Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/iCigCtrIzTQdO6ZkbVl5jCsUUtY.roa
File:                     iCigCtrIzTQdO6ZkbVl5jCsUUtY.roa (raw, json)
Hash identifier:          /QwkX2RbCB3Ly8QAr4YAQqc+tztDH8ED7uTKEkQGnII=
Subject key identifier:   88:28:A0:0A:DA:C8:CD:34:1D:3B:A6:64:6D:59:79:8C:2B:14:52:D6
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       018CC2DAEDBDBFE8AD6EEFC771DB75BB16DD
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/iCigCtrIzTQdO6ZkbVl5jCsUUtY.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.227.218.0/24 maxlen: 24
                          185.227.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ed:bd:bf:e8:ad:6e:ef:c7:71:db:75:bb:16:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8828a00adac8cd341d3ba6646d59798c2b1452d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:70:88:9a:57:18:42:d3:44:64:30:a2:71:c9:
                    51:c3:48:34:4d:9d:1c:27:cd:96:89:d1:5b:da:86:
                    a8:19:6f:10:87:f0:b0:dc:50:21:86:05:94:63:1e:
                    ca:2b:ca:38:b3:35:3c:ca:1c:c8:63:31:c3:e9:dd:
                    ed:83:c6:ab:12:ac:30:1f:f8:d8:f9:d7:68:37:76:
                    7b:e6:a6:00:90:ef:32:19:f6:04:62:d5:cf:3b:73:
                    70:e0:80:35:ec:05:7f:87:64:d5:1e:57:f2:f1:a8:
                    d6:7a:76:2e:76:0d:66:dc:a0:68:e5:18:79:4e:ea:
                    db:b8:02:44:ac:07:f4:93:33:7b:05:b5:cf:3a:98:
                    62:8c:df:e5:66:27:62:b5:f6:00:91:25:9b:2f:5b:
                    96:8f:f4:41:06:60:db:d2:cc:3d:f9:ed:da:e3:c3:
                    29:09:e8:57:f8:5c:4a:1f:0f:dd:a6:5a:f1:00:38:
                    35:de:6a:e2:27:e3:2b:03:a8:10:e9:02:13:5b:a8:
                    c2:7b:87:fb:78:6c:95:66:b6:f9:8d:b5:3d:96:99:
                    7a:78:8a:20:6f:e6:22:7b:74:df:96:c9:36:50:c9:
                    55:af:78:7b:89:a1:b8:dd:65:b7:67:e7:6f:49:28:
                    4a:f1:64:b4:8d:26:65:5a:63:82:e3:cb:69:bb:71:
                    29:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:28:A0:0A:DA:C8:CD:34:1D:3B:A6:64:6D:59:79:8C:2B:14:52:D6
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/iCigCtrIzTQdO6ZkbVl5jCsUUtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.216.0/24
                  185.227.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:89:cf:31:22:8f:e5:91:27:10:4b:bf:2b:f3:b0:ca:56:d8:
         24:4a:64:33:ec:a0:50:5d:69:89:fc:31:a7:d1:2f:f6:f9:ab:
         02:5a:e4:81:ba:e8:91:37:76:f8:62:ba:06:6e:95:c0:a0:12:
         72:48:75:ce:79:d0:55:9c:b7:60:61:14:03:9f:f7:7e:52:b6:
         41:59:ca:a1:0d:eb:4c:5d:d6:5e:65:7b:f4:e3:0b:75:a8:87:
         67:18:98:85:07:ca:25:00:5d:66:78:2c:bd:d5:c7:57:d3:44:
         e4:fb:e9:20:98:e1:59:42:8b:d9:12:a8:49:c5:b5:cf:c3:78:
         17:d2:ed:50:92:0b:aa:3c:ee:b4:fc:52:62:0b:4e:fd:05:02:
         23:1c:da:fb:d2:d1:fe:ad:c6:31:33:ca:be:25:01:87:bc:fb:
         52:b4:45:2c:be:0b:ff:e9:d7:41:de:b8:73:43:6b:69:23:34:
         b4:9f:b5:53:77:cc:e3:2a:a7:05:72:c8:4a:23:34:11:04:2c:
         9c:aa:82:0d:3c:a5:dc:fd:1a:e8:96:84:26:a0:1d:fd:f5:98:
         a4:b8:6f:8b:3e:07:73:59:9b:4b:b8:21:ea:84:09:3c:71:02:
         af:f9:b5:ba:60:3f:91:a1:24:26:8e:6a:2e:de:29:0c:91:a1:
         d9:3c:88:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2u29v+itbu/Hcdt1uxbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI4YTAwYWRhYzhjZDM0MWQzYmE2NjQ2ZDU5Nzk4YzJiMTQ1MmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXCImlcYQtNEZDCicclRw0g0TZ0c
J82WidFb2oaoGW8Qh/Cw3FAhhgWUYx7KK8o4szU8yhzIYzHD6d3tg8arEqwwH/jY
+ddoN3Z75qYAkO8yGfYEYtXPO3Nw4IA17AV/h2TVHlfy8ajWenYudg1m3KBo5Rh5
TurbuAJErAf0kzN7BbXPOphijN/lZiditfYAkSWbL1uWj/RBBmDb0sw9+e3a48Mp
CehX+FxKHw/dplrxADg13mriJ+MrA6gQ6QITW6jCe4f7eGyVZrb5jbU9lpl6eIog
b+Yie3Tflsk2UMlVr3h7iaG43WW3Z+dvSShK8WS0jSZlWmOC48tpu3Ep+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIgooArayM00HTumZG1ZeYwrFFLWMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvaUNpZ0N0ckl6VFFkTzZaa2JWbDVqQ3NVVXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuePYAwQA
uePaMA0GCSqGSIb3DQEBCwUAA4IBAQA/ic8xIo/lkScQS78r87DKVtgkSmQz7KBQ
XWmJ/DGn0S/2+asCWuSBuuiRN3b4YroGbpXAoBJySHXOedBVnLdgYRQDn/d+UrZB
WcqhDetMXdZeZXv04wt1qIdnGJiFB8olAF1meCy91cdX00Tk++kgmOFZQovZEqhJ
xbXPw3gX0u1QkguqPO60/FJiC079BQIjHNr70tH+rcYxM8q+JQGHvPtStEUsvgv/
6ddB3rhzQ2tpIzS0n7VTd8zjKqcFcshKIzQRBCycqoINPKXc/RroloQmoB399Zik
uG+LPgdzWZtLuCHqhAk8cQKv+bW6YD+RoSQmjmou3ikMkaHZPIgO
-----END CERTIFICATE-----