Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c7156a-8feb-439e-a88f-086c4ea1d8ca/1/RZQhEibgKOswKZZrI1dUCr2do4o.roa
File:                     RZQhEibgKOswKZZrI1dUCr2do4o.roa (raw, json)
Hash identifier:          TmWH4bkw32FTwltEzyVBvAClBorNffGbBJmJxi9JDwg=
Subject key identifier:   45:94:21:12:26:E0:28:EB:30:29:96:6B:23:57:54:0A:BD:9D:A3:8A
Certificate issuer:       /CN=305d78d2075c7820979d7ba50d25b1427b67d456
Certificate serial:       018CC4937F5923CC8F650B25F5ED2AA34F91
Authority key identifier: 30:5D:78:D2:07:5C:78:20:97:9D:7B:A5:0D:25:B1:42:7B:67:D4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MF140gdceCCXnXulDSWxQntn1FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c7156a-8feb-439e-a88f-086c4ea1d8ca/1/RZQhEibgKOswKZZrI1dUCr2do4o.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204819
IP address blocks:        185.69.64.0/22 maxlen: 22
                          2a05:2080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c7156a-8feb-439e-a88f-086c4ea1d8ca/1/MF140gdceCCXnXulDSWxQntn1FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c7156a-8feb-439e-a88f-086c4ea1d8ca/1/MF140gdceCCXnXulDSWxQntn1FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MF140gdceCCXnXulDSWxQntn1FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7f:59:23:cc:8f:65:0b:25:f5:ed:2a:a3:4f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=305d78d2075c7820979d7ba50d25b1427b67d456
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4594211226e028eb3029966b2357540abd9da38a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:51:d1:21:c4:6e:bd:78:5d:a7:6c:20:75:1d:
                    fa:61:70:92:9b:2e:dc:15:c0:22:15:73:91:55:86:
                    e0:81:97:99:7c:2a:e4:4b:d8:54:ac:e6:4f:39:6b:
                    4a:8b:32:f5:43:20:2e:73:07:45:df:7e:c8:b8:2a:
                    aa:f1:76:54:a7:8b:eb:e9:0d:6c:0a:f9:e0:97:a6:
                    f6:69:6f:b2:7d:02:67:7c:b2:53:83:8e:87:c0:d6:
                    b6:fb:e8:c4:46:7f:b4:c8:cc:8f:6b:b9:30:85:52:
                    56:77:78:5f:a3:87:c6:1f:42:64:c3:44:71:ea:bd:
                    3c:48:78:05:cc:f7:98:2b:40:f4:03:67:0c:43:8c:
                    6e:31:d7:8a:c5:05:ec:d9:13:88:28:59:bb:12:0d:
                    82:80:8f:fd:87:77:4d:1f:b9:2a:66:f5:3e:c6:92:
                    57:b5:9b:81:be:44:a7:b8:30:d3:e2:27:47:d5:89:
                    50:76:69:7a:d4:87:fd:e1:98:91:fa:46:fc:2d:71:
                    a0:e4:7f:2d:f8:f2:a5:0b:b9:31:a6:52:27:f5:72:
                    4b:d4:ee:41:86:8f:26:8d:1e:92:82:b8:dd:ba:95:
                    d5:1b:d6:8b:9b:80:ea:c0:bf:b3:e9:92:eb:84:74:
                    57:ff:51:9b:73:c0:6b:1c:f2:f1:28:a2:17:f6:9f:
                    28:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:94:21:12:26:E0:28:EB:30:29:96:6B:23:57:54:0A:BD:9D:A3:8A
            X509v3 Authority Key Identifier:
                keyid:30:5D:78:D2:07:5C:78:20:97:9D:7B:A5:0D:25:B1:42:7B:67:D4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MF140gdceCCXnXulDSWxQntn1FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c7156a-8feb-439e-a88f-086c4ea1d8ca/1/RZQhEibgKOswKZZrI1dUCr2do4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c7156a-8feb-439e-a88f-086c4ea1d8ca/1/MF140gdceCCXnXulDSWxQntn1FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.64.0/22
                IPv6:
                  2a05:2080::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:98:73:71:43:c1:95:50:2d:44:46:4a:03:5e:7f:bb:21:b2:
         61:fa:5b:8f:dd:95:18:6e:81:ac:8e:74:82:4a:59:01:38:94:
         64:7e:6e:b0:9f:c8:30:50:03:26:08:36:76:b8:4e:5c:3b:85:
         3f:3a:87:6f:93:ba:f7:2b:4b:fc:6a:6a:ff:da:35:ee:7c:23:
         f6:38:e4:90:e2:ce:0e:7a:33:2e:7a:c2:69:ad:b2:10:f0:2b:
         b7:45:de:0f:07:44:c3:b2:b4:a2:7c:28:e0:0c:eb:52:7a:62:
         dc:5f:8a:25:47:d6:d2:7c:50:6f:6d:c4:cb:fe:0c:eb:ac:79:
         8e:87:1b:89:c1:16:bc:f2:14:b7:1f:61:e5:34:4f:61:9b:3b:
         55:24:12:42:94:cb:1a:d4:62:89:38:29:0f:bf:18:f6:ef:59:
         0f:03:e1:a1:a3:16:17:de:2a:33:cd:1d:35:3f:72:48:50:da:
         9f:52:4b:dc:ec:22:e2:c8:ed:9c:db:80:43:91:00:69:8e:44:
         0b:99:e6:f6:d9:96:57:89:31:19:c1:1e:c5:a2:bd:d1:69:cb:
         af:81:5e:77:4d:85:f5:b6:9c:b1:ab:62:df:7d:a3:74:28:e0:
         d1:2f:e6:df:84:19:83:1f:23:38:07:4d:24:e8:4f:3a:bc:a1:
         df:a1:d9:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk39ZI8yPZQsl9e0qo0+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNWQ3OGQyMDc1Yzc4MjA5NzlkN2JhNTBkMjViMTQyN2I2
N2Q0NTYwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTk0MjExMjI2ZTAyOGViMzAyOTk2NmIyMzU3NTQwYWJkOWRhMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFHRIcRuvXhdp2wgdR36YXCSmy7c
FcAiFXORVYbggZeZfCrkS9hUrOZPOWtKizL1QyAucwdF337IuCqq8XZUp4vr6Q1s
Cvngl6b2aW+yfQJnfLJTg46HwNa2++jERn+0yMyPa7kwhVJWd3hfo4fGH0Jkw0Rx
6r08SHgFzPeYK0D0A2cMQ4xuMdeKxQXs2ROIKFm7Eg2CgI/9h3dNH7kqZvU+xpJX
tZuBvkSnuDDT4idH1YlQdml61If94ZiR+kb8LXGg5H8t+PKlC7kxplIn9XJL1O5B
ho8mjR6SgrjdupXVG9aLm4DqwL+z6ZLrhHRX/1Gbc8BrHPLxKKIX9p8oIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEWUIRIm4CjrMCmWayNXVAq9naOKMB8GA1UdIwQY
MBaAFDBdeNIHXHggl517pQ0lsUJ7Z9RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUYxNDBnZGNlQ0NYblh1bERTV3hRbnRuMUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jNzE1NmEtOGZlYi00MzllLWE4OGYt
MDg2YzRlYTFkOGNhLzEvUlpRaEVpYmdLT3N3S1packkxZFVDcjJkbzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jNzE1NmEtOGZlYi00MzllLWE4OGYtMDg2YzRlYTFkOGNh
LzEvTUYxNDBnZGNlQ0NYblh1bERTV3hRbnRuMUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUVAMA0E
AgACMAcDBQMqBSCAMA0GCSqGSIb3DQEBCwUAA4IBAQAFmHNxQ8GVUC1ERkoDXn+7
IbJh+luP3ZUYboGsjnSCSlkBOJRkfm6wn8gwUAMmCDZ2uE5cO4U/Oodvk7r3K0v8
amr/2jXufCP2OOSQ4s4OejMuesJprbIQ8Cu3Rd4PB0TDsrSifCjgDOtSemLcX4ol
R9bSfFBvbcTL/gzrrHmOhxuJwRa88hS3H2HlNE9hmztVJBJClMsa1GKJOCkPvxj2
71kPA+GhoxYX3iozzR01P3JIUNqfUkvc7CLiyO2c24BDkQBpjkQLmeb22ZZXiTEZ
wR7For3RacuvgV53TYX1tpyxq2LffaN0KODRL+bfhBmDHyM4B00k6E86vKHfodnW
-----END CERTIFICATE-----