Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/9PCX8iK7NOFWZDSc2_1bQttVh-Y.roa
File:                     9PCX8iK7NOFWZDSc2_1bQttVh-Y.roa (raw, json)
Hash identifier:          9ZLCA8+VPFcRe8lxsp1aDw3VRRM7HqzrcU7zEYCVMCY=
Subject key identifier:   F4:F0:97:F2:22:BB:34:E1:56:64:34:9C:DB:FD:5B:42:DB:55:87:E6
Certificate issuer:       /CN=05b3017c1693b945b5eda091ec93f85c1be1df36
Certificate serial:       018CC4250177ED88B0FBAA07DE2270E6D7A7
Authority key identifier: 05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/9PCX8iK7NOFWZDSc2_1bQttVh-Y.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197297
IP address blocks:        185.163.112.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:01:77:ed:88:b0:fb:aa:07:de:22:70:e6:d7:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b3017c1693b945b5eda091ec93f85c1be1df36
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4f097f222bb34e15664349cdbfd5b42db5587e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6c:07:94:57:54:58:7c:d0:0b:8b:5b:a3:8d:
                    ea:b7:a1:06:7e:ef:d4:e5:f0:ba:96:5f:6d:57:27:
                    ef:78:c5:39:e9:06:89:e6:62:6c:07:c2:54:5e:51:
                    ac:00:7c:01:93:b8:7c:b0:09:6d:ac:c6:89:80:73:
                    a5:9c:15:f8:ca:74:44:ed:e4:b5:4b:38:81:72:c7:
                    cb:61:7c:99:58:ac:1d:fa:23:93:3e:46:3b:01:71:
                    49:24:83:26:eb:78:f9:8b:10:ad:ae:1a:8e:79:1a:
                    e5:99:3a:e6:3f:07:cc:b4:5a:20:24:9d:e2:87:de:
                    59:40:27:05:bc:0f:22:3a:03:39:23:bf:93:13:03:
                    1c:32:1c:50:a4:30:fb:02:e4:58:38:70:80:ad:e2:
                    25:f9:3a:9f:dd:c5:d9:d8:54:fd:55:1e:9a:2d:13:
                    a0:5d:d5:72:96:72:ce:56:ab:72:5a:af:91:3f:66:
                    17:69:b0:68:b4:20:20:ee:d2:49:37:b4:e5:64:b2:
                    26:d4:17:1e:e9:69:ef:92:45:15:3f:f2:a8:95:ec:
                    9d:c6:6f:af:16:23:46:45:47:ca:4d:f5:d3:77:d2:
                    db:33:ef:77:d6:e0:21:e9:d6:53:09:8a:3e:21:85:
                    a0:dc:96:7e:13:ea:d9:df:46:93:69:47:85:04:9e:
                    fe:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F0:97:F2:22:BB:34:E1:56:64:34:9C:DB:FD:5B:42:DB:55:87:E6
            X509v3 Authority Key Identifier:
                keyid:05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/9PCX8iK7NOFWZDSc2_1bQttVh-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:4b:5c:f8:4b:58:93:1c:88:70:ee:f5:12:16:82:7b:c6:c2:
         99:15:59:06:c1:11:9a:3a:ec:37:cb:de:01:13:30:8b:5f:b3:
         a8:47:de:31:33:49:29:31:69:92:e7:f9:9b:71:fb:09:c4:09:
         3e:67:54:5a:9b:b9:d6:a7:98:f9:7c:ef:55:d5:ad:85:b4:cf:
         5e:c1:d6:ff:23:b9:8d:ff:fc:2e:77:90:8c:4d:ee:49:ee:9e:
         12:cf:35:a1:3c:72:ec:78:b6:29:3b:72:5f:de:33:4f:62:93:
         91:d4:9f:0e:ae:bb:ca:55:35:5f:97:3a:49:14:d8:0d:33:d1:
         dd:50:05:92:05:5c:33:0c:64:97:44:1e:ff:2c:58:27:11:2b:
         74:b9:b7:ed:1d:f2:4a:a6:bd:13:b2:4e:1c:65:29:73:83:13:
         ff:e1:5d:a6:b1:40:1f:21:cc:60:83:e1:d3:fc:f8:81:a0:a1:
         b1:7d:e2:f7:a8:58:04:f0:8c:6a:79:0b:07:38:cd:a4:e2:54:
         8d:99:89:b3:32:7e:0f:9b:3e:36:e7:2e:46:2d:f1:2e:23:d9:
         4b:a9:38:23:bd:11:61:5d:f7:c9:5f:58:42:a1:d3:23:6b:da:
         26:11:49:86:c7:0a:43:bb:3e:34:24:c2:5d:4a:b3:ef:6c:3b:
         49:aa:a1:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQF37Yiw+6oH3iJw5tenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjMwMTdjMTY5M2I5NDViNWVkYTA5MWVjOTNmODVjMWJl
MWRmMzYwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGYwOTdmMjIyYmIzNGUxNTY2NDM0OWNkYmZkNWI0MmRiNTU4N2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGwHlFdUWHzQC4tbo43qt6EGfu/U
5fC6ll9tVyfveMU56QaJ5mJsB8JUXlGsAHwBk7h8sAltrMaJgHOlnBX4ynRE7eS1
SziBcsfLYXyZWKwd+iOTPkY7AXFJJIMm63j5ixCtrhqOeRrlmTrmPwfMtFogJJ3i
h95ZQCcFvA8iOgM5I7+TEwMcMhxQpDD7AuRYOHCAreIl+Tqf3cXZ2FT9VR6aLROg
XdVylnLOVqtyWq+RP2YXabBotCAg7tJJN7TlZLIm1Bce6WnvkkUVP/Koleydxm+v
FiNGRUfKTfXTd9LbM+931uAh6dZTCYo+IYWg3JZ+E+rZ30aTaUeFBJ7+zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTwl/IiuzThVmQ0nNv9W0LbVYfmMB8GA1UdIwQY
MBaAFAWzAXwWk7lFte2gkeyT+Fwb4d82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQt
YWEyNzdlMzg5ZmRjLzEvOVBDWDhpSzdOT0ZXWkRTYzJfMWJRdHRWaC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQtYWEyNzdlMzg5ZmRj
LzEvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaNwMA0G
CSqGSIb3DQEBCwUAA4IBAQCoS1z4S1iTHIhw7vUSFoJ7xsKZFVkGwRGaOuw3y94B
EzCLX7OoR94xM0kpMWmS5/mbcfsJxAk+Z1Ram7nWp5j5fO9V1a2FtM9ewdb/I7mN
//wud5CMTe5J7p4SzzWhPHLseLYpO3Jf3jNPYpOR1J8OrrvKVTVflzpJFNgNM9Hd
UAWSBVwzDGSXRB7/LFgnESt0ubftHfJKpr0Tsk4cZSlzgxP/4V2msUAfIcxgg+HT
/PiBoKGxfeL3qFgE8IxqeQsHOM2k4lSNmYmzMn4Pmz425y5GLfEuI9lLqTgjvRFh
XffJX1hCodMja9omEUmGxwpDuz40JMJdSrPvbDtJqqGy
-----END CERTIFICATE-----