Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/d929ab-4896-43e2-a876-01bed8782c7f/1/SL6POF68Ox1OynjD9-JJ5A-iE10.roa
File:                     SL6POF68Ox1OynjD9-JJ5A-iE10.roa (raw, json)
Hash identifier:          na5Tk13L5uIJFIcaqE8ZEaSFR5dm+WJxhVUqvLfiE+g=
Subject key identifier:   48:BE:8F:38:5E:BC:3B:1D:4E:CA:78:C3:F7:E2:49:E4:0F:A2:13:5D
Certificate issuer:       /CN=1dfc2b36514163d389ee8fe18f8e2343fa4ddc99
Certificate serial:       018CC5DC04CE79AE25B5C79A80664CDC80AF
Authority key identifier: 1D:FC:2B:36:51:41:63:D3:89:EE:8F:E1:8F:8E:23:43:FA:4D:DC:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HfwrNlFBY9OJ7o_hj44jQ_pN3Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/d929ab-4896-43e2-a876-01bed8782c7f/1/SL6POF68Ox1OynjD9-JJ5A-iE10.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206894
IP address blocks:        185.172.216.0/22 maxlen: 22
                          2a0b:2700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/d929ab-4896-43e2-a876-01bed8782c7f/1/HfwrNlFBY9OJ7o_hj44jQ_pN3Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/d929ab-4896-43e2-a876-01bed8782c7f/1/HfwrNlFBY9OJ7o_hj44jQ_pN3Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HfwrNlFBY9OJ7o_hj44jQ_pN3Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:04:ce:79:ae:25:b5:c7:9a:80:66:4c:dc:80:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dfc2b36514163d389ee8fe18f8e2343fa4ddc99
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48be8f385ebc3b1d4eca78c3f7e249e40fa2135d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ee:9c:38:92:71:97:fb:72:b3:f7:14:bc:6a:
                    68:1a:6d:1d:06:c4:72:ec:e0:3a:a0:74:dd:e8:a8:
                    c7:25:8c:11:12:b3:8d:69:80:2c:ae:9a:50:cf:05:
                    6c:50:18:0a:33:26:1d:4a:10:a8:90:af:85:5f:dc:
                    1a:be:a5:52:e0:8a:e3:3c:5c:a6:8d:c5:77:2e:8f:
                    4e:df:31:f0:58:76:b7:8e:26:10:7d:66:3d:f7:96:
                    46:40:6a:22:07:30:5f:1e:75:88:a1:be:4f:81:77:
                    b2:3f:c8:6d:be:53:67:0c:37:8c:c9:fd:08:5c:a1:
                    bd:62:94:a9:eb:e1:de:2a:ef:ab:c9:ca:4b:d4:19:
                    23:5e:5c:da:fc:c8:66:62:5f:99:b5:f0:90:eb:23:
                    b2:38:f5:30:2c:b6:a9:4c:c6:9f:f2:9d:f0:f5:f5:
                    6f:93:94:17:9e:e2:2e:8d:f8:f3:97:65:7b:29:69:
                    59:90:c1:a0:de:9d:b5:49:ca:3a:6f:e4:09:f8:71:
                    3c:4c:76:93:f1:08:34:4b:1d:66:57:0e:96:24:bc:
                    38:9b:80:29:d9:2e:58:d8:3e:a4:d9:10:a5:d4:c0:
                    ec:cb:36:cb:da:64:71:b7:8b:12:61:4c:69:46:3e:
                    1a:71:b6:62:da:1b:ca:51:87:6b:28:dc:d1:2d:b4:
                    b6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BE:8F:38:5E:BC:3B:1D:4E:CA:78:C3:F7:E2:49:E4:0F:A2:13:5D
            X509v3 Authority Key Identifier:
                keyid:1D:FC:2B:36:51:41:63:D3:89:EE:8F:E1:8F:8E:23:43:FA:4D:DC:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HfwrNlFBY9OJ7o_hj44jQ_pN3Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/d929ab-4896-43e2-a876-01bed8782c7f/1/SL6POF68Ox1OynjD9-JJ5A-iE10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/d929ab-4896-43e2-a876-01bed8782c7f/1/HfwrNlFBY9OJ7o_hj44jQ_pN3Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.216.0/22
                IPv6:
                  2a0b:2700::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:dd:fc:be:20:25:c6:f3:1e:b5:55:62:75:4e:58:4e:31:89:
         27:eb:d0:34:a8:78:fc:44:a4:8c:bd:82:5a:68:e8:f4:a8:53:
         b1:05:44:08:00:16:7a:42:07:bd:76:57:12:0e:cc:7f:22:8e:
         52:c8:73:fc:50:4b:8e:61:63:90:01:4f:d6:e5:9e:86:a5:4d:
         09:d9:fb:b7:86:5c:d0:db:dd:29:b7:66:44:c3:58:61:d6:88:
         fb:79:2f:b4:18:92:91:ec:3b:fa:be:4b:66:17:2b:3a:4b:27:
         8a:b4:bb:ab:70:0d:59:6a:74:bc:8f:07:6f:2b:b8:bc:e7:02:
         62:81:f5:2c:91:7f:09:3b:7c:c0:bb:4d:3d:4c:f7:0b:24:c8:
         79:de:01:d3:ed:69:f7:ee:a6:63:ac:de:7d:78:86:03:44:56:
         99:4f:c7:d4:a0:3c:6f:7a:22:e1:4e:42:74:fc:35:48:85:c4:
         d0:45:05:a8:d8:b1:05:5a:45:5a:5c:cb:cf:f6:da:c5:82:14:
         1c:0d:96:61:c2:ce:92:2e:69:6b:7f:7c:e3:3a:b2:fe:10:b4:
         0a:e3:24:e4:4e:ac:f6:cb:58:b9:44:83:aa:4c:f0:1c:94:59:
         99:2e:6b:0c:a9:b2:1e:47:f3:ee:5b:3f:8f:84:48:15:c7:12:
         d0:12:ae:dd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3ATOea4ltceagGZM3ICvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZmMyYjM2NTE0MTYzZDM4OWVlOGZlMThmOGUyMzQzZmE0
ZGRjOTkwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGJlOGYzODVlYmMzYjFkNGVjYTc4YzNmN2UyNDllNDBmYTIxMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+6cOJJxl/tys/cUvGpoGm0dBsRy
7OA6oHTd6KjHJYwRErONaYAsrppQzwVsUBgKMyYdShCokK+FX9wavqVS4IrjPFym
jcV3Lo9O3zHwWHa3jiYQfWY995ZGQGoiBzBfHnWIob5PgXeyP8htvlNnDDeMyf0I
XKG9YpSp6+HeKu+rycpL1BkjXlza/MhmYl+ZtfCQ6yOyOPUwLLapTMaf8p3w9fVv
k5QXnuIujfjzl2V7KWlZkMGg3p21Sco6b+QJ+HE8THaT8Qg0Sx1mVw6WJLw4m4Ap
2S5Y2D6k2RCl1MDsyzbL2mRxt4sSYUxpRj4acbZi2hvKUYdrKNzRLbS2ywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEi+jzhevDsdTsp4w/fiSeQPohNdMB8GA1UdIwQY
MBaAFB38KzZRQWPTie6P4Y+OI0P6TdyZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGZ3ck5sRkJZOU9KN29faGo0NGpRX3BOM0prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kOTI5YWItNDg5Ni00M2UyLWE4NzYt
MDFiZWQ4NzgyYzdmLzEvU0w2UE9GNjhPeDFPeW5qRDktSko1QS1pRTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kOTI5YWItNDg5Ni00M2UyLWE4NzYtMDFiZWQ4NzgyYzdm
LzEvSGZ3ck5sRkJZOU9KN29faGo0NGpRX3BOM0prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuazYMA0E
AgACMAcDBQMqCycAMA0GCSqGSIb3DQEBCwUAA4IBAQCH3fy+ICXG8x61VWJ1TlhO
MYkn69A0qHj8RKSMvYJaaOj0qFOxBUQIABZ6Qge9dlcSDsx/Io5SyHP8UEuOYWOQ
AU/W5Z6GpU0J2fu3hlzQ290pt2ZEw1hh1oj7eS+0GJKR7Dv6vktmFys6SyeKtLur
cA1ZanS8jwdvK7i85wJigfUskX8JO3zAu009TPcLJMh53gHT7Wn37qZjrN59eIYD
RFaZT8fUoDxveiLhTkJ0/DVIhcTQRQWo2LEFWkVaXMvP9trFghQcDZZhws6SLmlr
f3zjOrL+ELQK4yTkTqz2y1i5RIOqTPAclFmZLmsMqbIeR/PuWz+PhEgVxxLQEq7d
-----END CERTIFICATE-----