Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/47898a-7662-4b11-a80d-2aa170992f37/1/ArJPc9hmKB5aBE63Uk7IR4CaX7I.roa
File:                     ArJPc9hmKB5aBE63Uk7IR4CaX7I.roa (raw, json)
Hash identifier:          E5wivAg5oOINL1Ueb7hIWwtEpoC3Aubi6LxDlNJO7UU=
Subject key identifier:   02:B2:4F:73:D8:66:28:1E:5A:04:4E:B7:52:4E:C8:47:80:9A:5F:B2
Certificate issuer:       /CN=1e9e3c64cafd9e275370d4fd6499c3c5d7539c4a
Certificate serial:       01916B257522FAECB9F8FD84CA500A330826
Authority key identifier: 1E:9E:3C:64:CA:FD:9E:27:53:70:D4:FD:64:99:C3:C5:D7:53:9C:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp48ZMr9nidTcNT9ZJnDxddTnEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/47898a-7662-4b11-a80d-2aa170992f37/1/ArJPc9hmKB5aBE63Uk7IR4CaX7I.roa
Signing time:             Mon 19 Aug 2024 14:58:22 +0000
ROA not before:           Mon 19 Aug 2024 14:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.177.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/47898a-7662-4b11-a80d-2aa170992f37/1/Hp48ZMr9nidTcNT9ZJnDxddTnEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/47898a-7662-4b11-a80d-2aa170992f37/1/Hp48ZMr9nidTcNT9ZJnDxddTnEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp48ZMr9nidTcNT9ZJnDxddTnEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:25:75:22:fa:ec:b9:f8:fd:84:ca:50:0a:33:08:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9e3c64cafd9e275370d4fd6499c3c5d7539c4a
        Validity
            Not Before: Aug 19 14:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02b24f73d866281e5a044eb7524ec847809a5fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b4:65:83:d5:69:66:cc:91:59:37:c4:71:45:
                    c1:9e:48:8a:b6:19:7d:2c:de:8f:20:c0:69:89:2c:
                    fb:70:a9:79:10:4b:30:59:70:30:15:67:57:09:ef:
                    1f:e4:de:5e:30:e8:a6:f4:92:65:7e:2d:f4:9d:af:
                    0a:0b:a1:06:64:34:a5:58:64:ef:28:57:e0:61:66:
                    e8:a3:16:1f:25:da:54:97:f8:97:8a:4e:8d:00:d0:
                    7a:10:6d:98:cb:e7:77:9b:ca:82:1f:f1:8f:9b:96:
                    2f:12:8a:9d:46:93:ce:73:0c:33:58:0d:5a:bf:b8:
                    b4:e9:d6:b1:3e:6b:3f:80:b8:fa:ab:c8:73:4d:ff:
                    2f:4e:ea:29:71:34:09:b1:fa:48:bb:5f:35:a0:bc:
                    f2:24:07:ff:3b:a0:a4:a5:04:f5:d4:a4:7e:71:41:
                    fe:a5:e3:2c:63:c6:de:f4:62:03:4e:09:c2:55:87:
                    ac:a7:12:11:1b:1c:b7:bb:5e:12:2d:02:cc:a4:96:
                    48:db:6b:34:fe:2d:f1:10:82:c4:3d:fe:de:8e:d9:
                    25:3b:d3:fa:83:1f:6d:1f:99:01:54:ca:ac:f4:27:
                    22:67:09:11:13:21:91:a1:ac:b6:ed:64:81:94:35:
                    58:c1:72:aa:a5:91:43:72:96:d9:42:f8:b3:20:59:
                    d1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:B2:4F:73:D8:66:28:1E:5A:04:4E:B7:52:4E:C8:47:80:9A:5F:B2
            X509v3 Authority Key Identifier:
                keyid:1E:9E:3C:64:CA:FD:9E:27:53:70:D4:FD:64:99:C3:C5:D7:53:9C:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp48ZMr9nidTcNT9ZJnDxddTnEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/47898a-7662-4b11-a80d-2aa170992f37/1/ArJPc9hmKB5aBE63Uk7IR4CaX7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/47898a-7662-4b11-a80d-2aa170992f37/1/Hp48ZMr9nidTcNT9ZJnDxddTnEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:1c:12:9b:70:a1:72:bb:45:08:d7:d9:34:82:87:50:82:0f:
         67:95:44:42:02:5a:f2:67:74:9a:39:7b:e6:4e:16:fc:b4:b1:
         8a:cc:c5:9b:f6:cd:56:27:4f:52:38:21:f7:8e:ad:5a:92:3d:
         d2:c5:59:93:d0:96:2d:1c:a5:27:74:e8:fa:39:26:d3:8d:48:
         07:99:8d:75:15:1c:05:37:0f:73:a3:2e:77:0a:11:86:36:c6:
         23:d8:c1:cd:6f:ce:d0:2d:bf:db:ad:d9:4b:68:86:8d:62:d7:
         61:fa:86:e8:df:93:17:8f:ce:f4:76:ca:a5:60:e0:1a:90:1f:
         b1:13:aa:f2:8d:97:5e:c7:c9:39:f2:77:1d:81:82:70:1d:40:
         28:6c:6b:54:77:e5:0c:7e:45:a4:2e:6c:c9:76:2a:0b:0f:bc:
         4a:d3:9f:b9:28:72:d6:1c:fd:6d:17:22:f8:3a:e2:7d:f4:ba:
         78:df:67:d3:05:8e:90:e7:db:99:13:8f:79:61:a3:7e:60:91:
         6b:56:cf:2e:05:e4:f3:53:9d:f0:43:c1:95:33:fc:dc:9b:ca:
         2b:94:0e:fd:5a:6c:c1:33:52:1f:2f:52:d5:2b:f2:71:8f:ff:
         cd:69:c6:20:8d:11:b7:65:3d:33:2b:88:a6:ef:0f:b5:78:81:
         01:94:a4:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFrJXUi+uy5+P2EylAKMwgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWUzYzY0Y2FmZDllMjc1MzcwZDRmZDY0OTljM2M1ZDc1
MzljNGEwHhcNMjQwODE5MTQ1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmIyNGY3M2Q4NjYyODFlNWEwNDRlYjc1MjRlYzg0NzgwOWE1ZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7Rlg9VpZsyRWTfEcUXBnkiKthl9
LN6PIMBpiSz7cKl5EEswWXAwFWdXCe8f5N5eMOim9JJlfi30na8KC6EGZDSlWGTv
KFfgYWbooxYfJdpUl/iXik6NANB6EG2Yy+d3m8qCH/GPm5YvEoqdRpPOcwwzWA1a
v7i06daxPms/gLj6q8hzTf8vTuopcTQJsfpIu181oLzyJAf/O6CkpQT11KR+cUH+
peMsY8be9GIDTgnCVYespxIRGxy3u14SLQLMpJZI22s0/i3xEILEPf7ejtklO9P6
gx9tH5kBVMqs9CciZwkREyGRoay27WSBlDVYwXKqpZFDcpbZQvizIFnRRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKyT3PYZigeWgROt1JOyEeAml+yMB8GA1UdIwQY
MBaAFB6ePGTK/Z4nU3DU/WSZw8XXU5xKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHA0OFpNcjluaWRUY05UOVpKbkR4ZGRUbkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC80Nzg5OGEtNzY2Mi00YjExLWE4MGQt
MmFhMTcwOTkyZjM3LzEvQXJKUGM5aG1LQjVhQkU2M1VrN0lSNENhWDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC80Nzg5OGEtNzY2Mi00YjExLWE4MGQtMmFhMTcwOTkyZjM3
LzEvSHA0OFpNcjluaWRUY05UOVpKbkR4ZGRUbkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubGsMA0G
CSqGSIb3DQEBCwUAA4IBAQBZHBKbcKFyu0UI19k0godQgg9nlURCAlryZ3SaOXvm
Thb8tLGKzMWb9s1WJ09SOCH3jq1akj3SxVmT0JYtHKUndOj6OSbTjUgHmY11FRwF
Nw9zoy53ChGGNsYj2MHNb87QLb/brdlLaIaNYtdh+obo35MXj870dsqlYOAakB+x
E6ryjZdex8k58ncdgYJwHUAobGtUd+UMfkWkLmzJdioLD7xK05+5KHLWHP1tFyL4
OuJ99Lp432fTBY6Q59uZE495YaN+YJFrVs8uBeTzU53wQ8GVM/zcm8orlA79WmzB
M1IfL1LVK/Jxj//NacYgjRG3ZT0zK4im7w+1eIEBlKQR
-----END CERTIFICATE-----