Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/mvYLp00a8AXi4GG7BuObnO2gRFo.roa
File:                     mvYLp00a8AXi4GG7BuObnO2gRFo.roa (raw, json)
Hash identifier:          Ng/CTbsUCxAk+VMRSU99baUVq8CzrRJjHp7atIsU7WA=
Subject key identifier:   9A:F6:0B:A7:4D:1A:F0:05:E2:E0:61:BB:06:E3:9B:9C:ED:A0:44:5A
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018CC9BC6FBD750FE32F08B25D0217650B89
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/mvYLp00a8AXi4GG7BuObnO2gRFo.roa
Signing time:             Tue 02 Jan 2024 10:33:38 +0000
ROA not before:           Tue 02 Jan 2024 10:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216050
IP address blocks:        185.100.169.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6f:bd:75:0f:e3:2f:08:b2:5d:02:17:65:0b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jan  2 10:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9af60ba74d1af005e2e061bb06e39b9ceda0445a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bd:28:31:91:15:40:6d:9f:91:91:17:53:98:
                    04:02:38:15:89:4b:05:7a:c8:8b:c6:a4:79:68:aa:
                    17:a5:49:1a:d7:d6:78:27:c2:4d:32:59:18:f6:33:
                    94:00:76:49:23:d3:29:27:15:9b:61:dc:77:c5:c6:
                    c4:81:8f:bc:0f:16:04:2d:c2:67:96:9c:b3:fe:6b:
                    2c:3a:a2:e7:e4:31:b9:88:75:34:ff:b1:4e:e6:04:
                    11:dd:04:cb:5c:a3:31:4a:32:98:6d:6a:1c:d0:71:
                    2b:15:76:f2:dc:ec:a6:31:59:43:31:a8:ad:ad:ae:
                    17:dc:9c:92:bc:a1:e1:43:f0:8e:bb:2b:60:3b:83:
                    fb:73:27:26:f4:08:81:60:b6:5f:3c:63:0a:2d:7d:
                    2b:ad:1a:68:d6:e4:9f:dd:71:ca:3d:55:88:52:a3:
                    7a:f9:f3:08:6c:ab:8a:6b:46:2c:d1:69:10:8f:ad:
                    d6:43:ef:a2:12:7b:01:fc:89:96:98:d5:41:1a:47:
                    97:21:e1:aa:2f:d4:a9:a9:2d:da:03:1d:d0:68:2c:
                    a3:bc:4a:57:5b:33:9c:38:f7:5a:67:b7:14:1a:71:
                    38:3a:29:53:b0:e8:71:bc:1a:fc:fa:ef:58:87:86:
                    1c:ea:14:7c:c6:38:11:47:6d:de:e0:77:60:36:0c:
                    a7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F6:0B:A7:4D:1A:F0:05:E2:E0:61:BB:06:E3:9B:9C:ED:A0:44:5A
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/mvYLp00a8AXi4GG7BuObnO2gRFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.169.0-185.100.170.255

    Signature Algorithm: sha256WithRSAEncryption
         14:3f:a9:23:7c:7d:e9:88:2b:6e:66:60:a3:16:04:b1:0c:de:
         a3:ab:69:a5:8f:e4:af:e1:a3:91:10:20:22:8a:39:51:7f:7e:
         44:6a:78:35:83:7e:a5:8f:3a:7c:82:02:10:f4:c2:51:3c:30:
         d1:77:f2:86:3c:14:39:02:cb:77:ca:ba:b4:a2:e4:49:31:eb:
         31:13:ab:a9:a2:ed:2d:26:fc:b4:25:ae:c0:3b:a2:a6:35:cc:
         73:11:51:8a:6e:f3:32:39:8e:91:32:73:18:85:3c:ef:9c:94:
         49:59:24:3b:41:7f:13:67:b1:17:d8:fd:97:8a:c8:48:dd:e8:
         af:a4:ee:e9:1c:7c:6d:cb:b5:80:66:4d:56:72:6d:0f:1d:3b:
         6d:43:50:ea:05:19:a8:15:5c:a9:8b:a1:29:c3:cb:bb:80:d2:
         20:43:77:57:97:49:13:10:0b:1a:7e:2a:2d:79:3c:f3:01:3a:
         99:9f:8d:27:67:6f:77:d4:80:e7:a3:63:c8:8b:b9:07:9c:28:
         06:9d:91:62:3d:21:b6:b8:6d:22:e6:21:74:3f:50:f5:ab:37:
         73:a4:3f:06:7e:66:79:56:6a:6f:0c:ff:40:1c:e4:20:a2:69:
         8d:d6:8c:0a:45:47:c8:3e:bf:0c:54:08:66:a3:95:02:7c:90:
         b7:89:17:15
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJvG+9dQ/jLwiyXQIXZQuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwMTAyMTAzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY2MGJhNzRkMWFmMDA1ZTJlMDYxYmIwNmUzOWI5Y2VkYTA0NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr0oMZEVQG2fkZEXU5gEAjgViUsF
esiLxqR5aKoXpUka19Z4J8JNMlkY9jOUAHZJI9MpJxWbYdx3xcbEgY+8DxYELcJn
lpyz/mssOqLn5DG5iHU0/7FO5gQR3QTLXKMxSjKYbWoc0HErFXby3OymMVlDMait
ra4X3JySvKHhQ/COuytgO4P7cycm9AiBYLZfPGMKLX0rrRpo1uSf3XHKPVWIUqN6
+fMIbKuKa0Ys0WkQj63WQ++iEnsB/ImWmNVBGkeXIeGqL9SpqS3aAx3QaCyjvEpX
WzOcOPdaZ7cUGnE4OilTsOhxvBr8+u9Yh4Yc6hR8xjgRR23e4HdgNgynaQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJr2C6dNGvAF4uBhuwbjm5ztoERaMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvbXZZTHAwMGE4QVhpNEdHN0J1T2JuTzJnUkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5ZKkD
BAC5ZKowDQYJKoZIhvcNAQELBQADggEBABQ/qSN8femIK25mYKMWBLEM3qOraaWP
5K/ho5EQICKKOVF/fkRqeDWDfqWPOnyCAhD0wlE8MNF38oY8FDkCy3fKurSi5Ekx
6zETq6mi7S0m/LQlrsA7oqY1zHMRUYpu8zI5jpEycxiFPO+clElZJDtBfxNnsRfY
/ZeKyEjd6K+k7ukcfG3LtYBmTVZybQ8dO21DUOoFGagVXKmLoSnDy7uA0iBDd1eX
SRMQCxp+Ki15PPMBOpmfjSdnb3fUgOejY8iLuQecKAadkWI9Iba4bSLmIXQ/UPWr
N3OkPwZ+ZnlWam8M/0Ac5CCiaY3WjApFR8g+vwxUCGajlQJ8kLeJFxU=
-----END CERTIFICATE-----