Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/1-XFpixe4gPkvgPkVhaOwH9Yg50s.roa
File:                     1-XFpixe4gPkvgPkVhaOwH9Yg50s.roa (raw, json)
Hash identifier:          TE1TtPeoUMt9dAvqlkAU7T2ZA73z7SlmMBcuqdwnEB0=
Subject key identifier:   F9:71:69:8B:17:B8:80:F9:2F:80:F9:15:85:A3:B0:1F:D6:20:E7:4B
Certificate issuer:       /CN=4f4da09fbbe90fb79f0f08b207f835f0f0da29fe
Certificate serial:       018CC4935F3DFC35F2289EB21933077F5018
Authority key identifier: 4F:4D:A0:9F:BB:E9:0F:B7:9F:0F:08:B2:07:F8:35:F0:F0:DA:29:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T02gn7vpD7efDwiyB_g18PDaKf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/1-XFpixe4gPkvgPkVhaOwH9Yg50s.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197066
IP address blocks:        185.75.152.0/22 maxlen: 22
                          2a03:4ae0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/T02gn7vpD7efDwiyB_g18PDaKf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/T02gn7vpD7efDwiyB_g18PDaKf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T02gn7vpD7efDwiyB_g18PDaKf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5f:3d:fc:35:f2:28:9e:b2:19:33:07:7f:50:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4da09fbbe90fb79f0f08b207f835f0f0da29fe
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f971698b17b880f92f80f91585a3b01fd620e74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:7c:0a:be:f8:dd:c3:e2:99:34:83:c0:49:ae:
                    c5:96:db:e1:e2:0c:61:a5:51:b4:65:dd:ae:b0:e7:
                    a5:56:c9:d4:12:73:5c:78:5d:99:53:83:5e:35:71:
                    06:be:2e:77:74:58:f8:8d:58:e0:37:00:f9:22:c0:
                    f1:57:5a:ca:7b:f8:2a:55:c5:e6:08:88:a4:2b:d0:
                    6c:50:6c:0a:0b:5a:b9:d0:e6:99:13:80:a6:c7:65:
                    4a:dc:f0:70:97:ba:f2:fd:98:58:d5:db:51:91:05:
                    fa:fa:8a:d7:a5:fc:8c:68:77:c1:59:4a:1d:89:44:
                    5f:d0:df:83:0a:49:4c:ba:7b:89:77:eb:06:0e:49:
                    d6:27:17:3a:c9:48:cb:d7:bb:c7:d0:2c:bc:f8:9f:
                    71:1e:9d:09:76:ce:f3:80:e6:e7:ca:fb:c8:46:27:
                    46:0c:b0:24:06:46:3a:b6:90:2c:a9:10:84:5f:4f:
                    3b:60:b9:16:4b:2f:1a:22:04:b4:a5:cd:2f:ff:84:
                    b0:e9:cc:15:07:84:64:40:46:0b:73:4a:65:2d:bb:
                    e0:55:83:e8:29:94:6e:25:ea:69:03:37:78:97:da:
                    f8:e9:ab:88:c1:8e:84:a3:64:ae:20:34:92:95:24:
                    23:f9:33:7e:ac:9c:5e:39:88:b2:56:0d:41:86:0b:
                    d8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:71:69:8B:17:B8:80:F9:2F:80:F9:15:85:A3:B0:1F:D6:20:E7:4B
            X509v3 Authority Key Identifier:
                keyid:4F:4D:A0:9F:BB:E9:0F:B7:9F:0F:08:B2:07:F8:35:F0:F0:DA:29:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T02gn7vpD7efDwiyB_g18PDaKf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/1-XFpixe4gPkvgPkVhaOwH9Yg50s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/T02gn7vpD7efDwiyB_g18PDaKf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.152.0/22
                IPv6:
                  2a03:4ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:7c:8d:f8:1e:f8:42:72:6a:41:10:13:cc:95:3e:80:17:8e:
         2e:3b:66:91:8f:26:61:dd:20:94:e2:74:a7:f6:57:bc:68:4a:
         72:1d:d2:02:b9:38:12:00:9e:ee:c4:be:55:e1:36:d3:1f:81:
         d8:fe:33:cb:39:b6:bb:69:e0:7f:a2:d0:b3:28:93:b7:b8:79:
         6d:17:9d:a1:a6:44:36:5a:e3:eb:ca:44:46:71:89:af:70:e0:
         53:07:1a:19:07:ad:45:de:33:a1:0d:1e:7d:35:d4:11:7e:aa:
         f8:75:05:9a:eb:0e:d6:97:29:64:5c:38:b6:f1:d1:64:d6:fa:
         69:b8:46:a0:73:0e:a5:70:b6:4a:b0:a6:71:11:35:48:c6:39:
         7e:27:99:65:ce:f5:2c:48:d6:08:5f:fe:a7:63:a6:d0:1b:06:
         f7:4e:6e:83:71:1b:b3:d5:71:1a:01:be:f1:61:ce:d8:08:00:
         64:21:5f:e8:d5:55:d8:f2:7a:b4:ee:d8:4f:38:c1:1a:40:1f:
         5a:a8:4a:c9:8c:33:35:58:05:8c:c9:e9:7f:91:fe:db:16:f1:
         a1:76:b8:01:b4:44:c3:e5:cb:42:93:2e:c6:9b:8b:93:61:52:
         9d:6c:68:ae:6d:c2:1b:49:4e:ca:62:fe:66:13:1e:ad:2a:5b:
         8f:ba:63:44
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEk189/DXyKJ6yGTMHf1AYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGRhMDlmYmJlOTBmYjc5ZjBmMDhiMjA3ZjgzNWYwZjBk
YTI5ZmUwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTcxNjk4YjE3Yjg4MGY5MmY4MGY5MTU4NWEzYjAxZmQ2MjBlNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3wKvvjdw+KZNIPASa7Fltvh4gxh
pVG0Zd2usOelVsnUEnNceF2ZU4NeNXEGvi53dFj4jVjgNwD5IsDxV1rKe/gqVcXm
CIikK9BsUGwKC1q50OaZE4Cmx2VK3PBwl7ry/ZhY1dtRkQX6+orXpfyMaHfBWUod
iURf0N+DCklMunuJd+sGDknWJxc6yUjL17vH0Cy8+J9xHp0Jds7zgObnyvvIRidG
DLAkBkY6tpAsqRCEX087YLkWSy8aIgS0pc0v/4Sw6cwVB4RkQEYLc0plLbvgVYPo
KZRuJeppAzd4l9r46auIwY6Eo2SuIDSSlSQj+TN+rJxeOYiyVg1BhgvY+QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPlxaYsXuID5L4D5FYWjsB/WIOdLMB8GA1UdIwQY
MBaAFE9NoJ+76Q+3nw8Isgf4NfDw2in+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDAyZ243dnBEN2VmRHdpeUJfZzE4UERhS2Y0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82NmJkM2EtNTEyMS00OTBkLThjOTIt
NmVhOTRhOTYxZDRjLzEvMS1YRnBpeGU0Z1BrdmdQa1ZoYU93SDlZZzUwcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODMvNjZiZDNhLTUxMjEtNDkwZC04YzkyLTZlYTk0YTk2MWQ0
Yy8xL1QwMmduN3ZwRDdlZkR3aXlCX2cxOFBEYUtmNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlLmDAN
BAIAAjAHAwUAKgNK4DANBgkqhkiG9w0BAQsFAAOCAQEAtHyN+B74QnJqQRATzJU+
gBeOLjtmkY8mYd0glOJ0p/ZXvGhKch3SArk4EgCe7sS+VeE20x+B2P4zyzm2u2ng
f6LQsyiTt7h5bRedoaZENlrj68pERnGJr3DgUwcaGQetRd4zoQ0efTXUEX6q+HUF
musO1pcpZFw4tvHRZNb6abhGoHMOpXC2SrCmcRE1SMY5fieZZc71LEjWCF/+p2Om
0BsG905ug3Ebs9VxGgG+8WHO2AgAZCFf6NVV2PJ6tO7YTzjBGkAfWqhKyYwzNVgF
jMnpf5H+2xbxoXa4AbREw+XLQpMuxpuLk2FSnWxorm3CG0lOymL+ZhMerSpbj7pj
RA==
-----END CERTIFICATE-----