Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/sVVp4U7lEL0JZ1VPK_IGm_d7lqw.roa
File:                     sVVp4U7lEL0JZ1VPK_IGm_d7lqw.roa (raw, json)
Hash identifier:          xuxZcqbHsCUdp4Zohe0GQvoQzNkOgfJilKn6l3EmI8Y=
Subject key identifier:   B1:55:69:E1:4E:E5:10:BD:09:67:55:4F:2B:F2:06:9B:F7:7B:96:AC
Certificate issuer:       /CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
Certificate serial:       018CC49245849A112817C0201DD6850FADFE
Authority key identifier: 7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/sVVp4U7lEL0JZ1VPK_IGm_d7lqw.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204099
IP address blocks:        185.29.90.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:84:9a:11:28:17:c0:20:1d:d6:85:0f:ad:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b15569e14ee510bd0967554f2bf2069bf77b96ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2c:01:9a:2a:ab:f5:39:7d:02:65:f6:b3:ec:
                    e9:3d:6d:47:6c:e6:ed:2d:d2:38:ec:89:55:ec:57:
                    37:0d:0d:95:99:ba:12:dd:3e:86:e0:fd:79:f5:54:
                    5d:8f:4a:18:55:a7:cf:84:e0:81:19:ee:17:8c:f4:
                    b5:6b:3d:1c:9d:53:ab:5e:58:60:dc:2e:9e:0d:94:
                    a2:5b:56:22:b5:ba:6d:65:3d:24:6e:a4:bd:33:9c:
                    f1:62:f5:8e:ff:57:07:2c:a9:e0:86:5e:74:65:97:
                    ed:66:89:e0:55:54:a5:da:84:65:41:53:c8:d5:58:
                    13:9d:39:43:52:ff:3e:60:10:2e:92:b3:0c:58:c2:
                    82:92:40:02:84:51:1e:c8:c9:87:df:84:b7:36:81:
                    62:40:f9:f1:a0:46:09:67:8f:a6:31:a6:87:19:88:
                    ba:62:62:91:d3:8e:8b:1b:b0:a2:65:34:04:20:2d:
                    3d:ed:aa:61:7c:c9:e1:88:c4:f8:b4:6a:43:b3:7f:
                    3a:c0:cb:c6:f1:cc:ff:fd:06:3a:ae:85:07:a9:65:
                    c8:d9:6b:86:5c:b0:94:ed:ee:2e:e0:15:cd:f0:46:
                    74:04:04:b0:d2:4d:e9:02:3d:04:0b:34:0b:bf:98:
                    41:31:89:98:f9:2d:ce:c5:0a:89:52:5b:da:07:fa:
                    e2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:55:69:E1:4E:E5:10:BD:09:67:55:4F:2B:F2:06:9B:F7:7B:96:AC
            X509v3 Authority Key Identifier:
                keyid:7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/sVVp4U7lEL0JZ1VPK_IGm_d7lqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:6a:52:1a:49:f3:b6:d6:44:b6:b4:ce:b0:30:1e:22:49:42:
         57:f9:e0:f0:5c:5b:a6:dc:ad:22:72:69:69:ed:9a:48:45:43:
         f0:eb:75:25:5c:3a:8d:fa:3e:0b:3d:b3:5c:90:f8:83:de:a6:
         d8:23:00:4c:cf:a2:e8:e7:07:94:37:7b:f4:44:08:5b:2c:66:
         26:3c:00:09:37:ff:fe:76:2c:c5:dc:20:43:f9:17:5c:7d:73:
         ef:35:52:32:05:4c:9a:69:cd:1d:eb:03:a9:b3:2f:fc:e3:83:
         58:35:e6:99:e2:1a:40:3a:20:b3:e1:51:9b:1b:d6:ee:39:dd:
         00:a1:51:76:63:5f:be:55:8c:0c:00:79:a7:c5:ea:68:d2:2c:
         e8:25:4e:f7:b1:48:6c:c6:cc:48:00:ff:98:48:8f:e6:3f:f9:
         39:b4:1e:0b:29:f1:13:06:ee:d7:57:8e:fb:e8:dd:b2:2c:13:
         bc:24:09:ba:37:2b:39:6d:ba:ab:21:3a:ef:57:ac:c8:84:31:
         1e:c2:16:95:15:e7:1c:2d:a9:de:21:10:f3:b4:06:28:85:ef:
         96:3d:8c:12:81:cd:9f:e1:db:8f:6d:1c:44:b8:59:39:b9:74:
         f2:12:87:61:55:b6:1e:f3:8c:88:de:e4:ed:4a:2f:13:14:be:
         96:1b:f5:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkWEmhEoF8AgHdaFD63+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDIxM2UzZTdlYmU2MTcwYTM2MDBhOGUzYWU2NGVkOTYy
YzBlMzYwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU1NjllMTRlZTUxMGJkMDk2NzU1NGYyYmYyMDY5YmY3N2I5NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiwBmiqr9Tl9AmX2s+zpPW1HbObt
LdI47IlV7Fc3DQ2VmboS3T6G4P159VRdj0oYVafPhOCBGe4XjPS1az0cnVOrXlhg
3C6eDZSiW1YitbptZT0kbqS9M5zxYvWO/1cHLKnghl50ZZftZongVVSl2oRlQVPI
1VgTnTlDUv8+YBAukrMMWMKCkkAChFEeyMmH34S3NoFiQPnxoEYJZ4+mMaaHGYi6
YmKR046LG7CiZTQEIC097aphfMnhiMT4tGpDs386wMvG8cz//QY6roUHqWXI2WuG
XLCU7e4u4BXN8EZ0BASw0k3pAj0ECzQLv5hBMYmY+S3OxQqJUlvaB/ri6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFVaeFO5RC9CWdVTyvyBpv3e5asMB8GA1UdIwQY
MBaAFH0CE+Pn6+YXCjYAqOOuZO2WLA42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3Nzct
MDM1MzIxNDBlZjUyLzEvc1ZWcDRVN2xFTDBKWjFWUEtfSUdtX2Q3bHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3NzctMDM1MzIxNDBlZjUy
LzEvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuR1aMA0G
CSqGSIb3DQEBCwUAA4IBAQBBalIaSfO21kS2tM6wMB4iSUJX+eDwXFum3K0icmlp
7ZpIRUPw63UlXDqN+j4LPbNckPiD3qbYIwBMz6Lo5weUN3v0RAhbLGYmPAAJN//+
dizF3CBD+RdcfXPvNVIyBUyaac0d6wOpsy/844NYNeaZ4hpAOiCz4VGbG9buOd0A
oVF2Y1++VYwMAHmnxepo0izoJU73sUhsxsxIAP+YSI/mP/k5tB4LKfETBu7XV477
6N2yLBO8JAm6Nys5bbqrITrvV6zIhDEewhaVFeccLaneIRDztAYohe+WPYwSgc2f
4duPbRxEuFk5uXTyEodhVbYe84yI3uTtSi8TFL6WG/X2
-----END CERTIFICATE-----