Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/piPqXYJhlB7JXGgTB-BJaXnLsoE.roa
File:                     piPqXYJhlB7JXGgTB-BJaXnLsoE.roa (raw, json)
Hash identifier:          T+HUNOw2Xxf2IgzZxl8Hdd50906vIeBURLcIJqfPhEg=
Subject key identifier:   A6:23:EA:5D:82:61:94:1E:C9:5C:68:13:07:E0:49:69:79:CB:B2:81
Certificate issuer:       /CN=9dc00e9e3046591f8ba5524480ddf7c6fc4c60e0
Certificate serial:       018CC801998F5C1120FD1E6C725817200728
Authority key identifier: 9D:C0:0E:9E:30:46:59:1F:8B:A5:52:44:80:DD:F7:C6:FC:4C:60:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ncAOnjBGWR-LpVJEgN33xvxMYOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/piPqXYJhlB7JXGgTB-BJaXnLsoE.roa
Signing time:             Tue 02 Jan 2024 02:29:57 +0000
ROA not before:           Tue 02 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16298
IP address blocks:        217.119.0.0/20 maxlen: 20
                          185.190.232.0/22 maxlen: 22
                          2a02:29b0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/ncAOnjBGWR-LpVJEgN33xvxMYOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/ncAOnjBGWR-LpVJEgN33xvxMYOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ncAOnjBGWR-LpVJEgN33xvxMYOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:99:8f:5c:11:20:fd:1e:6c:72:58:17:20:07:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc00e9e3046591f8ba5524480ddf7c6fc4c60e0
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a623ea5d8261941ec95c681307e0496979cbb281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:80:c8:15:de:f9:56:06:01:a9:6a:f0:0e:ff:
                    fd:be:29:c0:12:37:02:20:b6:f3:c3:45:02:b5:17:
                    b3:53:81:ad:b2:89:b3:89:4f:bb:e7:da:ad:38:66:
                    20:dc:33:3a:2c:b0:43:65:c0:ee:55:6c:a8:b3:31:
                    98:fc:cb:c1:d5:8b:a6:78:f6:84:84:43:13:da:91:
                    89:79:fd:2d:60:2d:23:89:3f:1f:55:4e:e9:7b:44:
                    09:34:58:08:e0:7a:3a:60:65:77:d8:14:f6:0e:74:
                    92:83:7e:eb:24:d9:4e:ba:3f:09:a6:9e:d4:18:2f:
                    fc:43:84:35:0c:e2:62:e4:30:fb:02:5a:b0:a6:4b:
                    c2:9c:85:fa:d3:77:3e:fa:a3:de:c8:e4:20:2e:55:
                    c2:e6:9d:2d:90:f5:c2:bd:b8:47:90:3f:53:22:e8:
                    93:7b:1f:ec:1d:06:c1:4f:68:9c:81:c2:15:bd:c1:
                    c0:3d:c1:6a:6f:e2:22:19:32:2a:19:be:21:4d:08:
                    62:f3:45:24:a5:5d:d5:af:34:a1:d9:08:7b:58:36:
                    c6:e3:6c:81:69:c3:ac:31:7f:b6:87:1b:08:e7:9c:
                    70:85:cb:02:3b:6d:1f:41:e9:00:d7:ac:d7:a8:0e:
                    a1:a6:00:ba:23:45:94:29:7e:df:29:69:85:1e:7c:
                    9f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:23:EA:5D:82:61:94:1E:C9:5C:68:13:07:E0:49:69:79:CB:B2:81
            X509v3 Authority Key Identifier:
                keyid:9D:C0:0E:9E:30:46:59:1F:8B:A5:52:44:80:DD:F7:C6:FC:4C:60:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncAOnjBGWR-LpVJEgN33xvxMYOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/piPqXYJhlB7JXGgTB-BJaXnLsoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8ad573-5977-4d76-83eb-bb0319213a29/1/ncAOnjBGWR-LpVJEgN33xvxMYOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.232.0/22
                  217.119.0.0/20
                IPv6:
                  2a02:29b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:da:13:e0:b7:f8:ed:bc:4a:43:a4:12:60:74:52:ef:c1:c6:
         b7:7d:29:66:6a:05:ea:17:93:05:34:2f:65:c7:0b:fc:19:4b:
         39:41:cf:22:d6:04:b9:86:b4:9f:3e:f8:ab:b0:ee:0d:87:e2:
         5a:e4:d3:c8:de:f1:d6:f0:2b:3e:29:66:81:03:8f:c1:20:09:
         f7:e0:a1:76:59:35:a0:ff:ce:79:60:f0:f5:1b:5d:93:71:0a:
         4f:4d:f3:5a:79:cd:e8:51:7b:8a:c5:d2:e1:ba:7d:87:ea:c5:
         7a:a6:98:c0:63:42:f3:60:08:42:ba:84:8c:5c:fa:b2:1c:ab:
         ce:d9:84:52:c0:bd:a8:e9:ef:65:66:3b:62:b1:f7:28:3b:2d:
         8d:bc:bb:6b:cb:fb:fb:92:e6:52:06:c0:56:7e:79:70:e0:5a:
         dc:7a:fb:b1:a9:28:25:be:cd:cb:2e:a9:1e:e5:ce:fe:f5:e2:
         32:6d:1d:a4:e1:72:a1:7a:62:8e:b0:6b:cb:b1:63:66:17:fd:
         2a:ba:f9:26:1a:9f:76:c6:63:d0:37:39:ae:df:96:2f:a8:aa:
         78:10:28:15:9d:42:ed:fb:78:e3:b8:5d:b1:cd:0d:6b:3e:f6:
         09:f2:37:4b:53:8f:d4:3f:96:a2:fe:ea:fe:9b:8c:c1:84:62:
         b2:fc:35:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAZmPXBEg/R5sclgXIAcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzAwZTllMzA0NjU5MWY4YmE1NTI0NDgwZGRmN2M2ZmM0
YzYwZTAwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjIzZWE1ZDgyNjE5NDFlYzk1YzY4MTMwN2UwNDk2OTc5Y2JiMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4DIFd75VgYBqWrwDv/9vinAEjcC
ILbzw0UCtRezU4GtsomziU+759qtOGYg3DM6LLBDZcDuVWyoszGY/MvB1YumePaE
hEMT2pGJef0tYC0jiT8fVU7pe0QJNFgI4Ho6YGV32BT2DnSSg37rJNlOuj8Jpp7U
GC/8Q4Q1DOJi5DD7AlqwpkvCnIX603c++qPeyOQgLlXC5p0tkPXCvbhHkD9TIuiT
ex/sHQbBT2icgcIVvcHAPcFqb+IiGTIqGb4hTQhi80UkpV3VrzSh2Qh7WDbG42yB
acOsMX+2hxsI55xwhcsCO20fQekA16zXqA6hpgC6I0WUKX7fKWmFHnyfywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKYj6l2CYZQeyVxoEwfgSWl5y7KBMB8GA1UdIwQY
MBaAFJ3ADp4wRlkfi6VSRIDd98b8TGDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNBT25qQkdXUi1McFZKRWdOMzN4dnhNWU9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84YWQ1NzMtNTk3Ny00ZDc2LTgzZWIt
YmIwMzE5MjEzYTI5LzEvcGlQcVhZSmhsQjdKWEdnVEItQkphWG5Mc29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84YWQ1NzMtNTk3Ny00ZDc2LTgzZWItYmIwMzE5MjEzYTI5
LzEvbmNBT25qQkdXUi1McFZKRWdOMzN4dnhNWU9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCub7oAwQE
2XcAMA0EAgACMAcDBQAqAimwMA0GCSqGSIb3DQEBCwUAA4IBAQCB2hPgt/jtvEpD
pBJgdFLvwca3fSlmagXqF5MFNC9lxwv8GUs5Qc8i1gS5hrSfPvirsO4Nh+Ja5NPI
3vHW8Cs+KWaBA4/BIAn34KF2WTWg/855YPD1G12TcQpPTfNaec3oUXuKxdLhun2H
6sV6ppjAY0LzYAhCuoSMXPqyHKvO2YRSwL2o6e9lZjtisfcoOy2NvLtry/v7kuZS
BsBWfnlw4FrcevuxqSglvs3LLqke5c7+9eIybR2k4XKhemKOsGvLsWNmF/0quvkm
Gp92xmPQNzmu35YvqKp4ECgVnULt+3jjuF2xzQ1rPvYJ8jdLU4/UP5ai/ur+m4zB
hGKy/DWd
-----END CERTIFICATE-----