Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/cn0muSg0dETqGdHX56l5mplfnbY.roa
File:                     cn0muSg0dETqGdHX56l5mplfnbY.roa (raw, json)
Hash identifier:          r5ykVEQ6BosqsqCg0i+nMKhNaiboDhMcm+C3jdM96Xg=
Subject key identifier:   72:7D:26:B9:28:34:74:44:EA:19:D1:D7:E7:A9:79:9A:99:5F:9D:B6
Certificate issuer:       /CN=77b8cf454b0962d16a4855808fd3abc15852bbd8
Certificate serial:       018CCA29030F57EF9072F4E03F25E040D83D
Authority key identifier: 77:B8:CF:45:4B:09:62:D1:6A:48:55:80:8F:D3:AB:C1:58:52:BB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/cn0muSg0dETqGdHX56l5mplfnbY.roa
Signing time:             Tue 02 Jan 2024 12:32:14 +0000
ROA not before:           Tue 02 Jan 2024 12:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199269
IP address blocks:        185.22.164.0/22 maxlen: 22
                          185.22.164.0/23 maxlen: 23
                          185.22.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:03:0f:57:ef:90:72:f4:e0:3f:25:e0:40:d8:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77b8cf454b0962d16a4855808fd3abc15852bbd8
        Validity
            Not Before: Jan  2 12:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=727d26b928347444ea19d1d7e7a9799a995f9db6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:23:11:3d:88:d1:19:b2:2e:a0:c1:dd:6e:87:
                    50:18:fa:54:66:4b:10:9a:25:ea:8e:0c:81:aa:5e:
                    9c:4f:3c:fc:e9:8f:a9:b5:28:ec:c1:ab:b7:18:fb:
                    d4:a5:58:15:da:11:e4:98:4a:bc:53:76:f3:b3:40:
                    9d:74:33:28:2d:11:74:fc:45:76:40:b6:56:25:b9:
                    82:03:f0:05:0f:b6:7c:29:7b:5c:59:23:17:e2:2a:
                    18:25:5b:a2:27:04:f6:1e:d5:c5:f6:04:24:e6:58:
                    ea:63:80:57:39:53:0a:c3:1c:bb:a0:98:08:b7:80:
                    00:a5:b8:fa:a4:c0:16:9e:be:9f:14:58:32:8f:13:
                    da:9a:1b:e5:f2:f0:9a:70:73:e8:9b:1a:60:35:4d:
                    8b:7c:df:29:76:b2:2f:11:45:d6:30:25:bf:ea:04:
                    ba:55:f1:6b:46:96:39:55:22:1b:d0:a4:ae:95:5a:
                    2e:bf:de:39:b1:a6:38:71:71:29:11:df:1e:72:4c:
                    de:47:8b:a4:28:5d:01:c2:20:e3:66:e8:cd:a8:ac:
                    bb:db:ae:e8:a3:f5:6c:33:d1:ff:63:4a:97:e2:84:
                    d0:70:f7:26:b6:d7:97:ac:fe:ba:5d:9b:53:8c:ea:
                    f5:a7:c6:16:23:d2:fd:b5:49:56:96:55:c2:99:09:
                    60:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:7D:26:B9:28:34:74:44:EA:19:D1:D7:E7:A9:79:9A:99:5F:9D:B6
            X509v3 Authority Key Identifier:
                keyid:77:B8:CF:45:4B:09:62:D1:6A:48:55:80:8F:D3:AB:C1:58:52:BB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/cn0muSg0dETqGdHX56l5mplfnbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:03:7d:16:15:f3:2d:d5:50:ce:91:b1:fd:50:a3:c8:60:cc:
         47:a4:b4:a2:39:ae:ff:6f:ed:47:84:16:cf:93:8d:29:3d:32:
         04:52:0d:f1:22:97:51:2f:f4:85:c8:f4:8b:de:a9:66:27:23:
         23:27:a2:c5:53:7b:18:26:5a:78:a7:1f:5c:e8:39:3c:04:ac:
         f1:20:92:79:63:05:ae:2e:5d:61:e3:2b:f1:fb:9f:3c:ef:6c:
         d6:aa:a9:5c:45:32:d9:ad:f8:f5:90:7f:d6:be:9d:e1:9e:41:
         70:f8:1e:97:ae:f6:89:3c:18:a7:b7:a8:bb:39:92:69:88:c0:
         e6:fa:8a:2d:dd:69:cd:97:0a:70:e8:9d:15:60:ae:0a:8d:e4:
         15:d5:8b:25:c9:94:bd:79:08:fb:cf:d7:2a:bf:ea:82:40:a4:
         97:a6:b2:5c:23:d0:81:0f:f0:77:9a:e0:0f:dd:33:0b:bd:8e:
         a4:fd:00:ff:93:5a:8b:81:8e:ae:33:6e:08:40:59:42:28:0b:
         3b:b3:5b:9b:7b:49:c4:f4:2f:1f:76:e8:64:82:5c:7c:f2:c3:
         d5:c1:0b:33:c7:4a:c8:25:d8:b5:9b:78:7e:27:6f:8d:24:0e:
         3c:3e:85:65:7c:2d:85:0f:2e:20:94:ac:ca:88:7e:02:af:5a:
         b4:96:db:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKQMPV++QcvTgPyXgQNg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YjhjZjQ1NGIwOTYyZDE2YTQ4NTU4MDhmZDNhYmMxNTg1
MmJiZDgwHhcNMjQwMTAyMTIzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjdkMjZiOTI4MzQ3NDQ0ZWExOWQxZDdlN2E5Nzk5YTk5NWY5ZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySMRPYjRGbIuoMHdbodQGPpUZksQ
miXqjgyBql6cTzz86Y+ptSjswau3GPvUpVgV2hHkmEq8U3bzs0CddDMoLRF0/EV2
QLZWJbmCA/AFD7Z8KXtcWSMX4ioYJVuiJwT2HtXF9gQk5ljqY4BXOVMKwxy7oJgI
t4AApbj6pMAWnr6fFFgyjxPamhvl8vCacHPomxpgNU2LfN8pdrIvEUXWMCW/6gS6
VfFrRpY5VSIb0KSulVouv945saY4cXEpEd8eckzeR4ukKF0BwiDjZujNqKy7267o
o/VsM9H/Y0qX4oTQcPcmtteXrP66XZtTjOr1p8YWI9L9tUlWllXCmQlgfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJ9JrkoNHRE6hnR1+epeZqZX522MB8GA1UdIwQY
MBaAFHe4z0VLCWLRakhVgI/Tq8FYUrvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDdqUFJVc0pZdEZxU0ZXQWo5T3J3VmhTdTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jMTcxY2EtNGIxYi00MTg3LWJhNDYt
YTRmYzllMjQ1OGVjLzEvY24wbXVTZzBkRVRxR2RIWDU2bDVtcGxmbmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jMTcxY2EtNGIxYi00MTg3LWJhNDYtYTRmYzllMjQ1OGVj
LzEvZDdqUFJVc0pZdEZxU0ZXQWo5T3J3VmhTdTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRakMA0G
CSqGSIb3DQEBCwUAA4IBAQAUA30WFfMt1VDOkbH9UKPIYMxHpLSiOa7/b+1HhBbP
k40pPTIEUg3xIpdRL/SFyPSL3qlmJyMjJ6LFU3sYJlp4px9c6Dk8BKzxIJJ5YwWu
Ll1h4yvx+58872zWqqlcRTLZrfj1kH/Wvp3hnkFw+B6XrvaJPBint6i7OZJpiMDm
+oot3WnNlwpw6J0VYK4KjeQV1YslyZS9eQj7z9cqv+qCQKSXprJcI9CBD/B3muAP
3TMLvY6k/QD/k1qLgY6uM24IQFlCKAs7s1ube0nE9C8fduhkglx88sPVwQszx0rI
Jdi1m3h+J2+NJA48PoVlfC2FDy4glKzKiH4Cr1q0ltt/
-----END CERTIFICATE-----