Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/DRs2gmrc-TwqY9S3wMaotm2wgJg.roa
File:                     DRs2gmrc-TwqY9S3wMaotm2wgJg.roa (raw, json)
Hash identifier:          UFdeHjTeCLbCzCMDWtPPfOANqeTwfnVrNCLrmLlxWa4=
Subject key identifier:   0D:1B:36:82:6A:DC:F9:3C:2A:63:D4:B7:C0:C6:A8:B6:6D:B0:80:98
Certificate issuer:       /CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
Certificate serial:       018CC6B9220F793DD0B17E863D26808673C1
Authority key identifier: 4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/DRs2gmrc-TwqY9S3wMaotm2wgJg.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        185.168.149.0/24 maxlen: 24
                          2a12:b7c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:22:0f:79:3d:d0:b1:7e:86:3d:26:80:86:73:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d1b36826adcf93c2a63d4b7c0c6a8b66db08098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1c:66:20:10:a6:54:89:49:6c:3e:2f:18:33:
                    83:6b:ef:bb:9f:d2:da:fd:b0:ee:c2:ff:87:3d:35:
                    f8:d6:a5:f9:74:d8:24:9b:9b:f1:8c:a4:b8:6c:41:
                    39:4e:2e:cf:b2:dc:b3:9b:39:dc:07:6e:9c:0d:6d:
                    35:76:82:fa:ba:86:33:20:df:96:4b:d0:1a:d2:ed:
                    ae:02:b3:ec:58:03:05:c8:b8:89:45:6a:ae:d3:e4:
                    8a:41:af:4c:ef:b1:5f:51:73:7b:ff:7a:9b:2d:b1:
                    bd:11:fc:6a:3f:a9:5f:4c:a8:b4:cc:85:c1:a8:cc:
                    91:c5:94:a6:e4:30:fb:c6:b8:75:af:5c:66:29:4e:
                    1e:cf:12:02:72:80:b3:82:73:87:7e:87:67:a6:ee:
                    62:6e:9a:fb:d8:10:46:84:13:93:b5:aa:18:bf:d9:
                    99:7b:57:63:e2:65:83:46:58:78:f6:fd:9f:0f:10:
                    11:f1:49:fa:8c:fb:d3:b8:6b:9d:5d:35:9b:bc:68:
                    f1:9c:59:15:a0:00:bc:24:26:8a:16:06:e2:26:5b:
                    b5:9c:41:1a:e4:49:89:a8:ba:c5:39:74:6c:44:18:
                    4b:63:36:9b:9e:0c:be:f4:74:a8:27:59:96:cc:06:
                    4e:ec:db:1f:6f:57:b9:f2:6f:a1:67:84:b3:bc:a7:
                    f2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1B:36:82:6A:DC:F9:3C:2A:63:D4:B7:C0:C6:A8:B6:6D:B0:80:98
            X509v3 Authority Key Identifier:
                keyid:4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/DRs2gmrc-TwqY9S3wMaotm2wgJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.149.0/24
                IPv6:
                  2a12:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:7a:f2:74:ad:84:fb:41:ca:d8:1b:86:90:fa:85:1d:5d:7e:
         7a:a7:aa:49:68:42:cb:44:f3:aa:7e:c9:58:d7:6f:aa:fa:b3:
         05:a5:70:8e:43:74:4c:ce:58:03:96:33:b7:e6:fc:db:95:74:
         e1:4c:60:a0:ea:31:88:ec:a0:26:bf:e1:d2:88:41:13:4d:61:
         a8:9b:54:0e:bf:5d:0f:df:db:2a:67:b2:59:af:c0:3b:40:a1:
         53:77:1e:1c:d5:bb:76:c6:49:f6:f4:ea:38:c1:42:15:37:49:
         af:41:00:48:2e:8c:16:fb:05:a5:f9:5a:c2:55:35:0d:d5:94:
         2b:26:28:17:66:55:95:ab:be:71:28:75:52:d9:4b:40:39:b2:
         29:95:ec:6c:68:92:d7:46:65:d1:57:01:03:0f:13:3f:fa:f9:
         ec:d3:a8:3f:66:36:d5:dd:aa:48:8a:a0:2c:27:18:62:79:75:
         1b:89:d7:18:db:f8:37:78:a2:61:30:b7:9c:9b:3c:57:1c:c7:
         64:fc:25:d9:12:de:00:e4:e2:5b:3b:97:83:b4:13:f1:a9:af:
         7a:4d:0d:5f:3c:ad:bc:95:c0:5a:a7:07:f4:3b:3e:d2:fe:e5:
         ac:33:ba:e4:ef:69:0f:82:a4:20:eb:9f:74:5a:8b:ee:64:46:
         8b:2b:75:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuSIPeT3QsX6GPSaAhnPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZGQ0MmNjZDEzZDdmOGE3YzNlZGE1YjU1MDJkOGQ2ZGNi
YmJlMTEwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFiMzY4MjZhZGNmOTNjMmE2M2Q0YjdjMGM2YThiNjZkYjA4MDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxxmIBCmVIlJbD4vGDODa++7n9La
/bDuwv+HPTX41qX5dNgkm5vxjKS4bEE5Ti7PstyzmzncB26cDW01doL6uoYzIN+W
S9Aa0u2uArPsWAMFyLiJRWqu0+SKQa9M77FfUXN7/3qbLbG9EfxqP6lfTKi0zIXB
qMyRxZSm5DD7xrh1r1xmKU4ezxICcoCzgnOHfodnpu5ibpr72BBGhBOTtaoYv9mZ
e1dj4mWDRlh49v2fDxAR8Un6jPvTuGudXTWbvGjxnFkVoAC8JCaKFgbiJlu1nEEa
5EmJqLrFOXRsRBhLYzabngy+9HSoJ1mWzAZO7Nsfb1e58m+hZ4SzvKfyGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA0bNoJq3Pk8KmPUt8DGqLZtsICYMB8GA1UdIwQY
MBaAFEvdQszRPX+KfD7aW1UC2Nbcu74RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzkxQ3pORTlmNHA4UHRwYlZRTFkxdHk3dmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mYzhlMjItOWEzYi00NjQ2LWJhYmUt
MWNhMjEyMGVlNDM2LzEvRFJzMmdtcmMtVHdxWTlTM3dNYW90bTJ3Z0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mYzhlMjItOWEzYi00NjQ2LWJhYmUtMWNhMjEyMGVlNDM2
LzEvUzkxQ3pORTlmNHA4UHRwYlZRTFkxdHk3dmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaiVMA0E
AgACMAcDBQMqErfAMA0GCSqGSIb3DQEBCwUAA4IBAQB7evJ0rYT7QcrYG4aQ+oUd
XX56p6pJaELLRPOqfslY12+q+rMFpXCOQ3RMzlgDljO35vzblXThTGCg6jGI7KAm
v+HSiEETTWGom1QOv10P39sqZ7JZr8A7QKFTdx4c1bt2xkn29Oo4wUIVN0mvQQBI
LowW+wWl+VrCVTUN1ZQrJigXZlWVq75xKHVS2UtAObIplexsaJLXRmXRVwEDDxM/
+vns06g/ZjbV3apIiqAsJxhieXUbidcY2/g3eKJhMLecmzxXHMdk/CXZEt4A5OJb
O5eDtBPxqa96TQ1fPK28lcBapwf0Oz7S/uWsM7rk72kPgqQg6590WovuZEaLK3U+
-----END CERTIFICATE-----