Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/100c25-e025-45ef-90a9-f3463fc72cb5/1/AvAKbIT21TNPc4Dr3f_Y4XngQkQ.roa
File:                     AvAKbIT21TNPc4Dr3f_Y4XngQkQ.roa (raw, json)
Hash identifier:          gC1drCENRn2lcvhz7CA+IauI4fLdy1Bf65OSsRnicL0=
Subject key identifier:   02:F0:0A:6C:84:F6:D5:33:4F:73:80:EB:DD:FF:D8:E1:79:E0:42:44
Certificate issuer:       /CN=ce00e112c03f695f9f25d3b72bb23a4c34ed2138
Certificate serial:       018CC26D71BB92F33235FFDCD06C24305776
Authority key identifier: CE:00:E1:12:C0:3F:69:5F:9F:25:D3:B7:2B:B2:3A:4C:34:ED:21:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zgDhEsA_aV-fJdO3K7I6TDTtITg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/100c25-e025-45ef-90a9-f3463fc72cb5/1/AvAKbIT21TNPc4Dr3f_Y4XngQkQ.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9021
IP address blocks:        185.237.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/100c25-e025-45ef-90a9-f3463fc72cb5/1/zgDhEsA_aV-fJdO3K7I6TDTtITg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/100c25-e025-45ef-90a9-f3463fc72cb5/1/zgDhEsA_aV-fJdO3K7I6TDTtITg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zgDhEsA_aV-fJdO3K7I6TDTtITg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:bb:92:f3:32:35:ff:dc:d0:6c:24:30:57:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce00e112c03f695f9f25d3b72bb23a4c34ed2138
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02f00a6c84f6d5334f7380ebddffd8e179e04244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:62:05:38:b9:a4:40:4e:3e:e5:ff:43:3f:33:
                    80:87:fb:0a:73:32:89:bb:9f:64:a7:7e:4b:59:d3:
                    c6:9b:80:fc:7e:b1:f0:e3:10:5d:e5:10:91:69:59:
                    a3:45:aa:14:a7:12:bd:c9:be:9c:7f:e2:14:dd:86:
                    3f:d5:db:bb:bb:dc:7f:84:ee:95:47:bc:41:b7:79:
                    81:67:2c:fe:bc:48:e4:65:a1:62:0f:3a:b9:a3:52:
                    53:f3:2d:4a:95:0e:33:b2:37:1b:81:8f:47:a6:85:
                    43:94:7c:f7:fc:6c:28:d7:e3:40:cd:85:fb:1c:00:
                    c6:53:b7:f9:2d:32:dc:26:f3:a9:bc:bc:02:d8:9e:
                    c3:c4:14:20:b8:43:6c:1c:f8:77:0c:91:4b:a3:8a:
                    b8:57:a6:a7:a0:37:4d:62:96:2c:bd:7f:8c:eb:1f:
                    bd:5e:03:23:f1:e4:aa:f4:be:b1:a3:62:42:37:bf:
                    23:15:37:fa:4f:9c:65:15:41:a1:b8:12:da:5e:31:
                    3f:17:69:ab:a4:de:d7:75:f6:cd:c4:ac:de:3c:ac:
                    57:5e:24:b5:83:9f:39:7e:19:2b:1a:5e:57:88:9d:
                    5d:5a:f1:ca:3b:8d:19:d9:c2:87:13:97:b0:97:32:
                    5a:c7:0c:bc:3f:e0:9f:6a:2d:a1:e4:79:fb:a0:d2:
                    28:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:F0:0A:6C:84:F6:D5:33:4F:73:80:EB:DD:FF:D8:E1:79:E0:42:44
            X509v3 Authority Key Identifier:
                keyid:CE:00:E1:12:C0:3F:69:5F:9F:25:D3:B7:2B:B2:3A:4C:34:ED:21:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zgDhEsA_aV-fJdO3K7I6TDTtITg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/100c25-e025-45ef-90a9-f3463fc72cb5/1/AvAKbIT21TNPc4Dr3f_Y4XngQkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/100c25-e025-45ef-90a9-f3463fc72cb5/1/zgDhEsA_aV-fJdO3K7I6TDTtITg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:a8:3d:7d:c8:ef:fa:1c:22:97:ef:50:ee:9a:c3:ea:f6:06:
         40:d3:5d:03:50:85:1c:84:4c:84:a1:b7:2b:30:bf:43:2e:3a:
         bc:0b:34:88:81:91:d7:f1:a9:34:5e:1a:81:fd:2b:7d:d9:cc:
         ce:fc:f0:7b:b2:a9:0d:a7:92:8f:8a:84:b0:97:03:20:77:eb:
         85:52:7b:f1:ab:1f:37:67:d2:19:64:28:23:23:76:cd:06:83:
         a7:75:68:07:a8:51:17:d6:1a:b1:06:fd:c8:a6:37:59:41:f0:
         d6:9a:f6:3d:71:75:3d:ff:bb:7a:89:91:c9:8d:ba:3a:83:61:
         02:a1:5b:e8:00:d5:77:b3:8f:f0:15:16:8b:b9:93:ee:72:0c:
         d6:03:9b:68:bc:db:2f:9d:17:46:0c:68:18:b8:ba:a3:67:95:
         15:66:de:5e:c8:66:04:63:cd:14:9f:80:6a:f2:9f:7d:6c:ea:
         75:b4:3b:de:20:24:b8:58:38:99:1a:c6:d9:f4:dd:fe:ca:f9:
         59:c3:d9:7e:cc:87:b1:fd:14:17:f9:1f:ea:c8:8e:c6:a4:96:
         14:eb:f5:d1:c0:d4:7c:8d:3e:0b:08:80:de:68:75:b7:89:f3:
         ab:87:08:14:4c:3a:10:03:47:f9:54:04:01:c8:b8:45:bb:b9:
         28:92:e1:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXG7kvMyNf/c0GwkMFd2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMDBlMTEyYzAzZjY5NWY5ZjI1ZDNiNzJiYjIzYTRjMzRl
ZDIxMzgwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmYwMGE2Yzg0ZjZkNTMzNGY3MzgwZWJkZGZmZDhlMTc5ZTA0MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWIFOLmkQE4+5f9DPzOAh/sKczKJ
u59kp35LWdPGm4D8frHw4xBd5RCRaVmjRaoUpxK9yb6cf+IU3YY/1du7u9x/hO6V
R7xBt3mBZyz+vEjkZaFiDzq5o1JT8y1KlQ4zsjcbgY9HpoVDlHz3/Gwo1+NAzYX7
HADGU7f5LTLcJvOpvLwC2J7DxBQguENsHPh3DJFLo4q4V6anoDdNYpYsvX+M6x+9
XgMj8eSq9L6xo2JCN78jFTf6T5xlFUGhuBLaXjE/F2mrpN7XdfbNxKzePKxXXiS1
g585fhkrGl5XiJ1dWvHKO40Z2cKHE5ewlzJaxwy8P+Cfai2h5Hn7oNIoQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALwCmyE9tUzT3OA693/2OF54EJEMB8GA1UdIwQY
MBaAFM4A4RLAP2lfnyXTtyuyOkw07SE4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemdEaEVzQV9hVi1mSmRPM0s3STZURFR0SVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8xMDBjMjUtZTAyNS00NWVmLTkwYTkt
ZjM0NjNmYzcyY2I1LzEvQXZBS2JJVDIxVE5QYzREcjNmX1k0WG5nUWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8xMDBjMjUtZTAyNS00NWVmLTkwYTktZjM0NjNmYzcyY2I1
LzEvemdEaEVzQV9hVi1mSmRPM0s3STZURFR0SVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue1EMA0G
CSqGSIb3DQEBCwUAA4IBAQB0qD19yO/6HCKX71DumsPq9gZA010DUIUchEyEobcr
ML9DLjq8CzSIgZHX8ak0XhqB/St92czO/PB7sqkNp5KPioSwlwMgd+uFUnvxqx83
Z9IZZCgjI3bNBoOndWgHqFEX1hqxBv3IpjdZQfDWmvY9cXU9/7t6iZHJjbo6g2EC
oVvoANV3s4/wFRaLuZPucgzWA5tovNsvnRdGDGgYuLqjZ5UVZt5eyGYEY80Un4Bq
8p99bOp1tDveICS4WDiZGsbZ9N3+yvlZw9l+zIex/RQX+R/qyI7GpJYU6/XRwNR8
jT4LCIDeaHW3ifOrhwgUTDoQA0f5VAQByLhFu7kokuFc
-----END CERTIFICATE-----