Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/5c57e7-7ba8-4a62-8d15-c6b6fd12ce27/1/1pxzmjTeLtdT1DEcUEKTz3TWHP0.roa
File:                     1pxzmjTeLtdT1DEcUEKTz3TWHP0.roa (raw, json)
Hash identifier:          H2BPUFgv+h+wkAUfvoDlaOqYh9bQuuDcsPvqNeqN7nc=
Subject key identifier:   D6:9C:73:9A:34:DE:2E:D7:53:D4:31:1C:50:42:93:CF:74:D6:1C:FD
Certificate issuer:       /CN=415c10f84dc22937ef6d15eb71bbb4a5308162bf
Certificate serial:       018CC348969375FDBEF6B3CAC77BB650762A
Authority key identifier: 41:5C:10:F8:4D:C2:29:37:EF:6D:15:EB:71:BB:B4:A5:30:81:62:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVwQ-E3CKTfvbRXrcbu0pTCBYr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/5c57e7-7ba8-4a62-8d15-c6b6fd12ce27/1/1pxzmjTeLtdT1DEcUEKTz3TWHP0.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56833
IP address blocks:        185.93.200.0/22 maxlen: 22
                          185.18.36.0/22 maxlen: 22
                          91.235.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/5c57e7-7ba8-4a62-8d15-c6b6fd12ce27/1/QVwQ-E3CKTfvbRXrcbu0pTCBYr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/5c57e7-7ba8-4a62-8d15-c6b6fd12ce27/1/QVwQ-E3CKTfvbRXrcbu0pTCBYr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVwQ-E3CKTfvbRXrcbu0pTCBYr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:96:93:75:fd:be:f6:b3:ca:c7:7b:b6:50:76:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=415c10f84dc22937ef6d15eb71bbb4a5308162bf
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d69c739a34de2ed753d4311c504293cf74d61cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b2:06:b6:dd:f7:a0:10:80:9d:3f:c7:b1:97:
                    22:fc:4a:bd:8c:13:31:20:1a:19:57:71:68:21:67:
                    03:79:32:15:84:5c:bb:6f:ee:6f:b0:22:90:13:3d:
                    38:e7:87:4e:92:03:0f:06:32:df:50:92:d3:b8:8f:
                    a3:c2:02:a8:22:13:7d:0c:c7:01:a1:72:bc:45:2f:
                    49:9d:aa:2b:cf:17:24:19:db:fc:8d:40:f2:1b:34:
                    ab:54:e6:37:b3:a9:21:9c:68:66:09:3f:cd:11:dd:
                    d1:64:e4:4e:76:d8:e6:ca:61:99:13:7f:6c:45:24:
                    1c:de:5c:20:90:47:44:19:fc:51:d5:15:7e:ad:46:
                    52:5d:59:77:3f:ac:2e:bf:ae:f6:cc:34:cf:66:45:
                    1d:c0:c8:19:6a:10:c5:25:e6:d0:aa:30:58:08:7d:
                    11:6f:4d:3a:d1:4f:b3:80:dc:b4:96:3c:1e:d1:85:
                    8f:ec:14:ef:b8:cd:5d:78:61:25:01:28:70:29:68:
                    fc:9d:15:44:20:d7:70:ba:02:54:ad:14:e8:56:1c:
                    8d:6d:c6:db:30:61:9d:dc:85:e8:2d:ae:c2:e2:6f:
                    e6:dc:b8:51:0d:fd:35:5c:99:46:ac:bb:d4:07:dc:
                    a9:6c:c5:4b:37:0e:ec:0d:17:df:b9:eb:05:06:67:
                    65:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:9C:73:9A:34:DE:2E:D7:53:D4:31:1C:50:42:93:CF:74:D6:1C:FD
            X509v3 Authority Key Identifier:
                keyid:41:5C:10:F8:4D:C2:29:37:EF:6D:15:EB:71:BB:B4:A5:30:81:62:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVwQ-E3CKTfvbRXrcbu0pTCBYr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/5c57e7-7ba8-4a62-8d15-c6b6fd12ce27/1/1pxzmjTeLtdT1DEcUEKTz3TWHP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/5c57e7-7ba8-4a62-8d15-c6b6fd12ce27/1/QVwQ-E3CKTfvbRXrcbu0pTCBYr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.8.0/22
                  185.18.36.0/22
                  185.93.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:5a:34:ed:5e:ad:e0:ee:70:eb:4b:96:90:a3:83:28:a0:ab:
         51:20:e9:d8:e5:66:60:81:81:37:c2:b9:56:dc:b2:15:1d:46:
         87:a3:70:70:76:ed:48:d3:b6:a0:bb:ee:b9:a7:3d:38:9c:24:
         ce:63:aa:f3:2e:8d:33:1a:a6:17:e4:27:ef:24:6d:94:c7:b1:
         be:01:ab:34:9f:d6:05:c6:ee:90:68:76:a3:02:e9:9c:45:0e:
         e5:da:5b:c5:b7:31:be:7b:b4:29:58:c9:24:a7:1b:0d:5c:90:
         d8:0e:de:8a:56:91:08:e2:e3:08:de:cb:c0:61:74:c4:9a:e2:
         7a:c1:4b:20:6d:6d:90:73:e4:f4:e3:0d:5f:29:f7:b6:3e:83:
         b3:c7:bf:f9:76:32:92:f4:f4:da:9a:5c:36:78:e6:a6:c9:d2:
         0b:4b:68:bd:c3:fc:f8:88:7b:bc:c2:24:b4:fb:87:c4:4d:4a:
         22:1a:49:c6:f4:dd:58:b6:08:cf:73:6b:3e:ed:a7:23:72:25:
         5f:1d:71:52:b9:53:54:5a:dd:f4:ab:d8:17:f5:fb:f3:ac:fb:
         f9:c9:74:42:76:31:11:46:2b:24:42:59:54:5f:ea:56:d2:af:
         e6:f2:f2:6a:96:b4:3a:5f:d5:9a:ba:c9:4d:70:f9:84:6b:3d:
         26:36:fa:6c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSJaTdf2+9rPKx3u2UHYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNWMxMGY4NGRjMjI5MzdlZjZkMTVlYjcxYmJiNGE1MzA4
MTYyYmYwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjljNzM5YTM0ZGUyZWQ3NTNkNDMxMWM1MDQyOTNjZjc0ZDYxY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLIGtt33oBCAnT/HsZci/Eq9jBMx
IBoZV3FoIWcDeTIVhFy7b+5vsCKQEz0454dOkgMPBjLfUJLTuI+jwgKoIhN9DMcB
oXK8RS9JnaorzxckGdv8jUDyGzSrVOY3s6khnGhmCT/NEd3RZOROdtjmymGZE39s
RSQc3lwgkEdEGfxR1RV+rUZSXVl3P6wuv672zDTPZkUdwMgZahDFJebQqjBYCH0R
b0060U+zgNy0ljwe0YWP7BTvuM1deGElAShwKWj8nRVEINdwugJUrRToVhyNbcbb
MGGd3IXoLa7C4m/m3LhRDf01XJlGrLvUB9ypbMVLNw7sDRffuesFBmdlawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNacc5o03i7XU9QxHFBCk8901hz9MB8GA1UdIwQY
MBaAFEFcEPhNwik3720V63G7tKUwgWK/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZ3US1FM0NLVGZ2YlJYcmNidTBwVENCWXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi81YzU3ZTctN2JhOC00YTYyLThkMTUt
YzZiNmZkMTJjZTI3LzEvMXB4em1qVGVMdGRUMURFY1VFS1R6M1RXSFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi81YzU3ZTctN2JhOC00YTYyLThkMTUtYzZiNmZkMTJjZTI3
LzEvUVZ3US1FM0NLVGZ2YlJYcmNidTBwVENCWXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW+sIAwQC
uRIkAwQCuV3IMA0GCSqGSIb3DQEBCwUAA4IBAQCEWjTtXq3g7nDrS5aQo4MooKtR
IOnY5WZggYE3wrlW3LIVHUaHo3Bwdu1I07agu+65pz04nCTOY6rzLo0zGqYX5Cfv
JG2Ux7G+Aas0n9YFxu6QaHajAumcRQ7l2lvFtzG+e7QpWMkkpxsNXJDYDt6KVpEI
4uMI3svAYXTEmuJ6wUsgbW2Qc+T04w1fKfe2PoOzx7/5djKS9PTamlw2eOamydIL
S2i9w/z4iHu8wiS0+4fETUoiGknG9N1YtgjPc2s+7acjciVfHXFSuVNUWt30q9gX
9fvzrPv5yXRCdjERRiskQllUX+pW0q/m8vJqlrQ6X9WauslNcPmEaz0mNvps
-----END CERTIFICATE-----