Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/731c7c-9a17-4bca-984c-c7fbfc4dc9dc/1/_Oj3V4e0ORmYmSIMvHju7x2Zbj8.roa
File:                     _Oj3V4e0ORmYmSIMvHju7x2Zbj8.roa (raw, json)
Hash identifier:          RC2RGhuyQVU1FEEhYcAjY2Vfdd/l5Elat1hy15qF5ss=
Subject key identifier:   FC:E8:F7:57:87:B4:39:19:98:99:22:0C:BC:78:EE:EF:1D:99:6E:3F
Certificate issuer:       /CN=13afa6ce6542e1bb523e1d03bd00a4d22b7fdaed
Certificate serial:       018CC94E5779F0741EE99E718B5ECF2BE243
Authority key identifier: 13:AF:A6:CE:65:42:E1:BB:52:3E:1D:03:BD:00:A4:D2:2B:7F:DA:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6-mzmVC4btSPh0DvQCk0it_2u0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/731c7c-9a17-4bca-984c-c7fbfc4dc9dc/1/_Oj3V4e0ORmYmSIMvHju7x2Zbj8.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211417
IP address blocks:        185.144.92.0/22 maxlen: 24
                          2a03:a920::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/731c7c-9a17-4bca-984c-c7fbfc4dc9dc/1/E6-mzmVC4btSPh0DvQCk0it_2u0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/731c7c-9a17-4bca-984c-c7fbfc4dc9dc/1/E6-mzmVC4btSPh0DvQCk0it_2u0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E6-mzmVC4btSPh0DvQCk0it_2u0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:57:79:f0:74:1e:e9:9e:71:8b:5e:cf:2b:e2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13afa6ce6542e1bb523e1d03bd00a4d22b7fdaed
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fce8f75787b439199899220cbc78eeef1d996e3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e0:5e:92:e8:ce:d8:8b:4a:5d:9b:69:19:ea:
                    13:af:e4:3e:50:14:16:6f:90:1c:53:18:4c:60:03:
                    ae:4c:08:c6:c5:92:4f:00:6e:f4:f4:d7:bb:24:98:
                    bf:c6:ef:ff:39:40:b1:a6:2e:90:f6:67:a3:ec:3a:
                    05:3d:d1:78:db:dc:5d:3d:83:48:e7:2a:4d:21:b1:
                    cf:af:7a:11:70:83:b5:7e:6c:1c:3e:13:ab:a6:9c:
                    04:00:1a:5e:90:6b:0c:7d:1f:9b:e4:bf:8d:96:b5:
                    53:e2:a9:c7:0b:c3:44:5e:a6:55:12:0e:d1:8e:ff:
                    7b:59:24:d8:26:e1:9f:8f:2b:81:f6:d1:c0:e9:50:
                    b5:e0:24:e0:37:f3:69:8b:11:f1:77:a5:c4:44:1a:
                    74:b4:f7:49:73:02:05:43:29:94:24:69:13:a2:f5:
                    8c:25:68:c7:c5:a2:7a:4f:92:05:57:96:0c:58:06:
                    eb:ca:74:dd:33:2e:40:99:c4:6e:43:8d:17:85:a8:
                    7f:0e:40:42:f2:e0:b0:83:a7:9f:2b:2a:b3:94:55:
                    66:45:51:31:74:b2:c6:1a:fb:8e:72:9b:a1:da:d6:
                    67:a0:eb:36:fa:76:b5:d0:a3:d5:8f:ee:e1:0f:e5:
                    84:cb:5f:46:84:67:b7:cd:73:18:17:09:8d:7f:b8:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E8:F7:57:87:B4:39:19:98:99:22:0C:BC:78:EE:EF:1D:99:6E:3F
            X509v3 Authority Key Identifier:
                keyid:13:AF:A6:CE:65:42:E1:BB:52:3E:1D:03:BD:00:A4:D2:2B:7F:DA:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6-mzmVC4btSPh0DvQCk0it_2u0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/731c7c-9a17-4bca-984c-c7fbfc4dc9dc/1/_Oj3V4e0ORmYmSIMvHju7x2Zbj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/731c7c-9a17-4bca-984c-c7fbfc4dc9dc/1/E6-mzmVC4btSPh0DvQCk0it_2u0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.92.0/22
                IPv6:
                  2a03:a920::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:db:01:73:a4:9d:20:b4:8a:fd:6f:76:29:36:ed:b8:29:55:
         1e:80:c6:65:8b:e1:f9:89:12:33:cd:91:33:f2:26:5a:10:67:
         7e:1a:93:de:65:a0:bd:ef:b4:58:82:b5:19:79:43:f2:12:20:
         d3:0e:57:71:ba:79:9a:29:0c:85:3f:7f:bc:22:d6:d9:11:8f:
         eb:6c:ce:0d:07:18:a7:cd:a6:a3:9f:1c:eb:1e:be:58:4d:c9:
         24:a6:bd:fd:93:2e:55:ea:04:25:77:a9:92:aa:08:ea:fc:af:
         bd:20:0f:ab:a5:47:62:6e:1e:72:c7:09:78:02:5f:58:83:7c:
         fd:d3:5d:31:7e:d7:93:60:47:25:9a:23:c8:82:27:61:63:7e:
         9b:15:d3:33:1d:82:a5:95:7f:6f:ac:4a:98:27:d6:44:ef:78:
         ec:eb:52:91:66:13:ab:8e:02:25:8d:0b:ec:d8:6e:4d:48:d4:
         44:98:d7:10:92:b9:a8:f3:17:d6:95:8e:a7:90:2f:de:cf:2c:
         c7:76:02:0c:53:18:e1:b3:a6:c3:e1:87:41:a4:cc:6e:0a:54:
         14:cd:b6:55:e7:56:10:74:2d:db:3b:69:34:d9:e5:c1:2a:f1:
         5a:9b:c9:4f:06:f8:0b:dd:06:ad:02:63:45:e7:cf:98:58:ec:
         0f:cf:31:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTld58HQe6Z5xi17PK+JDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYWZhNmNlNjU0MmUxYmI1MjNlMWQwM2JkMDBhNGQyMmI3
ZmRhZWQwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2U4Zjc1Nzg3YjQzOTE5OTg5OTIyMGNiYzc4ZWVlZjFkOTk2ZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueBekujO2ItKXZtpGeoTr+Q+UBQW
b5AcUxhMYAOuTAjGxZJPAG709Ne7JJi/xu//OUCxpi6Q9mej7DoFPdF429xdPYNI
5ypNIbHPr3oRcIO1fmwcPhOrppwEABpekGsMfR+b5L+NlrVT4qnHC8NEXqZVEg7R
jv97WSTYJuGfjyuB9tHA6VC14CTgN/NpixHxd6XERBp0tPdJcwIFQymUJGkTovWM
JWjHxaJ6T5IFV5YMWAbrynTdMy5AmcRuQ40Xhah/DkBC8uCwg6efKyqzlFVmRVEx
dLLGGvuOcpuh2tZnoOs2+na10KPVj+7hD+WEy19GhGe3zXMYFwmNf7jQiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzo91eHtDkZmJkiDLx47u8dmW4/MB8GA1UdIwQY
MBaAFBOvps5lQuG7Uj4dA70ApNIrf9rtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTYtbXptVkM0YnRTUGgwRHZRQ2swaXRfMnUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS83MzFjN2MtOWExNy00YmNhLTk4NGMt
YzdmYmZjNGRjOWRjLzEvX09qM1Y0ZTBPUm1ZbVNJTXZIanU3eDJaYmo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS83MzFjN2MtOWExNy00YmNhLTk4NGMtYzdmYmZjNGRjOWRj
LzEvRTYtbXptVkM0YnRTUGgwRHZRQ2swaXRfMnUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZBcMA0E
AgACMAcDBQAqA6kgMA0GCSqGSIb3DQEBCwUAA4IBAQB12wFzpJ0gtIr9b3YpNu24
KVUegMZli+H5iRIzzZEz8iZaEGd+GpPeZaC977RYgrUZeUPyEiDTDldxunmaKQyF
P3+8ItbZEY/rbM4NBxinzaajnxzrHr5YTckkpr39ky5V6gQld6mSqgjq/K+9IA+r
pUdibh5yxwl4Al9Yg3z9010xfteTYEclmiPIgidhY36bFdMzHYKllX9vrEqYJ9ZE
73js61KRZhOrjgIljQvs2G5NSNREmNcQkrmo8xfWlY6nkC/ezyzHdgIMUxjhs6bD
4YdBpMxuClQUzbZV51YQdC3bO2k02eXBKvFam8lPBvgL3QatAmNF58+YWOwPzzEN
-----END CERTIFICATE-----