Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/P_DGsUmCIi_ttro3foDTVwXIr_4.roa
File:                     P_DGsUmCIi_ttro3foDTVwXIr_4.roa (raw, json)
Hash identifier:          exgaIOxI5hCnV8/d/14DlkMmJQBs/cfviGj5sk1AOGk=
Subject key identifier:   3F:F0:C6:B1:49:82:22:2F:ED:B6:BA:37:7E:80:D3:57:05:C8:AF:FE
Certificate issuer:       /CN=9c0aae6d45d06df7c4278ef4f218e42db807094c
Certificate serial:       018CC7277644FF6E94EC57A575D538A774C9
Authority key identifier: 9C:0A:AE:6D:45:D0:6D:F7:C4:27:8E:F4:F2:18:E4:2D:B8:07:09:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nAqubUXQbffEJ4708hjkLbgHCUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/P_DGsUmCIi_ttro3foDTVwXIr_4.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1942
IP address blocks:        160.103.0.0/16 maxlen: 16
                          45.149.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/nAqubUXQbffEJ4708hjkLbgHCUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/nAqubUXQbffEJ4708hjkLbgHCUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nAqubUXQbffEJ4708hjkLbgHCUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:76:44:ff:6e:94:ec:57:a5:75:d5:38:a7:74:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c0aae6d45d06df7c4278ef4f218e42db807094c
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ff0c6b14982222fedb6ba377e80d35705c8affe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9d:9d:a2:a9:c0:75:bf:78:03:40:2d:c1:dd:
                    3f:d4:f0:f2:de:64:7f:87:b5:85:ee:73:c3:d2:32:
                    e1:d3:ff:35:3e:dd:47:54:62:1e:18:a3:da:ba:6d:
                    6f:43:a0:08:ab:26:79:01:58:a2:08:70:d6:d7:1e:
                    b4:c3:50:da:ee:32:7b:71:32:ce:b0:46:0b:f1:d9:
                    9e:0d:09:94:1e:4e:75:39:f7:d2:18:16:e4:aa:ad:
                    9a:17:7d:72:8c:8e:99:bc:0b:ac:a9:29:77:be:39:
                    69:c1:c4:7c:e1:44:9a:68:cd:7e:97:8a:65:42:71:
                    e9:ae:10:72:00:d4:c5:3d:a4:08:01:cd:d7:05:fd:
                    2f:5f:f0:41:47:1b:c5:30:48:5d:f5:c0:49:2d:7b:
                    01:d8:17:89:3a:69:80:48:5f:a2:68:76:6a:23:44:
                    46:12:9a:18:dc:67:47:91:ed:0e:ce:33:cd:dd:66:
                    ed:ed:66:df:64:a6:6f:cd:96:cf:60:5a:1d:07:81:
                    50:c9:61:19:d4:16:b7:40:c5:19:85:c9:ec:0a:a0:
                    a2:b5:91:57:3b:93:45:c6:12:b6:6e:40:3f:b5:7f:
                    79:a9:be:fc:bc:cd:e3:cd:f9:6d:7d:c5:50:00:76:
                    76:be:8e:48:cb:3f:1d:7a:6d:33:29:0a:06:eb:39:
                    77:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F0:C6:B1:49:82:22:2F:ED:B6:BA:37:7E:80:D3:57:05:C8:AF:FE
            X509v3 Authority Key Identifier:
                keyid:9C:0A:AE:6D:45:D0:6D:F7:C4:27:8E:F4:F2:18:E4:2D:B8:07:09:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nAqubUXQbffEJ4708hjkLbgHCUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/P_DGsUmCIi_ttro3foDTVwXIr_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c920ec-07dc-469d-b884-b98bbb1637c0/1/nAqubUXQbffEJ4708hjkLbgHCUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.140.0/22
                  160.103.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5b:87:96:fa:b4:54:1e:ef:4c:84:ae:a8:bd:c6:ee:9a:4f:07:
         de:56:11:f2:2d:0e:b2:9f:9f:18:75:3f:1a:62:22:ef:b4:09:
         96:29:40:c2:a7:52:6a:cf:89:a9:a0:f2:56:e3:02:76:da:ce:
         c3:95:23:f7:8c:16:35:a0:07:d5:14:d1:3b:b1:f0:f4:2b:72:
         06:14:e0:9c:4b:e4:5b:d7:15:91:4f:7c:2c:f4:24:a8:55:ab:
         dd:6b:5b:3e:0f:d5:8f:b0:05:17:12:51:9e:26:70:7f:a3:f8:
         dd:7e:8e:67:7a:80:66:f8:29:6b:3e:ee:a4:fd:2b:bd:e2:95:
         24:7a:54:0b:3b:a7:76:fd:12:25:3a:81:db:84:2c:ce:d6:cd:
         1e:76:ea:a6:2c:ad:d7:81:c4:a1:0a:b3:12:f3:74:1d:22:fc:
         3a:5a:ba:cf:da:f4:b7:44:5b:ab:57:d7:55:7b:ff:ea:9d:1b:
         34:a5:d5:ba:00:e8:5e:23:d9:40:c9:7b:52:78:4d:a0:29:66:
         24:9c:ea:4d:5a:11:ca:9e:77:d5:73:c1:b4:64:5c:9e:16:89:
         ff:8e:57:2c:50:f8:5a:02:a5:d8:73:15:f2:0a:1b:85:ba:1f:
         09:9d:94:74:4c:20:75:d0:e3:cc:a4:12:1d:44:40:4e:16:df:
         8a:50:0f:c8
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzHJ3ZE/26U7FelddU4p3TJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMGFhZTZkNDVkMDZkZjdjNDI3OGVmNGYyMThlNDJkYjgw
NzA5NGMwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmYwYzZiMTQ5ODIyMjJmZWRiNmJhMzc3ZTgwZDM1NzA1YzhhZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp2doqnAdb94A0Atwd0/1PDy3mR/
h7WF7nPD0jLh0/81Pt1HVGIeGKPaum1vQ6AIqyZ5AViiCHDW1x60w1Da7jJ7cTLO
sEYL8dmeDQmUHk51OffSGBbkqq2aF31yjI6ZvAusqSl3vjlpwcR84USaaM1+l4pl
QnHprhByANTFPaQIAc3XBf0vX/BBRxvFMEhd9cBJLXsB2BeJOmmASF+iaHZqI0RG
EpoY3GdHke0OzjPN3Wbt7WbfZKZvzZbPYFodB4FQyWEZ1Ba3QMUZhcnsCqCitZFX
O5NFxhK2bkA/tX95qb78vM3jzfltfcVQAHZ2vo5Iyz8dem0zKQoG6zl3rQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFD/wxrFJgiIv7ba6N36A01cFyK/+MB8GA1UdIwQY
MBaAFJwKrm1F0G33xCeO9PIY5C24BwlMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkFxdWJVWFFiZmZFSjQ3MDhoamtMYmdIQ1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9jOTIwZWMtMDdkYy00NjlkLWI4ODQt
Yjk4YmJiMTYzN2MwLzEvUF9ER3NVbUNJaV90dHJvM2ZvRFRWd1hJcl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9jOTIwZWMtMDdkYy00NjlkLWI4ODQtYjk4YmJiMTYzN2Mw
LzEvbkFxdWJVWFFiZmZFSjQ3MDhoamtMYmdIQ1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwQCLZWMAwMA
oGcwDQYJKoZIhvcNAQELBQADggEBAFuHlvq0VB7vTISuqL3G7ppPB95WEfItDrKf
nxh1PxpiIu+0CZYpQMKnUmrPiamg8lbjAnbazsOVI/eMFjWgB9UU0Tux8PQrcgYU
4JxL5FvXFZFPfCz0JKhVq91rWz4P1Y+wBRcSUZ4mcH+j+N1+jmd6gGb4KWs+7qT9
K73ilSR6VAs7p3b9EiU6gduELM7WzR526qYsrdeBxKEKsxLzdB0i/Dpaus/a9LdE
W6tX11V7/+qdGzSl1boA6F4j2UDJe1J4TaApZiSc6k1aEcqed9VzwbRkXJ4Wif+O
VyxQ+FoCpdhzFfIKG4W6HwmdlHRMIHXQ48ykEh1EQE4W34pQD8g=
-----END CERTIFICATE-----