Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/ahGB3zVct9yGN-ECECVq-u1WXc4.roa
File:                     ahGB3zVct9yGN-ECECVq-u1WXc4.roa (raw, json)
Hash identifier:          NtLbGqxmZyJqf9seo1V7gxCGMBWum1Oagy2Lm6PUqgc=
Subject key identifier:   6A:11:81:DF:35:5C:B7:DC:86:37:E1:02:10:25:6A:FA:ED:56:5D:CE
Certificate issuer:       /CN=145ceb292089e0df75719db3e96c509754f94837
Certificate serial:       018E31BD2CE230C394AA14B2DBA1262B22BC
Authority key identifier: 14:5C:EB:29:20:89:E0:DF:75:71:9D:B3:E9:6C:50:97:54:F9:48:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/ahGB3zVct9yGN-ECECVq-u1WXc4.roa
Signing time:             Tue 12 Mar 2024 08:17:45 +0000
ROA not before:           Tue 12 Mar 2024 08:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48934
IP address blocks:        185.170.20.0/22 maxlen: 22
                          185.178.248.0/24 maxlen: 24
                          185.178.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:bd:2c:e2:30:c3:94:aa:14:b2:db:a1:26:2b:22:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=145ceb292089e0df75719db3e96c509754f94837
        Validity
            Not Before: Mar 12 08:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a1181df355cb7dc8637e10210256afaed565dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:eb:ea:e0:e4:04:d6:77:25:68:b7:16:17:b9:
                    22:fe:e3:86:91:89:7b:d7:36:9a:49:68:a3:bf:97:
                    40:12:a0:ba:3f:c8:2f:d6:c7:eb:56:18:35:d4:49:
                    f7:ef:89:39:9b:db:75:61:bb:30:6d:d9:98:b0:26:
                    48:50:17:f3:14:2e:1f:ed:ca:92:d0:cd:64:e2:61:
                    28:bb:68:87:1d:29:67:f2:27:10:a6:88:e1:d7:83:
                    ff:e5:77:c7:fc:03:ec:a2:4c:81:57:26:18:b0:45:
                    8c:30:f6:7d:95:12:08:8f:78:55:a4:3f:a5:2a:78:
                    0c:1a:4e:cc:51:3e:be:31:d2:6e:5d:20:b6:3d:ce:
                    f4:e3:ba:1b:ed:23:d0:6f:0b:06:1d:78:53:34:8e:
                    4b:cf:8f:c3:97:16:88:f2:20:cd:6d:ab:8b:51:cd:
                    d7:3b:07:d9:7a:1d:a9:93:cc:92:44:5a:79:06:50:
                    9c:32:e1:2c:35:2d:e8:03:ec:f4:02:38:d4:95:90:
                    0f:12:ed:89:9a:eb:83:17:02:fa:be:89:69:29:ec:
                    74:db:b1:4c:d6:a8:78:e0:e2:ef:58:e6:f5:5d:b1:
                    ba:58:60:0d:94:9d:bb:50:71:63:e3:58:e8:37:67:
                    85:3d:fa:81:b9:4d:35:ed:51:9e:31:7c:23:92:6e:
                    1b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:11:81:DF:35:5C:B7:DC:86:37:E1:02:10:25:6A:FA:ED:56:5D:CE
            X509v3 Authority Key Identifier:
                keyid:14:5C:EB:29:20:89:E0:DF:75:71:9D:B3:E9:6C:50:97:54:F9:48:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/ahGB3zVct9yGN-ECECVq-u1WXc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.20.0/22
                  185.178.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:cd:0d:b5:42:d9:3a:73:00:57:7a:f2:b0:2b:e5:6e:29:b3:
         a5:35:e3:95:28:d9:37:8c:58:ef:bb:15:98:50:44:db:d8:a6:
         25:c6:e8:9a:32:ee:7e:3d:00:c5:73:bd:ff:18:5d:cc:fa:c5:
         5b:9c:ed:7b:6b:4d:89:aa:92:6c:fd:90:e3:1a:8e:b8:50:a9:
         76:85:3c:d5:86:33:e1:e3:b3:6f:a2:dd:09:fe:b9:48:79:ba:
         52:a0:85:97:71:36:26:43:f3:17:04:a1:f3:2c:0c:ee:2e:fb:
         33:83:46:86:63:33:9c:52:a2:01:0e:e5:df:e3:54:4a:95:78:
         31:55:57:fb:d7:c7:3e:60:1d:96:70:dd:20:f2:f4:18:e6:b8:
         58:14:c0:6e:f9:ef:86:4e:af:e0:ef:2c:4a:80:29:26:a2:c4:
         3b:37:03:a4:ad:55:4f:77:18:71:be:82:29:db:d5:ce:3d:d5:
         19:ee:48:6f:10:97:a3:ed:bb:81:30:7a:8f:99:52:5b:d6:51:
         36:97:e4:24:11:b0:84:2e:0e:77:38:d4:8c:6e:ae:aa:68:be:
         37:42:16:05:c9:e2:51:03:ab:bd:e3:7b:c6:0e:8b:1a:82:51:
         59:43:a4:6a:05:52:c7:30:ca:82:ba:0d:d3:f6:1a:92:2a:2e:
         44:0e:cb:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4xvSziMMOUqhSy26EmKyK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NWNlYjI5MjA4OWUwZGY3NTcxOWRiM2U5NmM1MDk3NTRm
OTQ4MzcwHhcNMjQwMzEyMDgxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTExODFkZjM1NWNiN2RjODYzN2UxMDIxMDI1NmFmYWVkNTY1ZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsevq4OQE1nclaLcWF7ki/uOGkYl7
1zaaSWijv5dAEqC6P8gv1sfrVhg11En374k5m9t1YbswbdmYsCZIUBfzFC4f7cqS
0M1k4mEou2iHHSln8icQpojh14P/5XfH/APsokyBVyYYsEWMMPZ9lRIIj3hVpD+l
KngMGk7MUT6+MdJuXSC2Pc7047ob7SPQbwsGHXhTNI5Lz4/DlxaI8iDNbauLUc3X
OwfZeh2pk8ySRFp5BlCcMuEsNS3oA+z0AjjUlZAPEu2JmuuDFwL6volpKex027FM
1qh44OLvWOb1XbG6WGANlJ27UHFj41joN2eFPfqBuU017VGeMXwjkm4biwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGoRgd81XLfchjfhAhAlavrtVl3OMB8GA1UdIwQY
MBaAFBRc6ykgieDfdXGds+lsUJdU+Ug3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkZ6cktTQ0o0TjkxY1oyejZXeFFsMVQ1U0RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9jNzFmZGUtM2VmMi00YmY3LTg2NDEt
MTI3MTljMjYxY2MwLzEvYWhHQjN6VmN0OXlHTi1FQ0VDVnEtdTFXWGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9jNzFmZGUtM2VmMi00YmY3LTg2NDEtMTI3MTljMjYxY2Mw
LzEvRkZ6cktTQ0o0TjkxY1oyejZXeFFsMVQ1U0RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuaoUAwQB
ubL4MA0GCSqGSIb3DQEBCwUAA4IBAQASzQ21Qtk6cwBXevKwK+VuKbOlNeOVKNk3
jFjvuxWYUETb2KYlxuiaMu5+PQDFc73/GF3M+sVbnO17a02JqpJs/ZDjGo64UKl2
hTzVhjPh47Nvot0J/rlIebpSoIWXcTYmQ/MXBKHzLAzuLvszg0aGYzOcUqIBDuXf
41RKlXgxVVf718c+YB2WcN0g8vQY5rhYFMBu+e+GTq/g7yxKgCkmosQ7NwOkrVVP
dxhxvoIp29XOPdUZ7khvEJej7buBMHqPmVJb1lE2l+QkEbCELg53ONSMbq6qaL43
QhYFyeJRA6u943vGDosaglFZQ6RqBVLHMMqCug3T9hqSKi5EDssF
-----END CERTIFICATE-----