Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9ab3a5-1c46-4be0-8937-ad4bd7f23ce4/1/1-twnuPu9MQZkQmavkf-lE7ls3kc.roa
File:                     1-twnuPu9MQZkQmavkf-lE7ls3kc.roa (raw, json)
Hash identifier:          S2R0YZb+my+STNn1fERaxHGaDz9ssudY8TlW0ZgxxwI=
Subject key identifier:   FA:DC:27:B8:FB:BD:31:06:64:42:66:AF:91:FF:A5:13:B9:6C:DE:47
Certificate issuer:       /CN=462231e713f0f834bd09c3f76e12e250e773c290
Certificate serial:       018CC3B729D28195971B3381213BD1411DEB
Authority key identifier: 46:22:31:E7:13:F0:F8:34:BD:09:C3:F7:6E:12:E2:50:E7:73:C2:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RiIx5xPw-DS9CcP3bhLiUOdzwpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9ab3a5-1c46-4be0-8937-ad4bd7f23ce4/1/1-twnuPu9MQZkQmavkf-lE7ls3kc.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42687
IP address blocks:        185.182.168.0/22 maxlen: 22
                          185.182.170.0/23 maxlen: 23
                          185.219.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9ab3a5-1c46-4be0-8937-ad4bd7f23ce4/1/RiIx5xPw-DS9CcP3bhLiUOdzwpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9ab3a5-1c46-4be0-8937-ad4bd7f23ce4/1/RiIx5xPw-DS9CcP3bhLiUOdzwpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RiIx5xPw-DS9CcP3bhLiUOdzwpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:29:d2:81:95:97:1b:33:81:21:3b:d1:41:1d:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=462231e713f0f834bd09c3f76e12e250e773c290
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fadc27b8fbbd3106644266af91ffa513b96cde47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:24:f1:da:08:ad:f1:71:f6:3e:64:01:0b:c6:
                    96:86:e6:cf:46:0a:ff:11:d1:ab:d0:13:ed:b4:db:
                    89:97:3b:31:59:13:ef:fd:82:24:04:ad:8e:0d:dd:
                    55:46:8a:87:eb:7d:99:86:d8:c4:58:fd:8d:b1:66:
                    df:36:39:3c:c9:6a:9e:d5:f3:e5:72:d6:1d:19:ca:
                    34:14:de:3b:ca:00:d1:26:72:35:4f:78:ba:72:4b:
                    e9:b4:e1:8c:20:c3:8d:45:e5:fd:41:61:29:17:49:
                    ca:30:d3:e6:5b:89:98:11:7d:06:1e:73:03:eb:da:
                    b5:0b:ef:9d:a0:48:df:a7:45:19:0c:d4:ff:7e:d0:
                    dc:a2:c2:a8:87:1e:e7:11:91:05:af:ac:c8:16:61:
                    2b:f5:56:61:a9:8d:08:2b:ac:8a:2c:8d:55:32:f0:
                    e4:e4:54:6d:6d:0b:75:ff:ff:80:09:dc:e0:3a:02:
                    fe:8e:3e:60:5b:a2:5d:34:19:37:37:c3:61:5f:59:
                    cc:4e:f4:97:e5:c0:d6:ea:61:f7:58:58:3c:ec:08:
                    78:1c:d8:39:1f:9d:66:70:82:a3:de:f9:f9:1d:00:
                    04:50:2d:3a:53:0d:b5:ae:9c:ff:f1:16:bf:11:3a:
                    d7:af:0f:b0:cb:f2:3c:54:9e:a8:d0:c7:58:4f:d5:
                    14:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DC:27:B8:FB:BD:31:06:64:42:66:AF:91:FF:A5:13:B9:6C:DE:47
            X509v3 Authority Key Identifier:
                keyid:46:22:31:E7:13:F0:F8:34:BD:09:C3:F7:6E:12:E2:50:E7:73:C2:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RiIx5xPw-DS9CcP3bhLiUOdzwpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9ab3a5-1c46-4be0-8937-ad4bd7f23ce4/1/1-twnuPu9MQZkQmavkf-lE7ls3kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9ab3a5-1c46-4be0-8937-ad4bd7f23ce4/1/RiIx5xPw-DS9CcP3bhLiUOdzwpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.168.0/22
                  185.219.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:c7:f0:ec:ff:89:61:78:23:84:24:ab:4f:55:e9:df:00:ee:
         05:db:48:3e:dd:a3:d2:11:47:83:58:81:70:58:a0:71:c0:62:
         ca:2c:4b:2e:4e:4c:54:ba:75:fb:98:51:5b:06:c4:4f:51:e8:
         d0:84:5f:b4:0d:0f:eb:80:7e:dc:f2:14:92:13:45:81:13:1b:
         cb:4d:6a:7c:64:d2:a3:76:e2:28:fa:1e:5d:b1:ad:21:28:3d:
         81:77:02:c4:a7:f0:76:b2:6b:f2:5a:82:39:4b:b6:6e:dc:4b:
         ed:ee:69:3e:41:04:87:14:84:62:0a:db:36:bb:ae:a2:bf:75:
         fd:67:4a:80:e7:e5:d5:6b:4a:a4:12:9b:0a:1d:33:9f:83:83:
         b2:b9:59:e1:ec:cf:74:c6:e9:6f:16:30:ae:73:3c:45:2f:9c:
         f7:bc:df:0c:a7:94:bf:1c:a9:eb:7b:21:82:cc:f9:b5:d0:1e:
         5b:de:b6:cb:6c:d1:b8:17:b2:46:66:5f:2e:5e:a8:a5:95:ad:
         7d:10:e0:e1:a6:29:34:c0:6f:85:ac:85:9a:1f:77:85:7d:eb:
         c6:f6:a5:60:ef:d3:ec:31:a6:51:b7:7b:eb:ee:73:d4:ba:1b:
         5c:b8:27:e6:97:b0:a5:e2:a8:9a:ce:26:cd:2a:d5:b1:25:31:
         e3:99:be:6b
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzDtynSgZWXGzOBITvRQR3rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MjIzMWU3MTNmMGY4MzRiZDA5YzNmNzZlMTJlMjUwZTc3
M2MyOTAwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWRjMjdiOGZiYmQzMTA2NjQ0MjY2YWY5MWZmYTUxM2I5NmNkZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyTx2git8XH2PmQBC8aWhubPRgr/
EdGr0BPttNuJlzsxWRPv/YIkBK2ODd1VRoqH632ZhtjEWP2NsWbfNjk8yWqe1fPl
ctYdGco0FN47ygDRJnI1T3i6ckvptOGMIMONReX9QWEpF0nKMNPmW4mYEX0GHnMD
69q1C++doEjfp0UZDNT/ftDcosKohx7nEZEFr6zIFmEr9VZhqY0IK6yKLI1VMvDk
5FRtbQt1//+ACdzgOgL+jj5gW6JdNBk3N8NhX1nMTvSX5cDW6mH3WFg87Ah4HNg5
H51mcIKj3vn5HQAEUC06Uw21rpz/8Ra/ETrXrw+wy/I8VJ6o0MdYT9UUgQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPrcJ7j7vTEGZEJmr5H/pRO5bN5HMB8GA1UdIwQY
MBaAFEYiMecT8Pg0vQnD924S4lDnc8KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmlJeDV4UHctRFM5Q2NQM2JoTGlVT2R6d3BBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85YWIzYTUtMWM0Ni00YmUwLTg5Mzct
YWQ0YmQ3ZjIzY2U0LzEvMS10d251UHU5TVFaa1FtYXZrZi1sRTdsczNrYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvOWFiM2E1LTFjNDYtNGJlMC04OTM3LWFkNGJkN2YyM2Nl
NC8xL1JpSXg1eFB3LURTOUNjUDNiaExpVU9kendwQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArm2qAME
Abnb8jANBgkqhkiG9w0BAQsFAAOCAQEAPMfw7P+JYXgjhCSrT1Xp3wDuBdtIPt2j
0hFHg1iBcFigccBiyixLLk5MVLp1+5hRWwbET1Ho0IRftA0P64B+3PIUkhNFgRMb
y01qfGTSo3biKPoeXbGtISg9gXcCxKfwdrJr8lqCOUu2btxL7e5pPkEEhxSEYgrb
Nruuor91/WdKgOfl1WtKpBKbCh0zn4ODsrlZ4ezPdMbpbxYwrnM8RS+c97zfDKeU
vxyp63shgsz5tdAeW962y2zRuBeyRmZfLl6opZWtfRDg4aYpNMBvhayFmh93hX3r
xvalYO/T7DGmUbd76+5z1LobXLgn5pewpeKoms4mzSrVsSUx45m+aw==
-----END CERTIFICATE-----