Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/0961f9-d85d-4976-a4cd-a18ed19c49e3/1/mDGSqEXnupb0XNcqMiAxRFSLaBs.roa
File:                     mDGSqEXnupb0XNcqMiAxRFSLaBs.roa (raw, json)
Hash identifier:          z9SuoPV8YdVg7sanzzab4NW4lfMgjBJGzSiefOdKHkk=
Subject key identifier:   98:31:92:A8:45:E7:BA:96:F4:5C:D7:2A:32:20:31:44:54:8B:68:1B
Certificate issuer:       /CN=605522e37de26b0d56895ac18ab07d7c784ab93c
Certificate serial:       018CCA2B36FB1B23F84BE58F0ED6CDF95507
Authority key identifier: 60:55:22:E3:7D:E2:6B:0D:56:89:5A:C1:8A:B0:7D:7C:78:4A:B9:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFUi433iaw1WiVrBirB9fHhKuTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/0961f9-d85d-4976-a4cd-a18ed19c49e3/1/mDGSqEXnupb0XNcqMiAxRFSLaBs.roa
Signing time:             Tue 02 Jan 2024 12:34:38 +0000
ROA not before:           Tue 02 Jan 2024 12:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210462
IP address blocks:        188.68.64.0/20 maxlen: 24
                          2a12:df00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/0961f9-d85d-4976-a4cd-a18ed19c49e3/1/YFUi433iaw1WiVrBirB9fHhKuTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/0961f9-d85d-4976-a4cd-a18ed19c49e3/1/YFUi433iaw1WiVrBirB9fHhKuTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFUi433iaw1WiVrBirB9fHhKuTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:36:fb:1b:23:f8:4b:e5:8f:0e:d6:cd:f9:55:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=605522e37de26b0d56895ac18ab07d7c784ab93c
        Validity
            Not Before: Jan  2 12:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=983192a845e7ba96f45cd72a32203144548b681b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:56:24:ac:1b:cc:4b:82:f7:9a:c7:43:0b:77:
                    a1:67:db:9d:70:e2:e0:e0:03:73:b9:f4:c8:b2:18:
                    53:00:71:e8:8a:ba:37:b8:21:c3:d0:f4:6b:14:80:
                    68:2c:9e:60:43:f5:ee:03:d4:b2:cf:c2:a2:7f:33:
                    67:c6:c9:9b:7d:47:c3:09:2d:b7:9e:e4:ff:dc:9b:
                    71:fb:02:a1:95:f2:0f:e2:d1:eb:6c:0e:07:be:20:
                    70:d2:f5:0d:56:08:5c:43:06:f2:59:a1:eb:ae:58:
                    03:c4:54:48:60:3a:02:bb:5c:9b:fb:1d:d0:08:f6:
                    ab:d6:bb:ad:64:a5:f2:ae:2b:ad:4e:5c:59:f3:74:
                    8d:f4:5b:1a:3d:1c:53:c1:91:54:9b:6a:21:ee:47:
                    6f:8d:3f:9f:38:56:f8:60:94:bf:04:3f:4e:73:8c:
                    3b:9b:66:6b:2d:b1:33:2f:cc:8f:f0:68:2c:0d:ce:
                    b6:71:bd:dc:4a:3d:db:a0:dc:3b:6d:9b:8b:95:12:
                    98:e4:4a:57:0c:82:fa:a7:78:0a:3e:89:be:ac:f2:
                    31:13:e9:f5:f1:ff:69:da:89:5d:29:1b:21:33:e6:
                    4b:ff:22:05:6b:eb:18:9c:24:5f:33:fb:05:0f:f4:
                    1a:45:a4:1c:b0:57:26:d4:10:e3:ab:2d:39:1c:c2:
                    58:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:31:92:A8:45:E7:BA:96:F4:5C:D7:2A:32:20:31:44:54:8B:68:1B
            X509v3 Authority Key Identifier:
                keyid:60:55:22:E3:7D:E2:6B:0D:56:89:5A:C1:8A:B0:7D:7C:78:4A:B9:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFUi433iaw1WiVrBirB9fHhKuTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/0961f9-d85d-4976-a4cd-a18ed19c49e3/1/mDGSqEXnupb0XNcqMiAxRFSLaBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/0961f9-d85d-4976-a4cd-a18ed19c49e3/1/YFUi433iaw1WiVrBirB9fHhKuTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.68.64.0/20
                IPv6:
                  2a12:df00::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:65:b2:c5:f5:59:f7:85:68:78:a0:19:8b:c9:24:6c:af:60:
         9b:e3:39:76:d6:80:0b:11:6a:3b:a9:c4:c7:1c:3c:cb:6f:25:
         24:7e:19:ea:95:43:d8:cc:5e:d2:b1:a8:c2:34:c0:01:a0:28:
         1a:e6:9d:28:1f:f8:19:16:fa:1b:64:7f:73:8b:3a:35:dd:4c:
         7e:6d:16:76:d8:50:96:59:e5:be:e2:fa:37:ec:75:d9:de:b1:
         d9:8c:d6:c4:19:99:f0:79:10:dc:de:83:11:01:ec:5d:63:f3:
         71:d0:c7:c7:2c:44:20:84:3a:33:4a:6f:f5:43:13:42:0d:11:
         8a:00:91:75:6a:33:f5:ea:46:19:48:99:3c:48:8b:e0:94:86:
         e5:01:27:ef:a7:9f:a0:8b:da:df:a3:2b:4c:13:09:b4:03:6c:
         d0:94:c3:7e:94:13:fc:0f:1e:f9:72:c1:2c:78:80:bb:02:5b:
         49:fc:36:50:54:55:e4:48:39:d1:7d:fc:fe:d5:5a:b4:6b:c8:
         31:be:6b:45:b0:7e:f4:45:45:0d:eb:50:55:ab:08:5a:13:fe:
         cf:09:e4:dc:c5:94:05:0d:90:46:05:d7:ff:46:ce:52:3f:ad:
         bb:9c:aa:3e:03:6d:92:46:f0:52:ac:93:b2:fc:88:99:5e:05:
         b7:e0:a5:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKzb7GyP4S+WPDtbN+VUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTUyMmUzN2RlMjZiMGQ1Njg5NWFjMThhYjA3ZDdjNzg0
YWI5M2MwHhcNMjQwMTAyMTIzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODMxOTJhODQ1ZTdiYTk2ZjQ1Y2Q3MmEzMjIwMzE0NDU0OGI2ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklYkrBvMS4L3msdDC3ehZ9udcOLg
4ANzufTIshhTAHHoiro3uCHD0PRrFIBoLJ5gQ/XuA9Syz8KifzNnxsmbfUfDCS23
nuT/3Jtx+wKhlfIP4tHrbA4HviBw0vUNVghcQwbyWaHrrlgDxFRIYDoCu1yb+x3Q
CPar1rutZKXyriutTlxZ83SN9FsaPRxTwZFUm2oh7kdvjT+fOFb4YJS/BD9Oc4w7
m2ZrLbEzL8yP8GgsDc62cb3cSj3boNw7bZuLlRKY5EpXDIL6p3gKPom+rPIxE+n1
8f9p2oldKRshM+ZL/yIFa+sYnCRfM/sFD/QaRaQcsFcm1BDjqy05HMJYwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJgxkqhF57qW9FzXKjIgMURUi2gbMB8GA1UdIwQY
MBaAFGBVIuN94msNVolawYqwfXx4Srk8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZVaTQzM2lhdzFXaVZyQmlyQjlmSGhLdVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8wOTYxZjktZDg1ZC00OTc2LWE0Y2Qt
YTE4ZWQxOWM0OWUzLzEvbURHU3FFWG51cGIwWE5jcU1pQXhSRlNMYUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8wOTYxZjktZDg1ZC00OTc2LWE0Y2QtYTE4ZWQxOWM0OWUz
LzEvWUZVaTQzM2lhdzFXaVZyQmlyQjlmSGhLdVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEvERAMA0E
AgACMAcDBQAqEt8AMA0GCSqGSIb3DQEBCwUAA4IBAQBqZbLF9Vn3hWh4oBmLySRs
r2Cb4zl21oALEWo7qcTHHDzLbyUkfhnqlUPYzF7SsajCNMABoCga5p0oH/gZFvob
ZH9zizo13Ux+bRZ22FCWWeW+4vo37HXZ3rHZjNbEGZnweRDc3oMRAexdY/Nx0MfH
LEQghDozSm/1QxNCDRGKAJF1ajP16kYZSJk8SIvglIblASfvp5+gi9rfoytMEwm0
A2zQlMN+lBP8Dx75csEseIC7AltJ/DZQVFXkSDnRffz+1Vq0a8gxvmtFsH70RUUN
61BVqwhaE/7PCeTcxZQFDZBGBdf/Rs5SP627nKo+A22SRvBSrJOy/IiZXgW34KVD
-----END CERTIFICATE-----