Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/pIOfnwrKU0dtwX3cvseISryMLW0.roa
File:                     pIOfnwrKU0dtwX3cvseISryMLW0.roa (raw, json)
Hash identifier:          Smr2/rBVa/yz6p15lE9WZfgYDOTaRpHJ01l5NAFZu5Q=
Subject key identifier:   A4:83:9F:9F:0A:CA:53:47:6D:C1:7D:DC:BE:C7:88:4A:BC:8C:2D:6D
Certificate issuer:       /CN=234b449894589d16f676bff282abedaa56cc7b8d
Certificate serial:       018CC5DC33BFB7F96CD186A9848E0BC3B52E
Authority key identifier: 23:4B:44:98:94:58:9D:16:F6:76:BF:F2:82:AB:ED:AA:56:CC:7B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tEmJRYnRb2dr_ygqvtqlbMe40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/pIOfnwrKU0dtwX3cvseISryMLW0.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59748
IP address blocks:        185.73.156.0/22 maxlen: 22
                          2a03:43e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/I0tEmJRYnRb2dr_ygqvtqlbMe40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/I0tEmJRYnRb2dr_ygqvtqlbMe40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tEmJRYnRb2dr_ygqvtqlbMe40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:33:bf:b7:f9:6c:d1:86:a9:84:8e:0b:c3:b5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b449894589d16f676bff282abedaa56cc7b8d
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4839f9f0aca53476dc17ddcbec7884abc8c2d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4b:c3:fc:32:a6:6c:02:c3:64:23:9a:6d:ad:
                    72:74:67:d5:f9:e2:09:da:72:d5:9b:c1:78:aa:bf:
                    6c:b6:c6:ad:1b:75:83:d7:fe:f4:6d:b1:bb:fe:82:
                    27:6d:76:f8:ad:22:8b:7c:0e:52:59:68:89:5b:3e:
                    7f:5a:a0:8f:fc:ff:94:24:a4:52:65:d5:5d:5b:27:
                    9b:42:93:8f:2f:2e:52:ab:e6:83:40:21:e9:c1:c6:
                    d9:1a:d3:81:eb:b5:47:78:5b:85:e4:9a:a7:38:88:
                    15:5d:5d:e2:e8:8b:9a:47:b7:f9:d2:18:d9:73:24:
                    8a:6b:56:d1:6d:01:35:cc:17:57:6f:35:3d:3d:87:
                    be:c2:e0:40:ad:0a:6c:91:27:e1:07:92:68:5e:f0:
                    c5:08:aa:b1:e1:61:62:62:fa:0a:8a:b2:1a:ae:ec:
                    80:51:98:f6:2d:0e:c9:86:80:5d:6b:25:a5:0f:5a:
                    34:b4:07:0a:71:d2:b7:72:09:e7:85:fb:a3:a7:07:
                    54:23:1a:39:4a:64:8f:fa:64:1f:d7:36:45:48:8f:
                    04:70:64:dd:7f:c0:85:be:8e:a2:5d:67:f5:54:39:
                    86:01:92:cb:e8:08:54:f7:0e:4f:fa:8e:76:1b:25:
                    11:34:2a:9c:c9:ee:cf:3f:92:f3:00:6d:bf:71:a8:
                    c8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:83:9F:9F:0A:CA:53:47:6D:C1:7D:DC:BE:C7:88:4A:BC:8C:2D:6D
            X509v3 Authority Key Identifier:
                keyid:23:4B:44:98:94:58:9D:16:F6:76:BF:F2:82:AB:ED:AA:56:CC:7B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tEmJRYnRb2dr_ygqvtqlbMe40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/pIOfnwrKU0dtwX3cvseISryMLW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3318d9-5669-4920-a55c-73a63b259beb/1/I0tEmJRYnRb2dr_ygqvtqlbMe40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.156.0/22
                IPv6:
                  2a03:43e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:42:58:16:84:6e:ec:a1:ef:8f:ce:be:17:91:4d:2d:dd:e0:
         9e:af:ac:09:65:2d:db:2c:5c:fd:da:25:e0:b6:dc:0c:50:67:
         ae:a0:48:e4:17:29:99:80:8e:06:2f:b9:80:3c:fb:cf:5b:93:
         f5:cf:18:00:f8:a8:49:ae:82:d4:ed:53:58:1c:dc:a2:6c:2c:
         21:8c:67:2a:82:c6:d1:20:07:cc:c8:64:0a:ba:1b:a4:d5:f0:
         32:98:ce:c5:df:ec:55:d9:14:2d:03:18:bb:cf:03:ec:1e:45:
         01:a7:f4:9f:be:17:27:c6:10:98:a9:d0:77:67:cf:5e:0f:c6:
         e0:39:3b:50:75:2d:cd:0d:b4:81:f7:23:bf:f6:ce:84:1a:c9:
         e2:5c:4a:2d:05:eb:f8:7b:4e:5c:c2:fa:ee:30:86:69:25:c1:
         38:c0:e4:3f:3b:a9:97:9b:72:1b:dc:e2:4e:00:4d:23:05:69:
         e6:31:a0:cf:84:24:6c:26:e5:3d:97:cb:71:d2:91:ec:f4:8e:
         27:c4:19:62:1a:ce:f6:56:8c:44:e9:88:92:7c:41:a2:dd:ca:
         03:dc:ac:ef:21:84:33:50:c9:f9:45:3a:80:5b:e1:b7:f2:5d:
         60:75:0c:75:30:50:4d:4f:b6:6d:b1:e2:c5:84:1c:fe:3f:f9:
         cd:ea:53:08
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3DO/t/ls0YaphI4Lw7UuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI0NDk4OTQ1ODlkMTZmNjc2YmZmMjgyYWJlZGFhNTZj
YzdiOGQwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDgzOWY5ZjBhY2E1MzQ3NmRjMTdkZGNiZWM3ODg0YWJjOGMyZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUvD/DKmbALDZCOaba1ydGfV+eIJ
2nLVm8F4qr9stsatG3WD1/70bbG7/oInbXb4rSKLfA5SWWiJWz5/WqCP/P+UJKRS
ZdVdWyebQpOPLy5Sq+aDQCHpwcbZGtOB67VHeFuF5JqnOIgVXV3i6IuaR7f50hjZ
cySKa1bRbQE1zBdXbzU9PYe+wuBArQpskSfhB5JoXvDFCKqx4WFiYvoKirIaruyA
UZj2LQ7JhoBdayWlD1o0tAcKcdK3cgnnhfujpwdUIxo5SmSP+mQf1zZFSI8EcGTd
f8CFvo6iXWf1VDmGAZLL6AhU9w5P+o52GyURNCqcye7PP5LzAG2/cajIQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKSDn58KylNHbcF93L7HiEq8jC1tMB8GA1UdIwQY
MBaAFCNLRJiUWJ0W9na/8oKr7apWzHuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0RW1KUlluUmIyZHJfeWdxdnRxbGJNZTQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zMzE4ZDktNTY2OS00OTIwLWE1NWMt
NzNhNjNiMjU5YmViLzEvcElPZm53cktVMGR0d1gzY3ZzZUlTcnlNTFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zMzE4ZDktNTY2OS00OTIwLWE1NWMtNzNhNjNiMjU5YmVi
LzEvSTB0RW1KUlluUmIyZHJfeWdxdnRxbGJNZTQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUmcMA0E
AgACMAcDBQAqA0PgMA0GCSqGSIb3DQEBCwUAA4IBAQAnQlgWhG7soe+Pzr4XkU0t
3eCer6wJZS3bLFz92iXgttwMUGeuoEjkFymZgI4GL7mAPPvPW5P1zxgA+KhJroLU
7VNYHNyibCwhjGcqgsbRIAfMyGQKuhuk1fAymM7F3+xV2RQtAxi7zwPsHkUBp/Sf
vhcnxhCYqdB3Z89eD8bgOTtQdS3NDbSB9yO/9s6EGsniXEotBev4e05cwvruMIZp
JcE4wOQ/O6mXm3Ib3OJOAE0jBWnmMaDPhCRsJuU9l8tx0pHs9I4nxBliGs72VoxE
6YiSfEGi3coD3KzvIYQzUMn5RTqAW+G38l1gdQx1MFBNT7ZtseLFhBz+P/nN6lMI
-----END CERTIFICATE-----