Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/IQqbZ50k4tqId4-Gt0FYolMv9tY.roa
File:                     IQqbZ50k4tqId4-Gt0FYolMv9tY.roa (raw, json)
Hash identifier:          Z3OM+bmXzzVV5Notn1NpB4WZ/QqmqGEGuouF3XtYV0E=
Subject key identifier:   21:0A:9B:67:9D:24:E2:DA:88:77:8F:86:B7:41:58:A2:53:2F:F6:D6
Certificate issuer:       /CN=500596ce6073e8ededc5105f814ec97191b5e1d5
Certificate serial:       018CC8DEFFDF6A4DD09B0E5E7453BA8DDC5B
Authority key identifier: 50:05:96:CE:60:73:E8:ED:ED:C5:10:5F:81:4E:C9:71:91:B5:E1:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAWWzmBz6O3txRBfgU7JcZG14dU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/IQqbZ50k4tqId4-Gt0FYolMv9tY.roa
Signing time:             Tue 02 Jan 2024 06:31:46 +0000
ROA not before:           Tue 02 Jan 2024 06:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        185.140.140.0/22 maxlen: 23
                          2a07:1b80::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/UAWWzmBz6O3txRBfgU7JcZG14dU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/UAWWzmBz6O3txRBfgU7JcZG14dU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAWWzmBz6O3txRBfgU7JcZG14dU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ff:df:6a:4d:d0:9b:0e:5e:74:53:ba:8d:dc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500596ce6073e8ededc5105f814ec97191b5e1d5
        Validity
            Not Before: Jan  2 06:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=210a9b679d24e2da88778f86b74158a2532ff6d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c1:2a:5a:ea:5d:91:23:7c:ae:e0:b5:db:8a:
                    9b:9b:b2:f2:d9:87:1f:fb:53:eb:05:e9:98:d0:97:
                    30:56:ff:52:e1:07:68:7a:40:f0:42:16:b9:53:5a:
                    7c:db:c4:99:15:ad:9b:b2:7b:08:57:d6:50:4a:42:
                    08:c5:fe:99:7d:13:f1:cd:9b:72:cb:2f:df:e6:7d:
                    ee:90:86:96:02:af:e4:ab:e6:0f:84:4c:09:0f:eb:
                    94:2f:e4:61:c9:a3:16:5d:52:53:03:30:d9:53:40:
                    bb:06:b8:cd:b9:7c:b6:e3:49:c8:40:ba:b6:ef:69:
                    99:24:32:76:dc:2d:13:f9:56:21:3b:49:fc:3a:16:
                    95:f7:b8:9f:f3:6e:67:d3:05:b9:15:d9:3e:65:27:
                    2e:0f:11:dc:9a:be:63:e1:d8:df:20:1b:23:14:5d:
                    92:b0:21:12:64:41:5c:80:29:66:75:a0:75:c6:ea:
                    d3:b9:d4:f6:3d:17:72:40:29:d9:42:bc:ce:8a:a6:
                    78:26:82:0d:89:44:72:81:ea:1a:e4:38:3b:b2:67:
                    91:ec:cc:bd:e1:14:d4:74:db:01:fb:f6:13:da:09:
                    f4:3f:f8:95:50:b3:ab:9f:86:92:cd:5c:72:0c:57:
                    35:de:01:ba:1f:22:a6:da:4d:36:f8:07:17:b6:47:
                    93:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0A:9B:67:9D:24:E2:DA:88:77:8F:86:B7:41:58:A2:53:2F:F6:D6
            X509v3 Authority Key Identifier:
                keyid:50:05:96:CE:60:73:E8:ED:ED:C5:10:5F:81:4E:C9:71:91:B5:E1:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAWWzmBz6O3txRBfgU7JcZG14dU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/IQqbZ50k4tqId4-Gt0FYolMv9tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/UAWWzmBz6O3txRBfgU7JcZG14dU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.140.0/22
                IPv6:
                  2a07:1b80::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:9d:bd:13:dc:39:6f:bc:4b:11:ec:6d:de:b7:9d:d9:db:d1:
         15:6a:f7:d2:3a:9a:a7:7a:d8:05:81:4e:fa:d4:45:07:21:9e:
         7f:cf:d5:1c:db:46:30:a7:c0:6b:16:47:71:6b:fb:45:00:d5:
         19:78:45:ad:dc:ca:cc:01:21:a7:8f:55:8b:6f:ed:5c:ca:b1:
         73:92:b9:48:b9:17:8f:1a:14:bf:f8:26:00:8f:fa:3c:7c:de:
         c0:f5:16:c4:24:4d:d5:5a:58:c8:ac:08:27:de:09:fd:83:a4:
         bd:9d:4a:57:cf:df:66:07:ce:65:14:46:52:07:9f:6d:7a:40:
         01:79:cf:e3:a6:d0:b0:cd:c9:42:e5:aa:8f:f0:4b:4b:45:0e:
         67:c1:5a:bc:39:7b:d0:c1:98:df:80:08:ea:9c:76:d1:ad:9d:
         87:51:29:34:00:69:65:e3:ca:34:4d:78:3f:9c:de:11:09:97:
         22:c5:ad:10:71:90:e6:aa:1f:bf:c1:af:54:12:e8:da:fa:2f:
         1a:40:b4:43:77:70:30:82:30:24:0c:a6:f6:5c:4f:d8:65:49:
         3e:7c:58:5c:fe:36:a4:72:62:78:85:ef:f9:71:49:ec:42:f9:
         bf:d7:95:4d:6d:e8:ad:25:0a:c3:c3:84:c2:05:01:20:19:c8:
         45:e6:b1:c0
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzI3v/fak3Qmw5edFO6jdxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMDU5NmNlNjA3M2U4ZWRlZGM1MTA1ZjgxNGVjOTcxOTFi
NWUxZDUwHhcNMjQwMTAyMDYzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBhOWI2NzlkMjRlMmRhODg3NzhmODZiNzQxNThhMjUzMmZmNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8EqWupdkSN8ruC124qbm7Ly2Ycf
+1PrBemY0JcwVv9S4QdoekDwQha5U1p828SZFa2bsnsIV9ZQSkIIxf6ZfRPxzZty
yy/f5n3ukIaWAq/kq+YPhEwJD+uUL+RhyaMWXVJTAzDZU0C7BrjNuXy240nIQLq2
72mZJDJ23C0T+VYhO0n8OhaV97if825n0wW5Fdk+ZScuDxHcmr5j4djfIBsjFF2S
sCESZEFcgClmdaB1xurTudT2PRdyQCnZQrzOiqZ4JoINiURygeoa5Dg7smeR7My9
4RTUdNsB+/YT2gn0P/iVULOrn4aSzVxyDFc13gG6HyKm2k02+AcXtkeT3wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCEKm2edJOLaiHePhrdBWKJTL/bWMB8GA1UdIwQY
MBaAFFAFls5gc+jt7cUQX4FOyXGRteHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFXV3ptQno2TzN0eFJCZmdVN0pjWkcxNGRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80YTI2MDQtNjZiNi00Y2IwLTlkMWUt
MWUxNjdmYTExM2IyLzEvSVFxYlo1MGs0dHFJZDQtR3QwRllvbE12OXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80YTI2MDQtNjZiNi00Y2IwLTlkMWUtMWUxNjdmYTExM2Iy
LzEvVUFXV3ptQno2TzN0eFJCZmdVN0pjWkcxNGRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCuYyMMA4E
AgACMAgDBgAqBxuAADANBgkqhkiG9w0BAQsFAAOCAQEAYp29E9w5b7xLEext3red
2dvRFWr30jqap3rYBYFO+tRFByGef8/VHNtGMKfAaxZHcWv7RQDVGXhFrdzKzAEh
p49Vi2/tXMqxc5K5SLkXjxoUv/gmAI/6PHzewPUWxCRN1VpYyKwIJ94J/YOkvZ1K
V8/fZgfOZRRGUgefbXpAAXnP46bQsM3JQuWqj/BLS0UOZ8FavDl70MGY34AI6px2
0a2dh1EpNABpZePKNE14P5zeEQmXIsWtEHGQ5qofv8GvVBLo2vovGkC0Q3dwMIIw
JAym9lxP2GVJPnxYXP42pHJieIXv+XFJ7EL5v9eVTW3orSUKw8OEwgUBIBnIReax
wA==
-----END CERTIFICATE-----