Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/cR0bd2KAT3rj16PBC9y6gpjBeS0.roa
File:                     cR0bd2KAT3rj16PBC9y6gpjBeS0.roa (raw, json)
Hash identifier:          GVilUX7JJ0PbT6xCDHQC5zH8hyNTgwy8iP556gcOT08=
Subject key identifier:   71:1D:1B:77:62:80:4F:7A:E3:D7:A3:C1:0B:DC:BA:82:98:C1:79:2D
Certificate issuer:       /CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
Certificate serial:       018CC2DAECA17180CF2E574371ABE6A75F1B
Authority key identifier: D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/cR0bd2KAT3rj16PBC9y6gpjBeS0.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49767
IP address blocks:        194.31.216.0/22 maxlen: 22
                          109.72.0.0/20 maxlen: 20
                          2a02:2930::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:a1:71:80:cf:2e:57:43:71:ab:e6:a7:5f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=711d1b7762804f7ae3d7a3c10bdcba8298c1792d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:22:ad:e1:27:c6:17:44:ac:98:d6:20:67:c8:
                    c8:23:fc:12:f8:28:d7:c2:9a:f2:a5:86:cb:b5:31:
                    1d:0b:43:07:67:d4:b8:e3:6e:01:57:e1:3d:cf:de:
                    96:59:28:01:53:5c:3b:5b:58:1d:12:ea:90:b6:b9:
                    c2:9d:13:e9:6a:08:cf:a5:3e:c0:9a:db:ed:f7:d8:
                    37:7d:b4:51:95:37:30:92:c8:35:1d:84:80:15:0c:
                    7c:cf:b5:6f:ce:65:57:49:3d:da:4f:48:79:75:f3:
                    58:26:c0:c5:ee:15:f1:2b:89:ef:1c:b3:81:4f:90:
                    98:62:d4:e9:68:e4:7d:da:dc:bf:b2:06:d0:02:49:
                    7b:cb:32:de:b1:52:9d:0f:79:f9:dd:cd:a2:2e:bc:
                    32:99:a5:bf:ac:9c:22:4e:2f:9f:41:9b:27:b2:ca:
                    c6:60:e8:dd:bc:37:e1:e6:82:f4:ca:06:cd:0e:d6:
                    24:f3:d5:c9:61:21:f9:98:fd:b8:1e:c6:e0:ad:d6:
                    a5:d7:b9:f1:af:a9:ef:ce:c7:53:d5:ef:33:2c:30:
                    f7:5b:31:ea:47:37:e8:a1:42:39:b2:1a:b3:65:97:
                    c2:f0:96:0c:5a:97:12:48:d5:fa:f0:ba:67:8b:8d:
                    89:61:94:e3:be:85:6c:12:b0:25:c5:d8:95:68:14:
                    4e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1D:1B:77:62:80:4F:7A:E3:D7:A3:C1:0B:DC:BA:82:98:C1:79:2D
            X509v3 Authority Key Identifier:
                keyid:D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/cR0bd2KAT3rj16PBC9y6gpjBeS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.0.0/20
                  194.31.216.0/22
                IPv6:
                  2a02:2930::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:dc:0b:e1:45:dd:a5:95:8b:e5:6a:a9:a0:a2:6e:0f:77:6f:
         1c:13:c7:ae:bf:0e:71:10:8c:ef:69:24:2d:6f:a4:0c:05:5b:
         95:e3:73:57:75:32:5a:45:52:e2:ca:bb:52:47:2d:65:cf:cc:
         bd:c7:34:0e:02:67:ee:03:38:9a:e2:7d:09:49:4c:d6:dc:c7:
         8c:a0:6f:14:d6:b6:f4:f9:80:f1:d1:21:70:45:25:c7:2d:ad:
         03:9b:5c:05:aa:3c:2f:d2:ce:fd:44:c4:e1:45:fe:a2:3f:cd:
         ed:27:35:ac:9c:34:dd:56:7d:3d:1e:cf:e6:e5:7c:b0:e1:4f:
         97:13:ca:91:97:40:dd:85:c0:c7:da:a4:80:8e:0d:c5:4b:9d:
         15:5d:8a:8f:a3:a8:09:9e:59:b4:4d:bf:fa:d2:e8:d3:5b:38:
         6c:29:77:f7:7f:48:40:92:1b:df:9b:dc:85:57:97:7c:51:94:
         06:b7:f6:df:be:cf:43:31:61:38:7c:12:e3:ca:3d:13:a1:af:
         57:5a:c4:50:a0:93:e5:7f:6d:0e:f9:ee:f0:e7:9f:12:62:9b:
         fa:9b:8c:33:bd:d7:04:f0:26:41:40:43:aa:7e:4a:f9:b8:08:
         83:7d:31:48:da:be:d0:7f:17:79:3c:57:0f:19:e7:8a:20:98:
         0d:58:f3:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2uyhcYDPLldDcavmp18bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZmYwZmVjZDdiZjQ0MTQ4OTMxNzg4ZGZlN2YyMGQ2N2E2
N2EwZGIwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFkMWI3NzYyODA0ZjdhZTNkN2EzYzEwYmRjYmE4Mjk4YzE3OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiKt4SfGF0SsmNYgZ8jII/wS+CjX
wprypYbLtTEdC0MHZ9S4424BV+E9z96WWSgBU1w7W1gdEuqQtrnCnRPpagjPpT7A
mtvt99g3fbRRlTcwksg1HYSAFQx8z7VvzmVXST3aT0h5dfNYJsDF7hXxK4nvHLOB
T5CYYtTpaOR92ty/sgbQAkl7yzLesVKdD3n53c2iLrwymaW/rJwiTi+fQZsnssrG
YOjdvDfh5oL0ygbNDtYk89XJYSH5mP24Hsbgrdal17nxr6nvzsdT1e8zLDD3WzHq
RzfooUI5shqzZZfC8JYMWpcSSNX68Lpni42JYZTjvoVsErAlxdiVaBROpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHEdG3digE9649ejwQvcuoKYwXktMB8GA1UdIwQY
MBaAFNT/D+zXv0QUiTF4jf5/INZ6Z6DbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUt
ZjBjMjFmODE4NmYwLzEvY1IwYmQyS0FUM3JqMTZQQkM5eTZncGpCZVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUtZjBjMjFmODE4NmYw
LzEvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEbUgAAwQC
wh/YMA0EAgACMAcDBQAqAikwMA0GCSqGSIb3DQEBCwUAA4IBAQCe3AvhRd2llYvl
aqmgom4Pd28cE8euvw5xEIzvaSQtb6QMBVuV43NXdTJaRVLiyrtSRy1lz8y9xzQO
AmfuAzia4n0JSUzW3MeMoG8U1rb0+YDx0SFwRSXHLa0Dm1wFqjwv0s79RMThRf6i
P83tJzWsnDTdVn09Hs/m5Xyw4U+XE8qRl0DdhcDH2qSAjg3FS50VXYqPo6gJnlm0
Tb/60ujTWzhsKXf3f0hAkhvfm9yFV5d8UZQGt/bfvs9DMWE4fBLjyj0Toa9XWsRQ
oJPlf20O+e7w558SYpv6m4wzvdcE8CZBQEOqfkr5uAiDfTFI2r7Qfxd5PFcPGeeK
IJgNWPPk
-----END CERTIFICATE-----