Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/acfd98-b736-49f4-a660-f908d21718f7/1/nJk2bwqq285erhSbZyAiNCW75P4.roa
File:                     nJk2bwqq285erhSbZyAiNCW75P4.roa (raw, json)
Hash identifier:          6FvwYLCzc7ZKDGFoWdTMvqYDGgO995kA/v69jjAiktE=
Subject key identifier:   9C:99:36:6F:0A:AA:DB:CE:5E:AE:14:9B:67:20:22:34:25:BB:E4:FE
Certificate issuer:       /CN=07bb5bfa64b0d5d18a3061a9869b1ca57172eaba
Certificate serial:       018CC424A610E287A56B5E8A7FFF604C4EE9
Authority key identifier: 07:BB:5B:FA:64:B0:D5:D1:8A:30:61:A9:86:9B:1C:A5:71:72:EA:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B7tb-mSw1dGKMGGphpscpXFy6ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/acfd98-b736-49f4-a660-f908d21718f7/1/nJk2bwqq285erhSbZyAiNCW75P4.roa
Signing time:             Mon 01 Jan 2024 08:29:45 +0000
ROA not before:           Mon 01 Jan 2024 08:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203815
IP address blocks:        185.155.76.0/22 maxlen: 22
                          2a05:b8c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/acfd98-b736-49f4-a660-f908d21718f7/1/B7tb-mSw1dGKMGGphpscpXFy6ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/acfd98-b736-49f4-a660-f908d21718f7/1/B7tb-mSw1dGKMGGphpscpXFy6ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B7tb-mSw1dGKMGGphpscpXFy6ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 01:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a6:10:e2:87:a5:6b:5e:8a:7f:ff:60:4c:4e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07bb5bfa64b0d5d18a3061a9869b1ca57172eaba
        Validity
            Not Before: Jan  1 08:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c99366f0aaadbce5eae149b6720223425bbe4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:78:b4:fe:ac:1f:34:80:b7:9f:81:5f:7f:1d:
                    97:a2:0b:fc:40:43:2c:ed:eb:c1:ad:be:14:2d:5a:
                    9c:aa:60:ba:9c:0e:fb:d0:6a:0f:ce:a2:6f:c1:c8:
                    09:07:2c:4e:d8:72:7e:7c:3f:60:11:a7:3d:ee:5b:
                    0c:ed:d2:46:11:ac:e7:a1:c0:c8:46:1d:46:a4:45:
                    e4:7b:c1:e6:c3:ec:5f:e3:d2:ad:cd:eb:c1:3e:91:
                    98:c6:bf:12:1a:06:22:f1:65:f7:cb:17:2c:8c:c6:
                    69:12:ef:99:0e:80:2a:d2:be:b7:c1:f1:da:fc:ce:
                    7b:ba:f4:5e:3a:05:31:50:1e:46:f2:7f:da:20:a1:
                    22:21:c7:34:84:e0:fd:73:36:cd:33:46:a0:09:3c:
                    00:14:43:db:bc:98:69:7c:30:fa:e7:21:1d:f9:3b:
                    bc:7e:a6:ff:81:b7:b9:a9:87:8d:2b:aa:34:f2:7c:
                    2a:46:2b:0b:d0:af:73:41:53:15:7c:ee:4a:ca:3e:
                    37:14:89:72:b1:9e:8a:19:1f:33:d4:80:78:c4:02:
                    a8:19:9b:3b:2b:66:fc:38:88:a5:cd:82:4f:e2:68:
                    de:03:a3:9e:29:52:52:37:8d:4a:d0:ff:69:9a:a8:
                    5c:69:52:ed:73:99:35:d1:6a:68:6b:0b:2a:03:b4:
                    a7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:99:36:6F:0A:AA:DB:CE:5E:AE:14:9B:67:20:22:34:25:BB:E4:FE
            X509v3 Authority Key Identifier:
                keyid:07:BB:5B:FA:64:B0:D5:D1:8A:30:61:A9:86:9B:1C:A5:71:72:EA:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B7tb-mSw1dGKMGGphpscpXFy6ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/acfd98-b736-49f4-a660-f908d21718f7/1/nJk2bwqq285erhSbZyAiNCW75P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/acfd98-b736-49f4-a660-f908d21718f7/1/B7tb-mSw1dGKMGGphpscpXFy6ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.76.0/22
                IPv6:
                  2a05:b8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:1d:9d:5b:97:90:3d:29:fd:2b:2c:c0:79:f3:76:08:ac:da:
         c5:13:96:ad:f5:5e:32:2c:b4:21:4d:3e:d1:dd:b2:33:a8:0c:
         dd:bb:72:77:fa:f8:71:dc:9f:24:d5:38:dd:1c:e1:e4:6d:5b:
         67:a5:6a:45:52:7a:77:80:8c:a6:d3:88:07:4c:15:78:7a:33:
         8f:35:05:68:ec:c2:8d:26:d5:85:41:48:0c:f7:6b:29:32:7d:
         19:13:77:03:13:81:e9:b6:63:e4:78:3c:25:d4:2a:04:a7:f5:
         91:9c:b7:6a:b2:ac:37:b0:11:f9:0d:05:2f:f1:af:59:aa:1a:
         33:82:4b:32:bc:75:79:af:f5:ee:5e:5b:a2:62:2b:64:15:00:
         f0:76:71:b5:d6:af:95:ca:7c:87:dc:45:01:78:44:02:9e:1d:
         53:fe:6d:3f:fb:72:86:e3:94:7d:f2:6d:c4:34:1b:e2:4c:44:
         a1:bb:ef:00:e4:b4:9d:15:74:88:27:f5:65:80:ae:9b:e5:0d:
         f9:19:03:2b:3f:80:63:4a:15:a3:01:31:b9:3e:54:71:41:c6:
         8b:e1:ff:a8:e7:c1:1c:b9:77:db:c7:65:02:96:d7:8b:97:75:
         0c:b7:6c:c8:53:9d:cd:70:72:ca:6d:ce:73:32:cd:14:23:c6:
         39:4c:74:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJKYQ4oela16Kf/9gTE7pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YmI1YmZhNjRiMGQ1ZDE4YTMwNjFhOTg2OWIxY2E1NzE3
MmVhYmEwHhcNMjQwMTAxMDgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzk5MzY2ZjBhYWFkYmNlNWVhZTE0OWI2NzIwMjIzNDI1YmJlNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3i0/qwfNIC3n4Fffx2Xogv8QEMs
7evBrb4ULVqcqmC6nA770GoPzqJvwcgJByxO2HJ+fD9gEac97lsM7dJGEaznocDI
Rh1GpEXke8Hmw+xf49KtzevBPpGYxr8SGgYi8WX3yxcsjMZpEu+ZDoAq0r63wfHa
/M57uvReOgUxUB5G8n/aIKEiIcc0hOD9czbNM0agCTwAFEPbvJhpfDD65yEd+Tu8
fqb/gbe5qYeNK6o08nwqRisL0K9zQVMVfO5Kyj43FIlysZ6KGR8z1IB4xAKoGZs7
K2b8OIilzYJP4mjeA6OeKVJSN41K0P9pmqhcaVLtc5k10WpoawsqA7SnawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJyZNm8KqtvOXq4Um2cgIjQlu+T+MB8GA1UdIwQY
MBaAFAe7W/pksNXRijBhqYabHKVxcuq6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjd0Yi1tU3cxZEdLTUdHcGhwc2NwWEZ5NnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hY2ZkOTgtYjczNi00OWY0LWE2NjAt
ZjkwOGQyMTcxOGY3LzEvbkprMmJ3cXEyODVlcmhTYlp5QWlOQ1c3NVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hY2ZkOTgtYjczNi00OWY0LWE2NjAtZjkwOGQyMTcxOGY3
LzEvQjd0Yi1tU3cxZEdLTUdHcGhwc2NwWEZ5NnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZtMMA0E
AgACMAcDBQMqBbjAMA0GCSqGSIb3DQEBCwUAA4IBAQCvHZ1bl5A9Kf0rLMB583YI
rNrFE5at9V4yLLQhTT7R3bIzqAzdu3J3+vhx3J8k1TjdHOHkbVtnpWpFUnp3gIym
04gHTBV4ejOPNQVo7MKNJtWFQUgM92spMn0ZE3cDE4HptmPkeDwl1CoEp/WRnLdq
sqw3sBH5DQUv8a9ZqhozgksyvHV5r/XuXluiYitkFQDwdnG11q+VynyH3EUBeEQC
nh1T/m0/+3KG45R98m3ENBviTEShu+8A5LSdFXSIJ/VlgK6b5Q35GQMrP4BjShWj
ATG5PlRxQcaL4f+o58EcuXfbx2UClteLl3UMt2zIU53NcHLKbc5zMs0UI8Y5THTf
-----END CERTIFICATE-----