Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/rvVw1BVOo91FyzLD3e0rnEBWmrs.roa
File:                     rvVw1BVOo91FyzLD3e0rnEBWmrs.roa (raw, json)
Hash identifier:          Y2ZurUBRxKLVkMGqWbt9Wmbm9PO6ZaNQGYryN+Ep034=
Subject key identifier:   AE:F5:70:D4:15:4E:A3:DD:45:CB:32:C3:DD:ED:2B:9C:40:56:9A:BB
Certificate issuer:       /CN=374e2729b17369890a1512f643cd08e4ba2ff414
Certificate serial:       018CC5DD1A7BDEC2444AD6284494C4853C1E
Authority key identifier: 37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/rvVw1BVOo91FyzLD3e0rnEBWmrs.roa
Signing time:             Mon 01 Jan 2024 16:30:50 +0000
ROA not before:           Mon 01 Jan 2024 16:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396426
IP address blocks:        185.101.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:1a:7b:de:c2:44:4a:d6:28:44:94:c4:85:3c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374e2729b17369890a1512f643cd08e4ba2ff414
        Validity
            Not Before: Jan  1 16:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aef570d4154ea3dd45cb32c3dded2b9c40569abb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b0:58:00:71:28:fd:2a:4c:d6:12:f0:c1:03:
                    dd:b2:5e:23:07:69:70:3c:2a:a9:c3:7c:f2:23:d5:
                    56:28:8e:11:04:78:a9:c4:10:93:1d:f6:f8:b8:82:
                    cd:b1:8a:49:5c:4a:4f:7c:fd:48:1d:6f:f6:e5:39:
                    1b:d0:39:8b:2e:c0:96:ec:61:9c:71:f6:4d:a4:5b:
                    f4:c0:79:35:ec:7b:df:96:7f:dc:e9:d6:bc:aa:04:
                    17:31:9b:6a:cb:2a:ae:76:58:cc:eb:cf:c4:37:54:
                    6b:28:69:45:d2:69:fd:9d:36:ce:1b:9f:0f:e1:2e:
                    49:df:f0:dc:e1:f1:e7:d4:90:c6:22:79:c5:df:a0:
                    16:e8:14:1a:a0:76:4f:71:fb:78:3f:23:0a:f1:e7:
                    98:1c:22:33:f9:ff:95:b5:5b:9f:a1:b3:43:ec:c0:
                    99:2a:ed:f7:6e:21:db:e6:61:bb:17:36:ab:5f:81:
                    40:f4:c5:3f:8b:0b:23:d1:32:d2:8a:69:8d:11:83:
                    46:96:ad:e3:c4:c8:51:a5:19:d4:10:7a:6b:45:c6:
                    f7:14:e2:d9:33:17:f6:ee:53:64:2b:e4:1b:ea:45:
                    3c:c0:c3:dc:f6:7a:63:ca:50:20:3f:e9:3f:a6:32:
                    e7:c1:af:db:a8:34:2f:f0:3d:3a:dc:b8:86:12:50:
                    2b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F5:70:D4:15:4E:A3:DD:45:CB:32:C3:DD:ED:2B:9C:40:56:9A:BB
            X509v3 Authority Key Identifier:
                keyid:37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/rvVw1BVOo91FyzLD3e0rnEBWmrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:57:3d:d9:39:d6:5e:3f:12:1d:9f:7b:3b:a1:4e:c1:5e:59:
         bb:c1:35:30:19:d3:3b:53:b6:c0:67:18:07:d5:6d:b8:b0:a1:
         80:16:0d:73:16:04:9a:a3:eb:57:66:5b:a6:0f:e7:18:6b:e2:
         aa:4d:a4:60:75:ab:c7:cf:7b:c7:e3:b5:37:74:2b:af:6d:2d:
         14:88:76:f3:8c:94:3b:11:ff:42:d9:6a:d7:34:bb:b7:2e:dd:
         aa:b2:e3:39:ce:f8:80:d6:01:ca:91:31:d5:c1:df:30:d3:11:
         ea:a7:96:57:f3:2a:68:4e:46:d6:36:50:c9:05:99:03:ed:7e:
         79:e9:df:12:66:f7:21:5b:b2:27:6e:70:a6:a0:5e:1f:65:ac:
         59:ff:4b:4d:12:62:bb:ac:3e:ba:1a:8f:4f:b5:b0:29:87:7e:
         da:9e:c8:28:f2:09:41:41:8b:ab:03:39:58:b6:0d:f5:cc:2d:
         27:1e:73:34:62:10:1c:a0:fd:6b:15:97:65:85:fc:dc:ee:2c:
         99:66:f5:83:eb:52:56:4f:27:35:24:73:3d:d0:f9:14:da:77:
         54:14:fe:4c:17:43:82:b6:eb:3f:27:77:64:35:a4:85:24:e4:
         de:21:63:45:c7:d0:2c:94:c6:4b:f3:b7:14:1f:29:2f:17:bc:
         27:39:e3:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Rp73sJEStYoRJTEhTweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGUyNzI5YjE3MzY5ODkwYTE1MTJmNjQzY2QwOGU0YmEy
ZmY0MTQwHhcNMjQwMTAxMTYzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWY1NzBkNDE1NGVhM2RkNDVjYjMyYzNkZGVkMmI5YzQwNTY5YWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLBYAHEo/SpM1hLwwQPdsl4jB2lw
PCqpw3zyI9VWKI4RBHipxBCTHfb4uILNsYpJXEpPfP1IHW/25Tkb0DmLLsCW7GGc
cfZNpFv0wHk17Hvfln/c6da8qgQXMZtqyyqudljM68/EN1RrKGlF0mn9nTbOG58P
4S5J3/Dc4fHn1JDGInnF36AW6BQaoHZPcft4PyMK8eeYHCIz+f+VtVufobND7MCZ
Ku33biHb5mG7FzarX4FA9MU/iwsj0TLSimmNEYNGlq3jxMhRpRnUEHprRcb3FOLZ
Mxf27lNkK+Qb6kU8wMPc9npjylAgP+k/pjLnwa/bqDQv8D063LiGElAr5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK71cNQVTqPdRcsyw93tK5xAVpq7MB8GA1UdIwQY
MBaAFDdOJymxc2mJChUS9kPNCOS6L/QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYt
Y2ZjNDZhNzZlYzc4LzEvcnZWdzFCVk9vOTFGeXpMRDNlMHJuRUJXbXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYtY2ZjNDZhNzZlYzc4
LzEvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWUWMA0G
CSqGSIb3DQEBCwUAA4IBAQBkVz3ZOdZePxIdn3s7oU7BXlm7wTUwGdM7U7bAZxgH
1W24sKGAFg1zFgSao+tXZlumD+cYa+KqTaRgdavHz3vH47U3dCuvbS0UiHbzjJQ7
Ef9C2WrXNLu3Lt2qsuM5zviA1gHKkTHVwd8w0xHqp5ZX8ypoTkbWNlDJBZkD7X55
6d8SZvchW7InbnCmoF4fZaxZ/0tNEmK7rD66Go9PtbAph37ansgo8glBQYurAzlY
tg31zC0nHnM0YhAcoP1rFZdlhfzc7iyZZvWD61JWTyc1JHM90PkU2ndUFP5MF0OC
tus/J3dkNaSFJOTeIWNFx9AslMZL87cUHykvF7wnOeNt
-----END CERTIFICATE-----