Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/bwb9jRAH_vNTj6akO56_XErv36E.roa
File:                     bwb9jRAH_vNTj6akO56_XErv36E.roa (raw, json)
Hash identifier:          PDAHtNuDBiP/zsKE6LpwC5t3+TYEuoLGpqaadqOPBPw=
Subject key identifier:   6F:06:FD:8D:10:07:FE:F3:53:8F:A6:A4:3B:9E:BF:5C:4A:EF:DF:A1
Certificate issuer:       /CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
Certificate serial:       018CC56DF3F96B22FE685FDB045DF64AE6D7
Authority key identifier: 3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/bwb9jRAH_vNTj6akO56_XErv36E.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42011
IP address blocks:        185.209.116.0/22 maxlen: 22
                          2a0b:4540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f3:f9:6b:22:fe:68:5f:db:04:5d:f6:4a:e6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f06fd8d1007fef3538fa6a43b9ebf5c4aefdfa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9b:19:ee:3b:c4:83:34:ac:b2:fc:be:9a:78:
                    3d:92:e8:e2:85:48:1a:a7:9a:05:87:e5:72:8d:da:
                    b0:e9:10:90:ec:4d:ff:92:5d:7e:af:d6:bd:f8:ff:
                    58:60:a3:96:48:80:d5:63:51:ef:23:81:aa:f8:39:
                    9a:f2:2a:3d:0f:1a:87:9e:04:14:35:5f:76:5f:9f:
                    c8:92:db:7c:0a:c5:52:a4:d3:06:1d:06:2d:1e:8c:
                    79:17:d4:54:35:09:65:ef:e2:9c:f6:92:46:c7:ae:
                    4f:67:86:7b:df:62:aa:21:4d:f8:ed:1b:16:93:8b:
                    a3:48:04:99:ed:39:77:fb:8b:97:e0:44:ae:f4:b1:
                    00:f9:a3:fe:78:ca:da:2f:e0:21:63:24:3b:50:ab:
                    05:1c:e4:54:c9:f8:06:5d:19:22:95:83:e3:81:65:
                    fb:e5:1f:06:0f:67:bd:b8:c3:fb:4f:b4:e1:98:53:
                    11:8e:40:63:89:d0:c5:f6:ff:02:9c:6c:90:9a:c8:
                    6a:52:b5:c0:3c:4d:6e:f3:35:18:17:3b:1e:6e:99:
                    c8:64:f5:48:ab:ad:ac:03:db:69:61:2d:cf:a7:b9:
                    62:7a:96:cf:04:8f:08:04:50:89:77:4a:97:84:15:
                    1f:2f:a6:93:de:cf:63:18:da:9e:0a:5f:95:c1:af:
                    6b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:06:FD:8D:10:07:FE:F3:53:8F:A6:A4:3B:9E:BF:5C:4A:EF:DF:A1
            X509v3 Authority Key Identifier:
                keyid:3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/bwb9jRAH_vNTj6akO56_XErv36E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.116.0/22
                IPv6:
                  2a0b:4540::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:c8:db:6f:dc:44:03:d9:43:3a:6f:8b:71:c0:df:75:ce:b7:
         fd:c2:e0:78:d7:27:37:23:3c:11:99:25:4f:19:ff:a8:be:38:
         9b:36:d1:20:6f:29:6f:8b:b0:cb:ea:c4:7a:03:7f:e9:47:db:
         4c:05:73:87:3d:08:03:23:b3:9d:d9:30:9e:c1:5d:70:32:88:
         73:b1:b1:d5:d7:89:af:a4:d7:b9:a4:b4:42:b1:80:f0:78:e9:
         8f:74:2a:e1:b8:fa:8b:5f:08:2f:26:01:a2:6f:bc:86:3b:5d:
         e1:38:42:f6:85:d5:0b:4d:09:db:09:a4:9e:fd:0c:ee:17:08:
         32:5b:40:ad:ae:47:22:8e:1d:f7:65:19:92:db:ff:f5:47:be:
         f2:1d:b9:b8:2b:f9:a8:92:19:5a:2b:72:c5:ed:27:f4:97:60:
         3f:68:df:04:46:80:0b:af:6e:09:57:a5:9b:8c:15:09:46:b8:
         9d:38:a6:26:c8:aa:f6:ac:3c:64:f3:44:31:6d:74:9e:89:7b:
         1b:3b:48:e6:b2:ae:a9:4b:d4:f2:44:4a:e8:98:12:46:10:e3:
         1b:a7:8c:c2:ff:22:31:81:c5:55:5f:7c:97:bb:f2:b3:50:40:
         ed:f9:60:9e:e4:52:bb:82:9b:6b:72:aa:b7:31:4f:4d:b0:0b:
         45:d3:45:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbfP5ayL+aF/bBF32SubXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDk0MzZkMjEzNWMwODQ4OTdiNzRjNmFkMzZkYTE3MDBh
N2E5OGQwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA2ZmQ4ZDEwMDdmZWYzNTM4ZmE2YTQzYjllYmY1YzRhZWZkZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JsZ7jvEgzSssvy+mng9kujihUga
p5oFh+Vyjdqw6RCQ7E3/kl1+r9a9+P9YYKOWSIDVY1HvI4Gq+Dma8io9DxqHngQU
NV92X5/Iktt8CsVSpNMGHQYtHox5F9RUNQll7+Kc9pJGx65PZ4Z732KqIU347RsW
k4ujSASZ7Tl3+4uX4ESu9LEA+aP+eMraL+AhYyQ7UKsFHORUyfgGXRkilYPjgWX7
5R8GD2e9uMP7T7ThmFMRjkBjidDF9v8CnGyQmshqUrXAPE1u8zUYFzsebpnIZPVI
q62sA9tpYS3Pp7liepbPBI8IBFCJd0qXhBUfL6aT3s9jGNqeCl+Vwa9rSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG8G/Y0QB/7zU4+mpDuev1xK79+hMB8GA1UdIwQY
MBaAFDvZQ20hNcCEiXt0xq022hcAp6mNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTIt
MjYzN2QxMzMzOGYxLzEvYndiOWpSQUhfdk5UajZha081Nl9YRXJ2MzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTItMjYzN2QxMzMzOGYx
LzEvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudF0MA0E
AgACMAcDBQMqC0VAMA0GCSqGSIb3DQEBCwUAA4IBAQA0yNtv3EQD2UM6b4txwN91
zrf9wuB41yc3IzwRmSVPGf+ovjibNtEgbylvi7DL6sR6A3/pR9tMBXOHPQgDI7Od
2TCewV1wMohzsbHV14mvpNe5pLRCsYDweOmPdCrhuPqLXwgvJgGib7yGO13hOEL2
hdULTQnbCaSe/QzuFwgyW0Ctrkcijh33ZRmS2//1R77yHbm4K/mokhlaK3LF7Sf0
l2A/aN8ERoALr24JV6WbjBUJRridOKYmyKr2rDxk80QxbXSeiXsbO0jmsq6pS9Ty
REromBJGEOMbp4zC/yIxgcVVX3yXu/KzUEDt+WCe5FK7gptrcqq3MU9NsAtF00XW
-----END CERTIFICATE-----