Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/20a22f-20fa-4d98-8b03-aa400532daeb/1/nCkKYFo8sR5tnKCHJGxNjymzD-I.roa
File:                     nCkKYFo8sR5tnKCHJGxNjymzD-I.roa (raw, json)
Hash identifier:          YPSo7kPHQdaz2+VVR2O9J1Qo+ddSG7CxhSh9Tr2LsbE=
Subject key identifier:   9C:29:0A:60:5A:3C:B1:1E:6D:9C:A0:87:24:6C:4D:8F:29:B3:0F:E2
Certificate issuer:       /CN=5e774467e21849524943d2bd459010720f3e20e4
Certificate serial:       018CC6B7E8464DE23AD9AC18EE3337E23D08
Authority key identifier: 5E:77:44:67:E2:18:49:52:49:43:D2:BD:45:90:10:72:0F:3E:20:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XndEZ-IYSVJJQ9K9RZAQcg8-IOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/20a22f-20fa-4d98-8b03-aa400532daeb/1/nCkKYFo8sR5tnKCHJGxNjymzD-I.roa
Signing time:             Mon 01 Jan 2024 20:29:50 +0000
ROA not before:           Mon 01 Jan 2024 20:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210472
IP address blocks:        185.112.3.0/24 maxlen: 24
                          185.112.2.0/24 maxlen: 24
                          185.112.1.0/24 maxlen: 24
                          185.112.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/20a22f-20fa-4d98-8b03-aa400532daeb/1/XndEZ-IYSVJJQ9K9RZAQcg8-IOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/20a22f-20fa-4d98-8b03-aa400532daeb/1/XndEZ-IYSVJJQ9K9RZAQcg8-IOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XndEZ-IYSVJJQ9K9RZAQcg8-IOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e8:46:4d:e2:3a:d9:ac:18:ee:33:37:e2:3d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e774467e21849524943d2bd459010720f3e20e4
        Validity
            Not Before: Jan  1 20:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c290a605a3cb11e6d9ca087246c4d8f29b30fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3d:94:ac:dc:11:70:2c:1e:ab:fe:15:c9:6f:
                    b5:21:d5:2b:2b:b1:18:21:c5:70:34:ba:e1:ad:f5:
                    b9:c9:56:11:73:39:5e:93:27:c7:01:04:ec:30:48:
                    b3:e9:45:fa:09:c4:89:44:b3:4e:a1:17:07:22:3a:
                    b1:c0:60:e9:ca:7b:8e:9e:33:0b:44:07:64:1d:df:
                    38:cf:b2:20:bb:3a:6e:03:07:b5:8f:b7:45:60:d3:
                    06:78:91:c8:c8:eb:cf:f4:1a:47:d6:ce:35:c5:8c:
                    94:38:87:0f:59:65:54:19:ed:75:82:ff:42:0e:18:
                    f0:0a:d0:85:d1:7b:cd:ab:23:ba:dc:6a:af:ad:bd:
                    f6:69:32:59:c6:6c:d0:bc:a7:05:df:32:13:6a:44:
                    e2:96:10:b7:2e:5e:a2:0a:bd:7f:3f:5d:3f:9d:4a:
                    5e:0d:56:e0:d0:a2:bd:8c:76:d6:2e:88:04:0f:f4:
                    33:79:79:c9:1c:8f:eb:f0:67:7d:6d:01:b4:9a:88:
                    66:8f:65:4f:40:3b:15:86:57:e8:48:58:72:05:a3:
                    6a:6c:8b:40:54:f7:f6:bb:61:b4:61:06:13:29:1b:
                    76:4a:fd:bf:2c:e0:05:33:f1:72:95:c7:f3:bb:93:
                    3e:6e:e2:d3:f9:9b:58:ca:15:8a:0c:45:e4:93:67:
                    12:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:29:0A:60:5A:3C:B1:1E:6D:9C:A0:87:24:6C:4D:8F:29:B3:0F:E2
            X509v3 Authority Key Identifier:
                keyid:5E:77:44:67:E2:18:49:52:49:43:D2:BD:45:90:10:72:0F:3E:20:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XndEZ-IYSVJJQ9K9RZAQcg8-IOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/20a22f-20fa-4d98-8b03-aa400532daeb/1/nCkKYFo8sR5tnKCHJGxNjymzD-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/20a22f-20fa-4d98-8b03-aa400532daeb/1/XndEZ-IYSVJJQ9K9RZAQcg8-IOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:e2:46:a1:1e:2f:15:fc:d5:4a:bb:11:b0:91:0c:83:c3:63:
         34:71:94:f1:2b:6b:bf:c3:67:6e:ba:89:b0:8a:67:8f:6b:2e:
         36:a5:7a:00:19:0d:dc:88:79:ca:35:fd:91:be:f5:b4:bd:23:
         7e:48:15:06:5a:dc:b7:92:00:f2:54:e2:e6:ab:8d:e7:8b:99:
         ad:f5:ad:2e:2e:26:3d:d5:26:b5:b1:db:e2:ac:d0:1d:32:5b:
         2b:81:84:a7:29:c9:cb:eb:0b:74:72:9f:2a:18:c7:f1:16:84:
         22:12:d1:1a:2f:45:82:75:86:25:48:ad:9a:35:13:ae:54:10:
         2c:ba:b1:38:2f:c3:09:89:16:1e:dd:8a:bc:5f:44:fb:71:f6:
         06:26:10:59:d3:6c:43:d5:42:4f:c7:b7:3a:bf:7b:b6:d1:33:
         75:07:93:c8:51:f6:3e:be:bd:09:ed:a2:a4:48:f5:6e:d1:53:
         9e:cb:3c:a7:d5:e9:05:96:fe:17:8a:c9:18:b7:af:b0:8e:0a:
         68:82:8b:d3:d3:22:1e:fb:3e:2b:f0:76:ad:b7:a9:ef:ba:c0:
         83:30:68:bf:4c:31:4c:bb:dc:2c:55:50:00:56:d2:2c:5f:f2:
         f1:63:62:87:60:cc:91:15:34:c1:33:56:1c:bf:f4:94:74:c0:
         d7:4e:4e:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+hGTeI62awY7jM34j0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNzc0NDY3ZTIxODQ5NTI0OTQzZDJiZDQ1OTAxMDcyMGYz
ZTIwZTQwHhcNMjQwMTAxMjAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzI5MGE2MDVhM2NiMTFlNmQ5Y2EwODcyNDZjNGQ4ZjI5YjMwZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT2UrNwRcCweq/4VyW+1IdUrK7EY
IcVwNLrhrfW5yVYRczlekyfHAQTsMEiz6UX6CcSJRLNOoRcHIjqxwGDpynuOnjML
RAdkHd84z7IguzpuAwe1j7dFYNMGeJHIyOvP9BpH1s41xYyUOIcPWWVUGe11gv9C
DhjwCtCF0XvNqyO63Gqvrb32aTJZxmzQvKcF3zITakTilhC3Ll6iCr1/P10/nUpe
DVbg0KK9jHbWLogED/QzeXnJHI/r8Gd9bQG0mohmj2VPQDsVhlfoSFhyBaNqbItA
VPf2u2G0YQYTKRt2Sv2/LOAFM/Fylcfzu5M+buLT+ZtYyhWKDEXkk2cSYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwpCmBaPLEebZyghyRsTY8psw/iMB8GA1UdIwQY
MBaAFF53RGfiGElSSUPSvUWQEHIPPiDkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG5kRVotSVlTVkpKUTlLOVJaQVFjZzgtSU9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yMGEyMmYtMjBmYS00ZDk4LThiMDMt
YWE0MDA1MzJkYWViLzEvbkNrS1lGbzhzUjV0bktDSEpHeE5qeW16RC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yMGEyMmYtMjBmYS00ZDk4LThiMDMtYWE0MDA1MzJkYWVi
LzEvWG5kRVotSVlTVkpKUTlLOVJaQVFjZzgtSU9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAc4kahHi8V/NVKuxGwkQyDw2M0cZTxK2u/w2duuomw
imePay42pXoAGQ3ciHnKNf2RvvW0vSN+SBUGWty3kgDyVOLmq43ni5mt9a0uLiY9
1Sa1sdvirNAdMlsrgYSnKcnL6wt0cp8qGMfxFoQiEtEaL0WCdYYlSK2aNROuVBAs
urE4L8MJiRYe3Yq8X0T7cfYGJhBZ02xD1UJPx7c6v3u20TN1B5PIUfY+vr0J7aKk
SPVu0VOeyzyn1ekFlv4XiskYt6+wjgpogovT0yIe+z4r8Hatt6nvusCDMGi/TDFM
u9wsVVAAVtIsX/LxY2KHYMyRFTTBM1Ycv/SUdMDXTk5w
-----END CERTIFICATE-----