Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/i5gxgXiZ8Zjrg3KOfokeB0RwPpU.roa
File:                     i5gxgXiZ8Zjrg3KOfokeB0RwPpU.roa (raw, json)
Hash identifier:          ApFTMo6snQDax3dcI4Gma5H/8WtTNKz+KdtKfkqSQZU=
Subject key identifier:   8B:98:31:81:78:99:F1:98:EB:83:72:8E:7E:89:1E:07:44:70:3E:95
Certificate issuer:       /CN=1627573c68929ab2a4590e92a51abc40ea9e5817
Certificate serial:       018CC5DD0E2B4F797F35AEEF228CCFD532A9
Authority key identifier: 16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/i5gxgXiZ8Zjrg3KOfokeB0RwPpU.roa
Signing time:             Mon 01 Jan 2024 16:30:47 +0000
ROA not before:           Mon 01 Jan 2024 16:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44808
IP address blocks:        185.175.96.0/22 maxlen: 22
                          2a0b:e300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:0e:2b:4f:79:7f:35:ae:ef:22:8c:cf:d5:32:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1627573c68929ab2a4590e92a51abc40ea9e5817
        Validity
            Not Before: Jan  1 16:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b9831817899f198eb83728e7e891e0744703e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b6:4a:dc:09:d3:de:a6:72:d0:60:e2:92:ab:
                    aa:1b:2f:bb:bf:e8:95:03:41:f3:7f:d1:2e:f8:c4:
                    c3:4d:9c:5c:7b:75:08:d6:fb:6a:67:39:b7:ea:8c:
                    ac:2d:c7:1c:d8:99:60:dd:3c:43:70:61:44:2d:75:
                    f1:47:83:a8:0d:3e:3c:d9:7c:f0:6e:97:c6:f3:51:
                    21:a2:bf:f6:3b:98:17:c3:63:db:34:9e:a5:c8:19:
                    36:ae:62:7c:10:10:0a:e6:54:65:73:37:b0:5f:38:
                    5a:30:de:89:ae:e7:93:47:87:68:c0:f6:fb:5a:e8:
                    f6:90:b7:bb:a9:2a:a1:ca:49:75:15:98:d8:88:db:
                    f3:7c:60:05:aa:82:32:71:05:ef:82:fa:b3:35:84:
                    e8:75:e1:cb:64:ec:47:87:ec:99:0a:91:d4:48:a1:
                    5f:33:d6:6c:63:48:e2:68:87:83:38:40:bf:5f:17:
                    7f:ff:f3:85:56:11:b2:2e:38:1b:3a:76:66:bf:ab:
                    45:82:b8:4e:e9:ab:ef:5b:9c:8d:4d:dd:39:cc:3f:
                    92:12:91:7c:fa:78:9d:92:30:f2:cd:12:c3:5b:d4:
                    b1:92:45:79:42:9c:37:b5:ff:47:f2:eb:8f:1a:03:
                    8e:ab:4f:7b:55:f2:e2:7b:91:94:91:32:ce:5d:24:
                    c8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:98:31:81:78:99:F1:98:EB:83:72:8E:7E:89:1E:07:44:70:3E:95
            X509v3 Authority Key Identifier:
                keyid:16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/i5gxgXiZ8Zjrg3KOfokeB0RwPpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.96.0/22
                IPv6:
                  2a0b:e300::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:46:fd:79:31:d2:a5:43:ab:12:ba:8e:12:22:a2:ba:ba:78:
         dd:7b:5f:4c:6c:17:84:1a:36:cc:6b:18:97:2c:77:47:34:45:
         a7:e3:64:18:b9:f8:d2:7f:f5:b8:bf:50:e0:16:64:09:23:1c:
         b2:b1:01:a6:19:f5:6d:dc:9d:59:6c:0d:b7:29:68:8e:60:08:
         52:c4:a3:44:ad:3f:5e:ae:f0:e0:dd:16:c9:ce:dc:63:15:53:
         1c:2b:62:5e:00:15:0e:d0:5a:5e:e2:79:1d:2c:09:0c:e6:31:
         71:5c:dd:76:0b:8e:07:37:7c:ff:c0:24:71:1a:66:06:e7:99:
         5c:07:74:63:eb:20:51:5c:fe:d8:8e:91:d5:11:a4:39:64:4f:
         81:2e:7d:9f:ed:0f:d0:50:7e:d4:29:1d:96:1d:9e:b5:78:44:
         36:69:66:38:8b:d1:f8:65:f6:c2:ff:92:80:60:8a:c8:3f:72:
         e2:5a:63:58:08:ed:22:1b:99:35:fa:f1:66:63:a8:12:27:61:
         7f:65:4a:e3:fe:c7:6c:93:5d:bb:3b:01:95:d8:f7:59:52:19:
         70:7a:7a:76:40:9d:e5:d8:08:61:c5:2c:c4:58:ee:d8:13:c5:
         04:f8:a5:f2:8b:ab:43:7c:9c:51:f2:32:5f:a1:46:4d:1d:d2:
         86:37:15:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Q4rT3l/Na7vIozP1TKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Mjc1NzNjNjg5MjlhYjJhNDU5MGU5MmE1MWFiYzQwZWE5
ZTU4MTcwHhcNMjQwMTAxMTYzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjk4MzE4MTc4OTlmMTk4ZWI4MzcyOGU3ZTg5MWUwNzQ0NzAzZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrZK3AnT3qZy0GDikquqGy+7v+iV
A0Hzf9Eu+MTDTZxce3UI1vtqZzm36oysLccc2Jlg3TxDcGFELXXxR4OoDT482Xzw
bpfG81Ehor/2O5gXw2PbNJ6lyBk2rmJ8EBAK5lRlczewXzhaMN6JrueTR4dowPb7
Wuj2kLe7qSqhykl1FZjYiNvzfGAFqoIycQXvgvqzNYTodeHLZOxHh+yZCpHUSKFf
M9ZsY0jiaIeDOEC/Xxd///OFVhGyLjgbOnZmv6tFgrhO6avvW5yNTd05zD+SEpF8
+nidkjDyzRLDW9SxkkV5Qpw3tf9H8uuPGgOOq097VfLie5GUkTLOXSTI4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIuYMYF4mfGY64Nyjn6JHgdEcD6VMB8GA1UdIwQY
MBaAFBYnVzxokpqypFkOkqUavEDqnlgXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2Ut
ZTZmOWRiNzQxMzlkLzEvaTVneGdYaVo4WmpyZzNLT2Zva2VCMFJ3UHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2UtZTZmOWRiNzQxMzlk
LzEvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua9gMA0E
AgACMAcDBQAqC+MAMA0GCSqGSIb3DQEBCwUAA4IBAQB3Rv15MdKlQ6sSuo4SIqK6
unjde19MbBeEGjbMaxiXLHdHNEWn42QYufjSf/W4v1DgFmQJIxyysQGmGfVt3J1Z
bA23KWiOYAhSxKNErT9ervDg3RbJztxjFVMcK2JeABUO0Fpe4nkdLAkM5jFxXN12
C44HN3z/wCRxGmYG55lcB3Rj6yBRXP7YjpHVEaQ5ZE+BLn2f7Q/QUH7UKR2WHZ61
eEQ2aWY4i9H4ZfbC/5KAYIrIP3LiWmNYCO0iG5k1+vFmY6gSJ2F/ZUrj/sdsk127
OwGV2PdZUhlwenp2QJ3l2AhhxSzEWO7YE8UE+KXyi6tDfJxR8jJfoUZNHdKGNxUX
-----END CERTIFICATE-----