Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/q0Uk5ClVTWHxHz2_hqET9KmDDoQ.roa
File:                     q0Uk5ClVTWHxHz2_hqET9KmDDoQ.roa (raw, json)
Hash identifier:          mvgGdXSJsk/p0bbGP42fNw3FNKrLafML+OfuUnF9WaM=
Subject key identifier:   AB:45:24:E4:29:55:4D:61:F1:1F:3D:BF:86:A1:13:F4:A9:83:0E:84
Certificate issuer:       /CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
Certificate serial:       018CCA2A1EFDB3ABEA6BB29563316BA5C5E9
Authority key identifier: 64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/q0Uk5ClVTWHxHz2_hqET9KmDDoQ.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.244.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1e:fd:b3:ab:ea:6b:b2:95:63:31:6b:a5:c5:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab4524e429554d61f11f3dbf86a113f4a9830e84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:03:f3:2b:ee:94:20:03:dc:01:69:7c:1f:86:
                    12:fd:f5:31:78:d2:48:71:b1:9c:06:11:8e:60:07:
                    24:65:ef:1e:44:c4:a3:3b:1f:b6:3a:a5:6c:07:d7:
                    6a:2d:ec:a2:1b:46:56:35:fa:ad:a7:d7:d0:e7:ee:
                    82:99:65:6d:af:cd:da:f9:3b:09:07:b3:ee:ab:59:
                    ba:1b:5b:95:49:f2:b8:fc:e5:68:64:54:51:16:01:
                    71:95:92:21:09:df:b2:92:98:05:df:48:a9:b0:b6:
                    f4:b1:95:1e:eb:fe:74:8c:b3:db:d8:d0:a5:fb:ad:
                    aa:76:df:84:48:f0:2f:27:45:bc:91:d7:8f:23:f8:
                    e6:54:96:30:6a:cc:e0:0c:bd:f3:fd:1b:0c:9e:3b:
                    f2:1e:4a:59:f7:eb:e5:93:da:75:91:b4:62:dc:1c:
                    f1:46:d5:8a:fa:4f:a5:0b:dd:99:38:d2:1f:ad:76:
                    fe:6d:30:f1:e4:12:e8:92:e7:c5:23:cb:0a:5b:31:
                    42:b0:51:c7:fb:7e:39:2a:07:a5:09:0f:fd:4f:2e:
                    e1:68:24:98:ed:9b:25:1a:01:49:d2:2e:ab:6e:9f:
                    f1:b5:c2:22:10:33:88:b0:27:e3:ff:f1:73:fa:ed:
                    af:81:a4:8c:53:af:3d:30:44:0d:3f:5d:4b:77:9a:
                    45:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:45:24:E4:29:55:4D:61:F1:1F:3D:BF:86:A1:13:F4:A9:83:0E:84
            X509v3 Authority Key Identifier:
                keyid:64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/q0Uk5ClVTWHxHz2_hqET9KmDDoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:9a:cb:27:e3:b9:64:f3:29:2d:df:ef:89:44:72:a0:5f:fb:
         d3:12:af:c0:a4:4e:05:a2:cd:09:67:d4:33:6a:6b:08:79:da:
         11:e8:ea:5f:90:21:24:5a:83:33:cb:82:dc:49:ae:2c:c5:55:
         0c:b1:9f:85:9f:33:8b:24:b9:d8:a0:b7:5c:92:24:99:5a:f6:
         41:13:f8:e7:c0:ed:b6:cb:57:4f:1f:bc:4d:84:06:69:75:04:
         a2:4c:aa:5a:70:fb:f0:3a:ff:85:60:21:a9:79:bb:ef:e2:5b:
         84:51:cc:bf:fc:2f:f9:34:d4:57:de:16:cf:bd:06:9b:fe:bc:
         d3:b4:9c:dc:47:f9:ed:1d:c4:3d:19:de:84:56:84:5b:a3:9e:
         90:7d:09:b9:3b:09:74:c1:f3:b4:ae:e0:c0:25:30:eb:9e:e4:
         90:2b:1c:23:28:e2:71:ff:03:c7:a3:73:ce:da:c9:7d:98:3f:
         ee:ed:eb:3b:d3:e4:98:72:d9:4e:22:9c:64:6e:6f:cd:70:e2:
         fb:d2:66:54:b1:e5:60:e2:ea:04:76:26:17:f3:7f:22:7b:2d:
         69:d0:20:87:d6:3a:4c:da:c4:25:fb:44:6b:44:52:4d:0f:60:
         f5:45:6e:6a:e2:b0:50:fa:41:e2:42:10:a0:e7:1d:05:a9:32:
         61:3e:c5:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh79s6vqa7KVYzFrpcXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGNkYmFlODRiMjZhODQ4NGIxMGMwMGViZmRmYmNiNDk5
MGMxNTcwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ1MjRlNDI5NTU0ZDYxZjExZjNkYmY4NmExMTNmNGE5ODMwZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQPzK+6UIAPcAWl8H4YS/fUxeNJI
cbGcBhGOYAckZe8eRMSjOx+2OqVsB9dqLeyiG0ZWNfqtp9fQ5+6CmWVtr83a+TsJ
B7Puq1m6G1uVSfK4/OVoZFRRFgFxlZIhCd+ykpgF30ipsLb0sZUe6/50jLPb2NCl
+62qdt+ESPAvJ0W8kdePI/jmVJYwaszgDL3z/RsMnjvyHkpZ9+vlk9p1kbRi3Bzx
RtWK+k+lC92ZONIfrXb+bTDx5BLokufFI8sKWzFCsFHH+345KgelCQ/9Ty7haCSY
7ZslGgFJ0i6rbp/xtcIiEDOIsCfj//Fz+u2vgaSMU689MEQNP11Ld5pFhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtFJOQpVU1h8R89v4ahE/Spgw6EMB8GA1UdIwQY
MBaAFGRM266EsmqEhLEMAOv9+8tJkMFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYt
ZTAzNGY2NWU3ZjYwLzEvcTBVazVDbFZUV0h4SHoyX2hxRVQ5S21ERG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYtZTAzNGY2NWU3ZjYw
LzEvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufQQMA0G
CSqGSIb3DQEBCwUAA4IBAQAfmssn47lk8ykt3++JRHKgX/vTEq/ApE4Fos0JZ9Qz
amsIedoR6OpfkCEkWoMzy4LcSa4sxVUMsZ+FnzOLJLnYoLdckiSZWvZBE/jnwO22
y1dPH7xNhAZpdQSiTKpacPvwOv+FYCGpebvv4luEUcy//C/5NNRX3hbPvQab/rzT
tJzcR/ntHcQ9Gd6EVoRbo56QfQm5Owl0wfO0ruDAJTDrnuSQKxwjKOJx/wPHo3PO
2sl9mD/u7es70+SYctlOIpxkbm/NcOL70mZUseVg4uoEdiYX838iey1p0CCH1jpM
2sQl+0RrRFJND2D1RW5q4rBQ+kHiQhCg5x0FqTJhPsUu
-----END CERTIFICATE-----