Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/98c5c3-9928-4957-9448-a60138c1c046/1/p04K3WYTMOqWR1kmBzCP1x4muVE.roa
File:                     p04K3WYTMOqWR1kmBzCP1x4muVE.roa (raw, json)
Hash identifier:          9/L3n4c7XKE0BT/9Iay7ren7cZ9Rv4un68IZJ8T27H4=
Subject key identifier:   A7:4E:0A:DD:66:13:30:EA:96:47:59:26:07:30:8F:D7:1E:26:B9:51
Certificate issuer:       /CN=0400d77ef9ea0ed2952be2f60fad3aecc2e168ac
Certificate serial:       018CCA2B0030B8014CF51B7D1A5E396C8201
Authority key identifier: 04:00:D7:7E:F9:EA:0E:D2:95:2B:E2:F6:0F:AD:3A:EC:C2:E1:68:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BADXfvnqDtKVK-L2D6067MLhaKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/98c5c3-9928-4957-9448-a60138c1c046/1/p04K3WYTMOqWR1kmBzCP1x4muVE.roa
Signing time:             Tue 02 Jan 2024 12:34:24 +0000
ROA not before:           Tue 02 Jan 2024 12:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59802
IP address blocks:        185.68.198.0/23 maxlen: 24
                          2a05:19c0:2::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/98c5c3-9928-4957-9448-a60138c1c046/1/BADXfvnqDtKVK-L2D6067MLhaKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/98c5c3-9928-4957-9448-a60138c1c046/1/BADXfvnqDtKVK-L2D6067MLhaKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BADXfvnqDtKVK-L2D6067MLhaKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:00:30:b8:01:4c:f5:1b:7d:1a:5e:39:6c:82:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0400d77ef9ea0ed2952be2f60fad3aecc2e168ac
        Validity
            Not Before: Jan  2 12:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74e0add661330ea9647592607308fd71e26b951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:69:2f:70:b4:23:b2:ae:9a:c3:b3:51:2d:ee:
                    bc:a3:36:bb:9f:d3:81:7c:1a:ee:ef:b7:76:45:42:
                    86:13:39:9f:95:ce:01:76:2e:8d:a3:f6:3c:e8:24:
                    fa:84:21:7e:4f:03:c7:64:e8:22:f3:5d:6c:8c:83:
                    93:b7:86:6e:42:c4:eb:00:00:76:89:e5:02:70:bf:
                    4d:23:4d:bc:94:dc:c3:da:a0:ae:27:23:26:c7:ca:
                    56:8b:93:0c:f7:89:76:0c:03:9b:01:a8:98:c6:78:
                    af:64:f0:20:25:3b:62:fa:06:6a:38:6b:14:bf:d5:
                    82:58:c6:04:6c:bd:0d:fc:48:2a:1d:90:36:fb:8c:
                    3c:a8:55:39:23:10:19:f0:31:46:7d:50:c1:de:87:
                    37:d5:a4:66:a9:0b:89:41:b3:b2:1e:d5:b1:2b:c4:
                    d8:4e:d1:69:03:c5:05:ac:d8:65:e3:8e:d1:fd:d0:
                    83:a7:aa:03:55:9d:8c:af:e2:33:72:e2:dd:49:87:
                    b1:fb:44:f5:b6:5d:c4:19:bf:5a:49:b5:ea:96:a1:
                    42:ad:18:5c:62:71:a6:6d:75:44:7b:5f:aa:08:b5:
                    31:3f:ac:13:ac:19:d7:25:32:3b:71:cc:35:b6:89:
                    5e:d4:e6:7c:5f:e7:1b:fd:97:4d:5c:6c:e8:ed:75:
                    a2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4E:0A:DD:66:13:30:EA:96:47:59:26:07:30:8F:D7:1E:26:B9:51
            X509v3 Authority Key Identifier:
                keyid:04:00:D7:7E:F9:EA:0E:D2:95:2B:E2:F6:0F:AD:3A:EC:C2:E1:68:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BADXfvnqDtKVK-L2D6067MLhaKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/98c5c3-9928-4957-9448-a60138c1c046/1/p04K3WYTMOqWR1kmBzCP1x4muVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/98c5c3-9928-4957-9448-a60138c1c046/1/BADXfvnqDtKVK-L2D6067MLhaKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.198.0/23
                IPv6:
                  2a05:19c0:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         0d:6f:24:f7:73:c5:2b:9a:a2:80:b4:c5:6f:76:3b:a1:a5:80:
         db:6a:27:3e:c2:16:e7:85:7a:cc:4e:ac:d7:6d:2f:10:69:71:
         8b:6c:91:3e:06:50:48:cf:b8:37:a7:05:2f:ea:70:e5:81:ba:
         07:b1:dc:a4:02:26:7f:ee:82:db:f1:db:0d:a2:ad:c8:ab:ed:
         b3:3e:72:06:4c:0e:0a:8a:ff:8d:f4:7a:cf:35:90:36:9d:39:
         1c:b6:7f:ff:ab:b3:1b:d7:4b:20:b0:fd:b3:53:35:30:ed:cb:
         ac:37:be:88:c7:0a:56:d3:3a:6a:bf:3c:f4:da:eb:d0:d5:82:
         c4:d1:c3:a1:fd:0d:c7:dd:1f:67:d1:10:d3:08:5e:1e:b1:4d:
         e8:4e:b9:73:5d:2c:2f:2f:80:ae:d9:98:d6:79:2f:5a:de:e0:
         25:cd:c3:fc:15:37:24:c4:19:f0:37:12:a1:9a:25:20:87:ee:
         6c:17:b9:eb:a3:ed:45:fe:43:78:bc:b7:d1:10:45:22:0f:b1:
         8a:df:7a:31:d7:ba:62:73:f4:1d:fc:e0:fe:05:93:e2:8b:47:
         65:83:ab:cb:85:49:83:fc:e2:ca:88:f3:09:43:f7:05:7a:2e:
         a9:0b:32:6e:9d:8b:8d:56:ab:af:c4:f6:9c:de:bc:ef:b9:53:
         2b:d2:8c:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKwAwuAFM9Rt9Gl45bIIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MDBkNzdlZjllYTBlZDI5NTJiZTJmNjBmYWQzYWVjYzJl
MTY4YWMwHhcNMjQwMTAyMTIzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRlMGFkZDY2MTMzMGVhOTY0NzU5MjYwNzMwOGZkNzFlMjZiOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGkvcLQjsq6aw7NRLe68oza7n9OB
fBru77d2RUKGEzmflc4Bdi6No/Y86CT6hCF+TwPHZOgi811sjIOTt4ZuQsTrAAB2
ieUCcL9NI028lNzD2qCuJyMmx8pWi5MM94l2DAObAaiYxnivZPAgJTti+gZqOGsU
v9WCWMYEbL0N/EgqHZA2+4w8qFU5IxAZ8DFGfVDB3oc31aRmqQuJQbOyHtWxK8TY
TtFpA8UFrNhl447R/dCDp6oDVZ2Mr+IzcuLdSYex+0T1tl3EGb9aSbXqlqFCrRhc
YnGmbXVEe1+qCLUxP6wTrBnXJTI7ccw1tole1OZ8X+cb/ZdNXGzo7XWiNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKdOCt1mEzDqlkdZJgcwj9ceJrlRMB8GA1UdIwQY
MBaAFAQA13756g7SlSvi9g+tOuzC4WisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkFEWGZ2bnFEdEtWSy1MMkQ2MDY3TUxoYUt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy85OGM1YzMtOTkyOC00OTU3LTk0NDgt
YTYwMTM4YzFjMDQ2LzEvcDA0SzNXWVRNT3FXUjFrbUJ6Q1AxeDRtdVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy85OGM1YzMtOTkyOC00OTU3LTk0NDgtYTYwMTM4YzFjMDQ2
LzEvQkFEWGZ2bnFEdEtWSy1MMkQ2MDY3TUxoYUt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuUTGMA8E
AgACMAkDBwEqBRnAAAIwDQYJKoZIhvcNAQELBQADggEBAA1vJPdzxSuaooC0xW92
O6GlgNtqJz7CFueFesxOrNdtLxBpcYtskT4GUEjPuDenBS/qcOWBugex3KQCJn/u
gtvx2w2ircir7bM+cgZMDgqK/430es81kDadORy2f/+rsxvXSyCw/bNTNTDty6w3
vojHClbTOmq/PPTa69DVgsTRw6H9DcfdH2fRENMIXh6xTehOuXNdLC8vgK7ZmNZ5
L1re4CXNw/wVNyTEGfA3EqGaJSCH7mwXueuj7UX+Q3i8t9EQRSIPsYrfejHXumJz
9B384P4Fk+KLR2WDq8uFSYP84sqI8wlD9wV6LqkLMm6di41Wq6/E9pzevO+5UyvS
jDU=
-----END CERTIFICATE-----