Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/C-grG796gHZR3ZaOfzuUDAvWB_w.roa
File:                     C-grG796gHZR3ZaOfzuUDAvWB_w.roa (raw, json)
Hash identifier:          GyUpwQaHfuTFo/DF+wsE9lS79WYWDBZ76hiNgKu8BZs=
Subject key identifier:   0B:E8:2B:1B:BF:7A:80:76:51:DD:96:8E:7F:3B:94:0C:0B:D6:07:FC
Certificate issuer:       /CN=a3e6e823f6dda67d283a9f41a72909906ac9a837
Certificate serial:       018CC8015EE3A5798DF3B10F6E5C31629C53
Authority key identifier: A3:E6:E8:23:F6:DD:A6:7D:28:3A:9F:41:A7:29:09:90:6A:C9:A8:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/C-grG796gHZR3ZaOfzuUDAvWB_w.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199475
IP address blocks:        185.15.0.0/22 maxlen: 22
                          185.189.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5e:e3:a5:79:8d:f3:b1:0f:6e:5c:31:62:9c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3e6e823f6dda67d283a9f41a72909906ac9a837
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0be82b1bbf7a807651dd968e7f3b940c0bd607fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:2a:96:55:6d:e0:34:69:8d:2d:d4:f4:85:
                    d2:24:35:a0:10:a8:0c:24:c0:a9:da:44:6a:66:cc:
                    a6:4f:04:8d:8c:e9:18:2f:5d:38:8f:7b:e3:73:92:
                    78:39:64:a6:02:db:f0:8f:64:50:ba:7d:85:04:5a:
                    82:ff:37:5a:e9:f9:53:db:f8:c5:6f:1b:82:c2:d1:
                    e5:7e:cb:34:47:4b:52:76:a0:b5:d7:f5:76:cf:5c:
                    50:5a:1d:c4:97:e8:db:47:3f:ae:b9:e2:b6:f8:00:
                    66:d2:d7:fe:91:31:e8:ae:dc:94:ad:20:a2:d2:15:
                    14:32:42:db:c5:f2:22:23:56:13:4e:3e:80:57:e3:
                    5e:25:bc:b8:81:b5:93:ea:fb:24:c9:4e:00:87:e1:
                    e2:8b:99:65:f1:63:6c:17:e9:9a:f2:73:5b:60:ea:
                    e7:31:36:52:76:36:16:3a:33:42:1e:28:69:eb:47:
                    48:ad:97:ec:67:ed:07:7f:e1:e3:3b:58:ea:26:94:
                    b9:a8:f8:95:2e:9f:9f:61:0d:e7:27:b5:42:29:2c:
                    6e:bd:82:64:b2:bd:e2:4c:59:36:99:20:6c:b1:b6:
                    dd:fc:62:77:11:58:d7:28:60:d9:0d:49:e6:84:d2:
                    df:b4:79:5e:b2:09:94:e0:a5:8b:f3:27:4c:07:dc:
                    82:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E8:2B:1B:BF:7A:80:76:51:DD:96:8E:7F:3B:94:0C:0B:D6:07:FC
            X509v3 Authority Key Identifier:
                keyid:A3:E6:E8:23:F6:DD:A6:7D:28:3A:9F:41:A7:29:09:90:6A:C9:A8:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/C-grG796gHZR3ZaOfzuUDAvWB_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.0.0/22
                  185.189.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:85:fd:2c:e9:c7:4a:8f:3d:05:fc:5d:6d:32:6e:8c:23:97:
         16:b3:ac:0a:00:5d:6f:e6:f3:1b:ae:2e:fe:a9:fd:91:25:59:
         51:a3:1b:85:23:26:b9:a3:a8:96:cb:1c:8f:0a:00:ea:91:27:
         46:ec:50:78:38:c8:4d:a5:fb:88:86:ab:35:fe:42:d5:d9:15:
         3a:06:26:f3:8c:99:aa:07:0f:84:f2:5b:ee:b0:08:3e:e5:b4:
         8a:7e:27:0a:c2:bc:6f:87:ab:34:d7:5c:54:7f:b2:b2:d0:03:
         1d:92:ac:13:cf:d2:60:02:51:4f:09:24:33:e5:51:84:c9:4b:
         20:1f:32:ce:b2:8e:98:f4:2c:da:c0:86:6d:b7:51:b8:a1:d1:
         b7:b0:16:3c:34:66:be:a4:0e:1f:22:fc:29:61:7a:6a:25:15:
         75:3e:52:99:51:90:9e:ee:56:31:48:a4:2c:67:ad:af:04:91:
         5c:31:b7:a4:ba:31:99:4a:8d:18:1c:cb:d4:03:f6:9e:5e:5a:
         f1:ed:28:28:17:c0:11:24:c2:a4:f5:9b:c8:ae:38:a0:24:8c:
         8e:ab:a3:c4:4f:df:a7:ec:10:72:f8:96:d6:61:ef:66:c7:d0:
         26:ea:98:32:0c:0b:90:b1:3c:01:74:86:7b:3f:16:1b:f4:dd:
         03:5b:37:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAV7jpXmN87EPblwxYpxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTZlODIzZjZkZGE2N2QyODNhOWY0MWE3MjkwOTkwNmFj
OWE4MzcwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmU4MmIxYmJmN2E4MDc2NTFkZDk2OGU3ZjNiOTQwYzBiZDYwN2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdcqllVt4DRpjS3U9IXSJDWgEKgM
JMCp2kRqZsymTwSNjOkYL104j3vjc5J4OWSmAtvwj2RQun2FBFqC/zda6flT2/jF
bxuCwtHlfss0R0tSdqC11/V2z1xQWh3El+jbRz+uueK2+ABm0tf+kTHortyUrSCi
0hUUMkLbxfIiI1YTTj6AV+NeJby4gbWT6vskyU4Ah+Hii5ll8WNsF+ma8nNbYOrn
MTZSdjYWOjNCHihp60dIrZfsZ+0Hf+HjO1jqJpS5qPiVLp+fYQ3nJ7VCKSxuvYJk
sr3iTFk2mSBssbbd/GJ3EVjXKGDZDUnmhNLftHlesgmU4KWL8ydMB9yCcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAvoKxu/eoB2Ud2Wjn87lAwL1gf8MB8GA1UdIwQY
MBaAFKPm6CP23aZ9KDqfQacpCZBqyag3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1ib0lfYmRwbjBvT3A5QnB5a0prR3JKcURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8xOGExYmMtOTY3Yy00OTMxLTg1YjUt
MDBmMDBhZjFjOGQ3LzEvQy1nckc3OTZnSFpSM1phT2Z6dVVEQXZXQl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8xOGExYmMtOTY3Yy00OTMxLTg1YjUtMDBmMDBhZjFjOGQ3
LzEvby1ib0lfYmRwbjBvT3A5QnB5a0prR3JKcURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ8AAwQC
ub2IMA0GCSqGSIb3DQEBCwUAA4IBAQCnhf0s6cdKjz0F/F1tMm6MI5cWs6wKAF1v
5vMbri7+qf2RJVlRoxuFIya5o6iWyxyPCgDqkSdG7FB4OMhNpfuIhqs1/kLV2RU6
BibzjJmqBw+E8lvusAg+5bSKficKwrxvh6s011xUf7Ky0AMdkqwTz9JgAlFPCSQz
5VGEyUsgHzLOso6Y9CzawIZtt1G4odG3sBY8NGa+pA4fIvwpYXpqJRV1PlKZUZCe
7lYxSKQsZ62vBJFcMbekujGZSo0YHMvUA/aeXlrx7SgoF8ARJMKk9ZvIrjigJIyO
q6PET9+n7BBy+JbWYe9mx9Am6pgyDAuQsTwBdIZ7PxYb9N0DWzfk
-----END CERTIFICATE-----