Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/2fd019-773d-4c99-acf5-04a1f95413f7/1/z_xrLfJscWjFcq_VWF5h463c93Q.roa
File:                     z_xrLfJscWjFcq_VWF5h463c93Q.roa (raw, json)
Hash identifier:          BINj65K2CQLHM6kYx1OetZh7Ohxi3D3CXdzjSuaWCaE=
Subject key identifier:   CF:FC:6B:2D:F2:6C:71:68:C5:72:AF:D5:58:5E:61:E3:AD:DC:F7:74
Certificate issuer:       /CN=0ecabe061f2d890a8c8b4181adbca6ca943bd222
Certificate serial:       018CC649D30F21F51CDE8D44B0756CC27F23
Authority key identifier: 0E:CA:BE:06:1F:2D:89:0A:8C:8B:41:81:AD:BC:A6:CA:94:3B:D2:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dsq-Bh8tiQqMi0GBrbymypQ70iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/2fd019-773d-4c99-acf5-04a1f95413f7/1/z_xrLfJscWjFcq_VWF5h463c93Q.roa
Signing time:             Mon 01 Jan 2024 18:29:36 +0000
ROA not before:           Mon 01 Jan 2024 18:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204949
IP address blocks:        185.219.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/2fd019-773d-4c99-acf5-04a1f95413f7/1/Dsq-Bh8tiQqMi0GBrbymypQ70iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/2fd019-773d-4c99-acf5-04a1f95413f7/1/Dsq-Bh8tiQqMi0GBrbymypQ70iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dsq-Bh8tiQqMi0GBrbymypQ70iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d3:0f:21:f5:1c:de:8d:44:b0:75:6c:c2:7f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ecabe061f2d890a8c8b4181adbca6ca943bd222
        Validity
            Not Before: Jan  1 18:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cffc6b2df26c7168c572afd5585e61e3addcf774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:22:84:d5:5a:bb:e0:5e:ba:54:b6:64:a6:20:
                    14:ea:b2:aa:0e:4c:ad:21:5d:57:e4:47:49:a2:c5:
                    cb:ac:34:8f:40:9b:72:97:d8:1e:b2:8e:4d:a4:14:
                    ef:4b:a7:64:55:52:aa:af:5e:e2:ad:14:f2:7e:29:
                    72:9f:47:8c:ca:20:e2:15:e8:13:39:9c:f6:21:da:
                    3e:35:7d:1e:91:77:99:6b:0a:a4:9e:26:13:f5:05:
                    86:f9:c6:12:df:dd:17:ec:5d:4b:58:d2:ab:9b:e6:
                    e8:5d:4b:51:bc:89:d8:e1:94:30:8b:9a:fc:2e:17:
                    db:8f:90:2c:2e:46:63:f7:49:e8:35:f5:65:ca:16:
                    51:81:de:a8:7c:2b:2b:77:29:f4:16:7c:81:e8:02:
                    a6:bd:f2:c7:20:f6:8d:35:20:f4:e9:06:12:00:e5:
                    6c:22:1c:ec:e4:e7:2b:cb:56:c8:ee:b2:31:24:9b:
                    d5:e7:ea:65:4a:5e:bd:9c:20:98:4a:df:59:8e:7e:
                    36:7c:9f:a4:cd:4d:04:97:3e:cb:b1:86:fd:f8:2d:
                    ed:a5:4b:ed:de:d7:ff:f1:e8:c1:5c:c2:9a:2e:40:
                    bb:43:b2:d5:d1:4d:94:5e:92:48:0d:a8:a3:d6:91:
                    73:0c:05:a2:36:b9:79:bd:3a:c2:30:9b:83:8b:4c:
                    f3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FC:6B:2D:F2:6C:71:68:C5:72:AF:D5:58:5E:61:E3:AD:DC:F7:74
            X509v3 Authority Key Identifier:
                keyid:0E:CA:BE:06:1F:2D:89:0A:8C:8B:41:81:AD:BC:A6:CA:94:3B:D2:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dsq-Bh8tiQqMi0GBrbymypQ70iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2fd019-773d-4c99-acf5-04a1f95413f7/1/z_xrLfJscWjFcq_VWF5h463c93Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2fd019-773d-4c99-acf5-04a1f95413f7/1/Dsq-Bh8tiQqMi0GBrbymypQ70iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:cc:7b:9c:11:98:68:d4:5a:1a:4d:2c:61:79:02:21:09:5c:
         e1:4d:7d:2b:41:fa:44:7f:86:a3:88:a0:3b:fc:3d:ab:2d:e5:
         ae:37:22:1c:ed:d4:40:cc:f1:ce:fd:fc:ba:4b:ec:9c:24:30:
         8f:a3:54:52:57:e6:79:f6:85:d1:1c:30:ef:34:5a:4a:61:70:
         8c:4f:9c:37:1b:7d:f1:ff:8a:7c:60:32:9d:7f:9e:fc:1e:26:
         08:6c:be:7a:7c:cf:25:b5:71:ab:f9:ba:98:9e:68:83:cd:cf:
         cd:0a:d2:de:ac:1d:65:33:55:02:47:ec:2f:c0:0c:12:ef:9e:
         ec:33:5c:3b:69:1a:af:a7:78:3f:aa:9a:87:6a:5e:3b:f4:c4:
         00:f7:fd:be:87:c5:5a:dd:a3:cb:3b:12:77:49:59:bb:3d:76:
         54:d4:d1:fe:26:90:4f:3e:a1:18:7d:37:6d:3e:55:38:3c:2b:
         71:b1:f5:cd:68:b5:2c:6a:43:ce:6d:98:a0:0c:af:cf:03:93:
         a7:fb:0e:d6:61:08:b0:4f:52:4a:95:ea:45:43:2c:a6:e2:79:
         bd:8e:0b:2e:13:2a:a4:9d:62:9b:07:0f:e4:aa:5e:cb:b8:c6:
         06:5b:54:8c:5e:c5:95:42:e9:c4:12:bf:d1:a6:d0:65:a6:12:
         c8:9d:5e:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdMPIfUc3o1EsHVswn8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlY2FiZTA2MWYyZDg5MGE4YzhiNDE4MWFkYmNhNmNhOTQz
YmQyMjIwHhcNMjQwMTAxMTgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZjNmIyZGYyNmM3MTY4YzU3MmFmZDU1ODVlNjFlM2FkZGNmNzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiKE1Vq74F66VLZkpiAU6rKqDkyt
IV1X5EdJosXLrDSPQJtyl9geso5NpBTvS6dkVVKqr17irRTyfilyn0eMyiDiFegT
OZz2Ido+NX0ekXeZawqkniYT9QWG+cYS390X7F1LWNKrm+boXUtRvInY4ZQwi5r8
Lhfbj5AsLkZj90noNfVlyhZRgd6ofCsrdyn0FnyB6AKmvfLHIPaNNSD06QYSAOVs
Ihzs5Ocry1bI7rIxJJvV5+plSl69nCCYSt9Zjn42fJ+kzU0Elz7LsYb9+C3tpUvt
3tf/8ejBXMKaLkC7Q7LV0U2UXpJIDaij1pFzDAWiNrl5vTrCMJuDi0zzuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/8ay3ybHFoxXKv1VheYeOt3Pd0MB8GA1UdIwQY
MBaAFA7KvgYfLYkKjItBga28psqUO9IiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHNxLUJoOHRpUXFNaTBHQnJieW15cFE3MGlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yZmQwMTktNzczZC00Yzk5LWFjZjUt
MDRhMWY5NTQxM2Y3LzEvel94ckxmSnNjV2pGY3FfVldGNWg0NjNjOTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yZmQwMTktNzczZC00Yzk5LWFjZjUtMDRhMWY5NTQxM2Y3
LzEvRHNxLUJoOHRpUXFNaTBHQnJieW15cFE3MGlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuduoMA0G
CSqGSIb3DQEBCwUAA4IBAQBvzHucEZho1FoaTSxheQIhCVzhTX0rQfpEf4ajiKA7
/D2rLeWuNyIc7dRAzPHO/fy6S+ycJDCPo1RSV+Z59oXRHDDvNFpKYXCMT5w3G33x
/4p8YDKdf578HiYIbL56fM8ltXGr+bqYnmiDzc/NCtLerB1lM1UCR+wvwAwS757s
M1w7aRqvp3g/qpqHal479MQA9/2+h8Va3aPLOxJ3SVm7PXZU1NH+JpBPPqEYfTdt
PlU4PCtxsfXNaLUsakPObZigDK/PA5On+w7WYQiwT1JKlepFQyym4nm9jgsuEyqk
nWKbBw/kql7LuMYGW1SMXsWVQunEEr/RptBlphLInV5y
-----END CERTIFICATE-----