Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/c28ebc-749f-48f6-89a2-edc316222644/1/aHi7jn9xGqekI1y5YDaLXdVdO00.roa
File:                     aHi7jn9xGqekI1y5YDaLXdVdO00.roa (raw, json)
Hash identifier:          w3fIjy/SENIpRAJQv8zfTpc5W48FXtEJIMh7UrALvFE=
Subject key identifier:   68:78:BB:8E:7F:71:1A:A7:A4:23:5C:B9:60:36:8B:5D:D5:5D:3B:4D
Certificate issuer:       /CN=985d472fa538204f1c23e8b6a758073b80cfc199
Certificate serial:       018CC2DB2F5F18FEEB84D137B3F03705E673
Authority key identifier: 98:5D:47:2F:A5:38:20:4F:1C:23:E8:B6:A7:58:07:3B:80:CF:C1:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mF1HL6U4IE8cI-i2p1gHO4DPwZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/c28ebc-749f-48f6-89a2-edc316222644/1/aHi7jn9xGqekI1y5YDaLXdVdO00.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212603
IP address blocks:        195.200.194.0/24 maxlen: 24
                          45.143.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/c28ebc-749f-48f6-89a2-edc316222644/1/mF1HL6U4IE8cI-i2p1gHO4DPwZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/c28ebc-749f-48f6-89a2-edc316222644/1/mF1HL6U4IE8cI-i2p1gHO4DPwZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mF1HL6U4IE8cI-i2p1gHO4DPwZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2f:5f:18:fe:eb:84:d1:37:b3:f0:37:05:e6:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=985d472fa538204f1c23e8b6a758073b80cfc199
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6878bb8e7f711aa7a4235cb960368b5dd55d3b4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d0:0d:05:b9:78:9e:04:8b:7f:25:c1:cb:9d:
                    9a:9f:9d:89:76:38:47:a2:05:be:78:32:cc:1c:f1:
                    7c:5a:0d:25:14:a8:ec:3f:22:15:26:93:4d:f8:7f:
                    fc:7a:75:0b:1c:2e:80:fc:5e:18:ca:23:44:93:72:
                    9b:77:bc:37:c1:fb:bc:69:c8:e6:2d:88:8e:2e:ba:
                    bf:08:54:6a:32:71:36:ce:b9:d6:10:f5:f7:49:84:
                    bc:39:fb:b9:7a:d1:c1:e3:95:6c:0e:84:9d:5a:ce:
                    4f:d6:32:f2:06:76:db:7d:c6:a1:d4:2e:c3:22:02:
                    e1:28:9d:c7:b6:c0:4d:65:ac:b0:f7:ce:18:70:20:
                    54:d5:69:75:00:dc:7c:ce:98:88:90:11:a7:b6:73:
                    38:42:9e:b7:92:37:16:35:3a:d3:dc:29:f4:fb:22:
                    78:68:69:c2:e4:bb:6e:00:6e:5b:9f:6e:be:c6:87:
                    f1:5b:d9:a6:e6:65:38:5d:ca:2b:2e:3b:22:1c:35:
                    9c:c9:27:89:31:a7:8e:f4:32:40:52:1e:07:7d:66:
                    94:ee:6c:1c:b2:e0:68:56:b4:9d:7b:07:01:0b:c0:
                    9d:34:cc:ae:3f:bd:58:62:00:e9:e7:78:71:72:a0:
                    ff:ee:ff:69:4f:0d:fd:af:7e:23:12:cc:70:72:75:
                    a8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:78:BB:8E:7F:71:1A:A7:A4:23:5C:B9:60:36:8B:5D:D5:5D:3B:4D
            X509v3 Authority Key Identifier:
                keyid:98:5D:47:2F:A5:38:20:4F:1C:23:E8:B6:A7:58:07:3B:80:CF:C1:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mF1HL6U4IE8cI-i2p1gHO4DPwZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/c28ebc-749f-48f6-89a2-edc316222644/1/aHi7jn9xGqekI1y5YDaLXdVdO00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/c28ebc-749f-48f6-89a2-edc316222644/1/mF1HL6U4IE8cI-i2p1gHO4DPwZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.176.0/22
                  195.200.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c0:0b:87:5a:87:ea:e8:4e:21:8f:d7:ff:c8:3d:71:c9:b8:
         56:07:f3:7e:83:f8:9d:1a:6a:1a:de:27:ec:b0:d5:93:2d:a9:
         ed:68:8b:3d:b9:bf:2f:18:b6:73:16:64:8d:ba:96:ad:4b:98:
         c6:6f:07:93:6a:c2:c8:30:8e:e1:bb:8a:cb:50:b2:3b:59:f0:
         b0:46:48:95:04:c5:37:95:ca:5a:01:c6:60:1f:40:5c:00:51:
         8b:88:1b:14:5a:2a:e1:74:00:f0:06:87:1a:5c:e9:5b:61:4f:
         2e:bc:ed:be:c3:8d:f8:67:18:70:98:4b:2b:16:35:dc:63:9c:
         60:8f:16:2d:1c:23:82:33:66:c8:c1:05:4e:4c:eb:1d:f9:85:
         8b:15:e5:62:e6:b9:f5:cf:0d:88:01:0d:f9:b9:13:a3:8c:fd:
         b6:06:4b:2d:94:b0:a5:80:03:2f:91:ac:9e:c7:9e:1f:7f:dd:
         2b:e8:49:ee:8a:63:95:f7:75:a9:9f:0a:80:78:ad:99:84:f2:
         9f:2e:66:d1:62:6d:23:c9:73:0c:1f:ab:2b:1a:01:05:af:79:
         af:0d:29:8d:8b:57:d7:de:5c:77:fe:63:a9:ab:23:9d:ab:ee:
         84:99:c4:5b:cb:e1:00:6c:e7:70:eb:22:e9:ae:41:56:ad:30:
         ff:57:e3:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2y9fGP7rhNE3s/A3BeZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NWQ0NzJmYTUzODIwNGYxYzIzZThiNmE3NTgwNzNiODBj
ZmMxOTkwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc4YmI4ZTdmNzExYWE3YTQyMzVjYjk2MDM2OGI1ZGQ1NWQzYjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNANBbl4ngSLfyXBy52an52JdjhH
ogW+eDLMHPF8Wg0lFKjsPyIVJpNN+H/8enULHC6A/F4YyiNEk3Kbd7w3wfu8acjm
LYiOLrq/CFRqMnE2zrnWEPX3SYS8Ofu5etHB45VsDoSdWs5P1jLyBnbbfcah1C7D
IgLhKJ3HtsBNZayw984YcCBU1Wl1ANx8zpiIkBGntnM4Qp63kjcWNTrT3Cn0+yJ4
aGnC5LtuAG5bn26+xofxW9mm5mU4XcorLjsiHDWcySeJMaeO9DJAUh4HfWaU7mwc
suBoVrSdewcBC8CdNMyuP71YYgDp53hxcqD/7v9pTw39r34jEsxwcnWoqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGh4u45/cRqnpCNcuWA2i13VXTtNMB8GA1UdIwQY
MBaAFJhdRy+lOCBPHCPotqdYBzuAz8GZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUYxSEw2VTRJRThjSS1pMnAxZ0hPNERQd1prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9jMjhlYmMtNzQ5Zi00OGY2LTg5YTIt
ZWRjMzE2MjIyNjQ0LzEvYUhpN2puOXhHcWVrSTF5NVlEYUxYZFZkTzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9jMjhlYmMtNzQ5Zi00OGY2LTg5YTItZWRjMzE2MjIyNjQ0
LzEvbUYxSEw2VTRJRThjSS1pMnAxZ0hPNERQd1prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY+wAwQA
w8jCMA0GCSqGSIb3DQEBCwUAA4IBAQChwAuHWofq6E4hj9f/yD1xybhWB/N+g/id
Gmoa3ifssNWTLantaIs9ub8vGLZzFmSNupatS5jGbweTasLIMI7hu4rLULI7WfCw
RkiVBMU3lcpaAcZgH0BcAFGLiBsUWirhdADwBocaXOlbYU8uvO2+w434ZxhwmEsr
FjXcY5xgjxYtHCOCM2bIwQVOTOsd+YWLFeVi5rn1zw2IAQ35uROjjP22BkstlLCl
gAMvkayex54ff90r6EnuimOV93WpnwqAeK2ZhPKfLmbRYm0jyXMMH6srGgEFr3mv
DSmNi1fX3lx3/mOpqyOdq+6EmcRby+EAbOdw6yLprkFWrTD/V+ML
-----END CERTIFICATE-----