Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/nBd4kX4cGmoxrEbCcke0GgV11cQ.roa
File:                     nBd4kX4cGmoxrEbCcke0GgV11cQ.roa (raw, json)
Hash identifier:          AXHUBqkLh7EWA94vAbBhbaZ895btIXuw7RoyjT+oLPo=
Subject key identifier:   9C:17:78:91:7E:1C:1A:6A:31:AC:46:C2:72:47:B4:1A:05:75:D5:C4
Certificate issuer:       /CN=88e719f426793b1e9063771460abd311a3dff116
Certificate serial:       018CC4939756828B3141E68D6BA5C9DDB737
Authority key identifier: 88:E7:19:F4:26:79:3B:1E:90:63:77:14:60:AB:D3:11:A3:DF:F1:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/nBd4kX4cGmoxrEbCcke0GgV11cQ.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27552
IP address blocks:        185.134.180.0/22 maxlen: 22
                          2a06:ee01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:97:56:82:8b:31:41:e6:8d:6b:a5:c9:dd:b7:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88e719f426793b1e9063771460abd311a3dff116
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c1778917e1c1a6a31ac46c27247b41a0575d5c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:40:e1:b3:e9:d3:c1:58:90:97:47:57:26:f3:
                    f9:2f:52:30:bb:54:b3:2b:4c:9d:9b:69:01:04:b6:
                    aa:08:9a:38:1a:2b:7c:31:3b:de:e9:63:c0:2e:23:
                    ed:d3:0f:41:1f:91:d1:a8:6a:ff:1c:3d:be:ac:c0:
                    32:e3:34:52:25:f6:a7:00:59:6a:ab:47:2d:6d:74:
                    1c:8e:d9:0e:7b:b5:4b:48:7a:27:7e:5d:0b:df:68:
                    8d:02:bf:c8:54:f2:7e:25:fd:1b:2f:d6:65:07:53:
                    5f:7e:73:ba:57:53:c8:28:92:8b:58:7e:a2:64:f7:
                    ee:42:97:88:05:44:dd:d3:73:95:cc:81:cd:da:3d:
                    02:2a:d5:28:c6:bb:1e:58:d2:cb:a4:4e:b9:e3:69:
                    2a:f7:5d:20:be:63:72:60:ce:92:41:56:f0:e8:e7:
                    97:ae:53:79:75:04:5b:89:07:d0:04:a6:5f:1e:23:
                    6b:fc:dd:09:3c:db:1c:d4:82:23:f6:d2:a6:10:64:
                    43:0c:1e:b1:2f:61:d6:8e:a7:f7:77:39:ac:47:6b:
                    7c:9f:7d:28:29:7d:11:f8:b4:cd:32:09:a7:81:5e:
                    31:96:c5:e4:a0:b9:fb:12:ef:85:b7:3f:1b:83:91:
                    b5:f7:1b:fd:57:ce:1b:9a:18:16:4a:09:8d:5a:c4:
                    fe:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:17:78:91:7E:1C:1A:6A:31:AC:46:C2:72:47:B4:1A:05:75:D5:C4
            X509v3 Authority Key Identifier:
                keyid:88:E7:19:F4:26:79:3B:1E:90:63:77:14:60:AB:D3:11:A3:DF:F1:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/nBd4kX4cGmoxrEbCcke0GgV11cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.180.0/22
                IPv6:
                  2a06:ee01::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:21:bb:90:da:ae:88:d1:53:45:a5:8a:02:33:89:32:75:22:
         ff:0e:2a:15:e5:28:60:72:7f:70:ec:af:88:b4:76:82:dc:59:
         d6:77:a1:d4:53:64:2c:58:1c:be:17:fa:ee:e8:a8:33:f3:f4:
         0a:37:51:44:e6:8d:42:a8:0e:c8:12:9a:44:78:a4:86:d6:0e:
         49:7d:21:98:c1:00:75:00:a1:0c:0d:5a:ee:10:87:cf:bc:20:
         16:fc:53:f5:8f:71:13:70:18:5f:2b:6d:bd:75:66:a0:a1:28:
         c3:07:a5:09:ef:ca:0d:61:c0:a7:d1:d0:07:4e:dd:5c:8b:22:
         87:77:68:b4:3d:34:30:b8:d3:5f:61:a8:f4:38:ec:fc:97:d5:
         db:42:d0:2e:9e:c9:de:3f:2b:c2:58:e7:d4:67:89:a8:14:0d:
         2a:be:2b:89:10:91:f1:cc:0a:32:00:27:a7:f4:1c:13:d4:c3:
         6f:ca:a0:fb:7e:91:b5:58:54:02:10:ff:46:59:b3:e8:b2:95:
         ec:fa:27:28:33:2e:6c:a7:fe:c2:dc:ad:86:eb:3f:28:26:21:
         86:f1:57:ef:05:f3:8e:a4:94:be:09:25:a6:95:78:b6:6d:d2:
         75:96:a2:39:9c:be:c9:c0:26:41:67:a2:9a:90:26:de:cb:da:
         7b:8d:72:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk5dWgosxQeaNa6XJ3bc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZTcxOWY0MjY3OTNiMWU5MDYzNzcxNDYwYWJkMzExYTNk
ZmYxMTYwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzE3Nzg5MTdlMWMxYTZhMzFhYzQ2YzI3MjQ3YjQxYTA1NzVkNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkDhs+nTwViQl0dXJvP5L1Iwu1Sz
K0ydm2kBBLaqCJo4Git8MTve6WPALiPt0w9BH5HRqGr/HD2+rMAy4zRSJfanAFlq
q0ctbXQcjtkOe7VLSHonfl0L32iNAr/IVPJ+Jf0bL9ZlB1NffnO6V1PIKJKLWH6i
ZPfuQpeIBUTd03OVzIHN2j0CKtUoxrseWNLLpE6542kq910gvmNyYM6SQVbw6OeX
rlN5dQRbiQfQBKZfHiNr/N0JPNsc1IIj9tKmEGRDDB6xL2HWjqf3dzmsR2t8n30o
KX0R+LTNMgmngV4xlsXkoLn7Eu+Ftz8bg5G19xv9V84bmhgWSgmNWsT+EQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJwXeJF+HBpqMaxGwnJHtBoFddXEMB8GA1UdIwQY
MBaAFIjnGfQmeTsekGN3FGCr0xGj3/EWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU9jWjlDWjVPeDZRWTNjVVlLdlRFYVBmOFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8wMGQ0NWQtNWU0OC00NThkLTkyZjct
YWU1MmUxNTZiNzdlLzEvbkJkNGtYNGNHbW94ckViQ2NrZTBHZ1YxMWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8wMGQ0NWQtNWU0OC00NThkLTkyZjctYWU1MmUxNTZiNzdl
LzEvaU9jWjlDWjVPeDZRWTNjVVlLdlRFYVBmOFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYa0MA0E
AgACMAcDBQAqBu4BMA0GCSqGSIb3DQEBCwUAA4IBAQC4IbuQ2q6I0VNFpYoCM4ky
dSL/DioV5Shgcn9w7K+ItHaC3FnWd6HUU2QsWBy+F/ru6Kgz8/QKN1FE5o1CqA7I
EppEeKSG1g5JfSGYwQB1AKEMDVruEIfPvCAW/FP1j3ETcBhfK229dWagoSjDB6UJ
78oNYcCn0dAHTt1ciyKHd2i0PTQwuNNfYaj0OOz8l9XbQtAunsnePyvCWOfUZ4mo
FA0qviuJEJHxzAoyACen9BwT1MNvyqD7fpG1WFQCEP9GWbPospXs+icoMy5sp/7C
3K2G6z8oJiGG8VfvBfOOpJS+CSWmlXi2bdJ1lqI5nL7JwCZBZ6KakCbey9p7jXJb
-----END CERTIFICATE-----