPOTlOeDBOZnIxRzZrMDFsVnc5eHdoY3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80N2FhMmYtNmI2Zi00ZWY1LTliOTkt
YmM5ZWNjMmFkYjQzLzEvbUJfQVNaTk8tX1M1d0NFbnFzblotTEM2MjVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80N2FhMmYtNmI2Zi00ZWY1LTliOTktYmM5ZWNjMmFkYjQz
LzEvUkJPOTlOeDBOZnIxRzZrMDFsVnc5eHdoY3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU4QMA0E
AgACMAcDBQMqBWaAMA0GCSqGSIb3DQEBCwUAA4IBAQAwF1qR7gQdmOGd1rXleHqp
rNdyLZTKAp8R6nmW9anY1cf8fbD2AjmdDGqVUKa0m4MG0OjOm3jZejzThq3FqdCr
OvVSnImD+JORm3YcFKsK5rhsI1AdZjfzmjpNdK4/7J6l0jiFEGPfBP4HC+QQW0eV
WADFI02AW1v+IwtTNyNfSYtIdGlQXhi0L7VjjwknhGBWUyJO3TnCUiBZM7R629Pg
i2aV4Qqy3m1E5bicKBJbWFBECZnlt6jp5zUIGQjUm3zaMz7E0jBh5ttJ2g/R1KaK
GsOxu4PLrf1vk2RoxGWka6OrFUPi9GJe7ru414VtLs1mzFYmHzxps1xQUPPV13pQ
-----END CERTIFICATE-----