Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/4c2734-1139-4a3f-8f84-974488bcb723/1/p6EiL6tuy0bstxyT0v-ieLT25EI.roa
File:                     p6EiL6tuy0bstxyT0v-ieLT25EI.roa (raw, json)
Hash identifier:          MxCsnwT6iNlDzjA56vqzOit12WoaWQ2fvp4Mlh/PwGk=
Subject key identifier:   A7:A1:22:2F:AB:6E:CB:46:EC:B7:1C:93:D2:FF:A2:78:B4:F6:E4:42
Certificate issuer:       /CN=1ff5268752cbb524bcfe4b5a4976ff0f85d389af
Certificate serial:       018CC6B7911B269EE73918D5B6001B501C07
Authority key identifier: 1F:F5:26:87:52:CB:B5:24:BC:FE:4B:5A:49:76:FF:0F:85:D3:89:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H_Umh1LLtSS8_ktaSXb_D4XTia8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/4c2734-1139-4a3f-8f84-974488bcb723/1/p6EiL6tuy0bstxyT0v-ieLT25EI.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49784
IP address blocks:        185.12.216.0/22 maxlen: 24
                          2a03:8940::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/4c2734-1139-4a3f-8f84-974488bcb723/1/H_Umh1LLtSS8_ktaSXb_D4XTia8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/4c2734-1139-4a3f-8f84-974488bcb723/1/H_Umh1LLtSS8_ktaSXb_D4XTia8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H_Umh1LLtSS8_ktaSXb_D4XTia8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 22:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:91:1b:26:9e:e7:39:18:d5:b6:00:1b:50:1c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ff5268752cbb524bcfe4b5a4976ff0f85d389af
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7a1222fab6ecb46ecb71c93d2ffa278b4f6e442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5f:24:e2:17:9e:b2:f9:3f:a8:da:35:98:e0:
                    21:24:6e:e5:ad:5d:9d:f7:b8:d9:94:d6:7f:44:94:
                    50:06:24:f6:4a:f4:60:55:d3:ed:db:54:41:02:27:
                    08:d0:ca:b2:79:a7:8f:23:af:33:5c:09:30:02:b5:
                    a5:a8:65:08:2f:de:cb:5e:20:fb:f9:89:5f:12:4c:
                    72:9d:fb:d3:0f:8f:bf:a8:ab:c0:24:6d:e0:eb:5d:
                    e5:7d:e3:31:55:cf:d4:4d:30:82:f5:42:a7:27:0c:
                    4b:78:a8:06:5a:c6:88:c2:b9:9e:8c:55:d2:2c:ef:
                    a8:08:ef:3a:bb:82:47:30:3b:28:ab:ea:88:5f:00:
                    61:8e:2f:99:70:ee:12:78:bb:66:d8:3b:93:3d:92:
                    af:d0:b7:ac:0d:f2:07:b2:ff:81:10:bc:08:66:b8:
                    1f:62:12:14:b8:a5:42:0e:1a:8f:2e:e4:5a:01:f9:
                    c4:4b:4f:8f:ec:25:d2:2f:3f:1b:df:c0:b1:fd:6a:
                    94:92:99:8b:a7:6e:a5:61:a0:cd:6f:b2:0f:09:ae:
                    e6:62:9c:1a:85:7f:05:bb:e2:19:1c:e0:f8:77:18:
                    50:ed:4e:68:e6:7f:6f:5f:5d:d4:08:86:3f:34:b6:
                    d3:9a:9e:77:da:da:09:b7:00:9a:93:34:49:88:e7:
                    0e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A1:22:2F:AB:6E:CB:46:EC:B7:1C:93:D2:FF:A2:78:B4:F6:E4:42
            X509v3 Authority Key Identifier:
                keyid:1F:F5:26:87:52:CB:B5:24:BC:FE:4B:5A:49:76:FF:0F:85:D3:89:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H_Umh1LLtSS8_ktaSXb_D4XTia8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/4c2734-1139-4a3f-8f84-974488bcb723/1/p6EiL6tuy0bstxyT0v-ieLT25EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/4c2734-1139-4a3f-8f84-974488bcb723/1/H_Umh1LLtSS8_ktaSXb_D4XTia8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.216.0/22
                IPv6:
                  2a03:8940::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:96:2d:6e:57:4b:63:9f:3b:b0:ec:90:d6:4d:6a:99:4c:71:
         51:e2:f6:e7:02:1c:1a:cc:b4:fb:48:51:49:bd:1c:0e:13:d8:
         b3:42:6a:b2:b4:fe:63:59:09:a8:43:ec:22:20:d0:b1:38:a4:
         24:27:55:58:fc:97:4b:37:23:c9:e6:1a:87:11:af:49:87:09:
         39:36:29:1e:b8:22:72:b9:e1:2c:78:7c:b6:2d:45:94:86:5c:
         a9:8b:d5:0d:83:41:93:69:b7:15:c8:ae:70:d2:34:35:17:d3:
         75:dd:71:18:21:d6:51:5d:60:34:4e:8d:c1:64:3a:81:39:5a:
         b4:34:34:49:fe:46:e0:0d:42:7d:4f:55:65:c2:3d:37:db:91:
         df:77:77:7a:3f:1b:b1:dd:37:06:50:da:5e:da:05:fe:fb:a3:
         0c:1a:89:96:89:05:0c:9c:01:5a:91:61:9e:fa:e2:b9:bd:b9:
         fc:34:f5:50:ab:ce:05:9e:38:ea:ee:02:4d:79:28:1e:34:d2:
         85:be:8e:50:2e:55:07:a8:75:2e:f4:88:10:72:3b:9e:8e:2f:
         9a:43:44:5c:5c:c2:f8:0e:87:72:05:89:7d:c0:82:c7:f3:43:
         c2:73:4d:6e:45:4b:45:5b:e2:20:6e:6c:10:6f:92:9e:96:ae:
         a7:89:e1:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt5EbJp7nORjVtgAbUBwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZjUyNjg3NTJjYmI1MjRiY2ZlNGI1YTQ5NzZmZjBmODVk
Mzg5YWYwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ExMjIyZmFiNmVjYjQ2ZWNiNzFjOTNkMmZmYTI3OGI0ZjZlNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgV8k4heesvk/qNo1mOAhJG7lrV2d
97jZlNZ/RJRQBiT2SvRgVdPt21RBAicI0MqyeaePI68zXAkwArWlqGUIL97LXiD7
+YlfEkxynfvTD4+/qKvAJG3g613lfeMxVc/UTTCC9UKnJwxLeKgGWsaIwrmejFXS
LO+oCO86u4JHMDsoq+qIXwBhji+ZcO4SeLtm2DuTPZKv0LesDfIHsv+BELwIZrgf
YhIUuKVCDhqPLuRaAfnES0+P7CXSLz8b38Cx/WqUkpmLp26lYaDNb7IPCa7mYpwa
hX8Fu+IZHOD4dxhQ7U5o5n9vX13UCIY/NLbTmp532toJtwCakzRJiOcOJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKehIi+rbstG7Lcck9L/oni09uRCMB8GA1UdIwQY
MBaAFB/1JodSy7UkvP5LWkl2/w+F04mvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSF9VbWgxTEx0U1M4X2t0YVNYYl9ENFhUaWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80YzI3MzQtMTEzOS00YTNmLThmODQt
OTc0NDg4YmNiNzIzLzEvcDZFaUw2dHV5MGJzdHh5VDB2LWllTFQyNUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80YzI3MzQtMTEzOS00YTNmLThmODQtOTc0NDg4YmNiNzIz
LzEvSF9VbWgxTEx0U1M4X2t0YVNYYl9ENFhUaWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQzYMA0E
AgACMAcDBQAqA4lAMA0GCSqGSIb3DQEBCwUAA4IBAQAwli1uV0tjnzuw7JDWTWqZ
THFR4vbnAhwazLT7SFFJvRwOE9izQmqytP5jWQmoQ+wiINCxOKQkJ1VY/JdLNyPJ
5hqHEa9Jhwk5NikeuCJyueEseHy2LUWUhlypi9UNg0GTabcVyK5w0jQ1F9N13XEY
IdZRXWA0To3BZDqBOVq0NDRJ/kbgDUJ9T1Vlwj0325Hfd3d6Pxux3TcGUNpe2gX+
+6MMGomWiQUMnAFakWGe+uK5vbn8NPVQq84Fnjjq7gJNeSgeNNKFvo5QLlUHqHUu
9IgQcjueji+aQ0RcXML4DodyBYl9wILH80PCc01uRUtFW+IgbmwQb5Kelq6nieEn
-----END CERTIFICATE-----