Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/0a7bbf-bf20-4114-972c-3e6956ed2c6a/1/1wSat9pGHQy7ydyiNfXByzfu7as.roa
File:                     1wSat9pGHQy7ydyiNfXByzfu7as.roa (raw, json)
Hash identifier:          Wo3KEaJaBpNMuqocNOu+DJF/Ef2apezcGDTX2WI3oMc=
Subject key identifier:   D7:04:9A:B7:DA:46:1D:0C:BB:C9:DC:A2:35:F5:C1:CB:37:EE:ED:AB
Certificate issuer:       /CN=b0c99b951c6a6f6adcc868d885a940adf0051a19
Certificate serial:       018CC56E3B9D39F02F4D4B31508F9C0C8ED1
Authority key identifier: B0:C9:9B:95:1C:6A:6F:6A:DC:C8:68:D8:85:A9:40:AD:F0:05:1A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMmblRxqb2rcyGjYhalArfAFGhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/0a7bbf-bf20-4114-972c-3e6956ed2c6a/1/1wSat9pGHQy7ydyiNfXByzfu7as.roa
Signing time:             Mon 01 Jan 2024 14:29:44 +0000
ROA not before:           Mon 01 Jan 2024 14:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205565
IP address blocks:        185.213.244.0/22 maxlen: 22
                          2a0b:90c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/0a7bbf-bf20-4114-972c-3e6956ed2c6a/1/sMmblRxqb2rcyGjYhalArfAFGhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/0a7bbf-bf20-4114-972c-3e6956ed2c6a/1/sMmblRxqb2rcyGjYhalArfAFGhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMmblRxqb2rcyGjYhalArfAFGhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3b:9d:39:f0:2f:4d:4b:31:50:8f:9c:0c:8e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c99b951c6a6f6adcc868d885a940adf0051a19
        Validity
            Not Before: Jan  1 14:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7049ab7da461d0cbbc9dca235f5c1cb37eeedab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c0:bb:e4:0a:d5:98:d6:39:12:3b:d4:07:4c:
                    8f:31:ed:e3:d2:91:19:dc:0e:1c:b0:2f:f7:b7:cc:
                    f6:06:d3:ba:bc:6f:c1:11:a6:9c:64:e9:f8:47:ee:
                    93:dd:53:6c:c0:ec:b7:12:b8:9d:63:67:f2:a6:c3:
                    93:34:57:78:79:0d:12:2a:74:a2:d4:4f:07:f0:41:
                    67:10:41:fc:7f:35:d0:36:95:cc:2a:70:67:dc:b4:
                    be:b2:21:11:56:f3:ab:39:12:03:01:b0:cd:0c:5b:
                    d3:f1:08:25:e9:b2:6a:9e:f8:f8:81:4e:94:85:47:
                    36:72:78:56:fc:9b:4b:47:83:65:31:0d:c6:9b:70:
                    2a:09:eb:cf:41:9f:a5:bd:b8:8d:84:ed:3b:6f:6b:
                    dd:82:38:da:09:6c:44:d8:53:80:9a:51:ff:4b:e4:
                    89:a5:97:5c:27:a5:60:86:58:ab:a3:0c:77:67:8e:
                    f0:7a:25:f5:76:e6:7d:46:36:72:36:cc:3b:8b:bf:
                    48:ff:91:75:9f:38:b6:3b:88:06:fc:29:2f:8f:5e:
                    ef:14:41:f3:79:61:2c:bd:4a:41:31:3e:b6:7a:d3:
                    05:05:e7:22:82:27:da:90:4c:f8:c7:6b:8f:89:fe:
                    74:ec:63:92:ff:77:b4:ec:be:7c:a7:29:a0:ac:9e:
                    82:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:04:9A:B7:DA:46:1D:0C:BB:C9:DC:A2:35:F5:C1:CB:37:EE:ED:AB
            X509v3 Authority Key Identifier:
                keyid:B0:C9:9B:95:1C:6A:6F:6A:DC:C8:68:D8:85:A9:40:AD:F0:05:1A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMmblRxqb2rcyGjYhalArfAFGhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/0a7bbf-bf20-4114-972c-3e6956ed2c6a/1/1wSat9pGHQy7ydyiNfXByzfu7as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/0a7bbf-bf20-4114-972c-3e6956ed2c6a/1/sMmblRxqb2rcyGjYhalArfAFGhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.244.0/22
                IPv6:
                  2a0b:90c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:1b:e0:2d:8c:9b:b4:23:1c:5a:dd:af:ed:4e:e2:50:2f:1b:
         e8:97:08:58:17:fd:0f:70:b9:88:eb:93:30:3f:24:ce:59:87:
         a6:c3:33:86:0d:3f:d4:45:8c:d3:f6:d4:b7:c1:e4:4d:0b:73:
         44:6e:0c:14:fb:d2:92:ad:0a:b3:69:e0:0c:90:81:aa:5a:10:
         84:ba:00:1c:a1:1f:19:e8:e2:f8:e4:85:a2:e8:37:f1:a5:20:
         09:73:90:3d:ee:c8:18:48:00:12:3e:fd:04:3f:7e:ce:00:21:
         21:94:75:e6:e9:30:79:58:d2:82:b3:8a:ba:4c:fe:9b:cc:53:
         05:fe:ba:80:aa:a8:1f:5c:85:25:d6:3b:59:bf:94:75:fa:2e:
         46:6c:a8:92:09:e0:35:62:3b:89:63:45:58:9b:47:59:18:f3:
         40:53:48:f8:2f:99:a1:39:2a:44:d9:77:78:ea:db:60:6a:29:
         ef:d0:f7:e0:f1:88:24:de:1d:39:9c:7e:80:ee:34:c0:15:af:
         26:7b:92:32:05:13:12:0f:0e:b7:36:1b:62:07:45:01:b4:9b:
         62:91:bb:20:7b:d7:83:36:d4:0d:40:b5:02:11:dd:3b:8a:12:
         5d:d9:b1:73:21:fe:e0:67:49:c4:cb:bf:45:a7:e1:ff:08:35:
         e4:b8:8d:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbjudOfAvTUsxUI+cDI7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzk5Yjk1MWM2YTZmNmFkY2M4NjhkODg1YTk0MGFkZjAw
NTFhMTkwHhcNMjQwMTAxMTQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzA0OWFiN2RhNDYxZDBjYmJjOWRjYTIzNWY1YzFjYjM3ZWVlZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MC75ArVmNY5EjvUB0yPMe3j0pEZ
3A4csC/3t8z2BtO6vG/BEaacZOn4R+6T3VNswOy3EridY2fypsOTNFd4eQ0SKnSi
1E8H8EFnEEH8fzXQNpXMKnBn3LS+siERVvOrORIDAbDNDFvT8Qgl6bJqnvj4gU6U
hUc2cnhW/JtLR4NlMQ3Gm3AqCevPQZ+lvbiNhO07b2vdgjjaCWxE2FOAmlH/S+SJ
pZdcJ6Vghlirowx3Z47weiX1duZ9RjZyNsw7i79I/5F1nzi2O4gG/Ckvj17vFEHz
eWEsvUpBMT62etMFBecigifakEz4x2uPif507GOS/3e07L58pymgrJ6C/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNcEmrfaRh0Mu8ncojX1wcs37u2rMB8GA1UdIwQY
MBaAFLDJm5Ucam9q3Mho2IWpQK3wBRoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01tYmxSeHFiMnJjeUdqWWhhbEFyZkFGR2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8wYTdiYmYtYmYyMC00MTE0LTk3MmMt
M2U2OTU2ZWQyYzZhLzEvMXdTYXQ5cEdIUXk3eWR5aU5mWEJ5emZ1N2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8wYTdiYmYtYmYyMC00MTE0LTk3MmMtM2U2OTU2ZWQyYzZh
LzEvc01tYmxSeHFiMnJjeUdqWWhhbEFyZkFGR2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudX0MA0E
AgACMAcDBQMqC5DAMA0GCSqGSIb3DQEBCwUAA4IBAQBYG+AtjJu0Ixxa3a/tTuJQ
LxvolwhYF/0PcLmI65MwPyTOWYemwzOGDT/URYzT9tS3weRNC3NEbgwU+9KSrQqz
aeAMkIGqWhCEugAcoR8Z6OL45IWi6DfxpSAJc5A97sgYSAASPv0EP37OACEhlHXm
6TB5WNKCs4q6TP6bzFMF/rqAqqgfXIUl1jtZv5R1+i5GbKiSCeA1YjuJY0VYm0dZ
GPNAU0j4L5mhOSpE2Xd46ttgainv0Pfg8Ygk3h05nH6A7jTAFa8me5IyBRMSDw63
NhtiB0UBtJtikbsge9eDNtQNQLUCEd07ihJd2bFzIf7gZ0nEy79Fp+H/CDXkuI2Q
-----END CERTIFICATE-----