Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/qa4lavQtk9p-CVX2qSJUSQOJ6o8.roa
File:                     qa4lavQtk9p-CVX2qSJUSQOJ6o8.roa (raw, json)
Hash identifier:          YCRU54ROaa2SC/ZbLZK8LlV9pQNZOyQw/6XCOKTmpp4=
Subject key identifier:   A9:AE:25:6A:F4:2D:93:DA:7E:09:55:F6:A9:22:54:49:03:89:EA:8F
Certificate issuer:       /CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
Certificate serial:       018CC492387C035C6AB349D4D5A2B1684142
Authority key identifier: 1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/qa4lavQtk9p-CVX2qSJUSQOJ6o8.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206637
IP address blocks:        185.180.172.0/22 maxlen: 24
                          2a0a:ab80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:38:7c:03:5c:6a:b3:49:d4:d5:a2:b1:68:41:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9ae256af42d93da7e0955f6a92254490389ea8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2d:55:d4:19:5b:bb:bf:a5:44:41:36:cc:f2:
                    3c:4e:8b:32:d1:b9:b2:69:5e:28:21:b1:57:43:7e:
                    67:02:3a:79:bc:8c:42:15:4e:5e:64:20:ce:10:85:
                    39:8f:0b:12:c0:e9:09:a8:b3:e1:5c:f8:10:24:86:
                    06:e3:27:56:ba:ff:7f:76:8d:40:30:41:c7:62:c0:
                    da:91:55:25:3b:58:99:fb:a4:91:6a:e1:77:a1:3b:
                    71:d6:f5:bd:7d:b2:28:c0:3f:51:1c:b7:2b:dc:dc:
                    2a:66:eb:07:a2:05:5e:dd:6b:c3:7d:38:46:20:21:
                    d9:b4:14:fc:f5:5e:93:22:89:d1:0a:ab:d3:26:ae:
                    0a:ae:80:86:85:0a:5b:58:d1:dd:73:d7:0c:bc:66:
                    84:1e:b3:4e:e2:02:db:3a:b6:1f:24:54:6b:47:a3:
                    95:eb:eb:c3:57:bc:e9:a4:e2:47:b0:c4:f8:3f:2e:
                    8d:04:35:94:5d:5b:cd:2a:b3:c9:d4:28:67:8f:08:
                    66:16:0f:7e:8a:e7:bb:4c:50:24:c2:58:f5:a8:6c:
                    4a:38:0f:9a:a6:b0:60:d5:88:94:29:48:bd:da:74:
                    61:7e:c9:97:8d:6b:7a:c3:c8:08:57:c4:26:65:21:
                    46:79:c8:a9:23:d8:1c:4d:d2:3e:90:3d:8a:1c:f4:
                    ef:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AE:25:6A:F4:2D:93:DA:7E:09:55:F6:A9:22:54:49:03:89:EA:8F
            X509v3 Authority Key Identifier:
                keyid:1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/qa4lavQtk9p-CVX2qSJUSQOJ6o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.172.0/22
                IPv6:
                  2a0a:ab80::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:74:dd:be:a6:9d:7f:bf:7b:a5:83:8a:0d:58:09:de:a6:5e:
         cc:b8:f3:2d:b4:a5:2f:e9:57:55:32:3e:30:f4:07:b2:c9:ce:
         23:d9:bc:bb:63:9d:6d:96:c6:8d:24:5b:a0:18:31:61:8f:5a:
         c1:af:a1:16:d5:d2:60:69:d5:db:a7:47:4e:bd:7d:35:c1:1a:
         be:46:57:3d:0c:bc:3e:f1:70:72:f4:7b:6f:dd:1c:29:a1:c0:
         b5:bc:7c:06:7d:ce:04:52:a2:72:ca:6f:ec:44:bd:de:12:62:
         9e:b0:32:ea:2b:c3:2e:6c:84:ba:e1:70:e0:5a:cb:32:9d:58:
         34:77:b6:74:f2:b2:ef:15:4a:94:d7:1a:3d:81:a5:84:f5:a8:
         b4:b6:f2:db:11:ea:fc:a5:d4:8d:06:43:ee:73:29:93:24:63:
         98:a4:11:83:d6:91:64:79:0c:a4:5c:bc:46:9d:ad:9d:6a:67:
         ea:9d:c3:96:6b:63:e6:8c:d7:30:ac:77:f1:47:76:40:25:b5:
         77:73:62:d5:b9:4c:f5:34:92:54:31:ed:36:ed:dc:bf:3e:86:
         39:76:1c:8c:19:d7:bb:11:89:b6:2d:84:c4:9e:dc:f6:19:88:
         9c:2b:0c:cd:37:3f:2f:67:a5:4e:5b:f8:24:86:7d:d9:e5:e4:
         5d:61:55:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkjh8A1xqs0nU1aKxaEFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZTVlZmJmNjU4OTcxNjBkNTVhNTJkYzNhMjJjMDE3ODc2
Y2QwNmMwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWFlMjU2YWY0MmQ5M2RhN2UwOTU1ZjZhOTIyNTQ0OTAzODllYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC1V1Blbu7+lREE2zPI8Tosy0bmy
aV4oIbFXQ35nAjp5vIxCFU5eZCDOEIU5jwsSwOkJqLPhXPgQJIYG4ydWuv9/do1A
MEHHYsDakVUlO1iZ+6SRauF3oTtx1vW9fbIowD9RHLcr3NwqZusHogVe3WvDfThG
ICHZtBT89V6TIonRCqvTJq4KroCGhQpbWNHdc9cMvGaEHrNO4gLbOrYfJFRrR6OV
6+vDV7zppOJHsMT4Py6NBDWUXVvNKrPJ1ChnjwhmFg9+iue7TFAkwlj1qGxKOA+a
prBg1YiUKUi92nRhfsmXjWt6w8gIV8QmZSFGecipI9gcTdI+kD2KHPTviQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKmuJWr0LZPafglV9qkiVEkDieqPMB8GA1UdIwQY
MBaAFB7l779liXFg1VpS3DoiwBeHbNBsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUt
N2MwZGI3YmFlMTM1LzEvcWE0bGF2UXRrOXAtQ1ZYMnFTSlVTUU9KNm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUtN2MwZGI3YmFlMTM1
LzEvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubSsMA0E
AgACMAcDBQAqCquAMA0GCSqGSIb3DQEBCwUAA4IBAQCHdN2+pp1/v3ulg4oNWAne
pl7MuPMttKUv6VdVMj4w9Aeyyc4j2by7Y51tlsaNJFugGDFhj1rBr6EW1dJgadXb
p0dOvX01wRq+Rlc9DLw+8XBy9Htv3RwpocC1vHwGfc4EUqJyym/sRL3eEmKesDLq
K8MubIS64XDgWssynVg0d7Z08rLvFUqU1xo9gaWE9ai0tvLbEer8pdSNBkPucymT
JGOYpBGD1pFkeQykXLxGna2damfqncOWa2PmjNcwrHfxR3ZAJbV3c2LVuUz1NJJU
Me027dy/PoY5dhyMGde7EYm2LYTEntz2GYicKwzNNz8vZ6VOW/gkhn3Z5eRdYVUe
-----END CERTIFICATE-----