Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/3e9394-e271-49ab-b37b-ea38420b2579/1/x9oVQsgEoZLAIsEEASIddhz_utg.roa
File:                     x9oVQsgEoZLAIsEEASIddhz_utg.roa (raw, json)
Hash identifier:          LPLw2MwZApK6XtW2Xm+m1EnRruFG0IMkSVBSNVCYP9U=
Subject key identifier:   C7:DA:15:42:C8:04:A1:92:C0:22:C1:04:01:22:1D:76:1C:FF:BA:D8
Certificate issuer:       /CN=1000c0d7a59ac2f59804e7c3515f14cd2fd50d97
Certificate serial:       018CC424650C3511C97E955E6A2B648B8AFB
Authority key identifier: 10:00:C0:D7:A5:9A:C2:F5:98:04:E7:C3:51:5F:14:CD:2F:D5:0D:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EADA16WawvWYBOfDUV8UzS_VDZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/3e9394-e271-49ab-b37b-ea38420b2579/1/x9oVQsgEoZLAIsEEASIddhz_utg.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204793
IP address blocks:        185.136.116.0/22 maxlen: 22
                          2a06:fc40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/3e9394-e271-49ab-b37b-ea38420b2579/1/EADA16WawvWYBOfDUV8UzS_VDZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/3e9394-e271-49ab-b37b-ea38420b2579/1/EADA16WawvWYBOfDUV8UzS_VDZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EADA16WawvWYBOfDUV8UzS_VDZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:65:0c:35:11:c9:7e:95:5e:6a:2b:64:8b:8a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1000c0d7a59ac2f59804e7c3515f14cd2fd50d97
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7da1542c804a192c022c10401221d761cffbad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:31:7c:96:8d:a1:66:88:7b:3a:71:ef:29:d8:
                    d9:8c:dc:39:73:02:c3:65:22:82:4f:82:96:17:d7:
                    50:c8:a0:1b:ae:07:a5:18:85:53:35:d5:f5:3c:ae:
                    fa:d2:6d:5b:90:01:77:c6:da:39:00:39:73:06:b1:
                    58:16:a0:9e:3c:d1:05:c2:70:bc:f8:bd:d0:19:a2:
                    a0:0f:6c:42:11:73:65:7b:7d:ac:66:58:b2:a1:07:
                    a8:02:bf:c5:59:0d:f8:f4:12:00:a4:00:75:bf:cf:
                    66:29:f5:56:aa:f1:ba:fc:88:44:59:b5:da:0c:30:
                    d4:99:5e:e9:b7:c8:fb:84:d9:f6:24:1e:af:71:35:
                    e9:34:6f:cf:db:83:72:3b:79:ba:c6:0a:ac:7e:0f:
                    59:02:35:98:ce:5e:26:20:6e:0c:b7:52:34:1a:4a:
                    58:18:99:a2:23:3f:82:5f:70:f9:77:da:bb:81:f5:
                    fa:d9:8b:9e:49:df:06:d5:50:5d:72:a7:71:f2:c1:
                    67:04:f5:0b:5c:60:8b:5a:73:0f:18:60:db:36:77:
                    33:14:6d:4a:f7:08:8f:80:d9:c4:ba:3d:e9:05:61:
                    a1:05:33:69:6a:22:06:6f:43:af:ea:78:13:74:5e:
                    4a:3e:3a:8f:39:c2:39:3c:ff:ec:c5:a8:fa:29:47:
                    81:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:DA:15:42:C8:04:A1:92:C0:22:C1:04:01:22:1D:76:1C:FF:BA:D8
            X509v3 Authority Key Identifier:
                keyid:10:00:C0:D7:A5:9A:C2:F5:98:04:E7:C3:51:5F:14:CD:2F:D5:0D:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EADA16WawvWYBOfDUV8UzS_VDZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/3e9394-e271-49ab-b37b-ea38420b2579/1/x9oVQsgEoZLAIsEEASIddhz_utg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/3e9394-e271-49ab-b37b-ea38420b2579/1/EADA16WawvWYBOfDUV8UzS_VDZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.116.0/22
                IPv6:
                  2a06:fc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:96:5f:f3:a1:d6:64:e8:da:a4:53:5d:d9:26:c3:48:a8:4f:
         1e:ad:ef:0f:f7:63:a5:f5:55:86:65:35:be:12:9d:06:36:37:
         03:71:1d:95:e3:a4:c6:9d:fe:d1:f9:cf:8a:9f:4c:90:a2:d0:
         93:4e:c5:e1:b0:cc:af:35:06:84:97:71:4c:b7:dd:2c:0d:a6:
         86:8d:11:4e:59:ec:fd:f6:45:9e:61:df:37:c2:54:3d:40:a4:
         23:4f:e5:e6:80:14:0e:f6:79:a0:40:1b:9a:a3:95:ef:e9:05:
         bc:5c:b0:03:8c:2a:4e:23:01:96:9c:75:af:bb:42:5d:31:5a:
         57:d1:7a:b9:6a:a0:e5:31:a2:fe:21:3d:de:fd:74:7f:f1:0b:
         0e:e3:5e:72:af:95:b4:8c:34:a9:ba:c6:73:4f:3f:91:ff:ed:
         12:8e:10:ad:01:2a:9d:f7:ed:1d:10:13:99:f7:c6:14:15:da:
         25:12:e8:b1:f1:35:7b:a8:9e:d1:fb:52:6f:bb:8a:61:54:e5:
         87:34:32:45:1f:70:42:90:e1:c2:2e:f8:58:ca:82:6a:47:9b:
         30:95:12:36:1d:ae:2d:a3:11:cf:59:0e:63:a4:80:24:f0:bb:
         0b:9c:2f:4c:61:03:f5:5b:83:79:b4:3d:eb:4d:8d:bb:35:5c:
         da:5e:21:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJGUMNRHJfpVeaitki4r7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMDBjMGQ3YTU5YWMyZjU5ODA0ZTdjMzUxNWYxNGNkMmZk
NTBkOTcwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2RhMTU0MmM4MDRhMTkyYzAyMmMxMDQwMTIyMWQ3NjFjZmZiYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TF8lo2hZoh7OnHvKdjZjNw5cwLD
ZSKCT4KWF9dQyKAbrgelGIVTNdX1PK760m1bkAF3xto5ADlzBrFYFqCePNEFwnC8
+L3QGaKgD2xCEXNle32sZliyoQeoAr/FWQ349BIApAB1v89mKfVWqvG6/IhEWbXa
DDDUmV7pt8j7hNn2JB6vcTXpNG/P24NyO3m6xgqsfg9ZAjWYzl4mIG4Mt1I0GkpY
GJmiIz+CX3D5d9q7gfX62YueSd8G1VBdcqdx8sFnBPULXGCLWnMPGGDbNnczFG1K
9wiPgNnEuj3pBWGhBTNpaiIGb0Ov6ngTdF5KPjqPOcI5PP/sxaj6KUeBXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMfaFULIBKGSwCLBBAEiHXYc/7rYMB8GA1UdIwQY
MBaAFBAAwNelmsL1mATnw1FfFM0v1Q2XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUFEQTE2V2F3dldZQk9mRFVWOFV6U19WRFpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8zZTkzOTQtZTI3MS00OWFiLWIzN2It
ZWEzODQyMGIyNTc5LzEveDlvVlFzZ0VvWkxBSXNFRUFTSWRkaHpfdXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8zZTkzOTQtZTI3MS00OWFiLWIzN2ItZWEzODQyMGIyNTc5
LzEvRUFEQTE2V2F3dldZQk9mRFVWOFV6U19WRFpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYh0MA0E
AgACMAcDBQMqBvxAMA0GCSqGSIb3DQEBCwUAA4IBAQAhll/zodZk6NqkU13ZJsNI
qE8ere8P92Ol9VWGZTW+Ep0GNjcDcR2V46TGnf7R+c+Kn0yQotCTTsXhsMyvNQaE
l3FMt90sDaaGjRFOWez99kWeYd83wlQ9QKQjT+XmgBQO9nmgQBuao5Xv6QW8XLAD
jCpOIwGWnHWvu0JdMVpX0Xq5aqDlMaL+IT3e/XR/8QsO415yr5W0jDSpusZzTz+R
/+0SjhCtASqd9+0dEBOZ98YUFdolEuix8TV7qJ7R+1Jvu4phVOWHNDJFH3BCkOHC
LvhYyoJqR5swlRI2Ha4toxHPWQ5jpIAk8LsLnC9MYQP1W4N5tD3rTY27NVzaXiEn
-----END CERTIFICATE-----