Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/Q0PKPk1J9rMYN-pkv-g4fKHdJ3g.roa
File:                     Q0PKPk1J9rMYN-pkv-g4fKHdJ3g.roa (raw, json)
Hash identifier:          lAmUUtc7nhE4yZ9NPq/5JbwuTg19dNFOOHopj64Dy+s=
Subject key identifier:   43:43:CA:3E:4D:49:F6:B3:18:37:EA:64:BF:E8:38:7C:A1:DD:27:78
Certificate issuer:       /CN=76fe3055e87290000e3287f7ab5883802a5aa6da
Certificate serial:       018CC26D21A3345412688E17D2A6BBF2AD90
Authority key identifier: 76:FE:30:55:E8:72:90:00:0E:32:87:F7:AB:58:83:80:2A:5A:A6:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/Q0PKPk1J9rMYN-pkv-g4fKHdJ3g.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206651
IP address blocks:        185.179.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:21:a3:34:54:12:68:8e:17:d2:a6:bb:f2:ad:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76fe3055e87290000e3287f7ab5883802a5aa6da
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4343ca3e4d49f6b31837ea64bfe8387ca1dd2778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:71:54:07:9e:73:61:b5:4a:f8:41:a5:62:da:
                    3c:17:9a:0d:ba:b4:0b:a0:19:c6:34:f5:74:07:e1:
                    b8:91:fa:e9:52:bc:10:c2:78:43:c9:fe:f2:77:28:
                    70:8e:f2:17:e0:6e:78:e3:67:63:8f:fe:6e:1f:5b:
                    5d:da:7c:2a:af:ef:ac:df:56:26:90:d7:e9:30:03:
                    91:26:b0:7e:f9:8c:90:02:29:6b:9b:a4:13:d0:9e:
                    43:e7:cb:83:27:d3:f3:7a:eb:2c:61:8e:26:b7:59:
                    3d:56:6f:f1:a4:4f:39:53:f0:71:90:75:f9:8d:15:
                    67:28:42:94:f9:3c:fe:bd:c9:3a:c7:8e:54:9f:85:
                    6c:ab:77:f5:c0:89:f4:7f:d8:85:03:0c:17:7b:30:
                    25:8e:45:17:ef:3f:c8:9d:a1:cf:fd:75:76:5f:9d:
                    64:70:38:5a:6f:67:11:f5:ae:d8:47:2e:4b:6a:75:
                    4f:27:04:58:60:5d:9f:14:8f:86:5e:bd:fd:22:d9:
                    d9:04:6f:a7:32:b6:04:3e:7a:ed:21:99:08:79:34:
                    13:f1:60:4a:5a:26:9e:c2:2a:83:77:e9:34:f2:3b:
                    f6:aa:10:50:cc:be:b8:9b:40:e5:d8:56:85:b4:f1:
                    21:fb:de:1a:28:a0:fa:cc:45:72:e9:a1:ab:cc:00:
                    eb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:43:CA:3E:4D:49:F6:B3:18:37:EA:64:BF:E8:38:7C:A1:DD:27:78
            X509v3 Authority Key Identifier:
                keyid:76:FE:30:55:E8:72:90:00:0E:32:87:F7:AB:58:83:80:2A:5A:A6:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dv4wVehykAAOMof3q1iDgCpapto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/Q0PKPk1J9rMYN-pkv-g4fKHdJ3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bce141-e9c2-4a5d-8e16-84b5176a2a4c/1/dv4wVehykAAOMof3q1iDgCpapto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:9a:b8:0d:7b:44:a2:89:17:39:8f:04:12:75:c3:60:6c:e5:
         bb:85:fa:d4:cd:2f:b1:75:d6:48:ee:8d:80:8b:2d:1c:7f:21:
         e3:ca:4d:b3:51:41:0a:96:19:94:05:19:21:0f:7a:a9:f8:32:
         f6:ed:33:7f:1a:04:b6:7b:4d:83:5a:89:01:29:2a:fe:a2:48:
         0d:73:01:da:93:31:51:06:75:19:4a:36:80:c0:f4:6b:f5:6b:
         52:80:4d:38:db:69:ce:f2:2c:8c:bc:b3:34:1c:64:96:52:37:
         a6:b4:2c:70:56:ec:fd:51:c2:18:12:16:7b:ad:1e:e2:86:18:
         88:9b:40:cd:f6:09:1b:3f:e6:3a:3a:0c:b5:71:9e:e7:d5:8a:
         f9:f2:7f:a1:e6:d3:d3:85:43:e2:dd:dd:ca:53:6c:37:0e:43:
         e8:92:c0:c3:b3:0b:1f:cc:da:c9:26:b4:3b:d6:d5:77:87:3b:
         9e:ea:56:7c:e6:57:1e:02:64:f9:70:85:9b:3a:84:54:b1:7e:
         52:18:a6:75:20:17:5b:e5:45:a8:17:f8:52:4e:c6:6d:eb:72:
         cb:ac:75:64:c6:2d:13:4b:15:88:c7:12:cb:3f:8a:f8:1c:28:
         48:7b:13:b0:b3:ed:43:dd:8e:ed:27:06:b9:6c:a8:0b:33:4f:
         24:26:7d:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSGjNFQSaI4X0qa78q2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZmUzMDU1ZTg3MjkwMDAwZTMyODdmN2FiNTg4MzgwMmE1
YWE2ZGEwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQzY2EzZTRkNDlmNmIzMTgzN2VhNjRiZmU4Mzg3Y2ExZGQyNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHFUB55zYbVK+EGlYto8F5oNurQL
oBnGNPV0B+G4kfrpUrwQwnhDyf7ydyhwjvIX4G5442djj/5uH1td2nwqr++s31Ym
kNfpMAORJrB++YyQAilrm6QT0J5D58uDJ9PzeussYY4mt1k9Vm/xpE85U/BxkHX5
jRVnKEKU+Tz+vck6x45Un4Vsq3f1wIn0f9iFAwwXezAljkUX7z/InaHP/XV2X51k
cDhab2cR9a7YRy5LanVPJwRYYF2fFI+GXr39ItnZBG+nMrYEPnrtIZkIeTQT8WBK
WiaewiqDd+k08jv2qhBQzL64m0Dl2FaFtPEh+94aKKD6zEVy6aGrzADr5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENDyj5NSfazGDfqZL/oOHyh3Sd4MB8GA1UdIwQY
MBaAFHb+MFXocpAADjKH96tYg4AqWqbaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHY0d1ZlaHlrQUFPTW9mM3ExaURnQ3BhcHRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iY2UxNDEtZTljMi00YTVkLThlMTYt
ODRiNTE3NmEyYTRjLzEvUTBQS1BrMUo5ck1ZTi1wa3YtZzRmS0hkSjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iY2UxNDEtZTljMi00YTVkLThlMTYtODRiNTE3NmEyYTRj
LzEvZHY0d1ZlaHlrQUFPTW9mM3ExaURnQ3BhcHRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubOEMA0G
CSqGSIb3DQEBCwUAA4IBAQA2mrgNe0SiiRc5jwQSdcNgbOW7hfrUzS+xddZI7o2A
iy0cfyHjyk2zUUEKlhmUBRkhD3qp+DL27TN/GgS2e02DWokBKSr+okgNcwHakzFR
BnUZSjaAwPRr9WtSgE0422nO8iyMvLM0HGSWUjemtCxwVuz9UcIYEhZ7rR7ihhiI
m0DN9gkbP+Y6Ogy1cZ7n1Yr58n+h5tPThUPi3d3KU2w3DkPoksDDswsfzNrJJrQ7
1tV3hzue6lZ85lceAmT5cIWbOoRUsX5SGKZ1IBdb5UWoF/hSTsZt63LLrHVkxi0T
SxWIxxLLP4r4HChIexOws+1D3Y7tJwa5bKgLM08kJn0n
-----END CERTIFICATE-----