Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/1cfeb7-d0aa-4c1d-bb9b-763abab97101/1/mJ164DVHPSXQs-FpStIxVRFYOaI.roa
File:                     mJ164DVHPSXQs-FpStIxVRFYOaI.roa (raw, json)
Hash identifier:          4KVhhiNy4Li/RWdYBTzBuP1kmr4VUH2HWN0Bolvirq8=
Subject key identifier:   98:9D:7A:E0:35:47:3D:25:D0:B3:E1:69:4A:D2:31:55:11:58:39:A2
Certificate issuer:       /CN=185f3c33fb0113b45d45929a4c06f28c714dca4b
Certificate serial:       018CC9BA59388F8F07FE4DF178EDA032A9CB
Authority key identifier: 18:5F:3C:33:FB:01:13:B4:5D:45:92:9A:4C:06:F2:8C:71:4D:CA:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GF88M_sBE7RdRZKaTAbyjHFNyks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/1cfeb7-d0aa-4c1d-bb9b-763abab97101/1/mJ164DVHPSXQs-FpStIxVRFYOaI.roa
Signing time:             Tue 02 Jan 2024 10:31:22 +0000
ROA not before:           Tue 02 Jan 2024 10:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58183
IP address blocks:        195.62.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/1cfeb7-d0aa-4c1d-bb9b-763abab97101/1/GF88M_sBE7RdRZKaTAbyjHFNyks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/1cfeb7-d0aa-4c1d-bb9b-763abab97101/1/GF88M_sBE7RdRZKaTAbyjHFNyks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GF88M_sBE7RdRZKaTAbyjHFNyks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:59:38:8f:8f:07:fe:4d:f1:78:ed:a0:32:a9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=185f3c33fb0113b45d45929a4c06f28c714dca4b
        Validity
            Not Before: Jan  2 10:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=989d7ae035473d25d0b3e1694ad23155115839a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c6:2a:ef:84:38:1a:f4:af:dd:57:96:b6:cc:
                    62:9a:36:d3:10:58:be:fd:3c:fc:96:34:56:25:83:
                    98:09:57:24:77:b1:d4:4a:fb:8e:40:e4:73:c7:b5:
                    37:26:34:90:8b:df:71:9d:91:75:20:23:92:06:f1:
                    fe:68:4b:16:36:01:1e:a0:15:ea:f5:9b:3c:87:97:
                    c4:cb:bd:19:ce:2e:54:e2:b3:ba:10:82:89:e4:18:
                    ef:47:13:3a:4a:86:3f:c3:6c:48:db:c7:06:f3:de:
                    a3:fe:59:10:ea:ec:17:e8:34:fe:1b:41:a7:35:0c:
                    c5:28:59:4c:1b:08:bf:fe:4f:08:d6:e6:2d:de:56:
                    7b:a1:1c:e0:82:28:01:ce:99:89:85:f2:f8:97:04:
                    a9:3e:e1:2a:28:a8:d8:21:d9:5a:9c:6e:5a:48:97:
                    af:a5:12:17:b3:c7:d4:04:8f:6b:4e:dc:e4:76:66:
                    7a:14:06:90:f6:45:ce:f9:dc:fc:ba:e0:64:5c:00:
                    01:92:d6:94:d7:19:c7:09:4f:2c:a5:a0:74:2e:39:
                    b7:ca:06:0b:11:c1:3c:96:66:94:94:8e:65:bd:96:
                    74:d7:34:66:45:87:ae:36:8a:8d:de:69:47:3c:84:
                    b8:28:03:7f:a1:83:db:2e:d0:12:f4:e7:8f:82:73:
                    64:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:9D:7A:E0:35:47:3D:25:D0:B3:E1:69:4A:D2:31:55:11:58:39:A2
            X509v3 Authority Key Identifier:
                keyid:18:5F:3C:33:FB:01:13:B4:5D:45:92:9A:4C:06:F2:8C:71:4D:CA:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GF88M_sBE7RdRZKaTAbyjHFNyks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/1cfeb7-d0aa-4c1d-bb9b-763abab97101/1/mJ164DVHPSXQs-FpStIxVRFYOaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/1cfeb7-d0aa-4c1d-bb9b-763abab97101/1/GF88M_sBE7RdRZKaTAbyjHFNyks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d0:56:af:57:15:fc:ee:c2:95:b9:0f:37:42:6f:70:d3:61:
         1d:1b:cd:85:51:99:44:af:21:51:e0:43:35:36:81:72:f4:0a:
         7c:ca:77:a6:1f:20:31:bc:7c:a2:da:df:27:2b:8e:62:15:1a:
         db:e1:97:e3:c9:69:4a:56:7c:93:b2:5e:df:94:1a:d0:09:ef:
         71:dd:10:25:5c:a1:4d:b3:7b:4f:68:8c:18:6b:27:c1:37:d8:
         a9:7e:5e:c9:2b:ca:a3:47:4a:03:60:ef:1e:fb:60:de:ad:06:
         69:b8:e7:c5:66:63:7f:4a:30:32:88:02:34:74:de:05:19:bd:
         46:97:c7:7c:fd:d6:b1:3b:24:94:36:39:bb:99:e8:b1:a9:33:
         23:dd:6a:38:5e:7e:34:45:0f:d8:68:fc:e5:4b:dd:28:89:e3:
         86:91:ad:35:c2:c9:9f:eb:7f:09:b8:6f:0a:b9:df:c1:61:d1:
         46:dd:bb:4f:b0:05:53:c8:d9:c0:18:d7:56:9e:ea:12:e4:a4:
         54:0b:5b:ed:33:f2:93:90:01:2e:26:03:4d:10:a5:5c:77:53:
         7a:0f:56:78:fe:f0:28:2d:9a:14:2d:6c:3a:c7:3a:27:58:93:
         3a:88:ee:d7:a7:53:1b:83:77:51:86:45:32:8f:1b:39:f7:dd:
         5c:a7:19:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJulk4j48H/k3xeO2gMqnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NWYzYzMzZmIwMTEzYjQ1ZDQ1OTI5YTRjMDZmMjhjNzE0
ZGNhNGIwHhcNMjQwMTAyMTAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODlkN2FlMDM1NDczZDI1ZDBiM2UxNjk0YWQyMzE1NTExNTgzOWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocYq74Q4GvSv3VeWtsximjbTEFi+
/Tz8ljRWJYOYCVckd7HUSvuOQORzx7U3JjSQi99xnZF1ICOSBvH+aEsWNgEeoBXq
9Zs8h5fEy70Zzi5U4rO6EIKJ5BjvRxM6SoY/w2xI28cG896j/lkQ6uwX6DT+G0Gn
NQzFKFlMGwi//k8I1uYt3lZ7oRzggigBzpmJhfL4lwSpPuEqKKjYIdlanG5aSJev
pRIXs8fUBI9rTtzkdmZ6FAaQ9kXO+dz8uuBkXAABktaU1xnHCU8spaB0Ljm3ygYL
EcE8lmaUlI5lvZZ01zRmRYeuNoqN3mlHPIS4KAN/oYPbLtAS9OePgnNkxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJideuA1Rz0l0LPhaUrSMVURWDmiMB8GA1UdIwQY
MBaAFBhfPDP7ARO0XUWSmkwG8oxxTcpLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0Y4OE1fc0JFN1JkUlpLYVRBYnlqSEZOeWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8xY2ZlYjctZDBhYS00YzFkLWJiOWIt
NzYzYWJhYjk3MTAxLzEvbUoxNjREVkhQU1hRcy1GcFN0SXhWUkZZT2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8xY2ZlYjctZDBhYS00YzFkLWJiOWItNzYzYWJhYjk3MTAx
LzEvR0Y4OE1fc0JFN1JkUlpLYVRBYnlqSEZOeWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4jMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ0FavVxX87sKVuQ83Qm9w02EdG82FUZlEryFR4EM1
NoFy9Ap8ynemHyAxvHyi2t8nK45iFRrb4ZfjyWlKVnyTsl7flBrQCe9x3RAlXKFN
s3tPaIwYayfBN9ipfl7JK8qjR0oDYO8e+2DerQZpuOfFZmN/SjAyiAI0dN4FGb1G
l8d8/daxOySUNjm7meixqTMj3Wo4Xn40RQ/YaPzlS90oieOGka01wsmf638JuG8K
ud/BYdFG3btPsAVTyNnAGNdWnuoS5KRUC1vtM/KTkAEuJgNNEKVcd1N6D1Z4/vAo
LZoULWw6xzonWJM6iO7Xp1Mbg3dRhkUyjxs5991cpxkY
-----END CERTIFICATE-----