Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/dS28SPTem61f0Cz9-41Su3oP830.roa
File:                     dS28SPTem61f0Cz9-41Su3oP830.roa (raw, json)
Hash identifier:          pVWH+bibCidT9Hvj6XtCPNnY9GS0bHlNK0YQqGG5mBs=
Subject key identifier:   75:2D:BC:48:F4:DE:9B:AD:5F:D0:2C:FD:FB:8D:52:BB:7A:0F:F3:7D
Certificate issuer:       /CN=f691ab3245ff895a72dd6ff0743c377b6f0f89a6
Certificate serial:       018CC64B104EDEE738AF9103E13412E90A06
Authority key identifier: F6:91:AB:32:45:FF:89:5A:72:DD:6F:F0:74:3C:37:7B:6F:0F:89:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/dS28SPTem61f0Cz9-41Su3oP830.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31673
IP address blocks:        185.185.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:10:4e:de:e7:38:af:91:03:e1:34:12:e9:0a:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f691ab3245ff895a72dd6ff0743c377b6f0f89a6
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=752dbc48f4de9bad5fd02cfdfb8d52bb7a0ff37d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:48:ea:3f:3c:0a:7a:3c:14:a8:dc:c4:03:16:
                    42:74:03:62:ac:54:41:b7:4f:4d:fb:c2:e7:c4:48:
                    6f:04:72:ff:50:31:78:43:18:a5:bc:3f:09:da:07:
                    76:06:ef:0e:57:5c:95:65:41:b1:be:16:18:8e:36:
                    56:f0:84:f0:3d:d7:ae:3f:a6:f4:68:ae:28:54:a9:
                    dc:47:6f:d4:ad:57:da:f1:dd:9b:a7:e1:02:d2:f9:
                    ef:5d:7b:bd:f9:b8:7e:23:24:f2:59:c0:59:d8:cf:
                    d1:c8:60:1b:72:26:da:4a:a0:0e:b7:88:43:eb:b7:
                    da:ac:a4:6f:ae:3d:51:f8:87:59:d7:0e:1d:86:a7:
                    2a:6e:67:9e:62:47:db:6a:1a:5a:fb:7b:48:50:77:
                    1f:21:ee:35:ed:8f:62:e9:e7:7f:85:7d:be:7e:c5:
                    0d:90:b2:1a:1e:d7:46:23:23:c3:ca:a8:73:30:49:
                    cc:54:fa:d4:2e:34:1b:26:49:87:94:3a:a6:ff:0b:
                    a1:09:f5:3d:6d:a9:84:b0:59:40:5f:8d:6b:07:a3:
                    41:55:90:5d:24:cb:d1:46:c1:8f:74:f5:c2:06:56:
                    ea:86:f5:1c:10:31:da:0a:1b:b9:7a:83:e5:e3:89:
                    24:16:6e:7b:fa:3e:52:b9:2d:f2:5a:47:a9:3e:74:
                    86:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:2D:BC:48:F4:DE:9B:AD:5F:D0:2C:FD:FB:8D:52:BB:7A:0F:F3:7D
            X509v3 Authority Key Identifier:
                keyid:F6:91:AB:32:45:FF:89:5A:72:DD:6F:F0:74:3C:37:7B:6F:0F:89:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pGrMkX_iVpy3W_wdDw3e28PiaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/dS28SPTem61f0Cz9-41Su3oP830.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/244a71-e6af-4905-bf65-dfe3c4c5288c/1/9pGrMkX_iVpy3W_wdDw3e28PiaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:2a:04:72:a1:34:13:69:04:8a:2f:e2:5d:ea:44:29:aa:51:
         e1:d8:59:ac:a7:44:28:db:0c:d0:03:05:06:a3:e6:50:60:e5:
         5c:ee:0e:08:96:d6:05:63:78:34:b7:be:fa:15:18:e6:2e:f3:
         46:5a:e3:fb:78:15:d9:27:5c:a8:cf:fe:75:9b:d4:5e:b8:75:
         16:57:39:63:21:5f:eb:80:1f:a4:d0:1c:c3:c6:9c:e0:f3:62:
         21:74:07:96:cd:9e:84:1c:c1:5a:96:71:95:75:bd:b3:82:33:
         e2:09:a6:40:4a:db:70:a2:69:ae:83:f1:f4:71:fd:c1:bb:c4:
         72:72:37:04:b5:e0:2c:01:ca:84:bf:74:bb:ab:0b:a3:56:a3:
         98:52:ad:9c:ce:87:17:26:96:22:91:e9:33:7d:f3:b5:79:6d:
         34:94:fe:19:46:ac:61:75:14:25:bd:71:02:2e:db:6b:d5:50:
         9a:3c:ce:32:6d:49:d7:e2:a5:e2:94:07:51:8d:76:06:df:21:
         9e:b3:c0:a6:53:22:52:36:9d:83:b4:b3:aa:b6:e4:a1:58:26:
         3e:83:76:df:33:6c:c0:28:f2:f1:e2:c8:0e:ac:ae:0c:d3:86:
         7b:8e:f3:f3:ee:75:a1:b0:1d:3d:ea:0e:55:0a:f4:54:fe:10:
         4c:10:77:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxBO3uc4r5ED4TQS6QoGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTFhYjMyNDVmZjg5NWE3MmRkNmZmMDc0M2MzNzdiNmYw
Zjg5YTYwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTJkYmM0OGY0ZGU5YmFkNWZkMDJjZmRmYjhkNTJiYjdhMGZmMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUjqPzwKejwUqNzEAxZCdANirFRB
t09N+8LnxEhvBHL/UDF4QxilvD8J2gd2Bu8OV1yVZUGxvhYYjjZW8ITwPdeuP6b0
aK4oVKncR2/UrVfa8d2bp+EC0vnvXXu9+bh+IyTyWcBZ2M/RyGAbcibaSqAOt4hD
67farKRvrj1R+IdZ1w4dhqcqbmeeYkfbahpa+3tIUHcfIe417Y9i6ed/hX2+fsUN
kLIaHtdGIyPDyqhzMEnMVPrULjQbJkmHlDqm/wuhCfU9bamEsFlAX41rB6NBVZBd
JMvRRsGPdPXCBlbqhvUcEDHaChu5eoPl44kkFm57+j5SuS3yWkepPnSGqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUtvEj03putX9As/fuNUrt6D/N9MB8GA1UdIwQY
MBaAFPaRqzJF/4lact1v8HQ8N3tvD4mmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBHck1rWF9pVnB5M1dfd2REdzNlMjhQaWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yNDRhNzEtZTZhZi00OTA1LWJmNjUt
ZGZlM2M0YzUyODhjLzEvZFMyOFNQVGVtNjFmMEN6OS00MVN1M29QODMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yNDRhNzEtZTZhZi00OTA1LWJmNjUtZGZlM2M0YzUyODhj
LzEvOXBHck1rWF9pVnB5M1dfd2REdzNlMjhQaWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubmkMA0G
CSqGSIb3DQEBCwUAA4IBAQCGKgRyoTQTaQSKL+Jd6kQpqlHh2Fmsp0Qo2wzQAwUG
o+ZQYOVc7g4IltYFY3g0t776FRjmLvNGWuP7eBXZJ1yoz/51m9ReuHUWVzljIV/r
gB+k0BzDxpzg82IhdAeWzZ6EHMFalnGVdb2zgjPiCaZASttwommug/H0cf3Bu8Ry
cjcEteAsAcqEv3S7qwujVqOYUq2czocXJpYikekzffO1eW00lP4ZRqxhdRQlvXEC
Lttr1VCaPM4ybUnX4qXilAdRjXYG3yGes8CmUyJSNp2DtLOqtuShWCY+g3bfM2zA
KPLx4sgOrK4M04Z7jvPz7nWhsB096g5VCvRU/hBMEHdN
-----END CERTIFICATE-----