Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7b7bd6-b538-4960-8559-dd49ecc26095/1/mwEVgfiS4JtpfvX36WSzZ-IFuS0.roa
File:                     mwEVgfiS4JtpfvX36WSzZ-IFuS0.roa (raw, json)
Hash identifier:          gipzg9427eXnyZFkkkpvPZe/8IJcfhBMozrTUI2Fyls=
Subject key identifier:   9B:01:15:81:F8:92:E0:9B:69:7E:F5:F7:E9:64:B3:67:E2:05:B9:2D
Certificate issuer:       /CN=ca1df2bbccc02e4e7f464d69faaf3d6c3723495e
Certificate serial:       018CC8DF3807FF6A8273F7E074730878C0F1
Authority key identifier: CA:1D:F2:BB:CC:C0:2E:4E:7F:46:4D:69:FA:AF:3D:6C:37:23:49:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yh3yu8zALk5_Rk1p-q89bDcjSV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7b7bd6-b538-4960-8559-dd49ecc26095/1/mwEVgfiS4JtpfvX36WSzZ-IFuS0.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206912
IP address blocks:        185.166.64.0/22 maxlen: 22
                          185.170.232.0/22 maxlen: 22
                          185.105.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7b7bd6-b538-4960-8559-dd49ecc26095/1/yh3yu8zALk5_Rk1p-q89bDcjSV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7b7bd6-b538-4960-8559-dd49ecc26095/1/yh3yu8zALk5_Rk1p-q89bDcjSV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yh3yu8zALk5_Rk1p-q89bDcjSV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:38:07:ff:6a:82:73:f7:e0:74:73:08:78:c0:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca1df2bbccc02e4e7f464d69faaf3d6c3723495e
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b011581f892e09b697ef5f7e964b367e205b92d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:2c:eb:e4:ac:57:a4:b8:af:a7:0a:be:88:55:
                    90:44:6f:4e:25:e3:b7:90:9a:5a:8c:75:65:fa:b7:
                    47:12:aa:a4:5d:82:fa:e0:ee:ab:84:a6:00:fa:36:
                    48:b8:8b:ad:31:58:35:09:83:87:48:da:23:0b:0a:
                    47:17:89:a2:a5:60:db:4a:b2:83:91:52:3b:20:b4:
                    83:85:5f:73:de:67:bd:b2:ab:f4:ab:15:7c:99:af:
                    92:e4:cb:00:f0:30:4b:8b:25:12:0b:c5:bc:a5:e3:
                    29:74:10:f9:ef:ee:13:44:1c:1f:a7:59:19:a9:73:
                    cc:d3:df:6e:f9:3a:48:05:a2:a6:e7:5d:6c:24:de:
                    36:c7:b1:b7:25:d2:96:db:16:e7:91:ed:ad:36:24:
                    e3:72:fc:e2:fc:fd:93:c3:a9:13:f1:08:c0:51:b0:
                    3b:16:b3:7d:6a:57:5b:0c:e8:79:b5:6b:bd:ed:1b:
                    88:20:94:02:96:ba:05:e2:6a:a3:e2:65:cf:d3:da:
                    75:cc:9c:68:b4:dc:b5:5a:a2:77:98:42:a9:a3:71:
                    e6:c1:2b:f3:84:0b:94:3f:4e:f4:b3:87:f4:bb:b0:
                    19:39:ef:5c:cc:0b:51:94:d2:ea:b6:3b:5a:3d:7e:
                    db:e6:bc:8e:0a:8d:4f:fc:6e:59:ff:b8:5f:56:c6:
                    58:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:01:15:81:F8:92:E0:9B:69:7E:F5:F7:E9:64:B3:67:E2:05:B9:2D
            X509v3 Authority Key Identifier:
                keyid:CA:1D:F2:BB:CC:C0:2E:4E:7F:46:4D:69:FA:AF:3D:6C:37:23:49:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yh3yu8zALk5_Rk1p-q89bDcjSV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7b7bd6-b538-4960-8559-dd49ecc26095/1/mwEVgfiS4JtpfvX36WSzZ-IFuS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7b7bd6-b538-4960-8559-dd49ecc26095/1/yh3yu8zALk5_Rk1p-q89bDcjSV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.172.0/22
                  185.166.64.0/22
                  185.170.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:e6:1e:bb:51:03:10:83:aa:02:ba:ec:8d:c5:86:7f:0f:71:
         c0:6d:ba:41:72:ec:68:c4:86:9a:81:dc:cb:4b:3a:8e:9a:28:
         69:73:12:ea:ad:61:bd:07:3f:ed:83:93:34:75:0c:78:a3:c0:
         b1:1d:c0:cd:78:a3:f3:2d:cb:66:6a:fd:ff:66:ba:16:43:88:
         0f:e4:db:a2:34:7c:07:43:32:bd:89:8c:10:47:e5:04:ce:07:
         b8:22:d5:33:18:f0:3d:e3:b9:ab:8a:f4:a7:38:48:eb:6d:04:
         76:07:1f:a1:29:30:ba:79:ac:55:db:27:d5:ed:12:80:3d:8b:
         55:5d:08:a0:85:1d:ec:d1:9e:93:24:55:37:63:03:62:0c:28:
         91:af:63:9b:71:d3:97:40:8d:4c:46:ec:89:28:3a:52:e1:50:
         80:b5:8a:39:a6:7a:59:69:40:67:fb:81:b4:4f:08:3b:f3:aa:
         67:e2:89:32:49:21:4d:c3:ef:30:ff:b6:f1:1e:87:c6:99:40:
         77:db:16:20:37:a1:99:c6:7d:eb:98:e2:f0:b2:f9:4e:70:69:
         81:03:9a:c1:48:52:36:dd:15:9e:63:20:49:a1:4e:68:ec:c0:
         15:db:95:c0:34:75:b0:e5:d6:9c:ba:dc:f7:f5:df:3b:4a:27:
         e1:b5:79:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3zgH/2qCc/fgdHMIeMDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMWRmMmJiY2NjMDJlNGU3ZjQ2NGQ2OWZhYWYzZDZjMzcy
MzQ5NWUwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjAxMTU4MWY4OTJlMDliNjk3ZWY1ZjdlOTY0YjM2N2UyMDViOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCzr5KxXpLivpwq+iFWQRG9OJeO3
kJpajHVl+rdHEqqkXYL64O6rhKYA+jZIuIutMVg1CYOHSNojCwpHF4mipWDbSrKD
kVI7ILSDhV9z3me9sqv0qxV8ma+S5MsA8DBLiyUSC8W8peMpdBD57+4TRBwfp1kZ
qXPM099u+TpIBaKm511sJN42x7G3JdKW2xbnke2tNiTjcvzi/P2Tw6kT8QjAUbA7
FrN9aldbDOh5tWu97RuIIJQClroF4mqj4mXP09p1zJxotNy1WqJ3mEKpo3HmwSvz
hAuUP070s4f0u7AZOe9czAtRlNLqtjtaPX7b5ryOCo1P/G5Z/7hfVsZYOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJsBFYH4kuCbaX719+lks2fiBbktMB8GA1UdIwQY
MBaAFMod8rvMwC5Of0ZNafqvPWw3I0leMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWgzeXU4ekFMazVfUmsxcC1xODliRGNqU1Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83YjdiZDYtYjUzOC00OTYwLTg1NTkt
ZGQ0OWVjYzI2MDk1LzEvbXdFVmdmaVM0SnRwZnZYMzZXU3paLUlGdVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83YjdiZDYtYjUzOC00OTYwLTg1NTktZGQ0OWVjYzI2MDk1
LzEveWgzeXU4ekFMazVfUmsxcC1xODliRGNqU1Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuWmsAwQC
uaZAAwQCuaroMA0GCSqGSIb3DQEBCwUAA4IBAQCw5h67UQMQg6oCuuyNxYZ/D3HA
bbpBcuxoxIaagdzLSzqOmihpcxLqrWG9Bz/tg5M0dQx4o8CxHcDNeKPzLctmav3/
ZroWQ4gP5NuiNHwHQzK9iYwQR+UEzge4ItUzGPA947mrivSnOEjrbQR2Bx+hKTC6
eaxV2yfV7RKAPYtVXQighR3s0Z6TJFU3YwNiDCiRr2ObcdOXQI1MRuyJKDpS4VCA
tYo5pnpZaUBn+4G0Twg786pn4okySSFNw+8w/7bxHofGmUB32xYgN6GZxn3rmOLw
svlOcGmBA5rBSFI23RWeYyBJoU5o7MAV25XANHWw5dacutz39d87SifhtXkb
-----END CERTIFICATE-----