Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/399d62-882a-443d-bd80-55ddf80e9a9d/1/1-xkd-gZxIak5w2EwYsIA72GoJdQ.roa
File:                     1-xkd-gZxIak5w2EwYsIA72GoJdQ.roa (raw, json)
Hash identifier:          7sFNj0qhhyVBta/7/AVOuIenbJXd19jJoNhLrw+BSFM=
Subject key identifier:   FB:19:1D:FA:06:71:21:A9:39:C3:61:30:62:C2:00:EF:61:A8:25:D4
Certificate issuer:       /CN=00d946a5340b7f0ff50d9afa6519ade7f3a4a082
Certificate serial:       018CC727716D43356468D5E37F52C469418E
Authority key identifier: 00:D9:46:A5:34:0B:7F:0F:F5:0D:9A:FA:65:19:AD:E7:F3:A4:A0:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ANlGpTQLfw_1DZr6ZRmt5_OkoII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/399d62-882a-443d-bd80-55ddf80e9a9d/1/1-xkd-gZxIak5w2EwYsIA72GoJdQ.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205854
IP address blocks:        185.185.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/399d62-882a-443d-bd80-55ddf80e9a9d/1/ANlGpTQLfw_1DZr6ZRmt5_OkoII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/399d62-882a-443d-bd80-55ddf80e9a9d/1/ANlGpTQLfw_1DZr6ZRmt5_OkoII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ANlGpTQLfw_1DZr6ZRmt5_OkoII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:71:6d:43:35:64:68:d5:e3:7f:52:c4:69:41:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00d946a5340b7f0ff50d9afa6519ade7f3a4a082
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb191dfa067121a939c3613062c200ef61a825d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:78:30:38:f3:21:f2:ee:3b:17:80:8b:a1:eb:
                    64:14:7d:09:4f:13:dd:1e:ff:e7:10:4c:0a:80:e4:
                    79:9b:f3:b4:dc:83:8c:c6:ab:1b:4d:b4:18:e8:d5:
                    08:d3:c7:ec:e4:ff:87:9e:9e:4c:90:26:95:9b:cb:
                    5a:9d:27:29:86:eb:4d:51:0f:01:e0:89:84:fb:15:
                    cc:a1:64:f9:3e:1e:0a:fb:f0:f5:44:2f:ad:fe:e5:
                    96:53:af:6d:fb:3a:87:a8:55:3c:4b:a6:4e:e7:db:
                    32:87:48:6e:73:a7:66:71:44:ae:d6:0a:45:1c:b6:
                    50:54:eb:43:68:e4:42:a6:8c:bb:79:44:f8:48:6b:
                    6e:09:a2:ea:42:e7:1b:8e:dc:ee:c6:3d:a6:0a:94:
                    e2:ab:56:cb:ae:21:c4:13:a5:76:d9:df:99:32:4b:
                    2a:89:03:22:e9:01:82:86:58:b4:a9:ee:7f:78:d7:
                    41:2c:54:78:42:d7:46:4f:56:d2:94:8c:2d:e9:2e:
                    a2:c7:21:b8:00:49:b8:9d:ac:53:d2:50:23:41:55:
                    73:c5:8f:8a:b6:cb:ac:18:b5:ca:03:7d:d7:ac:05:
                    95:e6:95:aa:c1:32:3b:fc:44:8c:b0:2b:2e:a5:89:
                    e8:f2:8e:65:6d:fb:79:a8:ab:e8:a6:64:c2:eb:e0:
                    0f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:19:1D:FA:06:71:21:A9:39:C3:61:30:62:C2:00:EF:61:A8:25:D4
            X509v3 Authority Key Identifier:
                keyid:00:D9:46:A5:34:0B:7F:0F:F5:0D:9A:FA:65:19:AD:E7:F3:A4:A0:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ANlGpTQLfw_1DZr6ZRmt5_OkoII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/399d62-882a-443d-bd80-55ddf80e9a9d/1/1-xkd-gZxIak5w2EwYsIA72GoJdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/399d62-882a-443d-bd80-55ddf80e9a9d/1/ANlGpTQLfw_1DZr6ZRmt5_OkoII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:c3:e1:18:43:01:b2:8c:52:28:3c:48:da:ec:93:fd:82:9a:
         39:ee:49:0d:f0:77:ee:47:ad:89:44:72:4c:54:e3:47:c5:57:
         0d:94:0d:a5:a4:af:1b:24:a9:e3:b7:f2:97:b1:99:22:82:6c:
         36:4c:b6:7a:7e:06:2f:bc:41:19:a8:2f:29:1e:c1:c3:c5:a9:
         7b:28:1e:cb:46:36:e2:1d:8c:87:8f:d2:ee:bc:4d:af:24:99:
         f6:7e:5c:d9:de:b7:b6:6f:98:4b:d5:db:02:c0:b8:cc:5d:52:
         74:32:02:9a:b0:c6:ee:bd:a4:7f:c7:b5:1b:0c:38:02:b1:e2:
         42:d2:99:90:f2:e8:43:23:96:cf:00:40:7d:82:e8:08:04:8e:
         c4:9e:26:f1:cd:06:ac:65:7f:ff:07:41:f9:e4:54:d9:72:34:
         81:ef:a8:e5:dd:fb:2d:2e:3c:db:f0:f4:4d:74:2b:e2:1c:ee:
         6e:1c:08:23:70:b5:79:44:3a:3c:15:e9:bd:ce:e1:a4:4e:3f:
         b1:6f:ec:73:80:b2:dd:6a:f5:0b:c0:78:6b:68:af:8f:89:70:
         4e:95:8e:8d:26:20:d4:ff:e5:cd:30:36:09:22:3a:b1:f5:45:
         dc:17:45:9a:e6:74:13:c4:58:0c:a0:7a:8d:4b:99:6b:6c:7f:
         2e:03:a7:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ3FtQzVkaNXjf1LEaUGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZDk0NmE1MzQwYjdmMGZmNTBkOWFmYTY1MTlhZGU3ZjNh
NGEwODIwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjE5MWRmYTA2NzEyMWE5MzljMzYxMzA2MmMyMDBlZjYxYTgyNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAungwOPMh8u47F4CLoetkFH0JTxPd
Hv/nEEwKgOR5m/O03IOMxqsbTbQY6NUI08fs5P+Hnp5MkCaVm8tanScphutNUQ8B
4ImE+xXMoWT5Ph4K+/D1RC+t/uWWU69t+zqHqFU8S6ZO59syh0huc6dmcUSu1gpF
HLZQVOtDaORCpoy7eUT4SGtuCaLqQucbjtzuxj2mCpTiq1bLriHEE6V22d+ZMksq
iQMi6QGChli0qe5/eNdBLFR4QtdGT1bSlIwt6S6ixyG4AEm4naxT0lAjQVVzxY+K
tsusGLXKA33XrAWV5pWqwTI7/ESMsCsupYno8o5lbft5qKvopmTC6+APkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsZHfoGcSGpOcNhMGLCAO9hqCXUMB8GA1UdIwQY
MBaAFADZRqU0C38P9Q2a+mUZrefzpKCCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU5sR3BUUUxmd18xRFpyNlpSbXQ1X09rb0lJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTlkNjItODgyYS00NDNkLWJkODAt
NTVkZGY4MGU5YTlkLzEvMS14a2QtZ1p4SWFrNXcyRXdZc0lBNzJHb0pkUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGMvMzk5ZDYyLTg4MmEtNDQzZC1iZDgwLTU1ZGRmODBlOWE5
ZC8xL0FObEdwVFFMZndfMURacjZaUm10NV9Pa29JSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArm5vDAN
BgkqhkiG9w0BAQsFAAOCAQEAEsPhGEMBsoxSKDxI2uyT/YKaOe5JDfB37ketiURy
TFTjR8VXDZQNpaSvGySp47fyl7GZIoJsNky2en4GL7xBGagvKR7Bw8Wpeygey0Y2
4h2Mh4/S7rxNrySZ9n5c2d63tm+YS9XbAsC4zF1SdDICmrDG7r2kf8e1Gww4ArHi
QtKZkPLoQyOWzwBAfYLoCASOxJ4m8c0GrGV//wdB+eRU2XI0ge+o5d37LS482/D0
TXQr4hzubhwII3C1eUQ6PBXpvc7hpE4/sW/sc4Cy3Wr1C8B4a2ivj4lwTpWOjSYg
1P/lzTA2CSI6sfVF3BdFmuZ0E8RYDKB6jUuZa2x/LgOn2Q==
-----END CERTIFICATE-----