Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/84a5dd-5cf2-4857-bd93-3c711a15fa5c/1/sh1E3u5BM4u8n30xzwi4QY_-p1U.roa
File:                     sh1E3u5BM4u8n30xzwi4QY_-p1U.roa (raw, json)
Hash identifier:          tkYvU3kd1n+LpE3Aa9fyGn5A5SQ6aBEWiC/F7MZyeMo=
Subject key identifier:   B2:1D:44:DE:EE:41:33:8B:BC:9F:7D:31:CF:08:B8:41:8F:FE:A7:55
Certificate issuer:       /CN=b6d68436a76339f671441cfbd50ad401d3c00fff
Certificate serial:       018CC801727B12E5F33E2E1F208E9EEEE4F5
Authority key identifier: B6:D6:84:36:A7:63:39:F6:71:44:1C:FB:D5:0A:D4:01:D3:C0:0F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ttaENqdjOfZxRBz71QrUAdPAD_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/84a5dd-5cf2-4857-bd93-3c711a15fa5c/1/sh1E3u5BM4u8n30xzwi4QY_-p1U.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204411
IP address blocks:        185.235.162.0/24 maxlen: 24
                          185.235.160.0/24 maxlen: 24
                          185.235.160.0/22 maxlen: 22
                          185.235.163.0/24 maxlen: 24
                          185.235.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/84a5dd-5cf2-4857-bd93-3c711a15fa5c/1/ttaENqdjOfZxRBz71QrUAdPAD_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/84a5dd-5cf2-4857-bd93-3c711a15fa5c/1/ttaENqdjOfZxRBz71QrUAdPAD_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ttaENqdjOfZxRBz71QrUAdPAD_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:72:7b:12:e5:f3:3e:2e:1f:20:8e:9e:ee:e4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6d68436a76339f671441cfbd50ad401d3c00fff
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b21d44deee41338bbc9f7d31cf08b8418ffea755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:27:87:70:8e:95:f7:30:3f:8d:09:2a:35:b4:
                    98:f8:16:02:80:ff:99:91:a1:98:24:01:ad:35:eb:
                    c3:b6:b3:8e:52:64:55:10:d4:7c:aa:e3:ae:e0:13:
                    60:10:e5:94:e5:a6:e6:9e:69:a1:ab:d6:47:0c:00:
                    37:ab:ad:40:00:51:02:89:ac:94:10:fb:56:d2:76:
                    b1:1b:99:8b:65:b2:4a:1f:d2:16:ad:60:2b:49:27:
                    ba:84:44:df:9e:5b:b6:e7:16:c1:db:07:35:78:d6:
                    60:db:db:49:80:83:e2:c3:3e:04:f9:62:7d:68:3c:
                    b4:9c:8f:a7:e9:ee:98:c6:1c:96:91:ee:60:66:b0:
                    37:94:51:8f:da:0c:85:e8:b0:45:78:22:64:e3:19:
                    ce:79:03:cd:da:7a:e3:7a:ca:81:de:87:51:e8:b7:
                    11:dd:4f:52:6d:b8:17:e6:49:97:91:e0:e1:38:d1:
                    23:2d:da:ef:c0:3f:09:87:85:f3:81:03:bb:d0:82:
                    a2:d1:fc:64:3c:7c:8f:b2:e8:43:94:40:de:ee:98:
                    22:fd:f3:79:b8:98:78:d5:ef:61:ee:38:98:03:22:
                    b3:bf:8b:a7:5f:e5:b7:56:f1:72:e5:b1:7b:b1:04:
                    46:6a:94:cf:95:71:bd:b0:d3:58:39:55:63:f7:e5:
                    a9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:1D:44:DE:EE:41:33:8B:BC:9F:7D:31:CF:08:B8:41:8F:FE:A7:55
            X509v3 Authority Key Identifier:
                keyid:B6:D6:84:36:A7:63:39:F6:71:44:1C:FB:D5:0A:D4:01:D3:C0:0F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ttaENqdjOfZxRBz71QrUAdPAD_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/84a5dd-5cf2-4857-bd93-3c711a15fa5c/1/sh1E3u5BM4u8n30xzwi4QY_-p1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/84a5dd-5cf2-4857-bd93-3c711a15fa5c/1/ttaENqdjOfZxRBz71QrUAdPAD_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:4c:0c:c5:48:0f:dd:e3:a0:82:9c:76:16:57:35:c7:f3:c0:
         49:15:74:4e:d5:3a:27:6d:43:ae:05:22:5a:bf:71:63:72:82:
         b2:aa:7b:71:5f:8c:9c:f1:d9:f9:7c:75:87:5c:65:c8:34:a4:
         95:0d:31:5d:85:f3:a5:74:19:92:c6:7f:c7:eb:2d:b1:f1:e4:
         93:56:5e:82:32:bd:71:e4:4d:f6:f8:0e:3c:fb:d4:eb:98:cb:
         a0:0f:34:70:e7:8d:ac:9c:5a:77:20:0a:14:37:3b:52:31:91:
         ec:fb:f6:fa:2b:fe:91:d2:0d:39:b4:d0:8e:6f:40:bd:2c:06:
         a4:cd:93:d0:e4:e9:bd:fb:6a:0f:24:9d:78:d2:84:fa:67:55:
         b2:d9:0d:42:64:22:fd:ac:8f:e4:9f:58:2b:16:b1:d6:dc:3d:
         ab:c0:98:42:3f:09:44:aa:fe:03:9e:36:12:c7:77:c9:87:fb:
         b1:14:b5:69:25:d2:2f:76:82:0c:7e:f3:61:9a:39:11:eb:35:
         66:10:d6:cb:66:3b:92:fe:44:60:9d:38:61:4f:47:5c:55:67:
         85:15:7a:e3:3b:b7:47:39:c1:36:90:4c:2a:a3:12:d4:81:9e:
         97:fa:87:84:06:eb:a0:c2:c5:7c:37:80:fc:6a:6a:6a:c0:4d:
         07:21:a5:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXJ7EuXzPi4fII6e7uT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZDY4NDM2YTc2MzM5ZjY3MTQ0MWNmYmQ1MGFkNDAxZDNj
MDBmZmYwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjFkNDRkZWVlNDEzMzhiYmM5ZjdkMzFjZjA4Yjg0MThmZmVhNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSeHcI6V9zA/jQkqNbSY+BYCgP+Z
kaGYJAGtNevDtrOOUmRVENR8quOu4BNgEOWU5abmnmmhq9ZHDAA3q61AAFECiayU
EPtW0naxG5mLZbJKH9IWrWArSSe6hETfnlu25xbB2wc1eNZg29tJgIPiwz4E+WJ9
aDy0nI+n6e6YxhyWke5gZrA3lFGP2gyF6LBFeCJk4xnOeQPN2nrjesqB3odR6LcR
3U9SbbgX5kmXkeDhONEjLdrvwD8Jh4XzgQO70IKi0fxkPHyPsuhDlEDe7pgi/fN5
uJh41e9h7jiYAyKzv4unX+W3VvFy5bF7sQRGapTPlXG9sNNYOVVj9+WpuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIdRN7uQTOLvJ99Mc8IuEGP/qdVMB8GA1UdIwQY
MBaAFLbWhDanYzn2cUQc+9UK1AHTwA//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHRhRU5xZGpPZlp4UkJ6NzFRclVBZFBBRF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84NGE1ZGQtNWNmMi00ODU3LWJkOTMt
M2M3MTFhMTVmYTVjLzEvc2gxRTN1NUJNNHU4bjMweHp3aTRRWV8tcDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84NGE1ZGQtNWNmMi00ODU3LWJkOTMtM2M3MTFhMTVmYTVj
LzEvdHRhRU5xZGpPZlp4UkJ6NzFRclVBZFBBRF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueugMA0G
CSqGSIb3DQEBCwUAA4IBAQBNTAzFSA/d46CCnHYWVzXH88BJFXRO1TonbUOuBSJa
v3FjcoKyqntxX4yc8dn5fHWHXGXINKSVDTFdhfOldBmSxn/H6y2x8eSTVl6CMr1x
5E32+A48+9TrmMugDzRw542snFp3IAoUNztSMZHs+/b6K/6R0g05tNCOb0C9LAak
zZPQ5Om9+2oPJJ140oT6Z1Wy2Q1CZCL9rI/kn1grFrHW3D2rwJhCPwlEqv4DnjYS
x3fJh/uxFLVpJdIvdoIMfvNhmjkR6zVmENbLZjuS/kRgnThhT0dcVWeFFXrjO7dH
OcE2kEwqoxLUgZ6X+oeEBuugwsV8N4D8ampqwE0HIaUy
-----END CERTIFICATE-----