Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/xnZfmAWBdnTCSbljxO6ZKYtSVjM.roa
File:                     xnZfmAWBdnTCSbljxO6ZKYtSVjM.roa (raw, json)
Hash identifier:          Qdt5UTClx7ajt4EUW8ugphjro5l46wvfDtIyotmhr1I=
Subject key identifier:   C6:76:5F:98:05:81:76:74:C2:49:B9:63:C4:EE:99:29:8B:52:56:33
Certificate issuer:       /CN=380099a81b346f9abcaf26056f5b77094d1cf113
Certificate serial:       018CCA96EAF1843EAB7F33267AFB1A4C0D2E
Authority key identifier: 38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/xnZfmAWBdnTCSbljxO6ZKYtSVjM.roa
Signing time:             Tue 02 Jan 2024 14:32:17 +0000
ROA not before:           Tue 02 Jan 2024 14:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60484
IP address blocks:        185.159.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:ea:f1:84:3e:ab:7f:33:26:7a:fb:1a:4c:0d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380099a81b346f9abcaf26056f5b77094d1cf113
        Validity
            Not Before: Jan  2 14:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6765f9805817674c249b963c4ee99298b525633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2a:13:10:5b:36:39:fb:a2:e0:23:5a:f9:b2:
                    1e:f1:d1:28:e8:00:c0:91:0d:8e:35:73:9e:24:ea:
                    8f:a2:09:30:83:67:d6:6b:94:b4:a9:bd:95:5e:2a:
                    fc:2a:e1:01:e0:84:fc:0a:55:ba:35:fd:8b:4f:d9:
                    e2:9e:7e:66:d2:87:da:b7:f9:31:2b:b9:ef:10:cb:
                    0c:a5:35:26:db:08:1f:39:a1:bf:e4:c9:c0:3f:4f:
                    05:44:f0:09:f0:59:13:10:67:18:c9:5d:43:b7:53:
                    27:b7:48:b6:12:f4:84:32:7e:18:28:d4:93:fc:c0:
                    fa:49:e7:8f:d6:8d:bf:56:b0:76:0c:05:fc:50:3e:
                    8f:8e:3b:1b:1c:ea:d8:e2:dc:d1:4a:69:25:df:5a:
                    30:df:86:01:5e:da:a2:d6:a4:9c:c5:b2:90:7f:ca:
                    a9:3f:a9:91:1f:0a:f1:54:93:be:48:4e:42:6d:67:
                    92:f9:e9:3a:fd:26:58:91:49:26:e8:a7:28:1b:3e:
                    67:bc:df:ca:e3:43:7c:f9:26:aa:21:41:8c:70:39:
                    bc:03:a9:23:11:01:23:f5:71:a8:d1:99:ad:78:c5:
                    52:37:b7:b1:90:d8:c3:fe:cf:a2:dd:f6:43:de:9f:
                    eb:5f:e8:77:a7:51:12:f2:0d:38:9b:2e:16:b5:e9:
                    53:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:76:5F:98:05:81:76:74:C2:49:B9:63:C4:EE:99:29:8B:52:56:33
            X509v3 Authority Key Identifier:
                keyid:38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/xnZfmAWBdnTCSbljxO6ZKYtSVjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:1a:e2:d1:a3:6e:f0:9e:79:b7:b2:c7:f2:92:e3:0c:fd:5d:
         de:b7:78:b4:88:f3:90:08:a4:74:a7:bf:71:39:9e:bd:63:7e:
         70:43:4a:6f:da:88:5d:54:c3:47:41:68:57:fe:63:7d:f8:78:
         24:53:00:c2:c6:32:32:19:f9:42:12:4f:f0:db:46:81:e9:a2:
         38:c4:73:fe:8e:e1:00:0d:92:d0:84:60:ca:75:bd:32:10:8b:
         35:38:1b:a3:7b:06:58:6d:23:c5:2c:23:ef:a0:f0:c6:89:db:
         8c:6b:ec:97:e5:0f:b9:93:b5:68:52:4d:9d:30:5c:bc:a0:00:
         85:3d:e9:30:c3:fb:e0:07:ec:c7:f9:34:db:97:2a:4f:83:76:
         9f:bb:8d:a7:47:85:30:16:6e:d2:29:88:23:05:b8:6b:e2:3a:
         40:1b:ce:98:a5:f3:d7:65:d3:28:fc:06:db:e3:68:5b:cf:55:
         65:85:0c:5f:18:ef:66:df:f3:c1:5b:59:1d:c4:36:77:6d:a3:
         18:83:06:20:ff:bf:46:e9:1d:5a:d0:0a:49:b2:c2:1b:f4:11:
         90:2a:64:01:14:17:24:2e:0c:a2:cd:f6:7e:68:d6:fe:3d:f9:
         9a:af:9a:3e:ee:28:1f:db:c1:64:4b:a0:b9:e1:d9:d8:97:47:
         57:38:f8:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKlurxhD6rfzMmevsaTA0uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDA5OWE4MWIzNDZmOWFiY2FmMjYwNTZmNWI3NzA5NGQx
Y2YxMTMwHhcNMjQwMTAyMTQzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc2NWY5ODA1ODE3Njc0YzI0OWI5NjNjNGVlOTkyOThiNTI1NjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyoTEFs2Ofui4CNa+bIe8dEo6ADA
kQ2ONXOeJOqPogkwg2fWa5S0qb2VXir8KuEB4IT8ClW6Nf2LT9ninn5m0ofat/kx
K7nvEMsMpTUm2wgfOaG/5MnAP08FRPAJ8FkTEGcYyV1Dt1Mnt0i2EvSEMn4YKNST
/MD6SeeP1o2/VrB2DAX8UD6PjjsbHOrY4tzRSmkl31ow34YBXtqi1qScxbKQf8qp
P6mRHwrxVJO+SE5CbWeS+ek6/SZYkUkm6KcoGz5nvN/K40N8+SaqIUGMcDm8A6kj
EQEj9XGo0ZmteMVSN7exkNjD/s+i3fZD3p/rX+h3p1ES8g04my4WtelTNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ2X5gFgXZ0wkm5Y8TumSmLUlYzMB8GA1UdIwQY
MBaAFDgAmagbNG+avK8mBW9bdwlNHPETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMt
NDUwZmUzMzU5NWQxLzEveG5aZm1BV0JkblRDU2JsanhPNlpLWXRTVmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMtNDUwZmUzMzU5NWQx
LzEvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ+sMA0G
CSqGSIb3DQEBCwUAA4IBAQBwGuLRo27wnnm3ssfykuMM/V3et3i0iPOQCKR0p79x
OZ69Y35wQ0pv2ohdVMNHQWhX/mN9+HgkUwDCxjIyGflCEk/w20aB6aI4xHP+juEA
DZLQhGDKdb0yEIs1OBujewZYbSPFLCPvoPDGiduMa+yX5Q+5k7VoUk2dMFy8oACF
Pekww/vgB+zH+TTblypPg3afu42nR4UwFm7SKYgjBbhr4jpAG86YpfPXZdMo/Abb
42hbz1VlhQxfGO9m3/PBW1kdxDZ3baMYgwYg/79G6R1a0ApJssIb9BGQKmQBFBck
LgyizfZ+aNb+Pfmar5o+7igf28FkS6C54dnYl0dXOPgG
-----END CERTIFICATE-----