Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/m7bxRtp0EMJVTQe9Mf_2SEKrNmk.roa
File:                     m7bxRtp0EMJVTQe9Mf_2SEKrNmk.roa (raw, json)
Hash identifier:          JPGdP64ldxAD1IHdEwtAjQbLnCTri45YwHbB0N3Bmoc=
Subject key identifier:   9B:B6:F1:46:DA:74:10:C2:55:4D:07:BD:31:FF:F6:48:42:AB:36:69
Certificate issuer:       /CN=a8dff01f56e3419d027be7591ceef62851ce0f6b
Certificate serial:       018CC8DFA97B441A9F59D993A6F46AB7971F
Authority key identifier: A8:DF:F0:1F:56:E3:41:9D:02:7B:E7:59:1C:EE:F6:28:51:CE:0F:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/m7bxRtp0EMJVTQe9Mf_2SEKrNmk.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43948
IP address blocks:        185.201.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a9:7b:44:1a:9f:59:d9:93:a6:f4:6a:b7:97:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8dff01f56e3419d027be7591ceef62851ce0f6b
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bb6f146da7410c2554d07bd31fff64842ab3669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:25:31:71:c3:ce:0c:64:74:61:e1:b4:c2:ed:
                    d9:8a:be:a2:69:56:2b:d2:a0:c5:e5:07:9f:88:6c:
                    c2:75:83:e6:09:27:f4:24:cc:e5:0b:d7:b3:01:86:
                    31:78:5a:c2:3d:1d:bf:25:19:3d:94:66:8f:7a:c8:
                    ba:ae:e0:c8:4a:87:a6:04:77:44:25:f5:ed:05:fa:
                    82:f9:3d:a9:9d:e3:c7:34:10:71:8b:0e:57:19:39:
                    84:94:9d:04:c3:91:f3:69:45:e3:ad:67:79:93:2b:
                    97:2d:64:98:fc:7c:20:11:b8:18:b2:57:b4:01:82:
                    01:51:a9:4b:ae:a9:d4:8a:fe:2e:79:3f:91:02:12:
                    80:7a:4c:f3:df:2d:7f:f1:ff:c8:dc:58:01:d5:65:
                    44:b3:ac:65:ee:ca:12:45:2e:88:b5:d3:e1:03:32:
                    d4:88:80:32:4b:9f:1b:9b:7f:f3:16:86:c1:e4:b3:
                    95:ad:af:48:d0:fa:78:54:f3:ed:99:32:dd:c5:dd:
                    8c:a1:16:8e:fd:e4:36:a9:b4:19:85:0a:ed:bc:49:
                    fc:73:e6:08:6c:57:ff:c2:be:cb:38:22:22:bd:b1:
                    10:9b:b3:cc:89:f3:fa:0e:ca:bf:91:6f:8a:d4:ba:
                    70:0c:a0:72:33:1b:a0:ca:ed:a6:5b:0b:6b:42:78:
                    c1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B6:F1:46:DA:74:10:C2:55:4D:07:BD:31:FF:F6:48:42:AB:36:69
            X509v3 Authority Key Identifier:
                keyid:A8:DF:F0:1F:56:E3:41:9D:02:7B:E7:59:1C:EE:F6:28:51:CE:0F:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/m7bxRtp0EMJVTQe9Mf_2SEKrNmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:78:64:a9:ce:8f:3f:fd:fe:13:c0:2c:9d:8f:23:66:bc:3f:
         49:3f:14:60:79:46:38:57:fb:7e:73:32:d9:58:5f:80:04:fd:
         21:b6:f8:7d:f5:38:9e:57:e6:52:13:99:97:98:b8:49:6d:bb:
         0a:92:4b:0d:3d:22:da:c1:cb:78:0d:bb:9a:0f:f7:55:ce:5d:
         f4:af:88:23:48:9f:e1:91:fe:6f:22:ca:fc:fd:71:04:23:20:
         81:19:dc:21:8a:f5:9a:d5:9c:4f:70:1b:a1:aa:da:16:25:fb:
         d8:f7:2e:fd:e8:fe:28:f1:62:bb:0f:48:bd:98:e1:8e:23:78:
         90:80:c1:20:b9:f2:9d:dd:37:91:d3:e0:09:5d:cb:0f:2b:86:
         05:20:3a:48:e6:ff:d3:95:1d:11:65:b4:0e:71:1d:3e:c8:fe:
         c5:10:18:32:39:fa:b3:96:55:74:79:99:44:58:a9:51:fc:23:
         99:39:0b:08:5f:fc:f4:f2:c3:6e:9e:88:6a:45:f0:4e:7e:52:
         2f:94:d4:5f:b8:a8:be:80:68:b1:1a:34:81:ba:a7:c4:ab:42:
         72:b3:eb:fb:d3:da:3e:8c:3c:87:0b:f4:c8:f4:84:de:cd:8c:
         62:7a:39:9b:3c:a1:ec:d3:cb:c5:c9:cf:fd:7f:78:02:67:8b:
         da:31:8b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36l7RBqfWdmTpvRqt5cfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZGZmMDFmNTZlMzQxOWQwMjdiZTc1OTFjZWVmNjI4NTFj
ZTBmNmIwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmI2ZjE0NmRhNzQxMGMyNTU0ZDA3YmQzMWZmZjY0ODQyYWIzNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSUxccPODGR0YeG0wu3Zir6iaVYr
0qDF5QefiGzCdYPmCSf0JMzlC9ezAYYxeFrCPR2/JRk9lGaPesi6ruDISoemBHdE
JfXtBfqC+T2pnePHNBBxiw5XGTmElJ0Ew5HzaUXjrWd5kyuXLWSY/HwgEbgYsle0
AYIBUalLrqnUiv4ueT+RAhKAekzz3y1/8f/I3FgB1WVEs6xl7soSRS6ItdPhAzLU
iIAyS58bm3/zFobB5LOVra9I0Pp4VPPtmTLdxd2MoRaO/eQ2qbQZhQrtvEn8c+YI
bFf/wr7LOCIivbEQm7PMifP6Dsq/kW+K1LpwDKByMxugyu2mWwtrQnjB4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJu28UbadBDCVU0HvTH/9khCqzZpMB8GA1UdIwQY
MBaAFKjf8B9W40GdAnvnWRzu9ihRzg9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5fd0gxYmpRWjBDZS1kWkhPNzJLRkhPRDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS80NzMzNjYtNzAyZC00NzNmLWJmYmUt
ODgyYzQ0OGUyZWY2LzEvbTdieFJ0cDBFTUpWVFFlOU1mXzJTRUtyTm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS80NzMzNjYtNzAyZC00NzNmLWJmYmUtODgyYzQ0OGUyZWY2
LzEvcU5fd0gxYmpRWjBDZS1kWkhPNzJLRkhPRDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucmsMA0G
CSqGSIb3DQEBCwUAA4IBAQAZeGSpzo8//f4TwCydjyNmvD9JPxRgeUY4V/t+czLZ
WF+ABP0htvh99TieV+ZSE5mXmLhJbbsKkksNPSLawct4DbuaD/dVzl30r4gjSJ/h
kf5vIsr8/XEEIyCBGdwhivWa1ZxPcBuhqtoWJfvY9y796P4o8WK7D0i9mOGOI3iQ
gMEgufKd3TeR0+AJXcsPK4YFIDpI5v/TlR0RZbQOcR0+yP7FEBgyOfqzllV0eZlE
WKlR/COZOQsIX/z08sNunohqRfBOflIvlNRfuKi+gGixGjSBuqfEq0Jys+v709o+
jDyHC/TI9ITezYxiejmbPKHs08vFyc/9f3gCZ4vaMYsq
-----END CERTIFICATE-----