Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/AuFmPh_llmGkGRpbmYs2kUKz9wA.roa
File:                     AuFmPh_llmGkGRpbmYs2kUKz9wA.roa (raw, json)
Hash identifier:          mXln8YeRbD1ML7yB/gKGb+UnSKPY8GlCnLWln8K/NO4=
Subject key identifier:   02:E1:66:3E:1F:E5:96:61:A4:19:1A:5B:99:8B:36:91:42:B3:F7:00
Certificate issuer:       /CN=30aff75209684a354669061d23da29f8ea2f1d5e
Certificate serial:       018CC801DB18AB8B5D38AC177A8C5EFA4ECA
Authority key identifier: 30:AF:F7:52:09:68:4A:35:46:69:06:1D:23:DA:29:F8:EA:2F:1D:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/AuFmPh_llmGkGRpbmYs2kUKz9wA.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207185
IP address blocks:        185.90.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:db:18:ab:8b:5d:38:ac:17:7a:8c:5e:fa:4e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30aff75209684a354669061d23da29f8ea2f1d5e
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02e1663e1fe59661a4191a5b998b369142b3f700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3d:3a:3f:c8:8a:4e:8d:69:e9:e3:77:4e:9a:
                    1b:cd:a7:ca:71:76:1f:b7:78:d5:fe:5c:96:cb:43:
                    c6:c7:51:dd:b7:40:c8:55:42:6f:72:65:63:41:42:
                    a3:9d:07:82:9b:e6:ba:87:a6:60:5c:f6:9a:38:96:
                    38:79:82:b0:44:1c:4d:1c:d8:40:79:d4:da:45:64:
                    c7:fe:61:b7:28:dd:e0:db:71:c6:ca:fb:cb:c5:8c:
                    6a:b3:f7:0d:42:7b:4f:41:89:2e:90:5a:e4:8f:a2:
                    d4:1a:ce:ef:1b:55:1f:ae:7f:a7:8b:21:85:d4:90:
                    b7:41:c7:44:a2:50:d3:d4:a8:90:2f:be:10:1d:0c:
                    cb:18:4e:85:ad:f4:17:0f:d7:87:7a:ba:42:83:05:
                    03:30:35:82:a6:38:b5:35:ca:24:aa:28:de:78:92:
                    5c:f6:90:5f:c4:be:2e:0c:a6:60:70:fa:16:fb:b3:
                    6c:94:c4:4f:df:89:b4:8e:17:58:e0:d9:40:db:fc:
                    a7:85:5a:29:b6:2b:3e:7c:77:a6:4f:12:23:7f:14:
                    26:51:04:af:b1:a2:7f:eb:47:a6:0f:b6:65:ab:cd:
                    9f:5c:e4:b4:94:43:55:55:b7:72:6c:c3:e5:f5:c1:
                    44:01:c8:51:86:81:78:37:2c:de:d9:be:d1:fd:6e:
                    16:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E1:66:3E:1F:E5:96:61:A4:19:1A:5B:99:8B:36:91:42:B3:F7:00
            X509v3 Authority Key Identifier:
                keyid:30:AF:F7:52:09:68:4A:35:46:69:06:1D:23:DA:29:F8:EA:2F:1D:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/AuFmPh_llmGkGRpbmYs2kUKz9wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:cf:2b:c4:2b:86:98:76:15:95:4f:61:e3:3d:a6:48:97:2c:
         4a:af:ee:db:23:18:58:46:75:92:05:f3:e9:22:8e:9a:4f:15:
         5d:82:60:de:84:31:5e:2a:fd:fb:bb:90:40:09:12:78:39:1a:
         94:44:23:27:fd:58:20:ed:dc:ed:16:34:2c:7d:49:51:32:c1:
         76:41:6a:21:38:3e:86:ff:a0:aa:9c:fe:bc:76:06:7a:b9:d7:
         ad:da:cc:f2:ac:76:c7:96:fa:ad:c3:9a:71:97:ee:37:4a:27:
         79:69:6c:5c:39:af:ec:31:68:60:e4:2a:60:9e:9d:f2:00:71:
         35:6a:fe:ff:d0:5b:88:4b:0d:ac:fb:4b:28:0f:a9:45:3a:fc:
         bc:bf:dd:2d:a7:4b:8d:5b:d1:c0:82:fd:e9:b1:ea:b9:5a:62:
         f9:7a:f6:bc:8c:83:58:5b:a2:15:54:5d:78:32:fb:57:f0:a8:
         3f:60:33:d0:50:5e:9a:a5:e7:e3:e7:fa:52:a6:5b:51:ab:bb:
         3d:7d:e4:67:75:52:f3:46:c7:16:90:d7:26:9d:b9:29:f5:01:
         e4:73:20:3e:09:72:86:e0:04:ac:db:03:56:97:1e:bb:f5:cc:
         ce:88:91:26:b3:9c:13:36:ce:be:57:d1:df:ea:a6:8f:b3:c3:
         a9:63:e3:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdsYq4tdOKwXeoxe+k7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYWZmNzUyMDk2ODRhMzU0NjY5MDYxZDIzZGEyOWY4ZWEy
ZjFkNWUwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmUxNjYzZTFmZTU5NjYxYTQxOTFhNWI5OThiMzY5MTQyYjNmNzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT06P8iKTo1p6eN3TpobzafKcXYf
t3jV/lyWy0PGx1Hdt0DIVUJvcmVjQUKjnQeCm+a6h6ZgXPaaOJY4eYKwRBxNHNhA
edTaRWTH/mG3KN3g23HGyvvLxYxqs/cNQntPQYkukFrkj6LUGs7vG1Ufrn+niyGF
1JC3QcdEolDT1KiQL74QHQzLGE6FrfQXD9eHerpCgwUDMDWCpji1NcokqijeeJJc
9pBfxL4uDKZgcPoW+7NslMRP34m0jhdY4NlA2/ynhVoptis+fHemTxIjfxQmUQSv
saJ/60emD7Zlq82fXOS0lENVVbdybMPl9cFEAchRhoF4Nyze2b7R/W4WaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALhZj4f5ZZhpBkaW5mLNpFCs/cAMB8GA1UdIwQY
MBaAFDCv91IJaEo1RmkGHSPaKfjqLx1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtfM1VnbG9TalZHYVFZZEk5b3AtT292SFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84NDRhMjUtYThkZi00NTYxLWIzZTct
OTc4NWEzMzU1NDJhLzEvQXVGbVBoX2xsbUdrR1JwYm1ZczJrVUt6OXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84NDRhMjUtYThkZi00NTYxLWIzZTctOTc4NWEzMzU1NDJh
LzEvTUtfM1VnbG9TalZHYVFZZEk5b3AtT292SFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAPzyvEK4aYdhWVT2HjPaZIlyxKr+7bIxhYRnWSBfPp
Io6aTxVdgmDehDFeKv37u5BACRJ4ORqURCMn/Vgg7dztFjQsfUlRMsF2QWohOD6G
/6CqnP68dgZ6udet2szyrHbHlvqtw5pxl+43Sid5aWxcOa/sMWhg5Cpgnp3yAHE1
av7/0FuISw2s+0soD6lFOvy8v90tp0uNW9HAgv3pseq5WmL5eva8jINYW6IVVF14
MvtX8Kg/YDPQUF6apefj5/pSpltRq7s9feRndVLzRscWkNcmnbkp9QHkcyA+CXKG
4ASs2wNWlx679czOiJEms5wTNs6+V9Hf6qaPs8OpY+Mc
-----END CERTIFICATE-----