Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/1ITModqHB2fBRtuza5iM-Tr99yM.roa
File:                     1ITModqHB2fBRtuza5iM-Tr99yM.roa (raw, json)
Hash identifier:          jAAQraz7graatGDEH9ZV0fAc8r1xvQx/cXkpQp+zdJA=
Subject key identifier:   D4:84:CC:A1:DA:87:07:67:C1:46:DB:B3:6B:98:8C:F9:3A:FD:F7:23
Certificate issuer:       /CN=370ea1b05cbd4e5c0926787c79533ee29d94be96
Certificate serial:       018CC3B680D41BFBE6B0636FF07387C09D15
Authority key identifier: 37:0E:A1:B0:5C:BD:4E:5C:09:26:78:7C:79:53:3E:E2:9D:94:BE:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/1ITModqHB2fBRtuza5iM-Tr99yM.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20704
IP address blocks:        185.158.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:80:d4:1b:fb:e6:b0:63:6f:f0:73:87:c0:9d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370ea1b05cbd4e5c0926787c79533ee29d94be96
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d484cca1da870767c146dbb36b988cf93afdf723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5b:21:fb:5d:ea:38:44:59:fb:bd:bb:c1:a3:
                    c6:ab:3a:9f:83:87:28:6f:dd:cc:5e:6f:5b:a9:a4:
                    b9:6c:c2:2b:e7:04:12:3c:1a:8f:b9:10:44:2c:c8:
                    b1:5a:17:4f:ca:ac:a4:00:f3:c2:52:84:99:5f:f6:
                    e4:d5:8b:32:8c:79:49:9e:1b:84:6e:91:6e:e5:4a:
                    2e:70:5f:9d:79:d1:83:b3:ba:f7:dc:2a:77:90:b6:
                    ce:d2:f8:17:57:36:77:2b:09:b7:93:1a:cd:03:7a:
                    81:02:f9:1c:da:58:e6:3a:37:6d:f8:16:c4:b7:f4:
                    c6:1e:8a:ca:3c:75:82:75:8c:39:96:64:38:84:74:
                    7a:2b:93:88:a8:4e:b6:49:60:4a:9e:42:76:fc:c1:
                    25:12:85:27:2a:b5:2b:e2:1c:5e:20:03:26:75:f3:
                    8d:95:c2:b0:c4:da:63:7d:0d:4e:23:e3:71:b4:41:
                    f6:4c:1f:83:e5:fe:ef:e8:11:10:fc:e6:6e:68:04:
                    b7:91:58:83:6e:0b:66:b3:ad:07:66:87:3e:bc:cd:
                    f3:4e:9a:84:f2:62:70:ba:e4:58:e2:95:c2:8b:f6:
                    43:1e:38:4e:ec:b4:9f:07:5c:1a:44:36:d1:6b:18:
                    8e:c7:3d:cf:2f:33:90:1c:51:e1:14:bf:ee:4e:ad:
                    ec:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:84:CC:A1:DA:87:07:67:C1:46:DB:B3:6B:98:8C:F9:3A:FD:F7:23
            X509v3 Authority Key Identifier:
                keyid:37:0E:A1:B0:5C:BD:4E:5C:09:26:78:7C:79:53:3E:E2:9D:94:BE:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/1ITModqHB2fBRtuza5iM-Tr99yM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:12:88:2f:b2:be:c8:9b:8f:dc:cc:45:8c:18:20:19:b0:0b:
         23:39:34:40:7f:d7:28:66:6b:43:15:38:67:f1:44:a8:b8:07:
         82:a8:20:57:29:2b:cb:dc:0a:00:fd:67:88:61:e7:59:9c:52:
         9f:9d:76:5a:cf:60:ba:d8:4a:d8:af:07:0c:d7:68:7a:f8:d8:
         f0:a0:31:1a:30:64:de:f0:64:94:e6:b2:6d:fd:d0:7e:77:f3:
         7f:50:63:42:c6:f5:90:3d:c4:e4:61:b2:54:99:f0:6a:e8:50:
         7b:a0:71:9e:7c:6e:c7:f3:70:24:6e:99:d7:7c:b9:64:50:3b:
         ac:0f:bc:8d:8d:07:76:3a:82:cd:d8:20:2e:3b:4a:81:b4:7e:
         ab:3a:08:f6:e3:cf:46:70:f2:b5:6a:47:59:ba:fe:95:0a:6f:
         90:4d:8d:f3:09:69:d2:65:b1:33:00:e3:fa:91:93:31:bb:dc:
         6b:6e:74:f3:d9:e9:2e:b0:e6:f2:0c:2f:fc:a3:01:2b:89:95:
         f3:2b:8d:ff:b8:e7:fe:e5:f2:d1:c3:4b:90:5d:c8:a3:78:43:
         85:13:ce:e0:a7:ca:8e:17:d8:44:74:04:97:1b:c2:83:f4:92:
         28:37:e8:f9:0b:48:9f:d5:ec:ae:b9:32:d9:22:43:b1:c8:7f:
         f2:8b:31:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtoDUG/vmsGNv8HOHwJ0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGVhMWIwNWNiZDRlNWMwOTI2Nzg3Yzc5NTMzZWUyOWQ5
NGJlOTYwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg0Y2NhMWRhODcwNzY3YzE0NmRiYjM2Yjk4OGNmOTNhZmRmNzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlsh+13qOERZ+727waPGqzqfg4co
b93MXm9bqaS5bMIr5wQSPBqPuRBELMixWhdPyqykAPPCUoSZX/bk1YsyjHlJnhuE
bpFu5UoucF+dedGDs7r33Cp3kLbO0vgXVzZ3Kwm3kxrNA3qBAvkc2ljmOjdt+BbE
t/TGHorKPHWCdYw5lmQ4hHR6K5OIqE62SWBKnkJ2/MElEoUnKrUr4hxeIAMmdfON
lcKwxNpjfQ1OI+NxtEH2TB+D5f7v6BEQ/OZuaAS3kViDbgtms60HZoc+vM3zTpqE
8mJwuuRY4pXCi/ZDHjhO7LSfB1waRDbRaxiOxz3PLzOQHFHhFL/uTq3s4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSEzKHahwdnwUbbs2uYjPk6/fcjMB8GA1UdIwQY
MBaAFDcOobBcvU5cCSZ4fHlTPuKdlL6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc2aHNGeTlUbHdKSm5oOGVWTS00cDJVdnBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81YjJkMTYtMDg3Zi00ODhjLTllYmIt
ZThhMzIyODQ2NjQxLzEvMUlUTW9kcUhCMmZCUnR1emE1aU0tVHI5OXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81YjJkMTYtMDg3Zi00ODhjLTllYmItZThhMzIyODQ2NjQx
LzEvTnc2aHNGeTlUbHdKSm5oOGVWTS00cDJVdnBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ4QMA0G
CSqGSIb3DQEBCwUAA4IBAQAcEogvsr7Im4/czEWMGCAZsAsjOTRAf9coZmtDFThn
8USouAeCqCBXKSvL3AoA/WeIYedZnFKfnXZaz2C62ErYrwcM12h6+NjwoDEaMGTe
8GSU5rJt/dB+d/N/UGNCxvWQPcTkYbJUmfBq6FB7oHGefG7H83AkbpnXfLlkUDus
D7yNjQd2OoLN2CAuO0qBtH6rOgj2489GcPK1akdZuv6VCm+QTY3zCWnSZbEzAOP6
kZMxu9xrbnTz2ekusObyDC/8owEriZXzK43/uOf+5fLRw0uQXcijeEOFE87gp8qO
F9hEdASXG8KD9JIoN+j5C0if1eyuuTLZIkOxyH/yizF9
-----END CERTIFICATE-----