Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/ceb5a1-16c0-478f-a2cf-4f225d088566/1/rqYiJckBMMXDf_2ShIafhNAU8h0.roa
File:                     rqYiJckBMMXDf_2ShIafhNAU8h0.roa (raw, json)
Hash identifier:          zC9LhD22a/Uv8JhQNMGZSqcc5skNpHM7C1YirkDdTrU=
Subject key identifier:   AE:A6:22:25:C9:01:30:C5:C3:7F:FD:92:84:86:9F:84:D0:14:F2:1D
Certificate issuer:       /CN=c21fab767447d36911974cf9bb1d1ae9131fc845
Certificate serial:       018CC5DCC96DA56D20129F2870C80D284B1D
Authority key identifier: C2:1F:AB:76:74:47:D3:69:11:97:4C:F9:BB:1D:1A:E9:13:1F:C8:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wh-rdnRH02kRl0z5ux0a6RMfyEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/ceb5a1-16c0-478f-a2cf-4f225d088566/1/rqYiJckBMMXDf_2ShIafhNAU8h0.roa
Signing time:             Mon 01 Jan 2024 16:30:30 +0000
ROA not before:           Mon 01 Jan 2024 16:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201627
IP address blocks:        185.68.168.0/22 maxlen: 22
                          185.68.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/ceb5a1-16c0-478f-a2cf-4f225d088566/1/wh-rdnRH02kRl0z5ux0a6RMfyEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/ceb5a1-16c0-478f-a2cf-4f225d088566/1/wh-rdnRH02kRl0z5ux0a6RMfyEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wh-rdnRH02kRl0z5ux0a6RMfyEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c9:6d:a5:6d:20:12:9f:28:70:c8:0d:28:4b:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c21fab767447d36911974cf9bb1d1ae9131fc845
        Validity
            Not Before: Jan  1 16:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aea62225c90130c5c37ffd9284869f84d014f21d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:fd:41:38:b8:40:25:eb:94:f6:4d:38:c6:
                    d7:8d:f4:d9:27:e2:6f:d6:0a:35:5f:36:99:7e:6f:
                    82:b8:e8:26:c6:31:a4:0c:73:8f:48:7f:0d:05:ec:
                    97:be:ac:f3:a1:63:3a:ba:14:6f:68:9d:f5:15:30:
                    22:7c:90:0a:d6:2b:b3:7d:62:a8:f2:f4:7a:6d:37:
                    c6:34:a4:21:40:3d:af:74:3c:37:41:0a:b6:8b:9b:
                    f3:98:25:d4:a4:83:16:7b:c2:94:e2:08:80:b9:93:
                    14:67:dc:19:b1:84:6a:1f:e4:2c:d3:9a:13:8f:94:
                    1a:ea:1c:ba:9b:f8:d3:18:aa:b2:a0:28:d3:97:b3:
                    ae:04:08:ca:3e:c1:67:82:2a:7f:16:5f:a2:aa:47:
                    f5:01:e9:6b:98:c0:9c:43:50:96:25:40:12:ac:5f:
                    54:b4:4c:66:b3:33:78:42:08:c4:c7:97:e1:48:5d:
                    15:6c:ec:d3:32:4d:7b:67:02:a5:ee:de:fa:1b:9b:
                    d0:0e:9c:46:b0:5b:7f:33:32:8c:de:a6:bf:d3:44:
                    d4:52:eb:e2:cc:86:2b:c0:98:a4:83:16:52:e9:67:
                    2a:b3:0c:e8:fc:a9:04:74:60:39:17:60:4d:a4:46:
                    8f:e6:1c:fd:01:11:33:c3:a7:81:1e:b1:1e:71:71:
                    18:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A6:22:25:C9:01:30:C5:C3:7F:FD:92:84:86:9F:84:D0:14:F2:1D
            X509v3 Authority Key Identifier:
                keyid:C2:1F:AB:76:74:47:D3:69:11:97:4C:F9:BB:1D:1A:E9:13:1F:C8:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wh-rdnRH02kRl0z5ux0a6RMfyEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ceb5a1-16c0-478f-a2cf-4f225d088566/1/rqYiJckBMMXDf_2ShIafhNAU8h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ceb5a1-16c0-478f-a2cf-4f225d088566/1/wh-rdnRH02kRl0z5ux0a6RMfyEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:ba:54:57:93:23:f3:fb:2b:f6:e6:88:ad:2c:9e:ab:85:85:
         00:21:62:4c:75:20:72:44:c1:fd:d8:c6:d0:45:70:3e:ca:e1:
         c6:9b:d9:0c:43:7c:43:d9:59:d5:cb:ac:7d:09:3c:48:5a:5c:
         2c:8c:1a:14:0f:86:19:82:2e:b7:4b:f4:f5:2d:2c:b1:eb:e9:
         3b:48:20:f4:6d:10:ff:a7:6b:ab:da:fc:b0:d5:12:5b:1e:2c:
         26:d3:c1:72:59:95:e2:1e:06:78:71:72:e1:b0:05:04:0b:39:
         4b:34:25:b9:f3:e6:a3:5d:0e:bb:dc:6f:78:57:af:80:44:25:
         56:c1:1e:c3:e8:ff:c3:8e:71:e2:f9:a3:11:ca:17:73:f0:7f:
         ee:30:71:7d:81:2e:4f:3b:1d:b8:03:37:1f:c0:72:91:2b:dd:
         d9:35:1c:17:ab:18:b4:1a:19:27:67:1a:66:9c:da:56:9f:74:
         8a:8b:73:18:8c:1f:85:b8:f5:43:7a:67:fa:eb:fb:d0:66:cf:
         c0:2a:ba:eb:d5:a4:b1:64:8f:cd:12:4c:4a:35:f6:22:2d:2c:
         4a:8e:52:2d:17:3d:d8:13:2a:cd:20:01:80:ec:49:77:06:7b:
         ba:71:6c:99:8a:4c:7c:12:b1:94:4d:e4:ab:96:1c:e4:f1:77:
         6b:94:42:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MltpW0gEp8ocMgNKEsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMWZhYjc2NzQ0N2QzNjkxMTk3NGNmOWJiMWQxYWU5MTMx
ZmM4NDUwHhcNMjQwMTAxMTYzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWE2MjIyNWM5MDEzMGM1YzM3ZmZkOTI4NDg2OWY4NGQwMTRmMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcj9QTi4QCXrlPZNOMbXjfTZJ+Jv
1go1XzaZfm+CuOgmxjGkDHOPSH8NBeyXvqzzoWM6uhRvaJ31FTAifJAK1iuzfWKo
8vR6bTfGNKQhQD2vdDw3QQq2i5vzmCXUpIMWe8KU4giAuZMUZ9wZsYRqH+Qs05oT
j5Qa6hy6m/jTGKqyoCjTl7OuBAjKPsFngip/Fl+iqkf1AelrmMCcQ1CWJUASrF9U
tExmszN4QgjEx5fhSF0VbOzTMk17ZwKl7t76G5vQDpxGsFt/MzKM3qa/00TUUuvi
zIYrwJikgxZS6Wcqswzo/KkEdGA5F2BNpEaP5hz9AREzw6eBHrEecXEY7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6mIiXJATDFw3/9koSGn4TQFPIdMB8GA1UdIwQY
MBaAFMIfq3Z0R9NpEZdM+bsdGukTH8hFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2gtcmRuUkgwMmtSbDB6NXV4MGE2Uk1meUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jZWI1YTEtMTZjMC00NzhmLWEyY2Yt
NGYyMjVkMDg4NTY2LzEvcnFZaUpja0JNTVhEZl8yU2hJYWZoTkFVOGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jZWI1YTEtMTZjMC00NzhmLWEyY2YtNGYyMjVkMDg4NTY2
LzEvd2gtcmRuUkgwMmtSbDB6NXV4MGE2Uk1meUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUSoMA0G
CSqGSIb3DQEBCwUAA4IBAQBOulRXkyPz+yv25oitLJ6rhYUAIWJMdSByRMH92MbQ
RXA+yuHGm9kMQ3xD2VnVy6x9CTxIWlwsjBoUD4YZgi63S/T1LSyx6+k7SCD0bRD/
p2ur2vyw1RJbHiwm08FyWZXiHgZ4cXLhsAUECzlLNCW58+ajXQ673G94V6+ARCVW
wR7D6P/DjnHi+aMRyhdz8H/uMHF9gS5POx24AzcfwHKRK93ZNRwXqxi0GhknZxpm
nNpWn3SKi3MYjB+FuPVDemf66/vQZs/AKrrr1aSxZI/NEkxKNfYiLSxKjlItFz3Y
EyrNIAGA7El3Bnu6cWyZikx8ErGUTeSrlhzk8XdrlEIt
-----END CERTIFICATE-----