Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/One4rSGIZv6_lmpUDMmXyj-KXto.roa
File:                     One4rSGIZv6_lmpUDMmXyj-KXto.roa (raw, json)
Hash identifier:          1WOfbJxthAaeX+91rCSoYxslI8yTABNIpG6doCbEHiQ=
Subject key identifier:   3A:77:B8:AD:21:88:66:FE:BF:96:6A:54:0C:C9:97:CA:3F:8A:5E:DA
Certificate issuer:       /CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
Certificate serial:       018CC64A7CA2FDF450EC12327131C0A8E518
Authority key identifier: D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/One4rSGIZv6_lmpUDMmXyj-KXto.roa
Signing time:             Mon 01 Jan 2024 18:30:19 +0000
ROA not before:           Mon 01 Jan 2024 18:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59816
IP address blocks:        185.213.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:7c:a2:fd:f4:50:ec:12:32:71:31:c0:a8:e5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
        Validity
            Not Before: Jan  1 18:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a77b8ad218866febf966a540cc997ca3f8a5eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:20:25:60:27:4f:dc:13:40:56:42:9f:a9:b7:
                    e2:5f:a0:96:53:49:2f:03:eb:d7:fd:f5:a6:2f:35:
                    cf:51:63:96:ab:34:ab:10:77:96:d8:67:4f:bb:49:
                    e0:09:20:9e:fe:c1:17:7d:47:14:d4:8d:dc:d2:03:
                    54:29:9b:21:28:23:4c:c7:c4:ff:99:25:75:30:80:
                    ef:ea:b9:4c:a0:41:51:0f:ac:ab:a5:1f:84:71:db:
                    64:c8:b8:b6:88:da:73:60:64:fe:92:c1:7e:60:e8:
                    87:40:8f:4d:0e:b2:a8:c8:81:af:b4:1b:b0:9e:b7:
                    38:b1:31:fb:23:20:ce:b5:2f:94:69:0e:e3:9b:55:
                    33:b3:da:7d:45:94:5a:e9:3e:bb:2e:57:b0:ff:07:
                    10:46:34:03:aa:95:0f:c2:e5:e1:5e:a2:c7:3d:00:
                    9c:6c:4b:cf:a1:ea:7e:f1:c6:ae:5f:ad:4b:54:cc:
                    72:83:1a:ac:7d:74:73:21:93:9b:ff:96:5b:23:8d:
                    65:f2:22:45:93:18:45:c5:5d:2d:8d:8f:c7:18:8d:
                    1f:b4:da:b7:64:05:76:c9:7e:a8:e8:57:ce:5c:5f:
                    c1:d0:d4:94:ab:0c:40:97:94:9e:8c:59:d2:97:0f:
                    c4:88:87:c6:8e:a3:64:c4:0b:6c:d2:e6:2a:41:96:
                    ae:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:77:B8:AD:21:88:66:FE:BF:96:6A:54:0C:C9:97:CA:3F:8A:5E:DA
            X509v3 Authority Key Identifier:
                keyid:D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/One4rSGIZv6_lmpUDMmXyj-KXto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:f3:4f:24:fe:ff:22:96:a3:90:8f:11:a4:d6:f3:2b:83:1a:
         c7:18:79:73:b5:74:d4:01:16:01:c1:51:b8:c2:ab:2b:54:d0:
         32:18:7a:a4:d8:d8:a2:12:80:77:eb:13:70:02:e4:e4:0d:ce:
         e4:ba:96:45:4b:74:1d:57:49:95:6a:07:7a:93:27:a0:34:06:
         cc:f5:23:27:7c:eb:df:2c:5d:85:3b:55:e2:ef:b1:a9:28:f0:
         82:d5:77:b7:a2:4b:75:a5:df:f1:28:eb:2b:2e:c3:d5:17:84:
         1d:7c:53:b4:5e:47:81:1e:3d:51:81:c2:bb:3a:1f:a9:fc:ab:
         77:4a:9c:1c:a1:c3:98:e2:74:d2:75:4c:29:bf:4f:8a:10:45:
         3e:32:ac:ea:8f:09:25:6b:4e:18:7b:86:aa:2c:8a:4a:cd:d4:
         9b:a4:c5:6e:57:f6:b4:16:a3:15:15:99:c3:17:37:d7:76:23:
         c2:61:24:68:45:b6:6c:80:5c:b8:ee:2b:6f:ca:26:75:fa:70:
         89:e0:99:2b:3d:22:1d:4b:11:17:1a:20:71:b4:33:f8:3f:e0:
         17:04:76:a1:b5:2c:20:a0:14:a4:75:c8:66:0e:41:c3:94:82:
         2a:74:4b:ca:46:fe:fb:e9:6e:1c:53:b4:ba:bf:79:1f:ad:89:
         2b:c3:37:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnyi/fRQ7BIycTHAqOUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDA3OWJiNzA3MGVkMGVlZWEzYTFhNDY3Yzc5NDYyYmNj
NTQ1NWYwHhcNMjQwMTAxMTgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc3YjhhZDIxODg2NmZlYmY5NjZhNTQwY2M5OTdjYTNmOGE1ZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCAlYCdP3BNAVkKfqbfiX6CWU0kv
A+vX/fWmLzXPUWOWqzSrEHeW2GdPu0ngCSCe/sEXfUcU1I3c0gNUKZshKCNMx8T/
mSV1MIDv6rlMoEFRD6yrpR+EcdtkyLi2iNpzYGT+ksF+YOiHQI9NDrKoyIGvtBuw
nrc4sTH7IyDOtS+UaQ7jm1Uzs9p9RZRa6T67Llew/wcQRjQDqpUPwuXhXqLHPQCc
bEvPoep+8cauX61LVMxygxqsfXRzIZOb/5ZbI41l8iJFkxhFxV0tjY/HGI0ftNq3
ZAV2yX6o6FfOXF/B0NSUqwxAl5SejFnSlw/EiIfGjqNkxAts0uYqQZauFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp3uK0hiGb+v5ZqVAzJl8o/il7aMB8GA1UdIwQY
MBaAFNBAebtwcO0O7qOhpGfHlGK8xUVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTkt
NjIwOThkMWVjMWU2LzEvT25lNHJTR0ladjZfbG1wVURNbVh5ai1LWHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTktNjIwOThkMWVjMWU2
LzEvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudVcMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ808k/v8ilqOQjxGk1vMrgxrHGHlztXTUARYBwVG4
wqsrVNAyGHqk2NiiEoB36xNwAuTkDc7kupZFS3QdV0mVagd6kyegNAbM9SMnfOvf
LF2FO1Xi77GpKPCC1Xe3okt1pd/xKOsrLsPVF4QdfFO0XkeBHj1RgcK7Oh+p/Kt3
SpwcocOY4nTSdUwpv0+KEEU+Mqzqjwkla04Ye4aqLIpKzdSbpMVuV/a0FqMVFZnD
FzfXdiPCYSRoRbZsgFy47itvyiZ1+nCJ4JkrPSIdSxEXGiBxtDP4P+AXBHahtSwg
oBSkdchmDkHDlIIqdEvKRv776W4cU7S6v3kfrYkrwzdB
-----END CERTIFICATE-----