Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/atxia75HjtPpRnxzGliaj4fcYcc.roa
File:                     atxia75HjtPpRnxzGliaj4fcYcc.roa (raw, json)
Hash identifier:          aLsr6nqtMWihlG9wOsL/fLBRYUp+lo0I0XAhwuYwe0E=
Subject key identifier:   6A:DC:62:6B:BE:47:8E:D3:E9:46:7C:73:1A:58:9A:8F:87:DC:61:C7
Certificate issuer:       /CN=b1740c4c079f2d1dee85439f82781b9bae756a95
Certificate serial:       018CC26D51EBBCDA2399F66D4450E4F2A0F7
Authority key identifier: B1:74:0C:4C:07:9F:2D:1D:EE:85:43:9F:82:78:1B:9B:AE:75:6A:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXQMTAefLR3uhUOfgngbm651apU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/atxia75HjtPpRnxzGliaj4fcYcc.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203375
IP address blocks:        185.136.224.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/sXQMTAefLR3uhUOfgngbm651apU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/sXQMTAefLR3uhUOfgngbm651apU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXQMTAefLR3uhUOfgngbm651apU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:51:eb:bc:da:23:99:f6:6d:44:50:e4:f2:a0:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1740c4c079f2d1dee85439f82781b9bae756a95
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6adc626bbe478ed3e9467c731a589a8f87dc61c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a6:cd:13:46:94:4d:85:e0:8e:9c:bd:2f:ec:
                    1c:92:6f:5b:dd:76:78:5b:19:1a:11:e7:08:a9:c0:
                    da:c7:5e:c4:1f:8f:22:ab:94:78:20:52:0b:b1:17:
                    c2:a4:4a:06:c8:f5:ec:06:b8:e7:97:1e:71:85:ae:
                    76:4b:71:44:6c:f0:b5:b5:82:10:76:23:e7:4c:da:
                    65:a1:43:70:4e:14:bd:4f:04:d3:74:cd:75:71:d3:
                    ec:9a:fc:df:f2:6c:8d:7e:e9:eb:04:7f:87:ec:9c:
                    9a:cd:9d:14:ce:7e:a6:db:c1:29:65:2d:c9:7b:7b:
                    52:2f:77:ab:b7:b8:8a:9a:29:e8:a4:9b:8d:f2:f5:
                    07:9e:e6:8e:57:9c:b4:8c:c2:3d:18:c2:bc:63:39:
                    55:5f:9a:68:fe:dd:85:11:94:b5:c3:bd:c9:f0:e8:
                    c4:2d:a2:d5:e4:a5:d9:df:36:c0:46:6b:1d:64:b5:
                    a1:44:b5:48:de:ed:72:e1:46:99:8e:48:5c:39:f3:
                    28:6b:51:aa:4e:93:55:63:bd:ea:57:da:bd:ee:ec:
                    39:13:3a:36:84:7c:8a:7f:9f:75:5d:2e:22:2f:14:
                    6a:4a:44:ba:33:44:86:ec:ac:39:f5:5e:1b:3c:24:
                    0f:56:b3:55:16:6b:6c:5d:3f:e0:7a:68:f8:cb:e3:
                    89:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:DC:62:6B:BE:47:8E:D3:E9:46:7C:73:1A:58:9A:8F:87:DC:61:C7
            X509v3 Authority Key Identifier:
                keyid:B1:74:0C:4C:07:9F:2D:1D:EE:85:43:9F:82:78:1B:9B:AE:75:6A:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXQMTAefLR3uhUOfgngbm651apU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/atxia75HjtPpRnxzGliaj4fcYcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/sXQMTAefLR3uhUOfgngbm651apU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:85:3a:cf:4e:5f:3f:0c:0f:ad:d5:7f:b0:57:71:a2:55:fa:
         2c:75:91:a0:cd:af:05:8f:48:ea:d3:9a:56:ac:2f:da:93:be:
         0d:a1:86:2a:e0:20:cd:b7:3d:3c:06:12:31:df:40:9d:e8:af:
         5b:74:f4:8b:81:f0:e6:93:da:e5:a1:c6:ab:d3:a6:37:94:97:
         01:41:2e:54:96:e1:23:0a:86:e4:db:fd:14:1b:bd:0f:e8:7e:
         15:d6:95:56:dc:01:d9:b0:82:b4:69:26:25:66:79:32:74:33:
         cf:c7:12:a8:b6:3f:f1:e1:25:bb:9a:07:86:1c:8c:4b:60:e5:
         d0:0e:e7:0f:f3:ef:01:91:4a:29:f9:a0:94:63:e6:95:7c:11:
         6d:23:9e:74:c6:56:5e:d8:0d:0b:8d:c4:7a:04:ca:20:53:ba:
         4a:cb:cc:b8:6a:3b:fb:5e:39:4e:9e:95:65:01:0a:22:74:21:
         05:ea:59:47:e1:3d:ee:7b:27:c5:50:61:0f:3d:d0:cc:27:1b:
         2f:39:49:d6:f4:2f:8b:98:02:b9:25:01:90:15:e3:93:23:5a:
         a6:74:a3:d3:16:c5:51:2b:e3:3e:60:b3:ba:90:46:34:bc:5e:
         34:86:04:d6:0c:7f:44:06:52:88:fd:69:42:28:fb:c0:04:a1:
         47:1f:8f:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVHrvNojmfZtRFDk8qD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzQwYzRjMDc5ZjJkMWRlZTg1NDM5ZjgyNzgxYjliYWU3
NTZhOTUwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWRjNjI2YmJlNDc4ZWQzZTk0NjdjNzMxYTU4OWE4Zjg3ZGM2MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KbNE0aUTYXgjpy9L+wckm9b3XZ4
WxkaEecIqcDax17EH48iq5R4IFILsRfCpEoGyPXsBrjnlx5xha52S3FEbPC1tYIQ
diPnTNploUNwThS9TwTTdM11cdPsmvzf8myNfunrBH+H7JyazZ0Uzn6m28EpZS3J
e3tSL3ert7iKminopJuN8vUHnuaOV5y0jMI9GMK8YzlVX5po/t2FEZS1w73J8OjE
LaLV5KXZ3zbARmsdZLWhRLVI3u1y4UaZjkhcOfMoa1GqTpNVY73qV9q97uw5Ezo2
hHyKf591XS4iLxRqSkS6M0SG7Kw59V4bPCQPVrNVFmtsXT/gemj4y+OJQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrcYmu+R47T6UZ8cxpYmo+H3GHHMB8GA1UdIwQY
MBaAFLF0DEwHny0d7oVDn4J4G5uudWqVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hRTVRBZWZMUjN1aFVPZmduZ2JtNjUxYXBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83MmE0OTUtMmI1ZC00YTIzLTk5YzQt
ZWYwNjcxYzdjMGRmLzEvYXR4aWE3NUhqdFBwUm54ekdsaWFqNGZjWWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83MmE0OTUtMmI1ZC00YTIzLTk5YzQtZWYwNjcxYzdjMGRm
LzEvc1hRTVRBZWZMUjN1aFVPZmduZ2JtNjUxYXBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYjgMA0G
CSqGSIb3DQEBCwUAA4IBAQA7hTrPTl8/DA+t1X+wV3GiVfosdZGgza8Fj0jq05pW
rC/ak74NoYYq4CDNtz08BhIx30Cd6K9bdPSLgfDmk9rlocar06Y3lJcBQS5UluEj
Cobk2/0UG70P6H4V1pVW3AHZsIK0aSYlZnkydDPPxxKotj/x4SW7mgeGHIxLYOXQ
DucP8+8BkUop+aCUY+aVfBFtI550xlZe2A0LjcR6BMogU7pKy8y4ajv7XjlOnpVl
AQoidCEF6llH4T3ueyfFUGEPPdDMJxsvOUnW9C+LmAK5JQGQFeOTI1qmdKPTFsVR
K+M+YLO6kEY0vF40hgTWDH9EBlKI/WlCKPvABKFHH4/m
-----END CERTIFICATE-----