Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/9Bu2KukT9oO2T-HhxjmWRL486Ro.roa
File:                     9Bu2KukT9oO2T-HhxjmWRL486Ro.roa (raw, json)
Hash identifier:          falnHaE56jrNRZSXKez4heF7csC0OWl83vsJR+pPlMA=
Subject key identifier:   F4:1B:B6:2A:E9:13:F6:83:B6:4F:E1:E1:C6:39:96:44:BE:3C:E9:1A
Certificate issuer:       /CN=c8df337cea56a083f46b799072e70da345cc2364
Certificate serial:       018CC794260439A711CD28209187E4D47235
Authority key identifier: C8:DF:33:7C:EA:56:A0:83:F4:6B:79:90:72:E7:0D:A3:45:CC:23:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yN8zfOpWoIP0a3mQcucNo0XMI2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/9Bu2KukT9oO2T-HhxjmWRL486Ro.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202907
IP address blocks:        185.150.144.0/22 maxlen: 22
                          2a07:7140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yN8zfOpWoIP0a3mQcucNo0XMI2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yN8zfOpWoIP0a3mQcucNo0XMI2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yN8zfOpWoIP0a3mQcucNo0XMI2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:26:04:39:a7:11:cd:28:20:91:87:e4:d4:72:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8df337cea56a083f46b799072e70da345cc2364
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41bb62ae913f683b64fe1e1c6399644be3ce91a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:f3:a5:e8:e2:cc:df:04:89:c6:e2:3d:ae:
                    4c:c9:fc:92:ad:a6:82:f7:15:0c:72:d9:ce:b6:d6:
                    e9:2e:fa:88:93:96:aa:45:0d:24:85:0d:e4:a7:08:
                    9f:c0:c7:f1:aa:2a:55:70:a4:ab:d8:57:bb:5d:6d:
                    79:7d:d4:be:75:9f:11:17:c9:90:20:6b:c3:b6:93:
                    83:6f:9b:bc:47:13:d1:de:8d:86:6a:12:9b:28:40:
                    8d:a2:e7:09:13:53:b1:95:07:e8:f7:0c:0a:df:22:
                    de:13:d2:bf:03:4a:26:08:88:17:74:ff:0d:54:eb:
                    25:49:54:b7:79:e8:73:a0:7b:72:5f:fe:a3:9b:9e:
                    d8:a4:2c:32:a4:b3:b8:79:64:44:17:f5:22:b4:07:
                    b1:34:ee:6c:8a:39:cd:52:72:dc:cf:29:8d:3f:b9:
                    c0:e7:ba:b1:9c:24:d4:25:ee:63:e4:4f:70:06:dd:
                    c9:2d:7b:a5:11:eb:46:05:c8:3a:e9:2b:dc:d2:e6:
                    20:9f:2d:b4:c5:7c:65:00:49:61:90:72:4f:56:bd:
                    0d:1d:22:99:bd:8f:64:87:1a:f1:be:79:9f:ef:05:
                    06:1c:5f:fe:8d:eb:5e:1c:d3:39:17:d1:bc:6e:bf:
                    bd:90:ba:e3:af:7c:39:94:db:b0:ac:3b:06:23:25:
                    1e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1B:B6:2A:E9:13:F6:83:B6:4F:E1:E1:C6:39:96:44:BE:3C:E9:1A
            X509v3 Authority Key Identifier:
                keyid:C8:DF:33:7C:EA:56:A0:83:F4:6B:79:90:72:E7:0D:A3:45:CC:23:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yN8zfOpWoIP0a3mQcucNo0XMI2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/9Bu2KukT9oO2T-HhxjmWRL486Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yN8zfOpWoIP0a3mQcucNo0XMI2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.144.0/22
                IPv6:
                  2a07:7140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:89:0d:88:f2:dd:ff:73:4f:87:fb:a9:76:b8:15:0a:3f:5e:
         ed:44:39:77:f7:2e:fc:d5:d1:9b:50:4a:0b:51:4a:80:c4:7c:
         6c:59:94:72:0b:d3:6c:5b:66:f0:36:7d:92:11:6c:b2:87:ed:
         fc:a2:74:73:3d:99:47:50:2c:97:c6:e3:39:42:cb:cc:5a:e7:
         9a:bf:99:71:a5:27:01:f1:cc:ee:37:8b:aa:52:f6:a0:2f:c7:
         0e:de:5f:2d:43:41:21:69:3b:e6:17:70:9f:81:93:bc:9f:a8:
         a8:f1:3a:fe:f6:c8:20:6c:7e:b8:1a:e2:5d:2a:7d:2d:22:50:
         42:b0:06:0d:0d:05:7a:13:87:33:db:9d:b0:9f:44:c3:de:b1:
         db:65:41:e2:41:0f:c9:b1:f9:17:79:b9:21:73:d2:d9:31:38:
         7b:80:d1:17:f7:35:00:3e:aa:e3:2a:d9:3c:08:c6:16:7c:2e:
         26:41:d7:2c:12:73:cf:f1:4f:25:2f:94:f2:5a:d4:a6:11:41:
         28:e2:8e:72:48:30:c0:33:e2:09:0f:b2:34:81:0b:a9:31:00:
         94:1f:07:42:55:7b:01:91:1b:20:5c:5a:8c:b8:38:f8:bb:fc:
         3b:33:89:d9:d0:c8:7e:19:66:86:ed:c4:7a:6d:91:59:e4:40:
         b0:d5:f7:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlCYEOacRzSggkYfk1HI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZGYzMzdjZWE1NmEwODNmNDZiNzk5MDcyZTcwZGEzNDVj
YzIzNjQwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFiYjYyYWU5MTNmNjgzYjY0ZmUxZTFjNjM5OTY0NGJlM2NlOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIHzpejizN8EicbiPa5MyfySraaC
9xUMctnOttbpLvqIk5aqRQ0khQ3kpwifwMfxqipVcKSr2Fe7XW15fdS+dZ8RF8mQ
IGvDtpODb5u8RxPR3o2GahKbKECNoucJE1OxlQfo9wwK3yLeE9K/A0omCIgXdP8N
VOslSVS3eehzoHtyX/6jm57YpCwypLO4eWREF/UitAexNO5sijnNUnLczymNP7nA
57qxnCTUJe5j5E9wBt3JLXulEetGBcg66Svc0uYgny20xXxlAElhkHJPVr0NHSKZ
vY9khxrxvnmf7wUGHF/+jeteHNM5F9G8br+9kLrjr3w5lNuwrDsGIyUeZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPQbtirpE/aDtk/h4cY5lkS+POkaMB8GA1UdIwQY
MBaAFMjfM3zqVqCD9Gt5kHLnDaNFzCNkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU44emZPcFdvSVAwYTNtUWN1Y05vMFhNSTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yOTdkNTQtYmQ4Mi00MmUwLTljNDIt
NmZkYmNhNjAwZTAwLzEvOUJ1Mkt1a1Q5b08yVC1IaHhqbVdSTDQ4NlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yOTdkNTQtYmQ4Mi00MmUwLTljNDItNmZkYmNhNjAwZTAw
LzEveU44emZPcFdvSVAwYTNtUWN1Y05vMFhNSTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZaQMA0E
AgACMAcDBQMqB3FAMA0GCSqGSIb3DQEBCwUAA4IBAQBdiQ2I8t3/c0+H+6l2uBUK
P17tRDl39y781dGbUEoLUUqAxHxsWZRyC9NsW2bwNn2SEWyyh+38onRzPZlHUCyX
xuM5QsvMWueav5lxpScB8czuN4uqUvagL8cO3l8tQ0EhaTvmF3CfgZO8n6io8Tr+
9sggbH64GuJdKn0tIlBCsAYNDQV6E4cz252wn0TD3rHbZUHiQQ/JsfkXebkhc9LZ
MTh7gNEX9zUAPqrjKtk8CMYWfC4mQdcsEnPP8U8lL5TyWtSmEUEo4o5ySDDAM+IJ
D7I0gQupMQCUHwdCVXsBkRsgXFqMuDj4u/w7M4nZ0Mh+GWaG7cR6bZFZ5ECw1ff6
-----END CERTIFICATE-----