Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/938330-ccd8-4e7a-821c-a69c5bc7ed57/1/1JP1rokpKkqaQcHVfhiBfd2SRyM.roa
File:                     1JP1rokpKkqaQcHVfhiBfd2SRyM.roa (raw, json)
Hash identifier:          OpRDJf4i91wvkdLaibPYwSMqJO0y9Ro0a+CH8CL/4ig=
Subject key identifier:   D4:93:F5:AE:89:29:2A:4A:9A:41:C1:D5:7E:18:81:7D:DD:92:47:23
Certificate issuer:       /CN=db9b939d7bca13b6d8ccf4d8e78676f3807a0ece
Certificate serial:       018F20E3206BC167D0EF17BF056DEEBFA32A
Authority key identifier: DB:9B:93:9D:7B:CA:13:B6:D8:CC:F4:D8:E7:86:76:F3:80:7A:0E:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/25uTnXvKE7bYzPTY54Z284B6Ds4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/938330-ccd8-4e7a-821c-a69c5bc7ed57/1/1JP1rokpKkqaQcHVfhiBfd2SRyM.roa
Signing time:             Sat 27 Apr 2024 18:48:26 +0000
ROA not before:           Sat 27 Apr 2024 18:48:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34447
IP address blocks:        185.97.92.0/22 maxlen: 22
                          185.97.94.0/24 maxlen: 24
                          185.97.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/938330-ccd8-4e7a-821c-a69c5bc7ed57/1/25uTnXvKE7bYzPTY54Z284B6Ds4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/938330-ccd8-4e7a-821c-a69c5bc7ed57/1/25uTnXvKE7bYzPTY54Z284B6Ds4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/25uTnXvKE7bYzPTY54Z284B6Ds4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:20:e3:20:6b:c1:67:d0:ef:17:bf:05:6d:ee:bf:a3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9b939d7bca13b6d8ccf4d8e78676f3807a0ece
        Validity
            Not Before: Apr 27 18:48:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d493f5ae89292a4a9a41c1d57e18817ddd924723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b6:93:c0:16:16:57:94:da:f0:fe:cc:c6:eb:
                    ef:c2:dd:df:b2:13:5b:d2:6e:00:1d:04:21:fd:d1:
                    00:37:b0:29:a0:38:f1:56:8f:b3:a9:0f:f1:ff:3c:
                    ef:84:d7:d9:d5:57:45:96:a7:77:0b:36:e3:29:bf:
                    0b:5d:9e:fa:22:cc:ac:08:dd:e2:71:d3:0a:24:19:
                    57:b3:3b:99:0c:70:68:f9:4b:c5:bd:11:8f:30:18:
                    06:c8:16:91:89:87:63:a4:00:1e:93:ff:d0:62:f1:
                    10:8f:23:a0:35:5e:57:84:13:cd:ee:db:d4:02:13:
                    bf:94:8a:d3:20:e2:46:3c:e6:5f:dc:0d:17:5b:de:
                    e7:9e:25:93:8f:3c:54:1e:65:9b:b8:01:ba:7a:ea:
                    9f:33:1d:cb:5d:03:5f:b6:53:cb:4d:d7:54:d2:5f:
                    6b:e9:38:a5:a0:a2:b4:de:2a:f3:1f:d9:82:a5:11:
                    1d:89:78:c6:0a:2f:12:f7:3e:cf:d4:d7:ec:ba:6e:
                    e9:71:ed:0d:9a:98:88:c3:13:6c:3e:c4:6b:ea:37:
                    6f:c3:87:d4:83:27:61:bb:f9:15:40:b5:b5:e4:3b:
                    97:9f:c2:c4:79:57:27:eb:c2:71:f6:4b:25:59:82:
                    78:e2:b2:2c:9b:bc:8c:f7:3e:c4:f2:27:a2:82:8b:
                    d6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:93:F5:AE:89:29:2A:4A:9A:41:C1:D5:7E:18:81:7D:DD:92:47:23
            X509v3 Authority Key Identifier:
                keyid:DB:9B:93:9D:7B:CA:13:B6:D8:CC:F4:D8:E7:86:76:F3:80:7A:0E:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/25uTnXvKE7bYzPTY54Z284B6Ds4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/938330-ccd8-4e7a-821c-a69c5bc7ed57/1/1JP1rokpKkqaQcHVfhiBfd2SRyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/938330-ccd8-4e7a-821c-a69c5bc7ed57/1/25uTnXvKE7bYzPTY54Z284B6Ds4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:bf:4b:6c:09:c9:42:88:39:0a:6b:fc:69:b0:68:dd:13:8c:
         ed:ed:9f:e7:32:8b:7c:e1:5d:6f:5c:ba:a0:c7:8a:61:ca:ff:
         23:9c:7e:fd:a6:50:fe:9e:c2:7a:00:ee:a3:e9:82:f7:d8:fb:
         a6:a2:bf:b0:32:01:71:36:ad:0f:71:8b:9e:92:ac:58:e6:90:
         93:e9:23:96:92:a6:38:06:9f:c1:35:6d:8c:fc:92:e8:89:11:
         eb:3c:aa:64:d1:27:4d:68:c7:68:08:1a:73:94:5d:82:c0:36:
         15:48:99:64:82:70:7f:8b:82:81:ab:18:2d:87:b2:6b:76:4b:
         e5:ec:32:e5:d8:31:b8:05:b7:6b:2b:b1:2e:6d:8c:5c:dd:84:
         48:78:56:fb:b4:8f:5c:4b:3b:59:42:91:1d:bd:7e:79:14:0b:
         5d:01:fc:d8:76:c3:ff:df:aa:c4:e7:90:5f:1e:db:3e:e6:46:
         c3:bb:d9:d2:ff:bb:a8:d7:ce:ba:80:78:58:5e:72:76:f2:8b:
         81:85:9c:db:63:fb:9e:a7:ed:22:72:29:18:90:52:aa:2a:e6:
         0c:bc:84:b8:bf:33:58:2c:6a:57:97:53:fe:ed:27:a1:ba:88:
         93:c8:50:4f:93:13:13:49:ec:81:cb:1d:fc:4e:23:f2:03:3a:
         3c:18:e7:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8g4yBrwWfQ7xe/BW3uv6MqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWI5MzlkN2JjYTEzYjZkOGNjZjRkOGU3ODY3NmYzODA3
YTBlY2UwHhcNMjQwNDI3MTg0ODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDkzZjVhZTg5MjkyYTRhOWE0MWMxZDU3ZTE4ODE3ZGRkOTI0NzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArraTwBYWV5Ta8P7Mxuvvwt3fshNb
0m4AHQQh/dEAN7ApoDjxVo+zqQ/x/zzvhNfZ1VdFlqd3CzbjKb8LXZ76IsysCN3i
cdMKJBlXszuZDHBo+UvFvRGPMBgGyBaRiYdjpAAek//QYvEQjyOgNV5XhBPN7tvU
AhO/lIrTIOJGPOZf3A0XW97nniWTjzxUHmWbuAG6euqfMx3LXQNftlPLTddU0l9r
6TiloKK03irzH9mCpREdiXjGCi8S9z7P1Nfsum7pce0NmpiIwxNsPsRr6jdvw4fU
gydhu/kVQLW15DuXn8LEeVcn68Jx9kslWYJ44rIsm7yM9z7E8ieigovWhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNST9a6JKSpKmkHB1X4YgX3dkkcjMB8GA1UdIwQY
MBaAFNubk517yhO22Mz02OeGdvOAeg7OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjV1VG5YdktFN2JZelBUWTU0WjI4NEI2RHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS85MzgzMzAtY2NkOC00ZTdhLTgyMWMt
YTY5YzViYzdlZDU3LzEvMUpQMXJva3BLa3FhUWNIVmZoaUJmZDJTUnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS85MzgzMzAtY2NkOC00ZTdhLTgyMWMtYTY5YzViYzdlZDU3
LzEvMjV1VG5YdktFN2JZelBUWTU0WjI4NEI2RHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWFcMA0G
CSqGSIb3DQEBCwUAA4IBAQBLv0tsCclCiDkKa/xpsGjdE4zt7Z/nMot84V1vXLqg
x4phyv8jnH79plD+nsJ6AO6j6YL32Pumor+wMgFxNq0PcYuekqxY5pCT6SOWkqY4
Bp/BNW2M/JLoiRHrPKpk0SdNaMdoCBpzlF2CwDYVSJlkgnB/i4KBqxgth7Jrdkvl
7DLl2DG4BbdrK7EubYxc3YRIeFb7tI9cSztZQpEdvX55FAtdAfzYdsP/36rE55Bf
Hts+5kbDu9nS/7uo1866gHhYXnJ28ouBhZzbY/uep+0icikYkFKqKuYMvIS4vzNY
LGpXl1P+7SehuoiTyFBPkxMTSeyByx38TiPyAzo8GOew
-----END CERTIFICATE-----