Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/3632f5-89e7-4d22-8bc1-33399080270f/1/1-x0RvnaWAHfv6H01W9AseTiaj6A.roa
File:                     1-x0RvnaWAHfv6H01W9AseTiaj6A.roa (raw, json)
Hash identifier:          nMyuA2Us9iF/RslKpnz1UZ+hrQt0iwcfuUJAd38edI8=
Subject key identifier:   FB:1D:11:BE:76:96:00:77:EF:E8:7D:35:5B:D0:2C:79:38:9A:8F:A0
Certificate issuer:       /CN=a2d37fc31efd3703bf2c4c3e88bc3c1cfb479919
Certificate serial:       018CC50040D6C58BD205C84821268CC4806C
Authority key identifier: A2:D3:7F:C3:1E:FD:37:03:BF:2C:4C:3E:88:BC:3C:1C:FB:47:99:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/otN_wx79NwO_LEw-iLw8HPtHmRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/3632f5-89e7-4d22-8bc1-33399080270f/1/1-x0RvnaWAHfv6H01W9AseTiaj6A.roa
Signing time:             Mon 01 Jan 2024 12:29:37 +0000
ROA not before:           Mon 01 Jan 2024 12:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57317
IP address blocks:        185.105.112.0/22 maxlen: 24
                          2a06:3700::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/3632f5-89e7-4d22-8bc1-33399080270f/1/otN_wx79NwO_LEw-iLw8HPtHmRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/3632f5-89e7-4d22-8bc1-33399080270f/1/otN_wx79NwO_LEw-iLw8HPtHmRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/otN_wx79NwO_LEw-iLw8HPtHmRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:40:d6:c5:8b:d2:05:c8:48:21:26:8c:c4:80:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2d37fc31efd3703bf2c4c3e88bc3c1cfb479919
        Validity
            Not Before: Jan  1 12:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb1d11be76960077efe87d355bd02c79389a8fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3e:60:44:2d:50:51:f6:97:91:31:09:bf:de:
                    4f:27:05:7d:30:ea:ac:e0:75:bb:06:34:68:95:60:
                    5b:53:c5:c8:b7:74:8e:e1:fe:3b:56:35:0d:f5:94:
                    9d:72:9a:fb:40:a0:20:32:35:c5:93:7b:81:cc:ff:
                    e5:46:7b:02:b9:cb:6c:ca:34:57:60:5c:8c:be:6c:
                    02:a7:52:05:d7:ec:6c:c6:70:ba:63:a2:12:b0:e6:
                    f1:98:71:d4:c9:9f:ba:93:7e:a1:a3:b7:f5:99:ff:
                    65:f4:04:46:67:70:21:ec:18:77:45:f6:af:64:62:
                    0b:39:24:cd:c0:69:39:6e:b1:52:a5:48:c2:54:d3:
                    87:66:26:67:37:1f:60:25:ba:78:bf:62:30:bf:3e:
                    37:32:46:32:f5:4a:85:a3:e6:9a:ff:2a:6b:a7:47:
                    91:bc:59:15:29:71:62:1b:57:c4:63:25:a5:a1:8d:
                    a1:b0:3e:17:dc:5f:70:32:61:28:13:ac:7a:1d:89:
                    0d:85:f1:51:76:7e:7e:74:55:12:bb:05:5b:ea:61:
                    8d:0c:5f:40:8d:45:25:1f:42:c0:a7:c7:93:1f:1b:
                    f7:6e:45:6b:47:e6:00:72:8d:16:11:ce:a5:d4:31:
                    ab:e7:9e:0b:ce:08:90:09:f3:e0:fb:d0:8d:c7:d3:
                    e3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:1D:11:BE:76:96:00:77:EF:E8:7D:35:5B:D0:2C:79:38:9A:8F:A0
            X509v3 Authority Key Identifier:
                keyid:A2:D3:7F:C3:1E:FD:37:03:BF:2C:4C:3E:88:BC:3C:1C:FB:47:99:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/otN_wx79NwO_LEw-iLw8HPtHmRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3632f5-89e7-4d22-8bc1-33399080270f/1/1-x0RvnaWAHfv6H01W9AseTiaj6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3632f5-89e7-4d22-8bc1-33399080270f/1/otN_wx79NwO_LEw-iLw8HPtHmRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.112.0/22
                IPv6:
                  2a06:3700::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:de:98:e3:0c:c4:f4:49:ed:22:3d:07:64:53:1e:58:58:67:
         88:1b:93:29:e2:78:c0:fd:31:15:50:51:6c:40:b8:9b:cc:c4:
         e0:0c:88:f3:7d:76:b0:1e:c9:77:aa:0c:72:f8:ba:af:98:65:
         70:cf:fc:4b:51:57:05:cf:e1:d1:a3:b1:eb:eb:8f:54:71:55:
         27:4c:a9:f2:8c:09:1d:b7:23:a3:94:6d:b2:1a:07:41:81:75:
         9a:ac:a8:68:7e:3c:6a:aa:45:c5:90:f3:a0:3f:fb:65:ca:19:
         5a:11:cf:aa:e0:a2:2c:ab:47:6c:e0:26:c4:df:49:b6:70:be:
         9c:96:18:2d:bd:89:8f:73:ba:c3:b7:65:73:00:38:10:86:64:
         1f:5c:fa:84:be:e7:da:3b:1d:df:17:72:e6:f2:d5:fd:09:95:
         f6:13:95:d3:de:25:23:96:2f:27:fd:a4:5b:66:07:c8:32:e5:
         cf:05:71:4a:cb:d5:5d:c1:ae:d2:04:0d:09:f4:0e:db:29:e6:
         7d:65:e0:c5:fe:5f:27:6f:8c:64:af:28:70:05:56:10:2a:9e:
         72:54:72:5e:78:74:8f:86:05:b5:0a:0c:f0:46:11:b6:4b:3c:
         61:a0:21:b2:b1:d1:d7:88:3e:b9:4a:bd:5e:10:45:2d:99:f2:
         23:93:e8:5c
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFAEDWxYvSBchIISaMxIBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZDM3ZmMzMWVmZDM3MDNiZjJjNGMzZTg4YmMzYzFjZmI0
Nzk5MTkwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjFkMTFiZTc2OTYwMDc3ZWZlODdkMzU1YmQwMmM3OTM4OWE4ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiz5gRC1QUfaXkTEJv95PJwV9MOqs
4HW7BjRolWBbU8XIt3SO4f47VjUN9ZSdcpr7QKAgMjXFk3uBzP/lRnsCuctsyjRX
YFyMvmwCp1IF1+xsxnC6Y6ISsObxmHHUyZ+6k36ho7f1mf9l9ARGZ3Ah7Bh3Rfav
ZGILOSTNwGk5brFSpUjCVNOHZiZnNx9gJbp4v2Iwvz43MkYy9UqFo+aa/yprp0eR
vFkVKXFiG1fEYyWloY2hsD4X3F9wMmEoE6x6HYkNhfFRdn5+dFUSuwVb6mGNDF9A
jUUlH0LAp8eTHxv3bkVrR+YAco0WEc6l1DGr554LzgiQCfPg+9CNx9PjJQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPsdEb52lgB37+h9NVvQLHk4mo+gMB8GA1UdIwQY
MBaAFKLTf8Me/TcDvyxMPoi8PBz7R5kZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ROX3d4NzlOd09fTEV3LWlMdzhIUHRIbVJrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNjMyZjUtODllNy00ZDIyLThiYzEt
MzMzOTkwODAyNzBmLzEvMS14MFJ2bmFXQUhmdjZIMDFXOUFzZVRpYWo2QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmUvMzYzMmY1LTg5ZTctNGQyMi04YmMxLTMzMzk5MDgwMjcw
Zi8xL290Tl93eDc5TndPX0xFdy1pTHc4SFB0SG1Say5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlpcDAN
BAIAAjAHAwUDKgY3ADANBgkqhkiG9w0BAQsFAAOCAQEAAN6Y4wzE9EntIj0HZFMe
WFhniBuTKeJ4wP0xFVBRbEC4m8zE4AyI8312sB7Jd6oMcvi6r5hlcM/8S1FXBc/h
0aOx6+uPVHFVJ0yp8owJHbcjo5RtshoHQYF1mqyoaH48aqpFxZDzoD/7ZcoZWhHP
quCiLKtHbOAmxN9JtnC+nJYYLb2Jj3O6w7dlcwA4EIZkH1z6hL7n2jsd3xdy5vLV
/QmV9hOV094lI5YvJ/2kW2YHyDLlzwVxSsvVXcGu0gQNCfQO2ynmfWXgxf5fJ2+M
ZK8ocAVWECqeclRyXnh0j4YFtQoM8EYRtks8YaAhsrHR14g+uUq9XhBFLZnyI5Po
XA==
-----END CERTIFICATE-----