Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7bd2e3-f3c5-4955-b9a1-34a1237f1670/1/ki4HGWBWDo7PIsB8RvLgajH3-I4.roa
File:                     ki4HGWBWDo7PIsB8RvLgajH3-I4.roa (raw, json)
Hash identifier:          px+7e02tqNcnOP95IeM8RN4SCNBjsw/DlkR1oMGw40I=
Subject key identifier:   92:2E:07:19:60:56:0E:8E:CF:22:C0:7C:46:F2:E0:6A:31:F7:F8:8E
Certificate issuer:       /CN=dc6baa601236ab9bea29f807a66920ed5656a196
Certificate serial:       018CC26D1CBEC51000E1A50BD9737CD9F2E3
Authority key identifier: DC:6B:AA:60:12:36:AB:9B:EA:29:F8:07:A6:69:20:ED:56:56:A1:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3GuqYBI2q5vqKfgHpmkg7VZWoZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7bd2e3-f3c5-4955-b9a1-34a1237f1670/1/ki4HGWBWDo7PIsB8RvLgajH3-I4.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51580
IP address blocks:        185.180.182.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7bd2e3-f3c5-4955-b9a1-34a1237f1670/1/3GuqYBI2q5vqKfgHpmkg7VZWoZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7bd2e3-f3c5-4955-b9a1-34a1237f1670/1/3GuqYBI2q5vqKfgHpmkg7VZWoZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3GuqYBI2q5vqKfgHpmkg7VZWoZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1c:be:c5:10:00:e1:a5:0b:d9:73:7c:d9:f2:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc6baa601236ab9bea29f807a66920ed5656a196
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=922e071960560e8ecf22c07c46f2e06a31f7f88e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ca:13:7d:b4:cb:17:3e:f4:62:65:20:cd:83:
                    37:59:33:56:38:2c:9d:c9:a2:75:e8:d7:c1:ff:66:
                    06:4e:85:a5:c0:26:65:46:1c:bf:f7:13:85:b6:ba:
                    2a:de:f5:27:61:ee:dd:aa:40:5f:3d:28:7c:e3:20:
                    4a:66:96:95:a9:7d:b1:a8:10:d1:a0:2b:9f:01:3b:
                    a4:15:ec:66:a8:1f:f7:5e:03:51:7c:78:21:67:3b:
                    57:f3:a2:8c:02:b7:22:94:ae:90:5c:14:e3:49:4e:
                    8c:83:53:27:60:f1:0d:1b:b0:f1:d3:41:29:9d:c4:
                    a9:a4:d8:ff:b4:1e:a8:5b:a7:fe:ac:7d:bf:06:d0:
                    d2:94:15:03:80:e0:a1:ef:fe:4d:c0:41:64:d2:f1:
                    70:ca:01:37:cb:57:8a:4e:c1:7b:3c:93:cd:a3:2f:
                    14:b3:44:80:43:1e:84:c6:c4:63:5e:77:a8:b2:28:
                    ce:35:e1:b5:b0:4d:1a:77:a1:0a:87:47:8c:87:e3:
                    a1:bf:c0:1c:b1:a0:54:55:b4:cf:32:c4:ec:df:66:
                    7f:e0:4e:31:bf:0a:d9:c9:06:93:05:2f:e1:56:64:
                    54:a6:3f:43:1d:33:62:ba:61:a1:a1:6f:1f:97:60:
                    f2:38:b3:c0:d5:44:37:3e:6c:f9:58:20:68:d4:89:
                    c8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:2E:07:19:60:56:0E:8E:CF:22:C0:7C:46:F2:E0:6A:31:F7:F8:8E
            X509v3 Authority Key Identifier:
                keyid:DC:6B:AA:60:12:36:AB:9B:EA:29:F8:07:A6:69:20:ED:56:56:A1:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3GuqYBI2q5vqKfgHpmkg7VZWoZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7bd2e3-f3c5-4955-b9a1-34a1237f1670/1/ki4HGWBWDo7PIsB8RvLgajH3-I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7bd2e3-f3c5-4955-b9a1-34a1237f1670/1/3GuqYBI2q5vqKfgHpmkg7VZWoZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:7f:a0:6c:c0:3b:50:08:bb:f4:c8:8a:d6:cc:da:5b:3f:41:
         97:1d:fe:7c:15:5a:fe:e0:99:4f:64:e0:44:74:39:72:db:78:
         bd:10:64:4e:d2:d9:ac:a7:b0:7a:7f:c1:c1:ba:7c:42:e4:a6:
         24:2d:40:71:22:e6:db:16:7a:40:61:bf:1f:dc:c4:23:c4:79:
         fa:b6:32:21:d1:db:a5:bc:73:a1:dd:d7:17:bf:e5:1e:0f:63:
         a0:00:d0:d1:d7:27:4a:e8:e2:01:61:04:a4:4f:fa:a3:48:4b:
         a9:df:e5:43:42:8b:5d:cc:7b:19:dd:ee:a7:f6:7f:b3:ba:0c:
         aa:7f:2f:16:64:cc:e8:7b:05:54:d2:f2:a0:33:6b:03:67:26:
         1f:e6:18:99:92:16:9b:d2:9a:da:8d:35:6f:36:b2:af:75:4a:
         85:06:15:3e:f7:d8:6a:1b:bc:76:5b:29:c9:07:d8:06:f2:ec:
         10:0c:87:64:2b:33:4e:93:f1:cd:5c:9a:2a:2f:db:78:d0:a2:
         73:84:b1:7a:24:f7:1c:ef:84:18:8d:17:dd:0f:1d:1a:e5:73:
         54:0e:9d:83:87:53:2a:69:0d:ed:7f:af:ac:5a:d2:f3:81:29:
         dd:90:5e:0d:7f:61:14:4e:77:e5:43:a0:3f:45:ad:7b:5e:a0:
         13:f7:e4:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRy+xRAA4aUL2XN82fLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNmJhYTYwMTIzNmFiOWJlYTI5ZjgwN2E2NjkyMGVkNTY1
NmExOTYwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjJlMDcxOTYwNTYwZThlY2YyMmMwN2M0NmYyZTA2YTMxZjdmODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusoTfbTLFz70YmUgzYM3WTNWOCyd
yaJ16NfB/2YGToWlwCZlRhy/9xOFtroq3vUnYe7dqkBfPSh84yBKZpaVqX2xqBDR
oCufATukFexmqB/3XgNRfHghZztX86KMArcilK6QXBTjSU6Mg1MnYPENG7Dx00Ep
ncSppNj/tB6oW6f+rH2/BtDSlBUDgOCh7/5NwEFk0vFwygE3y1eKTsF7PJPNoy8U
s0SAQx6ExsRjXneosijONeG1sE0ad6EKh0eMh+Ohv8AcsaBUVbTPMsTs32Z/4E4x
vwrZyQaTBS/hVmRUpj9DHTNiumGhoW8fl2DyOLPA1UQ3Pmz5WCBo1InIlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIuBxlgVg6OzyLAfEby4Gox9/iOMB8GA1UdIwQY
MBaAFNxrqmASNqub6in4B6ZpIO1WVqGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0d1cVlCSTJxNXZxS2ZnSHBta2c3VlpXb1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83YmQyZTMtZjNjNS00OTU1LWI5YTEt
MzRhMTIzN2YxNjcwLzEva2k0SEdXQldEbzdQSXNCOFJ2TGdhakgzLUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83YmQyZTMtZjNjNS00OTU1LWI5YTEtMzRhMTIzN2YxNjcw
LzEvM0d1cVlCSTJxNXZxS2ZnSHBta2c3VlpXb1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubS2MA0G
CSqGSIb3DQEBCwUAA4IBAQCHf6BswDtQCLv0yIrWzNpbP0GXHf58FVr+4JlPZOBE
dDly23i9EGRO0tmsp7B6f8HBunxC5KYkLUBxIubbFnpAYb8f3MQjxHn6tjIh0dul
vHOh3dcXv+UeD2OgANDR1ydK6OIBYQSkT/qjSEup3+VDQotdzHsZ3e6n9n+zugyq
fy8WZMzoewVU0vKgM2sDZyYf5hiZkhab0prajTVvNrKvdUqFBhU+99hqG7x2WynJ
B9gG8uwQDIdkKzNOk/HNXJoqL9t40KJzhLF6JPcc74QYjRfdDx0a5XNUDp2Dh1Mq
aQ3tf6+sWtLzgSndkF4Nf2EUTnflQ6A/Ra17XqAT9+TS
-----END CERTIFICATE-----