Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/1iRTMxUwCSjFrGjMmUnz9ZtnSOE.roa
File:                     1iRTMxUwCSjFrGjMmUnz9ZtnSOE.roa (raw, json)
Hash identifier:          oxm7PYI/bci8VQDuXRdBYfQbBjgS+7Wf/0mE63gV3s0=
Subject key identifier:   D6:24:53:33:15:30:09:28:C5:AC:68:CC:99:49:F3:F5:9B:67:48:E1
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       018CC5DC796A26FBE61F10EF8BE3A32994AB
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/1iRTMxUwCSjFrGjMmUnz9ZtnSOE.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395901
IP address blocks:        185.213.222.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 23:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:79:6a:26:fb:e6:1f:10:ef:8b:e3:a3:29:94:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d624533315300928c5ac68cc9949f3f59b6748e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:16:64:bb:ee:23:2b:c3:75:23:57:f5:ab:0a:
                    77:f7:e0:08:08:7f:19:6e:51:df:e5:f3:a2:3f:2b:
                    9f:71:d9:74:ef:68:f1:eb:3d:14:16:6f:95:f8:96:
                    fd:ef:08:87:8b:81:21:37:48:fe:b6:8c:8f:95:2f:
                    0f:5b:e1:96:28:17:54:3f:40:da:a3:80:69:2c:8d:
                    16:da:4b:d7:63:fb:e2:67:02:2e:ba:b8:bc:6e:e0:
                    5c:2c:5f:60:02:82:9a:b7:d9:29:e2:74:2b:ea:67:
                    e5:a6:79:ed:64:2a:3b:02:ab:1c:fa:37:df:46:39:
                    8f:84:90:02:47:2d:48:de:6b:7b:f8:fa:ac:8b:e0:
                    71:c1:40:62:80:aa:77:c0:30:0a:cd:30:0e:13:02:
                    99:f5:9d:15:eb:d1:69:fd:ca:82:0c:f7:de:05:c7:
                    89:24:b7:59:95:1b:6f:46:7f:16:fe:ea:fe:5e:91:
                    21:03:cb:8d:17:c2:9d:ad:89:22:bd:77:63:82:a8:
                    dd:92:2d:50:a9:a4:d0:f6:69:ef:fd:77:f6:c0:e0:
                    7e:f9:42:69:3d:3a:a5:2e:8a:da:ad:d9:62:b8:e5:
                    5d:0a:b3:47:c0:f4:65:a5:b3:75:57:e5:97:1b:4e:
                    1e:c9:1f:be:7b:53:46:8b:aa:b0:d4:9b:80:f6:32:
                    73:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:24:53:33:15:30:09:28:C5:AC:68:CC:99:49:F3:F5:9B:67:48:E1
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/1iRTMxUwCSjFrGjMmUnz9ZtnSOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:3a:43:32:fc:39:40:1c:29:3b:ee:9d:5f:47:d7:33:29:8b:
         1b:5a:43:2c:89:ea:d4:a6:76:ce:bc:97:ed:0e:eb:37:a2:4c:
         6e:3a:5c:60:fc:ee:9d:42:d5:03:f7:ad:2a:ed:44:37:c8:55:
         85:ba:14:55:b3:78:64:8c:fc:9e:9d:14:a1:99:ae:15:21:69:
         27:e6:94:85:f1:26:3b:d4:08:0a:fc:56:9e:4a:21:57:a5:d1:
         5a:e3:47:b5:7c:ce:98:4e:b5:e8:95:58:c2:d6:fa:75:8c:34:
         7a:3e:ea:29:27:d1:ed:0b:19:c6:af:1b:94:9a:86:d6:7c:41:
         1c:e1:6e:f8:0c:22:48:c5:5d:39:f0:f8:2b:4f:9b:cc:46:62:
         aa:6d:fe:5f:3e:41:05:92:6c:da:d1:e1:b9:a7:52:6c:e4:33:
         12:16:ad:c0:5d:a2:45:88:dd:cd:91:ee:bd:37:ad:92:c4:85:
         97:bb:37:bd:44:04:e3:9d:4c:3c:5c:bd:6c:b1:4f:b7:7e:13:
         da:e2:c2:b2:00:33:fe:9b:b9:af:ea:7f:b2:86:24:68:5d:74:
         b5:97:b8:12:d3:ee:43:11:c4:15:e1:47:cc:df:e0:e8:8e:a1:
         49:04:2f:74:43:22:a6:f6:da:9e:05:d0:b5:d6:97:99:00:ce:
         a7:4b:63:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3HlqJvvmHxDvi+OjKZSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjI0NTMzMzE1MzAwOTI4YzVhYzY4Y2M5OTQ5ZjNmNTliNjc0OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhZku+4jK8N1I1f1qwp39+AICH8Z
blHf5fOiPyufcdl072jx6z0UFm+V+Jb97wiHi4EhN0j+toyPlS8PW+GWKBdUP0Da
o4BpLI0W2kvXY/viZwIuuri8buBcLF9gAoKat9kp4nQr6mflpnntZCo7Aqsc+jff
RjmPhJACRy1I3mt7+Pqsi+BxwUBigKp3wDAKzTAOEwKZ9Z0V69Fp/cqCDPfeBceJ
JLdZlRtvRn8W/ur+XpEhA8uNF8KdrYkivXdjgqjdki1QqaTQ9mnv/Xf2wOB++UJp
PTqlLorardliuOVdCrNHwPRlpbN1V+WXG04eyR++e1NGi6qw1JuA9jJzLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYkUzMVMAkoxaxozJlJ8/WbZ0jhMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvMWlSVE14VXdDU2pGckdqTW1Vbno5WnRuU09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudXeMA0G
CSqGSIb3DQEBCwUAA4IBAQBvOkMy/DlAHCk77p1fR9czKYsbWkMsierUpnbOvJft
Dus3okxuOlxg/O6dQtUD960q7UQ3yFWFuhRVs3hkjPyenRShma4VIWkn5pSF8SY7
1AgK/FaeSiFXpdFa40e1fM6YTrXolVjC1vp1jDR6PuopJ9HtCxnGrxuUmobWfEEc
4W74DCJIxV058PgrT5vMRmKqbf5fPkEFkmza0eG5p1Js5DMSFq3AXaJFiN3Nke69
N62SxIWXuze9RATjnUw8XL1ssU+3fhPa4sKyADP+m7mv6n+yhiRoXXS1l7gS0+5D
EcQV4UfM3+DojqFJBC90QyKm9tqeBdC11peZAM6nS2OT
-----END CERTIFICATE-----