Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/unMdowYe-ELYAk54PRUxRUAk8O0.roa
File:                     unMdowYe-ELYAk54PRUxRUAk8O0.roa (raw, json)
Hash identifier:          I1YBP4SZUWzz3c6HIIPAjCcUncY3g22+nQC74XMcPlc=
Subject key identifier:   BA:73:1D:A3:06:1E:F8:42:D8:02:4E:78:3D:15:31:45:40:24:F0:ED
Certificate issuer:       /CN=7400d5013c12852242343093cbf5148d4eaeaaf9
Certificate serial:       018D1D02FDAC55E393E81E3C34C7B17496A1
Authority key identifier: 74:00:D5:01:3C:12:85:22:42:34:30:93:CB:F5:14:8D:4E:AE:AA:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/unMdowYe-ELYAk54PRUxRUAk8O0.roa
Signing time:             Thu 18 Jan 2024 14:39:11 +0000
ROA not before:           Thu 18 Jan 2024 14:39:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212440
IP address blocks:        185.112.180.0/22 maxlen: 24
                          2a0e:6f00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1d:02:fd:ac:55:e3:93:e8:1e:3c:34:c7:b1:74:96:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7400d5013c12852242343093cbf5148d4eaeaaf9
        Validity
            Not Before: Jan 18 14:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba731da3061ef842d8024e783d1531454024f0ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e8:4e:eb:1b:eb:04:f7:65:9f:77:52:cf:5f:
                    86:97:7c:91:17:79:3a:1f:2a:2e:89:f6:51:0e:10:
                    d7:65:50:42:7d:6c:88:b4:7a:3d:af:51:d8:6f:6f:
                    8e:11:d7:c7:a7:b8:67:c4:9b:56:25:28:e8:bf:67:
                    d2:d7:77:84:2c:15:e7:73:ee:97:cb:e3:44:cc:d0:
                    cb:89:b9:d8:5f:a0:d7:85:8c:7e:7d:4a:bb:b8:fb:
                    8f:fe:5b:83:9b:0f:33:aa:ae:de:52:a6:c2:c5:a3:
                    7d:4d:79:be:24:2f:32:f2:aa:63:89:23:a0:74:5e:
                    97:f0:87:75:f6:1e:de:6a:bd:85:ab:37:de:3f:a0:
                    72:16:b1:b0:38:1b:d6:3e:ef:95:69:01:27:bb:7b:
                    11:b3:61:ec:e8:a4:93:de:2d:44:75:ca:31:0a:9a:
                    98:22:4d:3b:f4:ab:0f:63:5b:29:7d:0a:c5:84:c3:
                    c2:22:1c:4b:b1:f8:f4:9a:13:b4:22:dd:3d:af:2f:
                    a8:37:82:ce:6e:c2:43:e6:78:be:3e:d1:52:e4:17:
                    ff:1d:86:c6:d2:8f:92:89:44:1e:c4:40:d5:a9:3a:
                    79:ac:09:88:65:85:30:46:d4:d9:af:47:79:2f:7b:
                    54:27:f2:c3:71:9d:c1:fb:1f:6f:1f:05:23:d0:85:
                    28:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:73:1D:A3:06:1E:F8:42:D8:02:4E:78:3D:15:31:45:40:24:F0:ED
            X509v3 Authority Key Identifier:
                keyid:74:00:D5:01:3C:12:85:22:42:34:30:93:CB:F5:14:8D:4E:AE:AA:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/unMdowYe-ELYAk54PRUxRUAk8O0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.180.0/22
                IPv6:
                  2a0e:6f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:b7:c0:fa:95:73:5c:10:c6:96:33:63:16:cd:3d:ad:99:4e:
         3e:51:db:fa:96:88:4f:61:f8:c7:ae:7f:ba:1d:b0:79:ac:04:
         f2:3a:ae:4b:06:eb:f3:ad:a3:70:25:2b:7a:f7:69:2b:89:38:
         57:2f:8f:4f:d3:78:a0:7f:fe:b0:63:46:1f:04:f5:79:d9:66:
         21:9a:c0:94:76:0f:94:a8:bd:cd:99:7e:09:66:57:d1:25:0e:
         4e:e7:77:36:bf:f0:33:b9:1c:fd:f0:ee:e4:24:9a:d4:69:4a:
         87:52:b8:c7:55:cc:1b:4c:b1:79:b5:ab:ce:a5:48:8a:e6:89:
         52:62:a5:0b:63:55:e8:3e:a2:13:a2:25:5d:a2:fb:cd:c6:39:
         73:f5:3f:aa:d9:6c:88:bc:ca:83:fc:cd:30:7f:5c:d5:29:f8:
         ec:cc:53:6f:b7:54:9c:d7:83:35:33:97:f0:4c:cf:c9:53:1c:
         c9:29:68:9c:49:f7:ea:ef:4f:3a:93:cc:53:15:76:99:67:10:
         e1:4b:70:a4:8c:5f:7e:c6:ee:ff:d2:0c:69:bf:f7:8e:a5:73:
         33:bb:fd:7d:ef:54:bf:b1:d0:b8:ca:86:c5:6d:f9:5b:92:2a:
         30:04:c0:8a:b7:ad:95:f2:53:3c:4d:2f:2a:a0:05:10:06:c5:
         4c:65:bd:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0dAv2sVeOT6B48NMexdJahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MDBkNTAxM2MxMjg1MjI0MjM0MzA5M2NiZjUxNDhkNGVh
ZWFhZjkwHhcNMjQwMTE4MTQzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTczMWRhMzA2MWVmODQyZDgwMjRlNzgzZDE1MzE0NTQwMjRmMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlehO6xvrBPdln3dSz1+Gl3yRF3k6
HyouifZRDhDXZVBCfWyItHo9r1HYb2+OEdfHp7hnxJtWJSjov2fS13eELBXnc+6X
y+NEzNDLibnYX6DXhYx+fUq7uPuP/luDmw8zqq7eUqbCxaN9TXm+JC8y8qpjiSOg
dF6X8Id19h7ear2FqzfeP6ByFrGwOBvWPu+VaQEnu3sRs2Hs6KST3i1EdcoxCpqY
Ik079KsPY1spfQrFhMPCIhxLsfj0mhO0It09ry+oN4LObsJD5ni+PtFS5Bf/HYbG
0o+SiUQexEDVqTp5rAmIZYUwRtTZr0d5L3tUJ/LDcZ3B+x9vHwUj0IUorwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLpzHaMGHvhC2AJOeD0VMUVAJPDtMB8GA1UdIwQY
MBaAFHQA1QE8EoUiQjQwk8v1FI1Orqr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEFEVkFUd1NoU0pDTkRDVHlfVVVqVTZ1cXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85NWQ3MWQtZjQxYi00MTcxLTgzNTAt
ZTA4OTJhMjhhYWM5LzEvdW5NZG93WWUtRUxZQWs1NFBSVXhSVUFrOE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS85NWQ3MWQtZjQxYi00MTcxLTgzNTAtZTA4OTJhMjhhYWM5
LzEvZEFEVkFUd1NoU0pDTkRDVHlfVVVqVTZ1cXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXC0MA0E
AgACMAcDBQMqDm8AMA0GCSqGSIb3DQEBCwUAA4IBAQCRt8D6lXNcEMaWM2MWzT2t
mU4+Udv6lohPYfjHrn+6HbB5rATyOq5LBuvzraNwJSt692kriThXL49P03igf/6w
Y0YfBPV52WYhmsCUdg+UqL3NmX4JZlfRJQ5O53c2v/AzuRz98O7kJJrUaUqHUrjH
VcwbTLF5tavOpUiK5olSYqULY1XoPqIToiVdovvNxjlz9T+q2WyIvMqD/M0wf1zV
KfjszFNvt1Sc14M1M5fwTM/JUxzJKWicSffq7086k8xTFXaZZxDhS3CkjF9+xu7/
0gxpv/eOpXMzu/1971S/sdC4yobFbflbkiowBMCKt62V8lM8TS8qoAUQBsVMZb04
-----END CERTIFICATE-----