Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/c0DwEvcIyI7cnls3-MXTi8ek6_g.roa
File:                     c0DwEvcIyI7cnls3-MXTi8ek6_g.roa (raw, json)
Hash identifier:          tH0FDLwW9Wyz6nnDh1vntDf8LaKx+ZwWLP6zZ2YS4eE=
Subject key identifier:   73:40:F0:12:F7:08:C8:8E:DC:9E:5B:37:F8:C5:D3:8B:C7:A4:EB:F8
Certificate issuer:       /CN=b169a49700e0c3b8e39a79130c987a5000ccffe2
Certificate serial:       018CC94CF38A4B0DDFFB0B4ED79C1070756C
Authority key identifier: B1:69:A4:97:00:E0:C3:B8:E3:9A:79:13:0C:98:7A:50:00:CC:FF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWmklwDgw7jjmnkTDJh6UADM_-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/c0DwEvcIyI7cnls3-MXTi8ek6_g.roa
Signing time:             Tue 02 Jan 2024 08:31:52 +0000
ROA not before:           Tue 02 Jan 2024 08:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206364
IP address blocks:        185.163.13.0/24 maxlen: 24
                          2a00:1197::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/sWmklwDgw7jjmnkTDJh6UADM_-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/sWmklwDgw7jjmnkTDJh6UADM_-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWmklwDgw7jjmnkTDJh6UADM_-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:f3:8a:4b:0d:df:fb:0b:4e:d7:9c:10:70:75:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b169a49700e0c3b8e39a79130c987a5000ccffe2
        Validity
            Not Before: Jan  2 08:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7340f012f708c88edc9e5b37f8c5d38bc7a4ebf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:97:64:e6:cb:c0:3c:b9:18:bd:3b:f8:5b:ef:
                    f5:82:66:12:e4:89:ff:56:4d:67:0d:0a:25:56:3d:
                    61:7f:1a:41:ea:de:52:67:97:c8:60:57:a8:09:92:
                    03:5e:d7:cf:73:77:e9:d2:fa:fe:48:14:4e:29:60:
                    33:16:e0:ed:78:94:89:68:2d:52:5a:58:b8:36:bf:
                    e0:49:2b:81:03:ee:97:6f:5a:43:13:ab:00:ff:75:
                    14:5c:eb:a0:bb:13:01:9f:6d:e9:d9:fc:5f:d8:be:
                    fd:bb:5b:66:1d:f2:37:81:90:0e:58:bf:6b:97:a7:
                    6b:2c:3f:bd:9b:57:8d:f9:36:3e:55:fe:57:b7:3b:
                    7d:4a:d4:5b:77:bb:b4:8b:89:a8:91:66:b5:3d:99:
                    cd:91:40:39:91:42:6c:d8:29:04:6d:fe:f5:22:49:
                    d7:1c:ad:3b:5c:ca:7e:71:87:ba:7a:f9:a7:1a:a8:
                    bc:2f:b9:4f:a3:ca:b0:47:c1:6d:94:25:80:80:5f:
                    ff:80:a2:17:7e:f4:53:54:38:9f:17:f2:03:7b:67:
                    83:58:d3:b0:77:35:10:75:55:e1:b8:5c:03:39:c4:
                    ce:fc:d5:58:7b:eb:cd:4e:87:6d:a0:2d:67:20:ec:
                    1e:9d:ad:d7:31:82:4e:46:0d:3e:f2:0c:8f:fd:0e:
                    77:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:40:F0:12:F7:08:C8:8E:DC:9E:5B:37:F8:C5:D3:8B:C7:A4:EB:F8
            X509v3 Authority Key Identifier:
                keyid:B1:69:A4:97:00:E0:C3:B8:E3:9A:79:13:0C:98:7A:50:00:CC:FF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWmklwDgw7jjmnkTDJh6UADM_-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/c0DwEvcIyI7cnls3-MXTi8ek6_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/sWmklwDgw7jjmnkTDJh6UADM_-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.13.0/24
                IPv6:
                  2a00:1197::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:2a:13:d4:f4:37:ed:e8:81:fa:48:79:7a:9c:20:90:4c:23:
         26:ed:f7:e3:82:49:b0:ae:c4:06:7d:f2:dd:6b:fb:6e:1b:b3:
         73:bd:82:c0:3f:c7:67:4b:df:cb:cb:ff:b0:28:14:3b:39:df:
         64:f6:2b:64:23:44:5a:dc:86:58:40:e0:fa:25:48:e3:4d:4a:
         7e:87:7f:05:25:17:ea:63:bb:05:be:52:4a:e0:4b:9c:67:e5:
         52:8a:40:c9:9e:31:45:ea:b3:a0:fb:ee:50:b8:ad:9b:92:a7:
         3d:72:2f:fe:7e:bb:48:cc:99:7b:75:88:1d:f4:e9:84:8a:1f:
         56:eb:35:2f:92:36:8c:22:d4:40:47:77:d8:7d:20:6f:69:05:
         6a:d9:4f:8c:e8:49:88:a5:c4:72:dd:c7:c8:69:74:9b:08:db:
         58:c2:aa:fa:ef:74:a8:d9:dd:e7:93:77:45:9c:18:40:9c:18:
         91:80:37:7f:0f:08:19:8c:1a:9f:2f:5a:fb:19:6b:78:5a:d2:
         7e:2b:af:3f:e8:4e:e6:ff:ca:09:4f:e1:97:1b:fd:d7:8e:1b:
         07:ee:c6:d6:72:84:c9:a7:03:76:2c:74:06:c8:dc:7a:b8:8a:
         8c:62:47:84:42:ca:4b:7e:80:36:51:01:93:74:88:bf:7a:29:
         87:86:e4:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTPOKSw3f+wtO15wQcHVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNjlhNDk3MDBlMGMzYjhlMzlhNzkxMzBjOTg3YTUwMDBj
Y2ZmZTIwHhcNMjQwMTAyMDgzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzQwZjAxMmY3MDhjODhlZGM5ZTViMzdmOGM1ZDM4YmM3YTRlYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpdk5svAPLkYvTv4W+/1gmYS5In/
Vk1nDQolVj1hfxpB6t5SZ5fIYFeoCZIDXtfPc3fp0vr+SBROKWAzFuDteJSJaC1S
Wli4Nr/gSSuBA+6Xb1pDE6sA/3UUXOuguxMBn23p2fxf2L79u1tmHfI3gZAOWL9r
l6drLD+9m1eN+TY+Vf5Xtzt9StRbd7u0i4mokWa1PZnNkUA5kUJs2CkEbf71IknX
HK07XMp+cYe6evmnGqi8L7lPo8qwR8FtlCWAgF//gKIXfvRTVDifF/IDe2eDWNOw
dzUQdVXhuFwDOcTO/NVYe+vNTodtoC1nIOwena3XMYJORg0+8gyP/Q53LQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHNA8BL3CMiO3J5bN/jF04vHpOv4MB8GA1UdIwQY
MBaAFLFppJcA4MO445p5EwyYelAAzP/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1dta2x3RGd3N2pqbW5rVERKaDZVQURNXy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zOTA4MWYtNTAwMy00MWVkLWI4MGEt
M2ZhZTAzNGM0ODllLzEvYzBEd0V2Y0l5STdjbmxzMy1NWFRpOGVrNl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zOTA4MWYtNTAwMy00MWVkLWI4MGEtM2ZhZTAzNGM0ODll
LzEvc1dta2x3RGd3N2pqbW5rVERKaDZVQURNXy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaMNMA0E
AgACMAcDBQAqABGXMA0GCSqGSIb3DQEBCwUAA4IBAQCSKhPU9Dft6IH6SHl6nCCQ
TCMm7ffjgkmwrsQGffLda/tuG7NzvYLAP8dnS9/Ly/+wKBQ7Od9k9itkI0Ra3IZY
QOD6JUjjTUp+h38FJRfqY7sFvlJK4EucZ+VSikDJnjFF6rOg++5QuK2bkqc9ci/+
frtIzJl7dYgd9OmEih9W6zUvkjaMItRAR3fYfSBvaQVq2U+M6EmIpcRy3cfIaXSb
CNtYwqr673So2d3nk3dFnBhAnBiRgDd/DwgZjBqfL1r7GWt4WtJ+K68/6E7m/8oJ
T+GXG/3XjhsH7sbWcoTJpwN2LHQGyNx6uIqMYkeEQspLfoA2UQGTdIi/eimHhuS0
-----END CERTIFICATE-----