Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/AINi681G_QMKOMOfVnhUVoSCgn8.roa
File:                     AINi681G_QMKOMOfVnhUVoSCgn8.roa (raw, json)
Hash identifier:          N94s+bBlQLO57CDHfAg+za1NmUoiWZO4OxMuZOqlb48=
Subject key identifier:   00:83:62:EB:CD:46:FD:03:0A:38:C3:9F:56:78:54:56:84:82:82:7F
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC424558AA7F85FC3F81A3BC85518D3A3
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/AINi681G_QMKOMOfVnhUVoSCgn8.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50952
IP address blocks:        178.18.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:55:8a:a7:f8:5f:c3:f8:1a:3b:c8:55:18:d3:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=008362ebcd46fd030a38c39f567854568482827f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:59:b4:c9:90:a8:92:a3:1a:ea:d1:21:15:73:
                    22:7f:a3:f7:da:e9:84:d4:26:bd:2f:88:fb:bb:a9:
                    3c:6a:5b:9b:65:29:5f:21:1c:95:d2:b0:ea:cf:18:
                    3f:6b:1e:47:c0:65:d8:96:4a:79:07:4f:19:11:ed:
                    20:e5:24:03:2e:71:c1:8f:da:cd:d6:d7:8a:25:43:
                    97:0f:84:14:d3:f1:76:4e:e1:e8:d6:a8:5b:b0:5f:
                    84:ae:09:e7:5f:6f:e9:79:75:c0:fc:dd:35:65:68:
                    86:95:bf:da:10:21:e1:85:3e:47:49:fb:90:3a:43:
                    08:37:a8:c5:a7:5f:f9:89:28:0c:2a:09:7f:e4:75:
                    78:ab:91:cf:ae:bc:ac:33:8e:a6:d1:44:8d:08:1c:
                    c9:b2:24:81:af:41:a5:18:ac:bb:68:d0:da:de:17:
                    f7:74:47:73:7e:46:b2:bd:f1:a9:29:70:30:7a:ae:
                    23:3b:76:14:06:ef:ff:f2:97:50:c7:74:4a:9d:14:
                    57:64:18:25:79:41:60:88:e8:f7:c9:57:37:2d:40:
                    a9:93:f9:81:08:e9:9a:87:ea:1f:cd:d1:28:0c:3d:
                    c9:29:ef:2b:92:7f:71:5a:75:7f:80:f1:25:71:d6:
                    ac:5d:7d:56:88:4b:9f:2c:b7:5c:82:ac:df:1e:1b:
                    ad:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:83:62:EB:CD:46:FD:03:0A:38:C3:9F:56:78:54:56:84:82:82:7F
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/AINi681G_QMKOMOfVnhUVoSCgn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b9:82:ac:23:cb:3e:40:09:0b:10:b4:f1:3c:73:bc:bb:39:a2:
         fa:b7:34:2e:50:31:74:7f:88:25:ef:25:fb:5b:49:39:2d:b6:
         45:fa:2d:fe:7b:65:e4:34:5c:86:7d:4f:29:23:23:4e:4c:74:
         f9:05:e6:ab:fc:1d:b8:11:c5:4d:3f:c9:88:30:39:e6:99:78:
         e9:5d:4c:fe:d4:dc:51:59:a0:a8:3c:13:39:fb:e8:70:8d:cd:
         5f:45:f2:d3:ef:a0:25:6d:1b:df:ae:4b:52:2b:65:d2:ef:5c:
         37:7c:6f:36:fd:7b:02:a9:41:00:48:0b:1d:9e:19:21:f9:67:
         a2:fe:89:ea:fc:51:26:38:f7:cb:38:e1:5b:56:b9:4b:a0:ec:
         ba:ed:a1:07:10:20:5a:25:d2:c6:63:d9:81:b6:a0:1d:eb:a2:
         46:58:32:29:00:42:c2:fe:a8:2c:73:0b:12:1a:39:30:a0:6f:
         76:61:48:ac:d5:b9:76:7a:34:f4:9c:ee:10:15:34:86:08:ba:
         97:3b:15:3f:53:ea:ae:ab:b1:ca:e4:51:6e:31:be:86:2a:ea:
         07:e0:34:6b:0e:97:40:2c:f4:01:62:62:7a:d4:52:a2:70:6e:
         d4:69:f9:b5:e1:05:fd:9f:e6:a2:64:ae:1b:a1:89:8f:31:78:
         cf:81:25:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFWKp/hfw/gaO8hVGNOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDgzNjJlYmNkNDZmZDAzMGEzOGMzOWY1Njc4NTQ1Njg0ODI4MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVm0yZCokqMa6tEhFXMif6P32umE
1Ca9L4j7u6k8alubZSlfIRyV0rDqzxg/ax5HwGXYlkp5B08ZEe0g5SQDLnHBj9rN
1teKJUOXD4QU0/F2TuHo1qhbsF+ErgnnX2/peXXA/N01ZWiGlb/aECHhhT5HSfuQ
OkMIN6jFp1/5iSgMKgl/5HV4q5HPrrysM46m0USNCBzJsiSBr0GlGKy7aNDa3hf3
dEdzfkayvfGpKXAweq4jO3YUBu//8pdQx3RKnRRXZBgleUFgiOj3yVc3LUCpk/mB
COmah+ofzdEoDD3JKe8rkn9xWnV/gPElcdasXX1WiEufLLdcgqzfHhutGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACDYuvNRv0DCjjDn1Z4VFaEgoJ/MB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvQUlOaTY4MUdfUU1LT01PZlZuaFVWb1NDZ244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCshLgMA0G
CSqGSIb3DQEBCwUAA4IBAQC5gqwjyz5ACQsQtPE8c7y7OaL6tzQuUDF0f4gl7yX7
W0k5LbZF+i3+e2XkNFyGfU8pIyNOTHT5Bear/B24EcVNP8mIMDnmmXjpXUz+1NxR
WaCoPBM5++hwjc1fRfLT76AlbRvfrktSK2XS71w3fG82/XsCqUEASAsdnhkh+Wei
/onq/FEmOPfLOOFbVrlLoOy67aEHECBaJdLGY9mBtqAd66JGWDIpAELC/qgscwsS
GjkwoG92YUis1bl2ejT0nO4QFTSGCLqXOxU/U+quq7HK5FFuMb6GKuoH4DRrDpdA
LPQBYmJ61FKicG7Uafm14QX9n+aiZK4boYmPMXjPgSUW
-----END CERTIFICATE-----