Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/dKg7SW3Ovw50kL-CCmThbu1NREI.roa
File:                     dKg7SW3Ovw50kL-CCmThbu1NREI.roa (raw, json)
Hash identifier:          9/eAsu7WEp3UZuljfchCI2iyg09WTWzMx9tgD6AzgOA=
Subject key identifier:   74:A8:3B:49:6D:CE:BF:0E:74:90:BF:82:0A:64:E1:6E:ED:4D:44:42
Certificate issuer:       /CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
Certificate serial:       018CC795097D5B6A4C48EA42463115E82421
Authority key identifier: A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/dKg7SW3Ovw50kL-CCmThbu1NREI.roa
Signing time:             Tue 02 Jan 2024 00:31:22 +0000
ROA not before:           Tue 02 Jan 2024 00:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20811
IP address blocks:        185.141.84.0/22 maxlen: 24
                          2a0b:aa00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:09:7d:5b:6a:4c:48:ea:42:46:31:15:e8:24:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
        Validity
            Not Before: Jan  2 00:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74a83b496dcebf0e7490bf820a64e16eed4d4442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:be:cd:ae:a4:40:c7:0d:9f:f3:c4:5f:3d:98:
                    6a:b6:b7:bc:54:52:92:f6:23:80:d1:a2:21:7a:64:
                    10:8a:ff:93:0a:85:df:ea:a3:79:d7:df:d2:24:bf:
                    84:72:c2:19:f3:28:58:db:be:93:9d:f9:1e:c9:66:
                    64:9c:7a:8f:e5:5e:f9:19:f8:4c:58:4d:bc:72:be:
                    e2:08:44:98:1a:38:b2:29:39:30:79:28:e9:43:90:
                    3d:33:68:2a:7c:f4:f1:80:2e:4b:80:93:16:4c:0c:
                    b2:a0:c0:8e:ab:01:90:12:36:92:54:86:f4:cd:96:
                    8d:97:6c:69:f0:1c:ea:9b:82:c0:0d:97:ff:8f:23:
                    97:59:df:c6:0d:07:c0:cb:6b:77:eb:18:5b:ad:3e:
                    19:c4:b4:1c:69:78:34:6e:04:ab:7a:73:5a:06:39:
                    13:ce:6f:d8:28:c1:fd:a2:0e:3b:dc:4e:cb:d4:e5:
                    57:9b:5b:50:aa:fa:77:7f:0f:27:4d:15:74:d9:54:
                    65:5b:3d:dd:c5:65:9d:64:e3:8b:f4:b5:d0:9c:0a:
                    28:83:00:fa:7d:4c:1b:77:c2:70:83:f9:ea:9a:a6:
                    dc:43:49:f8:f2:8c:60:90:8c:9f:ce:ec:62:bd:e6:
                    1c:0d:77:62:ac:8c:08:fe:fd:d8:9e:0a:bb:de:af:
                    0f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A8:3B:49:6D:CE:BF:0E:74:90:BF:82:0A:64:E1:6E:ED:4D:44:42
            X509v3 Authority Key Identifier:
                keyid:A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/dKg7SW3Ovw50kL-CCmThbu1NREI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.84.0/22
                IPv6:
                  2a0b:aa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:97:68:15:de:4d:ab:8c:96:0d:fb:b2:d1:3d:6e:43:39:72:
         1b:88:21:ec:aa:64:d1:21:14:cc:4f:c6:43:62:20:3c:41:5b:
         ae:9b:35:85:08:bd:e5:14:d9:dd:08:0e:aa:a9:d9:58:04:40:
         90:46:e0:ad:45:4c:02:9c:ae:87:23:ff:20:d2:a2:06:32:34:
         1f:33:15:f4:b3:36:62:15:e7:24:2c:f1:91:42:1e:c0:be:ec:
         db:de:eb:3c:69:90:01:4b:57:96:5d:83:26:41:15:c6:35:ea:
         1c:cb:4d:f7:32:5d:83:72:0c:f4:6c:ef:85:97:77:40:ad:28:
         2b:87:18:45:99:eb:c9:5d:8f:55:a5:0e:a7:fa:fb:41:8f:fa:
         67:c0:04:86:8f:58:85:6b:57:b9:e9:8e:1e:6a:a0:28:35:db:
         12:4a:b2:3f:66:90:16:5e:92:b6:1e:f3:b7:af:38:39:91:cf:
         d6:7d:73:f0:e3:bb:9e:4c:e2:eb:dd:22:c5:64:5d:e5:bf:83:
         53:53:f2:c0:e8:76:aa:d4:ee:8a:24:f8:6b:62:0c:0b:d5:56:
         af:6d:9d:3c:e4:a1:7a:a6:02:d7:60:90:77:44:06:d9:94:61:
         94:f9:95:6b:59:f8:27:cd:bf:8d:08:fd:2a:9f:49:a8:ac:db:
         24:82:6d:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlQl9W2pMSOpCRjEV6CQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTA0OWQwMGJhODQyMWU0YzQ1YTk0ODQ5Mjk0NWM3OGZk
OWUxNmQwHhcNMjQwMTAyMDAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGE4M2I0OTZkY2ViZjBlNzQ5MGJmODIwYTY0ZTE2ZWVkNGQ0NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr7NrqRAxw2f88RfPZhqtre8VFKS
9iOA0aIhemQQiv+TCoXf6qN519/SJL+EcsIZ8yhY276TnfkeyWZknHqP5V75GfhM
WE28cr7iCESYGjiyKTkweSjpQ5A9M2gqfPTxgC5LgJMWTAyyoMCOqwGQEjaSVIb0
zZaNl2xp8Bzqm4LADZf/jyOXWd/GDQfAy2t36xhbrT4ZxLQcaXg0bgSrenNaBjkT
zm/YKMH9og473E7L1OVXm1tQqvp3fw8nTRV02VRlWz3dxWWdZOOL9LXQnAoogwD6
fUwbd8Jwg/nqmqbcQ0n48oxgkIyfzuxiveYcDXdirIwI/v3Yngq73q8PLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHSoO0ltzr8OdJC/ggpk4W7tTURCMB8GA1UdIwQY
MBaAFKDgSdALqEIeTEWpSEkpRceP2eFtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEt
NWY0YTE1Y2I5MDU0LzEvZEtnN1NXM092dzUwa0wtQ0NtVGhidTFOUkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEtNWY0YTE1Y2I5MDU0
LzEvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY1UMA0E
AgACMAcDBQMqC6oAMA0GCSqGSIb3DQEBCwUAA4IBAQBWl2gV3k2rjJYN+7LRPW5D
OXIbiCHsqmTRIRTMT8ZDYiA8QVuumzWFCL3lFNndCA6qqdlYBECQRuCtRUwCnK6H
I/8g0qIGMjQfMxX0szZiFeckLPGRQh7Avuzb3us8aZABS1eWXYMmQRXGNeocy033
Ml2Dcgz0bO+Fl3dArSgrhxhFmevJXY9VpQ6n+vtBj/pnwASGj1iFa1e56Y4eaqAo
NdsSSrI/ZpAWXpK2HvO3rzg5kc/WfXPw47ueTOLr3SLFZF3lv4NTU/LA6Haq1O6K
JPhrYgwL1VavbZ085KF6pgLXYJB3RAbZlGGU+ZVrWfgnzb+NCP0qn0morNskgm3l
-----END CERTIFICATE-----