Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/26f44a-ae53-4727-9075-437a346b22f7/1/pATsjDMsKk0IZlNrV4oTnjptVn8.roa
File:                     pATsjDMsKk0IZlNrV4oTnjptVn8.roa (raw, json)
Hash identifier:          DwcNh5OXQ0SHQaz+hDmMkfBMuIG4XU+nlCMeJOxUEVg=
Subject key identifier:   A4:04:EC:8C:33:2C:2A:4D:08:66:53:6B:57:8A:13:9E:3A:6D:56:7F
Certificate issuer:       /CN=73ff4b1cbeaf9dd75d3b5ef3ee9a75d5799f7280
Certificate serial:       018CC8030B317C0130FE487870459E49977A
Authority key identifier: 73:FF:4B:1C:BE:AF:9D:D7:5D:3B:5E:F3:EE:9A:75:D5:79:9F:72:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_9LHL6vndddO17z7pp11XmfcoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/26f44a-ae53-4727-9075-437a346b22f7/1/pATsjDMsKk0IZlNrV4oTnjptVn8.roa
Signing time:             Tue 02 Jan 2024 02:31:31 +0000
ROA not before:           Tue 02 Jan 2024 02:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        185.242.62.0/23 maxlen: 23
                          2a09:a7c4::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/26f44a-ae53-4727-9075-437a346b22f7/1/c_9LHL6vndddO17z7pp11XmfcoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/26f44a-ae53-4727-9075-437a346b22f7/1/c_9LHL6vndddO17z7pp11XmfcoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_9LHL6vndddO17z7pp11XmfcoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:0b:31:7c:01:30:fe:48:78:70:45:9e:49:97:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73ff4b1cbeaf9dd75d3b5ef3ee9a75d5799f7280
        Validity
            Not Before: Jan  2 02:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a404ec8c332c2a4d0866536b578a139e3a6d567f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3c:4a:2d:c4:bf:1f:9c:37:a8:60:53:8e:d9:
                    0a:8b:3d:2e:04:d4:83:6f:86:59:e4:0c:8c:61:36:
                    68:e3:ca:44:80:f8:73:e7:af:53:bb:f1:61:f8:59:
                    1e:de:39:20:a4:5b:e1:f1:74:b9:2b:3e:e0:93:47:
                    da:b8:7c:0d:a1:62:ce:64:cc:73:3e:36:ba:07:40:
                    75:64:9b:06:66:8d:61:0a:16:50:bb:53:c4:b4:23:
                    07:a2:49:6c:f2:50:25:61:16:90:97:d2:77:0b:ad:
                    b3:38:28:c8:72:b9:0d:98:b8:b1:74:d2:bf:d2:c3:
                    ca:66:86:b5:0b:0f:37:d6:70:be:75:55:10:2a:f4:
                    ca:ca:90:9f:4c:16:c7:a9:55:b7:c2:cd:70:b9:39:
                    42:19:88:39:16:9b:5c:a6:7e:44:bb:34:e3:d7:57:
                    89:6c:7f:d7:22:a2:22:6f:4b:c1:61:ed:c3:c3:24:
                    6e:7a:4d:da:87:a3:1a:e1:0c:a4:65:51:35:84:a6:
                    d6:7d:e7:2f:4d:d9:94:6e:bc:ed:c7:d4:36:c4:a6:
                    0f:fe:41:c1:df:57:e1:15:2c:f4:fd:a4:db:35:5f:
                    db:32:4b:c9:87:92:56:ed:66:09:39:b7:73:ff:c7:
                    5b:00:f4:e6:5c:4d:60:30:f7:a4:8a:6b:0b:cf:0b:
                    59:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:04:EC:8C:33:2C:2A:4D:08:66:53:6B:57:8A:13:9E:3A:6D:56:7F
            X509v3 Authority Key Identifier:
                keyid:73:FF:4B:1C:BE:AF:9D:D7:5D:3B:5E:F3:EE:9A:75:D5:79:9F:72:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_9LHL6vndddO17z7pp11XmfcoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/26f44a-ae53-4727-9075-437a346b22f7/1/pATsjDMsKk0IZlNrV4oTnjptVn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/26f44a-ae53-4727-9075-437a346b22f7/1/c_9LHL6vndddO17z7pp11XmfcoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.62.0/23
                IPv6:
                  2a09:a7c4::/30

    Signature Algorithm: sha256WithRSAEncryption
         3e:4e:8d:02:e6:b3:80:9a:fc:1a:e0:b3:18:8c:bd:7a:7b:34:
         29:16:57:01:60:2e:5a:45:5d:58:03:b0:d3:b8:e7:c1:34:7d:
         f2:57:f4:ee:4c:55:b5:39:00:4d:62:93:d5:4a:05:ab:84:02:
         72:1a:07:02:49:f1:d3:68:32:da:e4:60:3e:05:b1:b3:09:3b:
         df:31:2f:ba:56:81:cc:3d:e5:cf:b4:cb:ad:60:bd:da:e3:5b:
         88:98:15:9e:f1:d2:0a:d5:f2:16:22:32:d7:a3:1c:b2:71:7e:
         d8:81:a3:ba:84:c6:24:aa:38:d6:62:48:d8:b4:bb:b9:4f:67:
         45:7d:64:68:45:c7:0c:e9:5b:64:18:2b:1c:95:fb:a7:ad:14:
         93:ef:a8:02:5d:12:00:02:0a:75:8a:04:1e:b1:97:cd:0c:c3:
         24:45:8c:a6:45:86:d4:60:ef:2d:81:14:22:f3:c0:2e:d6:cd:
         68:1d:9e:cf:3c:3f:2f:13:57:59:bd:9e:c7:a9:28:63:70:a3:
         2c:e5:0d:bf:16:39:32:94:eb:41:1b:d6:4d:9d:30:05:43:c4:
         e0:a1:71:e2:ef:46:d4:87:e9:10:1a:f3:ce:d8:fe:a0:da:fa:
         bd:a4:8f:6c:83:1d:a5:28:03:43:62:87:1f:aa:dc:6e:de:40:
         a1:fa:2e:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAwsxfAEw/kh4cEWeSZd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZmY0YjFjYmVhZjlkZDc1ZDNiNWVmM2VlOWE3NWQ1Nzk5
ZjcyODAwHhcNMjQwMTAyMDIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDA0ZWM4YzMzMmMyYTRkMDg2NjUzNmI1NzhhMTM5ZTNhNmQ1NjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDxKLcS/H5w3qGBTjtkKiz0uBNSD
b4ZZ5AyMYTZo48pEgPhz569Tu/Fh+Fke3jkgpFvh8XS5Kz7gk0fauHwNoWLOZMxz
Pja6B0B1ZJsGZo1hChZQu1PEtCMHokls8lAlYRaQl9J3C62zOCjIcrkNmLixdNK/
0sPKZoa1Cw831nC+dVUQKvTKypCfTBbHqVW3ws1wuTlCGYg5Fptcpn5EuzTj11eJ
bH/XIqIib0vBYe3DwyRuek3ah6Ma4QykZVE1hKbWfecvTdmUbrztx9Q2xKYP/kHB
31fhFSz0/aTbNV/bMkvJh5JW7WYJObdz/8dbAPTmXE1gMPekimsLzwtZgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKQE7IwzLCpNCGZTa1eKE546bVZ/MB8GA1UdIwQY
MBaAFHP/Sxy+r53XXTte8+6addV5n3KAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY185TEhMNnZuZGRkTzE3ejdwcDExWG1mY29BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yNmY0NGEtYWU1My00NzI3LTkwNzUt
NDM3YTM0NmIyMmY3LzEvcEFUc2pETXNLazBJWmxOclY0b1RuanB0Vm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yNmY0NGEtYWU1My00NzI3LTkwNzUtNDM3YTM0NmIyMmY3
LzEvY185TEhMNnZuZGRkTzE3ejdwcDExWG1mY29BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBufI+MA0E
AgACMAcDBQIqCafEMA0GCSqGSIb3DQEBCwUAA4IBAQA+To0C5rOAmvwa4LMYjL16
ezQpFlcBYC5aRV1YA7DTuOfBNH3yV/TuTFW1OQBNYpPVSgWrhAJyGgcCSfHTaDLa
5GA+BbGzCTvfMS+6VoHMPeXPtMutYL3a41uImBWe8dIK1fIWIjLXoxyycX7YgaO6
hMYkqjjWYkjYtLu5T2dFfWRoRccM6VtkGCsclfunrRST76gCXRIAAgp1igQesZfN
DMMkRYymRYbUYO8tgRQi88Au1s1oHZ7PPD8vE1dZvZ7HqShjcKMs5Q2/FjkylOtB
G9ZNnTAFQ8TgoXHi70bUh+kQGvPO2P6g2vq9pI9sgx2lKANDYocfqtxu3kCh+i5H
-----END CERTIFICATE-----