Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/594fa8-d315-4a38-a631-dec02488c37c/1/GzqRtDDKSigSQGTkzO7kLQcKEG4.roa
File:                     GzqRtDDKSigSQGTkzO7kLQcKEG4.roa (raw, json)
Hash identifier:          03/TecBc40aE3BA2l63d5VNjSK4fACqCPLwywuzCdfQ=
Subject key identifier:   1B:3A:91:B4:30:CA:4A:28:12:40:64:E4:CC:EE:E4:2D:07:0A:10:6E
Certificate issuer:       /CN=65226ee5ea0406592df975c6f4c84f10f14d15cb
Certificate serial:       018CC49305D948316F541735232A4EBFAE7B
Authority key identifier: 65:22:6E:E5:EA:04:06:59:2D:F9:75:C6:F4:C8:4F:10:F1:4D:15:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZSJu5eoEBlkt-XXG9MhPEPFNFcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/594fa8-d315-4a38-a631-dec02488c37c/1/GzqRtDDKSigSQGTkzO7kLQcKEG4.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201422
IP address blocks:        185.75.129.0/24 maxlen: 24
                          185.75.128.0/22 maxlen: 22
                          185.75.128.0/24 maxlen: 24
                          2a03:4d24::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/594fa8-d315-4a38-a631-dec02488c37c/1/ZSJu5eoEBlkt-XXG9MhPEPFNFcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/594fa8-d315-4a38-a631-dec02488c37c/1/ZSJu5eoEBlkt-XXG9MhPEPFNFcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZSJu5eoEBlkt-XXG9MhPEPFNFcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:05:d9:48:31:6f:54:17:35:23:2a:4e:bf:ae:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65226ee5ea0406592df975c6f4c84f10f14d15cb
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b3a91b430ca4a28124064e4cceee42d070a106e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:05:0c:7f:11:a3:5f:c7:e9:1f:5c:e5:79:23:
                    87:7e:d7:4a:a1:88:a2:f2:e1:78:49:7d:80:5d:18:
                    b9:e6:29:aa:1b:bc:d2:29:69:68:26:bf:b7:c4:1a:
                    db:30:07:af:29:e5:71:0c:33:bc:d9:9a:b3:e9:88:
                    bd:79:79:da:fc:72:49:46:40:89:3c:15:d8:5c:cc:
                    ca:2a:cb:5d:a5:e5:23:24:7d:3e:c8:9e:38:13:3f:
                    0f:1d:d6:9c:d0:12:73:10:2c:b4:74:62:4e:61:c3:
                    3c:fe:a9:b8:19:b7:ea:13:3c:fb:3e:ef:6b:17:c3:
                    23:c3:7f:c2:ec:6a:f9:e3:53:05:81:9c:df:97:8f:
                    77:40:e1:88:f1:5c:cb:ef:ff:34:77:21:d8:0f:22:
                    a4:03:7c:f6:34:8b:e3:6d:c5:6f:96:d4:89:60:8c:
                    b4:fd:65:98:12:ab:a8:dc:cb:55:b3:a2:61:8a:29:
                    a6:38:a2:99:a1:6b:de:c4:91:29:f1:7e:c4:dc:e8:
                    e3:45:e0:45:8b:e1:2a:ba:b9:28:3c:3f:c2:7b:d9:
                    69:68:00:43:d4:71:10:c7:9b:30:3c:ce:07:79:ee:
                    8f:6e:24:a1:3e:04:ab:dc:62:f5:9d:12:06:95:69:
                    30:ea:cf:fa:98:72:5e:4d:d1:2c:8f:4c:92:e5:68:
                    0e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3A:91:B4:30:CA:4A:28:12:40:64:E4:CC:EE:E4:2D:07:0A:10:6E
            X509v3 Authority Key Identifier:
                keyid:65:22:6E:E5:EA:04:06:59:2D:F9:75:C6:F4:C8:4F:10:F1:4D:15:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZSJu5eoEBlkt-XXG9MhPEPFNFcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/594fa8-d315-4a38-a631-dec02488c37c/1/GzqRtDDKSigSQGTkzO7kLQcKEG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/594fa8-d315-4a38-a631-dec02488c37c/1/ZSJu5eoEBlkt-XXG9MhPEPFNFcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.128.0/22
                IPv6:
                  2a03:4d24::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:84:36:c6:09:20:c1:fd:6d:56:f9:01:b2:ab:87:07:63:2d:
         17:be:fc:a9:6f:46:4f:8d:2e:a2:b4:8f:87:fa:0b:ab:58:80:
         35:71:99:5e:15:93:80:bf:11:9f:aa:98:7c:e4:d2:8f:1f:f0:
         cb:63:96:bd:2d:a6:2a:f4:05:4a:10:3d:2f:db:31:a8:04:ce:
         41:c4:04:25:6e:fd:4f:e6:95:4d:32:b3:3a:75:ef:ed:85:8f:
         1b:34:24:81:ec:05:4d:ec:c0:cd:04:30:a9:50:75:24:9b:57:
         60:21:2e:33:ce:54:26:2e:72:d5:c3:84:3f:67:02:12:4d:82:
         83:d5:67:22:4a:15:a3:8b:a0:a3:a9:94:34:c7:63:e0:73:e2:
         e1:03:da:f6:20:42:44:d3:2c:f6:2e:b7:14:55:99:49:1b:b5:
         9b:22:a9:59:56:e1:59:fd:2b:b2:a7:e3:6c:5b:00:62:4e:d3:
         13:e5:ee:91:53:cd:69:72:fc:55:b1:25:cf:90:52:f5:2e:bf:
         28:da:af:56:3a:9a:85:c4:da:83:3f:39:54:77:49:37:e4:21:
         34:38:e0:f6:f7:23:32:48:e2:73:cb:dc:b3:33:50:f4:32:2b:
         3a:54:64:9e:bf:c2:cf:56:75:dc:6c:c2:e6:e2:c1:eb:d2:ac:
         1b:ed:ff:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkwXZSDFvVBc1IypOv657MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MjI2ZWU1ZWEwNDA2NTkyZGY5NzVjNmY0Yzg0ZjEwZjE0
ZDE1Y2IwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjNhOTFiNDMwY2E0YTI4MTI0MDY0ZTRjY2VlZTQyZDA3MGExMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgUMfxGjX8fpH1zleSOHftdKoYii
8uF4SX2AXRi55imqG7zSKWloJr+3xBrbMAevKeVxDDO82Zqz6Yi9eXna/HJJRkCJ
PBXYXMzKKstdpeUjJH0+yJ44Ez8PHdac0BJzECy0dGJOYcM8/qm4GbfqEzz7Pu9r
F8Mjw3/C7Gr541MFgZzfl493QOGI8VzL7/80dyHYDyKkA3z2NIvjbcVvltSJYIy0
/WWYEquo3MtVs6JhiimmOKKZoWvexJEp8X7E3OjjReBFi+EqurkoPD/Ce9lpaABD
1HEQx5swPM4Hee6PbiShPgSr3GL1nRIGlWkw6s/6mHJeTdEsj0yS5WgOGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBs6kbQwykooEkBk5Mzu5C0HChBuMB8GA1UdIwQY
MBaAFGUibuXqBAZZLfl1xvTITxDxTRXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlNKdTVlb0VCbGt0LVhYRzlNaFBFUEZORmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81OTRmYTgtZDMxNS00YTM4LWE2MzEt
ZGVjMDI0ODhjMzdjLzEvR3pxUnREREtTaWdTUUdUa3pPN2tMUWNLRUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81OTRmYTgtZDMxNS00YTM4LWE2MzEtZGVjMDI0ODhjMzdj
LzEvWlNKdTVlb0VCbGt0LVhYRzlNaFBFUEZORmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUuAMA0E
AgACMAcDBQAqA00kMA0GCSqGSIb3DQEBCwUAA4IBAQCbhDbGCSDB/W1W+QGyq4cH
Yy0Xvvypb0ZPjS6itI+H+gurWIA1cZleFZOAvxGfqph85NKPH/DLY5a9LaYq9AVK
ED0v2zGoBM5BxAQlbv1P5pVNMrM6de/thY8bNCSB7AVN7MDNBDCpUHUkm1dgIS4z
zlQmLnLVw4Q/ZwISTYKD1WciShWji6CjqZQ0x2Pgc+LhA9r2IEJE0yz2LrcUVZlJ
G7WbIqlZVuFZ/Suyp+NsWwBiTtMT5e6RU81pcvxVsSXPkFL1Lr8o2q9WOpqFxNqD
PzlUd0k35CE0OOD29yMySOJzy9yzM1D0Mis6VGSev8LPVnXcbMLm4sHr0qwb7f9f
-----END CERTIFICATE-----