Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/CdOIBSbQoTE2Y9M3Uogt4JcK7GQ.roa
File:                     CdOIBSbQoTE2Y9M3Uogt4JcK7GQ.roa (raw, json)
Hash identifier:          h6m0BeDJ+kfP34KLV55ivRlth2Bmm/BgfiF1lYp/W0s=
Subject key identifier:   09:D3:88:05:26:D0:A1:31:36:63:D3:37:52:88:2D:E0:97:0A:EC:64
Certificate issuer:       /CN=b11a1f9770bab077515b7712cb8d49550b3138a1
Certificate serial:       018CC56E13C124467436E776B3A009EE9A80
Authority key identifier: B1:1A:1F:97:70:BA:B0:77:51:5B:77:12:CB:8D:49:55:0B:31:38:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRofl3C6sHdRW3cSy41JVQsxOKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/CdOIBSbQoTE2Y9M3Uogt4JcK7GQ.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199725
IP address blocks:        185.48.216.0/22 maxlen: 24
                          2a04:b580::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/sRofl3C6sHdRW3cSy41JVQsxOKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/sRofl3C6sHdRW3cSy41JVQsxOKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRofl3C6sHdRW3cSy41JVQsxOKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:c1:24:46:74:36:e7:76:b3:a0:09:ee:9a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b11a1f9770bab077515b7712cb8d49550b3138a1
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09d3880526d0a1313663d33752882de0970aec64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fa:ba:3f:04:f2:9d:21:b1:c7:fb:6d:7e:3a:
                    87:e0:b6:fc:e9:41:51:12:a5:ac:2a:d8:c2:a5:e4:
                    f8:9d:60:89:f8:23:3c:17:d3:c7:b5:66:11:8d:f5:
                    0c:19:0f:56:05:0e:3a:ab:93:59:ff:04:06:2b:ac:
                    2c:f7:8b:25:0c:05:0b:39:3a:58:fd:7d:8d:fc:14:
                    17:e3:2d:7a:d0:63:a8:f6:d3:f1:95:e9:15:45:fa:
                    ad:2e:85:4d:bc:31:66:83:b7:e4:de:1e:b0:8f:57:
                    53:9d:a8:0f:b9:66:d5:55:c9:0e:fa:6b:bb:bd:5c:
                    35:03:d7:cb:56:2e:42:4d:5c:48:ac:9e:07:73:70:
                    70:5f:ab:e2:ff:71:3c:3e:eb:ef:a1:f0:2f:5b:0f:
                    2d:8f:65:58:fa:13:70:47:21:11:f9:5d:4b:bd:e6:
                    b1:d5:e2:45:a9:f3:88:a5:27:00:32:12:0e:5f:a6:
                    8c:26:1e:94:d5:6d:4f:aa:78:2b:8d:63:1f:09:6f:
                    d4:b7:ce:99:19:e7:a7:a8:3a:19:47:f8:4e:7b:a9:
                    95:a2:a0:f4:ab:24:54:fd:5b:88:38:0d:eb:22:c1:
                    e5:05:92:3e:31:e9:a9:89:6c:26:88:9b:92:a6:eb:
                    ae:33:f9:63:c8:d9:3b:ec:77:fb:ee:b9:d3:2a:a6:
                    15:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D3:88:05:26:D0:A1:31:36:63:D3:37:52:88:2D:E0:97:0A:EC:64
            X509v3 Authority Key Identifier:
                keyid:B1:1A:1F:97:70:BA:B0:77:51:5B:77:12:CB:8D:49:55:0B:31:38:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRofl3C6sHdRW3cSy41JVQsxOKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/CdOIBSbQoTE2Y9M3Uogt4JcK7GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8d6c33-b2c1-48da-a609-8217a929fd8d/1/sRofl3C6sHdRW3cSy41JVQsxOKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.216.0/22
                IPv6:
                  2a04:b580::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:17:d8:cd:84:d5:8a:11:73:bf:6c:11:28:19:fe:b6:98:3f:
         a1:79:9c:dd:e2:d3:6b:17:10:34:f8:a0:83:d9:5d:e1:b6:22:
         bb:8d:39:2d:bb:d3:50:4f:cf:4e:5b:74:a1:77:88:8e:a9:73:
         54:d9:e4:8a:9c:af:54:7a:80:ac:b3:5f:de:e7:90:af:70:cf:
         90:73:ad:df:da:44:fd:e0:e4:43:ef:14:58:2d:e4:40:84:21:
         ed:e3:33:0e:5a:21:38:21:b2:65:17:f3:4c:0a:3f:05:70:14:
         81:52:e0:aa:53:74:e3:32:76:55:3a:73:17:7b:d2:7e:eb:b9:
         66:08:09:9d:2c:a2:24:a8:1e:9d:42:fa:1b:df:e4:7b:f0:f2:
         9d:a6:d7:49:50:18:ba:b3:99:3c:d9:a3:e3:f2:75:76:1b:52:
         53:05:a9:7b:4d:07:0b:a2:e9:5a:d0:cf:59:6f:17:dc:bb:88:
         a3:70:10:22:29:5a:d8:04:f7:4d:24:a6:d6:e1:8d:f2:cd:27:
         e8:35:eb:bd:b4:16:bf:23:3b:3a:02:b2:4a:d4:82:df:10:2c:
         22:5b:bb:5a:a4:db:08:cc:dc:07:c8:dc:0f:9d:44:6d:12:36:
         3e:ca:08:8c:e0:de:1c:dc:ff:67:85:13:37:e3:87:a7:99:6b:
         04:1e:e1:ca
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbhPBJEZ0Nud2s6AJ7pqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMWExZjk3NzBiYWIwNzc1MTViNzcxMmNiOGQ0OTU1MGIz
MTM4YTEwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQzODgwNTI2ZDBhMTMxMzY2M2QzMzc1Mjg4MmRlMDk3MGFlYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPq6PwTynSGxx/ttfjqH4Lb86UFR
EqWsKtjCpeT4nWCJ+CM8F9PHtWYRjfUMGQ9WBQ46q5NZ/wQGK6ws94slDAULOTpY
/X2N/BQX4y160GOo9tPxlekVRfqtLoVNvDFmg7fk3h6wj1dTnagPuWbVVckO+mu7
vVw1A9fLVi5CTVxIrJ4Hc3BwX6vi/3E8PuvvofAvWw8tj2VY+hNwRyER+V1Lveax
1eJFqfOIpScAMhIOX6aMJh6U1W1PqngrjWMfCW/Ut86ZGeenqDoZR/hOe6mVoqD0
qyRU/VuIOA3rIsHlBZI+MempiWwmiJuSpuuuM/ljyNk77Hf77rnTKqYVIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAnTiAUm0KExNmPTN1KILeCXCuxkMB8GA1UdIwQY
MBaAFLEaH5dwurB3UVt3EsuNSVULMTihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JvZmwzQzZzSGRSVzNjU3k0MUpWUXN4T0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS84ZDZjMzMtYjJjMS00OGRhLWE2MDkt
ODIxN2E5MjlmZDhkLzEvQ2RPSUJTYlFvVEUyWTlNM1VvZ3Q0SmNLN0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS84ZDZjMzMtYjJjMS00OGRhLWE2MDktODIxN2E5MjlmZDhk
LzEvc1JvZmwzQzZzSGRSVzNjU3k0MUpWUXN4T0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTDYMA0E
AgACMAcDBQMqBLWAMA0GCSqGSIb3DQEBCwUAA4IBAQBjF9jNhNWKEXO/bBEoGf62
mD+heZzd4tNrFxA0+KCD2V3htiK7jTktu9NQT89OW3Shd4iOqXNU2eSKnK9UeoCs
s1/e55CvcM+Qc63f2kT94ORD7xRYLeRAhCHt4zMOWiE4IbJlF/NMCj8FcBSBUuCq
U3TjMnZVOnMXe9J+67lmCAmdLKIkqB6dQvob3+R78PKdptdJUBi6s5k82aPj8nV2
G1JTBal7TQcLoula0M9Zbxfcu4ijcBAiKVrYBPdNJKbW4Y3yzSfoNeu9tBa/Izs6
ArJK1ILfECwiW7tapNsIzNwHyNwPnURtEjY+ygiM4N4c3P9nhRM344enmWsEHuHK
-----END CERTIFICATE-----