Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/9xPqFnRbDR3ATFDsUDrScTG_PNw.roa
File:                     9xPqFnRbDR3ATFDsUDrScTG_PNw.roa (raw, json)
Hash identifier:          hlTbSEYaEj+ZMVOrAjpXa9SXDsiZzJvIglTuzxzFXFE=
Subject key identifier:   F7:13:EA:16:74:5B:0D:1D:C0:4C:50:EC:50:3A:D2:71:31:BF:3C:DC
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       018FE650D2D6A96F6FEB3F491F50A57C2267
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/9xPqFnRbDR3ATFDsUDrScTG_PNw.roa
Signing time:             Wed 05 Jun 2024 02:53:27 +0000
ROA not before:           Wed 05 Jun 2024 02:53:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.162.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e6:50:d2:d6:a9:6f:6f:eb:3f:49:1f:50:a5:7c:22:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Jun  5 02:53:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f713ea16745b0d1dc04c50ec503ad27131bf3cdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:29:10:88:ff:5b:96:a2:19:01:a0:4b:18:79:
                    4f:b7:e7:fe:ae:90:53:e8:97:0f:a7:7a:01:25:07:
                    9d:e9:3d:41:8e:83:75:15:ad:e2:cb:60:6b:56:2f:
                    9d:08:dd:d2:69:d5:52:12:1e:b3:b4:65:3b:75:99:
                    17:ae:e4:87:25:48:b1:be:38:b8:51:77:b2:ce:74:
                    08:45:e2:d4:d7:23:d7:3d:cb:3b:da:e7:af:fb:2f:
                    de:ac:a4:f0:79:a9:86:8a:c3:37:65:71:b4:c9:10:
                    6d:93:c2:cb:8a:4d:f1:3f:04:b5:1b:13:ad:63:a5:
                    72:82:70:23:e6:46:c6:21:ed:6f:2b:32:12:f9:bf:
                    58:74:90:15:56:2e:ba:8b:04:4b:5a:d0:a0:d8:f1:
                    e4:4a:5d:6d:fc:7e:ef:0f:95:e0:1e:b7:28:cd:f5:
                    40:8c:56:78:12:da:18:b1:b7:1b:2e:ce:fc:0c:c5:
                    ea:8e:ee:52:4a:65:2c:e6:b9:18:83:8c:6f:a8:ce:
                    7d:ca:b5:53:50:6b:fb:4d:2f:77:49:98:92:58:e7:
                    29:81:c7:b2:33:0a:8e:ab:30:bf:f5:d1:5d:62:a4:
                    43:dc:10:f9:eb:01:11:32:dc:2d:a5:ea:3b:61:2b:
                    64:60:78:2f:22:80:70:31:26:90:c1:28:5b:dd:6b:
                    55:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:13:EA:16:74:5B:0D:1D:C0:4C:50:EC:50:3A:D2:71:31:BF:3C:DC
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/9xPqFnRbDR3ATFDsUDrScTG_PNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:05:28:36:42:e3:0c:97:44:59:a7:77:a8:9c:34:1b:26:3b:
         4f:52:97:ca:2a:fa:b7:e3:1e:c6:67:01:51:27:d5:a3:e3:d6:
         55:3c:63:cd:b2:07:1b:5e:d3:83:da:2f:9b:ab:6b:f4:f2:1e:
         c3:f3:45:76:32:a4:2b:61:9d:05:01:82:e3:9a:dc:e6:94:1f:
         01:58:25:77:51:c3:5f:65:43:9e:b8:a9:66:68:70:40:cf:ce:
         6c:9c:4f:5d:a3:7a:73:4d:1b:db:c0:f3:fc:6d:eb:8c:14:ed:
         b5:14:5c:a0:83:30:49:36:f2:5d:c5:5a:d2:cb:7a:f8:2a:79:
         a1:1a:f3:82:d6:e4:65:9b:c4:f8:ea:ab:47:c1:30:89:cf:e6:
         90:d2:43:10:d1:ec:6d:69:81:a5:b3:22:f7:34:ad:c6:e7:55:
         f2:78:13:c7:f0:ae:5f:ff:ff:5c:7d:25:fb:b7:3f:a8:78:2b:
         fe:4d:a8:fd:0a:df:b4:4e:28:d6:63:5e:a1:c0:17:95:c9:a6:
         5a:f4:96:5d:47:1c:57:41:cc:62:97:4c:e3:19:0c:66:1e:47:
         0d:6f:d5:57:ae:37:2d:8f:43:74:25:5f:62:dc:9c:ef:b5:fd:
         d6:2d:10:90:d6:12:b9:ea:3d:c1:66:37:51:f3:73:9c:2c:00:
         08:e7:50:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/mUNLWqW9v6z9JH1ClfCJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjQwNjA1MDI1MzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzEzZWExNjc0NWIwZDFkYzA0YzUwZWM1MDNhZDI3MTMxYmYzY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzykQiP9blqIZAaBLGHlPt+f+rpBT
6JcPp3oBJQed6T1BjoN1Fa3iy2BrVi+dCN3SadVSEh6ztGU7dZkXruSHJUixvji4
UXeyznQIReLU1yPXPcs72uev+y/erKTweamGisM3ZXG0yRBtk8LLik3xPwS1GxOt
Y6VygnAj5kbGIe1vKzIS+b9YdJAVVi66iwRLWtCg2PHkSl1t/H7vD5XgHrcozfVA
jFZ4EtoYsbcbLs78DMXqju5SSmUs5rkYg4xvqM59yrVTUGv7TS93SZiSWOcpgcey
MwqOqzC/9dFdYqRD3BD56wERMtwtpeo7YStkYHgvIoBwMSaQwShb3WtVqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcT6hZ0Ww0dwExQ7FA60nExvzzcMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvOXhQcUZuUmJEUjNBVEZEc1VEclNjVEdfUE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaL8MA0G
CSqGSIb3DQEBCwUAA4IBAQBIBSg2QuMMl0RZp3eonDQbJjtPUpfKKvq34x7GZwFR
J9Wj49ZVPGPNsgcbXtOD2i+bq2v08h7D80V2MqQrYZ0FAYLjmtzmlB8BWCV3UcNf
ZUOeuKlmaHBAz85snE9do3pzTRvbwPP8beuMFO21FFyggzBJNvJdxVrSy3r4Knmh
GvOC1uRlm8T46qtHwTCJz+aQ0kMQ0extaYGlsyL3NK3G51XyeBPH8K5f//9cfSX7
tz+oeCv+Taj9Ct+0TijWY16hwBeVyaZa9JZdRxxXQcxil0zjGQxmHkcNb9VXrjct
j0N0JV9i3Jzvtf3WLRCQ1hK56j3BZjdR83OcLAAI51Aw
-----END CERTIFICATE-----