Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/X1m9vAvIN0DOpD9BTzhuqz4g_LM.roa
File:                     X1m9vAvIN0DOpD9BTzhuqz4g_LM.roa (raw, json)
Hash identifier:          MlwmePJhB+oQac3JMcEjRqnJlKLeZ8rgzrP80u1h0lw=
Subject key identifier:   5F:59:BD:BC:0B:C8:37:40:CE:A4:3F:41:4F:38:6E:AB:3E:20:FC:B3
Certificate issuer:       /CN=ad2d38e20f24d0e30b86ccd8261ac0017f17a5a4
Certificate serial:       018CC94E29810CBDB4ACD8B6E48884943518
Authority key identifier: AD:2D:38:E2:0F:24:D0:E3:0B:86:CC:D8:26:1A:C0:01:7F:17:A5:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/X1m9vAvIN0DOpD9BTzhuqz4g_LM.roa
Signing time:             Tue 02 Jan 2024 08:33:11 +0000
ROA not before:           Tue 02 Jan 2024 08:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211769
IP address blocks:        185.142.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:29:81:0c:bd:b4:ac:d8:b6:e4:88:84:94:35:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad2d38e20f24d0e30b86ccd8261ac0017f17a5a4
        Validity
            Not Before: Jan  2 08:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f59bdbc0bc83740cea43f414f386eab3e20fcb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:08:b7:58:96:22:b2:96:a8:50:64:b9:36:6d:
                    76:42:dd:fe:f4:c2:8d:35:56:a1:09:87:bb:a5:63:
                    0f:05:5d:ef:d6:86:90:f2:ef:be:41:8e:2a:74:14:
                    b7:d9:44:d3:af:fa:bd:1e:ab:76:2c:5b:e0:5c:a3:
                    7d:03:37:2c:51:91:52:d6:b7:38:c4:be:ae:1b:ce:
                    30:04:25:0a:c9:35:23:2b:be:6e:14:3e:12:a7:21:
                    18:93:67:7a:aa:06:1f:1f:f7:a1:a2:d0:7b:b2:20:
                    2d:20:a5:47:19:24:1f:b0:fd:ae:d9:7d:5f:86:ae:
                    7d:7e:94:d2:26:ea:c8:7b:57:27:55:da:67:02:8b:
                    98:ab:fe:53:be:72:ea:35:92:12:f8:43:28:8c:23:
                    2c:53:b8:34:e0:bb:14:d3:ec:27:e2:23:e8:33:22:
                    93:c7:ff:13:66:03:70:9f:6c:db:a3:9c:35:0d:03:
                    46:3b:1e:f2:67:5f:e7:d2:d2:f4:23:7d:34:89:4e:
                    87:e2:c4:22:f3:52:24:e2:5a:40:8c:16:5e:3d:e3:
                    48:9b:5a:5c:19:01:8c:fa:a9:70:f2:cf:25:3d:88:
                    3a:0a:8d:de:6f:8b:8d:14:f8:3c:65:e7:ba:87:40:
                    a4:da:1b:db:33:de:2c:d7:f5:d1:2a:2b:be:58:91:
                    db:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:59:BD:BC:0B:C8:37:40:CE:A4:3F:41:4F:38:6E:AB:3E:20:FC:B3
            X509v3 Authority Key Identifier:
                keyid:AD:2D:38:E2:0F:24:D0:E3:0B:86:CC:D8:26:1A:C0:01:7F:17:A5:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/X1m9vAvIN0DOpD9BTzhuqz4g_LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:d1:2a:68:ab:d9:fb:97:39:40:93:b2:c1:ed:cd:cd:8c:22:
         90:41:20:47:24:85:38:c7:2c:0b:8b:60:88:29:49:b7:02:d5:
         94:51:3f:2c:26:71:a6:67:8d:d6:a1:fa:30:52:b2:bb:fe:38:
         24:05:9b:e4:d5:14:af:e8:58:8e:df:a9:f4:a3:6d:ac:17:00:
         ff:9d:3e:e2:d0:cd:73:1c:13:d4:de:21:7b:34:75:7c:8f:f6:
         ae:b7:a7:fb:ee:98:59:d9:03:18:7e:3e:35:27:4d:b9:32:a0:
         50:fe:02:49:b9:89:a9:47:fd:67:7e:da:c6:a3:99:0a:dd:e7:
         a8:33:ae:65:b8:7d:e6:e9:72:de:10:8e:3c:b1:da:70:f9:d7:
         e9:ed:ca:1c:68:42:f7:97:40:bd:dc:1a:fc:5a:b0:fa:0d:f4:
         3a:40:0d:be:7a:51:23:77:a2:7a:e0:5f:92:20:27:ee:c4:3a:
         ce:6b:d6:d6:70:42:ff:b2:c3:ec:6f:31:7a:39:90:42:77:0b:
         b2:32:0a:c0:a1:21:99:8a:fb:52:30:13:5b:d4:27:fa:1b:1e:
         28:e3:62:0e:eb:75:23:39:71:80:ca:3b:57:f4:1e:3c:05:03:
         b8:67:d7:f1:06:0c:ec:70:10:86:f0:32:63:7f:2b:31:52:09:
         8f:9c:73:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTimBDL20rNi25IiElDUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMmQzOGUyMGYyNGQwZTMwYjg2Y2NkODI2MWFjMDAxN2Yx
N2E1YTQwHhcNMjQwMTAyMDgzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU5YmRiYzBiYzgzNzQwY2VhNDNmNDE0ZjM4NmVhYjNlMjBmY2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAi3WJYispaoUGS5Nm12Qt3+9MKN
NVahCYe7pWMPBV3v1oaQ8u++QY4qdBS32UTTr/q9Hqt2LFvgXKN9AzcsUZFS1rc4
xL6uG84wBCUKyTUjK75uFD4SpyEYk2d6qgYfH/ehotB7siAtIKVHGSQfsP2u2X1f
hq59fpTSJurIe1cnVdpnAouYq/5TvnLqNZIS+EMojCMsU7g04LsU0+wn4iPoMyKT
x/8TZgNwn2zbo5w1DQNGOx7yZ1/n0tL0I300iU6H4sQi81Ik4lpAjBZePeNIm1pc
GQGM+qlw8s8lPYg6Co3eb4uNFPg8Zee6h0Ck2hvbM94s1/XRKiu+WJHbXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9ZvbwLyDdAzqQ/QU84bqs+IPyzMB8GA1UdIwQY
MBaAFK0tOOIPJNDjC4bM2CYawAF/F6WkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclMwNDRnOGswT01MaHN6WUpockFBWDhYcGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yZDg3NjEtMjI5Zi00YTM3LTg3YjEt
NDI5OTUzMjNjMDNkLzEvWDFtOXZBdklOMERPcEQ5QlR6aHVxejRnX0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yZDg3NjEtMjI5Zi00YTM3LTg3YjEtNDI5OTUzMjNjMDNk
LzEvclMwNDRnOGswT01MaHN6WUpockFBWDhYcGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY6QMA0G
CSqGSIb3DQEBCwUAA4IBAQBS0Spoq9n7lzlAk7LB7c3NjCKQQSBHJIU4xywLi2CI
KUm3AtWUUT8sJnGmZ43WofowUrK7/jgkBZvk1RSv6FiO36n0o22sFwD/nT7i0M1z
HBPU3iF7NHV8j/aut6f77phZ2QMYfj41J025MqBQ/gJJuYmpR/1nftrGo5kK3eeo
M65luH3m6XLeEI48sdpw+dfp7cocaEL3l0C93Br8WrD6DfQ6QA2+elEjd6J64F+S
ICfuxDrOa9bWcEL/ssPsbzF6OZBCdwuyMgrAoSGZivtSMBNb1Cf6Gx4o42IO63Uj
OXGAyjtX9B48BQO4Z9fxBgzscBCG8DJjfysxUgmPnHOm
-----END CERTIFICATE-----