Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/pO93P0IPYxO60nqJWtd1hBeKP9M.roa
File:                     pO93P0IPYxO60nqJWtd1hBeKP9M.roa (raw, json)
Hash identifier:          SIzxMj/XvF5LrDffQ0fyqanFpqj40boRNXhrY9lHK74=
Subject key identifier:   A4:EF:77:3F:42:0F:63:13:BA:D2:7A:89:5A:D7:75:84:17:8A:3F:D3
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A7398B3D1C7B2AF0E62C8B24AC99D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/pO93P0IPYxO60nqJWtd1hBeKP9M.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142578
IP address blocks:        188.209.156.0/22 maxlen: 24
                          185.207.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:73:98:b3:d1:c7:b2:af:0e:62:c8:b2:4a:c9:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4ef773f420f6313bad27a895ad77584178a3fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ca:44:92:31:a5:fa:69:cb:64:ac:bb:0d:36:
                    14:0a:e4:89:29:e6:2a:a7:35:6c:5b:88:96:2a:a4:
                    45:2e:dc:09:8a:20:35:88:1f:78:dc:96:46:36:4c:
                    90:2f:d8:35:bf:1b:c4:1c:9f:4d:06:08:0e:37:c9:
                    79:3d:7c:d7:f8:fa:4c:bf:f2:47:ad:29:82:c9:91:
                    5f:6f:0a:d3:a0:d8:4f:9a:85:ec:32:1b:6f:cf:d0:
                    cc:2a:3c:b8:e6:7a:ee:76:d6:3d:e9:e2:20:d9:1a:
                    6b:66:24:dc:e3:e3:6b:73:97:8b:b0:8e:28:0d:02:
                    d3:7c:08:25:ac:45:d5:cd:ff:25:2c:86:9e:2a:66:
                    c0:9e:98:19:f5:d7:a3:2e:58:3d:37:eb:ed:38:8f:
                    b9:5f:76:a3:cc:46:58:53:9e:00:2f:62:1b:b7:d7:
                    ff:9e:0f:a5:29:ed:af:44:42:e3:15:13:ad:b8:b6:
                    5e:55:7b:06:41:59:fc:b0:63:85:f6:19:45:0f:58:
                    5e:69:8a:8e:88:79:06:f8:76:28:7d:70:f7:52:60:
                    f1:74:3f:33:86:e6:0f:7f:0b:bf:60:64:ea:97:88:
                    90:0e:77:4d:79:83:0e:5a:b4:3b:9b:45:f8:ec:1c:
                    31:e8:bf:4b:c2:de:70:54:a1:10:28:54:57:51:2c:
                    24:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:EF:77:3F:42:0F:63:13:BA:D2:7A:89:5A:D7:75:84:17:8A:3F:D3
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/pO93P0IPYxO60nqJWtd1hBeKP9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.196.0/22
                  188.209.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:b7:5d:b5:b1:c0:60:6f:a5:d8:e3:02:61:2b:19:6c:0c:8c:
         d6:bc:4d:6f:55:72:80:09:61:50:8a:7a:fb:54:b1:c7:55:61:
         99:1f:8b:09:af:d8:9c:99:8d:70:ab:ad:16:3f:79:30:cb:b6:
         79:ab:80:4b:3a:0d:50:72:51:11:71:3f:43:3e:71:8a:25:2e:
         1d:a6:83:bc:dc:99:98:bf:68:39:b1:2f:77:88:73:e8:dd:c3:
         87:74:32:5d:59:8c:30:08:3c:34:28:16:e0:59:ec:36:c8:b1:
         1e:fe:6f:7e:9f:98:01:da:b6:cf:d0:58:d7:97:b1:77:12:7a:
         78:d4:fb:28:c1:1d:5b:59:75:c8:d9:1a:e3:ad:a7:cd:05:e5:
         dd:58:78:6a:19:a1:96:bc:ba:9e:27:ed:e2:63:7e:11:b1:fc:
         58:e0:b0:bb:7a:74:1a:b0:11:59:7e:be:38:19:73:71:9c:af:
         e2:57:de:c3:18:df:eb:e0:5d:4f:6d:4e:5d:58:c2:a0:ab:d0:
         2a:01:fc:5b:ee:40:52:50:f6:b4:bd:7b:52:a7:9b:1a:dc:96:
         d3:0b:db:18:fe:02:9d:69:3e:66:23:fa:a2:09:c2:b0:c6:cd:
         39:9e:b2:2d:29:9c:98:8e:e0:88:ce:72:4e:23:b4:a7:d5:33:
         08:fd:ce:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKnOYs9HHsq8OYsiySsmdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGVmNzczZjQyMGY2MzEzYmFkMjdhODk1YWQ3NzU4NDE3OGEzZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8pEkjGl+mnLZKy7DTYUCuSJKeYq
pzVsW4iWKqRFLtwJiiA1iB943JZGNkyQL9g1vxvEHJ9NBggON8l5PXzX+PpMv/JH
rSmCyZFfbwrToNhPmoXsMhtvz9DMKjy45nrudtY96eIg2RprZiTc4+Nrc5eLsI4o
DQLTfAglrEXVzf8lLIaeKmbAnpgZ9dejLlg9N+vtOI+5X3ajzEZYU54AL2Ibt9f/
ng+lKe2vRELjFROtuLZeVXsGQVn8sGOF9hlFD1heaYqOiHkG+HYofXD3UmDxdD8z
huYPfwu/YGTql4iQDndNeYMOWrQ7m0X47Bwx6L9Lwt5wVKEQKFRXUSwkWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKTvdz9CD2MTutJ6iVrXdYQXij/TMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcE85M1AwSVBZeE82MG5xSld0ZDFoQmVLUDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuc/EAwQC
vNGcMA0GCSqGSIb3DQEBCwUAA4IBAQAzt121scBgb6XY4wJhKxlsDIzWvE1vVXKA
CWFQinr7VLHHVWGZH4sJr9icmY1wq60WP3kwy7Z5q4BLOg1QclERcT9DPnGKJS4d
poO83JmYv2g5sS93iHPo3cOHdDJdWYwwCDw0KBbgWew2yLEe/m9+n5gB2rbP0FjX
l7F3Enp41PsowR1bWXXI2RrjrafNBeXdWHhqGaGWvLqeJ+3iY34RsfxY4LC7enQa
sBFZfr44GXNxnK/iV97DGN/r4F1PbU5dWMKgq9AqAfxb7kBSUPa0vXtSp5sa3JbT
C9sY/gKdaT5mI/qiCcKwxs05nrItKZyYjuCIznJOI7Sn1TMI/c7g
-----END CERTIFICATE-----