Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/f850ec-9954-485c-aa0b-fd120c31da72/1/Ra35fN89xO6EKwQI75XhIPetkUE.roa
File:                     Ra35fN89xO6EKwQI75XhIPetkUE.roa (raw, json)
Hash identifier:          CAm2P9qRgO2UtCTg/xDcz6AYRB8/y+KSQKsn5QvN8DI=
Subject key identifier:   45:AD:F9:7C:DF:3D:C4:EE:84:2B:04:08:EF:95:E1:20:F7:AD:91:41
Certificate issuer:       /CN=21c73a5d8ec63bed658a38f5c26f191fdd74df92
Certificate serial:       018CC72577206F044FA34F70A1B637404BE6
Authority key identifier: 21:C7:3A:5D:8E:C6:3B:ED:65:8A:38:F5:C2:6F:19:1F:DD:74:DF:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Icc6XY7GO-1lijj1wm8ZH91035I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/f850ec-9954-485c-aa0b-fd120c31da72/1/Ra35fN89xO6EKwQI75XhIPetkUE.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40551
IP address blocks:        185.22.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/f850ec-9954-485c-aa0b-fd120c31da72/1/Icc6XY7GO-1lijj1wm8ZH91035I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/f850ec-9954-485c-aa0b-fd120c31da72/1/Icc6XY7GO-1lijj1wm8ZH91035I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Icc6XY7GO-1lijj1wm8ZH91035I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:77:20:6f:04:4f:a3:4f:70:a1:b6:37:40:4b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c73a5d8ec63bed658a38f5c26f191fdd74df92
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45adf97cdf3dc4ee842b0408ef95e120f7ad9141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a5:e4:ab:3c:94:a2:bd:96:cf:f2:55:48:65:
                    2f:e8:7e:48:ec:de:12:0f:eb:a1:46:f0:98:cf:d3:
                    0a:89:26:65:a1:bb:3c:90:64:4b:40:62:28:f6:53:
                    19:a2:cc:aa:09:71:4a:f3:c2:bd:a8:87:00:5d:f4:
                    95:64:93:1f:e0:be:e3:e1:e4:e2:37:f2:a3:82:8c:
                    a9:b6:3a:d1:28:f4:51:2b:ff:05:5e:56:56:a3:8f:
                    9e:89:e1:79:ed:48:75:e6:74:b0:77:60:4a:be:a1:
                    8d:8c:40:37:20:1f:d7:2b:3e:98:f2:57:92:1a:a4:
                    e7:ff:ee:90:d7:10:5f:a3:b1:87:0d:04:ad:6b:cd:
                    92:ba:49:a7:c4:b5:9d:b0:45:ba:6f:84:56:03:fb:
                    f0:98:64:46:38:27:ed:22:5b:e8:49:4e:b9:6d:b7:
                    c6:5f:45:7d:5d:f4:d9:6d:44:8f:f3:3f:e6:d9:5b:
                    b2:d4:c8:67:4c:50:93:da:18:ec:14:92:c5:6d:63:
                    46:73:4c:ed:56:2b:34:9b:38:4a:4b:8a:f2:72:b1:
                    a6:be:44:db:5a:13:7c:5c:cb:b3:76:85:b4:73:52:
                    2b:33:fc:64:3c:cf:f8:a3:06:1e:4e:96:ee:49:ab:
                    31:21:30:26:29:8f:c8:bd:95:5a:6d:1b:50:b8:7f:
                    41:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AD:F9:7C:DF:3D:C4:EE:84:2B:04:08:EF:95:E1:20:F7:AD:91:41
            X509v3 Authority Key Identifier:
                keyid:21:C7:3A:5D:8E:C6:3B:ED:65:8A:38:F5:C2:6F:19:1F:DD:74:DF:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Icc6XY7GO-1lijj1wm8ZH91035I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/f850ec-9954-485c-aa0b-fd120c31da72/1/Ra35fN89xO6EKwQI75XhIPetkUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/f850ec-9954-485c-aa0b-fd120c31da72/1/Icc6XY7GO-1lijj1wm8ZH91035I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:87:b1:48:3f:9a:c2:6d:c0:b1:2c:af:c7:a9:fd:67:80:d1:
         73:9e:a9:67:02:36:3b:0c:77:2c:1b:df:6b:2c:e4:43:1f:14:
         6b:6f:b8:60:16:15:d6:0f:7e:65:59:29:d1:c7:60:78:ec:8d:
         a6:9d:b4:21:db:43:51:96:4d:ba:8f:70:d7:8c:44:da:63:c6:
         23:28:6c:fd:b8:b3:c9:f8:50:2c:9b:a3:c3:be:29:ed:9d:22:
         06:6c:f2:02:23:a5:93:56:b7:18:ab:27:f1:d6:48:42:16:23:
         4e:69:9f:d5:06:98:12:33:c9:96:7c:ae:97:fa:0c:0a:25:cb:
         ae:52:ea:10:6d:94:40:a5:44:39:6b:34:3e:a6:8d:11:8c:f1:
         b6:e9:24:e2:fb:38:c1:57:3d:5a:5e:7f:67:b5:d6:2b:0a:76:
         65:69:83:16:45:58:fc:c8:4a:5b:52:13:b1:0f:8f:5c:b4:0d:
         e6:05:82:fd:73:91:16:4b:37:ac:7f:da:31:8c:a1:05:77:48:
         27:46:cb:e3:76:7f:c9:9a:e1:c3:6c:96:90:b0:99:5a:70:e1:
         4a:aa:f8:54:fa:5a:53:88:25:52:6a:ad:3f:82:c0:f8:10:2b:
         b0:d1:f1:67:d7:56:52:b8:b4:23:00:be:26:20:75:cb:05:5d:
         f9:a6:dd:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXcgbwRPo09wobY3QEvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzczYTVkOGVjNjNiZWQ2NThhMzhmNWMyNmYxOTFmZGQ3
NGRmOTIwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWFkZjk3Y2RmM2RjNGVlODQyYjA0MDhlZjk1ZTEyMGY3YWQ5MTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6XkqzyUor2Wz/JVSGUv6H5I7N4S
D+uhRvCYz9MKiSZlobs8kGRLQGIo9lMZosyqCXFK88K9qIcAXfSVZJMf4L7j4eTi
N/KjgoyptjrRKPRRK/8FXlZWo4+eieF57Uh15nSwd2BKvqGNjEA3IB/XKz6Y8leS
GqTn/+6Q1xBfo7GHDQSta82SukmnxLWdsEW6b4RWA/vwmGRGOCftIlvoSU65bbfG
X0V9XfTZbUSP8z/m2Vuy1MhnTFCT2hjsFJLFbWNGc0ztVis0mzhKS4rycrGmvkTb
WhN8XMuzdoW0c1IrM/xkPM/4owYeTpbuSasxITAmKY/IvZVabRtQuH9BKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWt+XzfPcTuhCsECO+V4SD3rZFBMB8GA1UdIwQY
MBaAFCHHOl2OxjvtZYo49cJvGR/ddN+SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNjNlhZN0dPLTFsaWpqMXdtOFpIOTEwMzVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9mODUwZWMtOTk1NC00ODVjLWFhMGIt
ZmQxMjBjMzFkYTcyLzEvUmEzNWZOODl4TzZFS3dRSTc1WGhJUGV0a1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9mODUwZWMtOTk1NC00ODVjLWFhMGItZmQxMjBjMzFkYTcy
LzEvSWNjNlhZN0dPLTFsaWpqMXdtOFpIOTEwMzVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRZTMA0G
CSqGSIb3DQEBCwUAA4IBAQCah7FIP5rCbcCxLK/Hqf1ngNFznqlnAjY7DHcsG99r
LORDHxRrb7hgFhXWD35lWSnRx2B47I2mnbQh20NRlk26j3DXjETaY8YjKGz9uLPJ
+FAsm6PDvintnSIGbPICI6WTVrcYqyfx1khCFiNOaZ/VBpgSM8mWfK6X+gwKJcuu
UuoQbZRApUQ5azQ+po0RjPG26STi+zjBVz1aXn9ntdYrCnZlaYMWRVj8yEpbUhOx
D49ctA3mBYL9c5EWSzesf9oxjKEFd0gnRsvjdn/JmuHDbJaQsJlacOFKqvhU+lpT
iCVSaq0/gsD4ECuw0fFn11ZSuLQjAL4mIHXLBV35pt2e
-----END CERTIFICATE-----