Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/vEVL8LBdDyq0nSK8oWqo6_5WfcY.roa
File:                     vEVL8LBdDyq0nSK8oWqo6_5WfcY.roa (raw, json)
Hash identifier:          sk3ugrqlfM/fU+UrzoT6JLHIbCrJlg3CGwOTB4++8bI=
Subject key identifier:   BC:45:4B:F0:B0:5D:0F:2A:B4:9D:22:BC:A1:6A:A8:EB:FE:56:7D:C6
Certificate issuer:       /CN=1a1ae5e49a44abddc22b0adbdaeb64136f25d467
Certificate serial:       018CC26D6FDB9FF5B2854C21A8A301B26D1C
Authority key identifier: 1A:1A:E5:E4:9A:44:AB:DD:C2:2B:0A:DB:DA:EB:64:13:6F:25:D4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/vEVL8LBdDyq0nSK8oWqo6_5WfcY.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47176
IP address blocks:        185.238.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 10:03:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6f:db:9f:f5:b2:85:4c:21:a8:a3:01:b2:6d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a1ae5e49a44abddc22b0adbdaeb64136f25d467
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc454bf0b05d0f2ab49d22bca16aa8ebfe567dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:6c:2d:6b:36:0e:03:17:8e:81:67:3f:5a:af:
                    cd:89:36:65:70:04:2e:ee:c3:d6:53:9c:17:55:26:
                    5f:8e:12:f7:e0:5e:be:36:42:63:cb:fa:2c:80:3a:
                    7e:d6:66:62:23:4d:72:03:41:c1:e2:bd:d5:8d:48:
                    f8:25:6b:95:74:66:b1:45:7e:bd:fd:ea:dc:56:db:
                    4f:dd:e4:cf:7a:c1:71:76:0a:44:df:e9:3d:db:42:
                    8f:24:56:70:ad:32:5b:24:1c:c8:39:89:ed:7b:da:
                    c9:e1:de:38:7d:29:dc:39:23:53:30:eb:88:1a:1b:
                    2d:28:44:89:7e:e3:e2:d3:de:c1:0b:33:64:6a:dc:
                    a6:cd:6c:5c:40:84:91:21:1c:48:dd:45:b0:0e:c8:
                    9c:f3:28:bd:c2:83:bd:80:4e:3a:9b:09:87:f4:61:
                    3b:af:8d:85:aa:55:0a:9f:9c:f6:b0:46:df:18:63:
                    1f:4c:53:c0:23:70:4b:98:cf:91:39:bf:d9:f6:74:
                    88:dc:8d:b8:60:b8:55:8b:9e:ce:30:19:e3:14:de:
                    e3:d1:9d:86:5d:e8:bd:6e:ff:ee:51:fb:26:ff:c2:
                    43:a5:26:af:78:9b:63:7e:a1:e2:4e:18:b0:ae:63:
                    fb:2c:ad:29:10:30:21:4a:f4:01:93:50:0c:01:f6:
                    48:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:45:4B:F0:B0:5D:0F:2A:B4:9D:22:BC:A1:6A:A8:EB:FE:56:7D:C6
            X509v3 Authority Key Identifier:
                keyid:1A:1A:E5:E4:9A:44:AB:DD:C2:2B:0A:DB:DA:EB:64:13:6F:25:D4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/vEVL8LBdDyq0nSK8oWqo6_5WfcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:9e:f3:1a:1f:dd:f3:b0:0c:15:d2:2d:dd:56:32:a6:b1:32:
         02:d6:18:7a:48:c2:34:f3:6d:a3:d7:41:38:a7:5d:56:d9:7b:
         c9:ee:31:c5:b2:93:9b:67:22:cf:df:d6:69:72:51:70:6f:21:
         25:ee:e4:6f:e9:c9:f6:ae:7c:76:fb:a5:64:43:ab:0c:bd:9d:
         64:49:b2:92:e4:90:01:a8:92:9c:79:ce:67:1a:3b:3d:43:bb:
         58:12:8f:7e:c8:c5:b9:c3:df:ee:11:62:b0:7f:f9:8c:e0:e4:
         74:0a:97:57:77:76:1e:85:d7:16:09:b4:cd:1b:18:b3:15:ef:
         04:0d:fd:7e:2a:f3:85:3d:71:14:9b:c7:64:17:75:85:ac:e7:
         fc:b1:a0:22:7d:1d:7e:38:f7:b6:39:67:fd:99:42:3f:b9:76:
         07:91:e3:01:05:e1:73:4c:86:d1:31:e0:0f:ed:19:5d:aa:88:
         bc:30:5f:e3:89:0e:37:18:70:87:32:15:84:b5:02:e7:67:1a:
         2a:bc:25:74:d8:9a:9e:c1:37:72:6a:63:53:5c:78:5e:3a:1a:
         b6:4f:25:64:9c:f7:fc:89:ea:fe:c6:1d:e5:f9:5d:b1:f1:38:
         77:93:a9:8e:cd:91:ab:1a:97:f1:32:d6:ad:7c:33:be:c1:fe:
         60:2c:92:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbW/bn/WyhUwhqKMBsm0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMWFlNWU0OWE0NGFiZGRjMjJiMGFkYmRhZWI2NDEzNmYy
NWQ0NjcwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzQ1NGJmMGIwNWQwZjJhYjQ5ZDIyYmNhMTZhYThlYmZlNTY3ZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GwtazYOAxeOgWc/Wq/NiTZlcAQu
7sPWU5wXVSZfjhL34F6+NkJjy/osgDp+1mZiI01yA0HB4r3VjUj4JWuVdGaxRX69
/ercVttP3eTPesFxdgpE3+k920KPJFZwrTJbJBzIOYnte9rJ4d44fSncOSNTMOuI
GhstKESJfuPi097BCzNkatymzWxcQISRIRxI3UWwDsic8yi9woO9gE46mwmH9GE7
r42FqlUKn5z2sEbfGGMfTFPAI3BLmM+ROb/Z9nSI3I24YLhVi57OMBnjFN7j0Z2G
Xei9bv/uUfsm/8JDpSaveJtjfqHiThiwrmP7LK0pEDAhSvQBk1AMAfZIhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxFS/CwXQ8qtJ0ivKFqqOv+Vn3GMB8GA1UdIwQY
MBaAFBoa5eSaRKvdwisK29rrZBNvJdRnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2hybDVKcEVxOTNDS3dyYjJ1dGtFMjhsMUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85OWRjY2EtOTYzYS00MDAzLWJmYWYt
YTExNjlhMjg5YzU0LzEvdkVWTDhMQmREeXEwblNLOG9XcW82XzVXZmNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85OWRjY2EtOTYzYS00MDAzLWJmYWYtYTExNjlhMjg5YzU0
LzEvR2hybDVKcEVxOTNDS3dyYjJ1dGtFMjhsMUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4MMA0G
CSqGSIb3DQEBCwUAA4IBAQBqnvMaH93zsAwV0i3dVjKmsTIC1hh6SMI0822j10E4
p11W2XvJ7jHFspObZyLP39ZpclFwbyEl7uRv6cn2rnx2+6VkQ6sMvZ1kSbKS5JAB
qJKcec5nGjs9Q7tYEo9+yMW5w9/uEWKwf/mM4OR0CpdXd3YehdcWCbTNGxizFe8E
Df1+KvOFPXEUm8dkF3WFrOf8saAifR1+OPe2OWf9mUI/uXYHkeMBBeFzTIbRMeAP
7Rldqoi8MF/jiQ43GHCHMhWEtQLnZxoqvCV02JqewTdyamNTXHheOhq2TyVknPf8
ier+xh3l+V2x8Th3k6mOzZGrGpfxMtatfDO+wf5gLJKZ
-----END CERTIFICATE-----