Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/d61f73-ac0b-45bc-a5a4-1a8301b7e6de/1/zqTbCR8XSG40tQD9X_vCC8OpRFw.roa
File:                     zqTbCR8XSG40tQD9X_vCC8OpRFw.roa (raw, json)
Hash identifier:          7nGfGNlVvXQd8XrB1CoaI8RSIawe6UmLoglhMQdgYl8=
Subject key identifier:   CE:A4:DB:09:1F:17:48:6E:34:B5:00:FD:5F:FB:C2:0B:C3:A9:44:5C
Certificate issuer:       /CN=75905949e963d3577be076326ca0b91ff32f9684
Certificate serial:       018CC56ED57A80D8A347B1E6433B3CE8241D
Authority key identifier: 75:90:59:49:E9:63:D3:57:7B:E0:76:32:6C:A0:B9:1F:F3:2F:96:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dZBZSelj01d74HYybKC5H_MvloQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/d61f73-ac0b-45bc-a5a4-1a8301b7e6de/1/zqTbCR8XSG40tQD9X_vCC8OpRFw.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.229.147.0/24 maxlen: 24
                          185.229.146.0/24 maxlen: 24
                          2a0d:d600::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/d61f73-ac0b-45bc-a5a4-1a8301b7e6de/1/dZBZSelj01d74HYybKC5H_MvloQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/d61f73-ac0b-45bc-a5a4-1a8301b7e6de/1/dZBZSelj01d74HYybKC5H_MvloQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dZBZSelj01d74HYybKC5H_MvloQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d5:7a:80:d8:a3:47:b1:e6:43:3b:3c:e8:24:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75905949e963d3577be076326ca0b91ff32f9684
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cea4db091f17486e34b500fd5ffbc20bc3a9445c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:9a:11:23:43:19:92:27:d7:aa:80:87:cf:64:
                    d1:d5:c3:3f:33:3c:05:92:83:66:94:23:46:f2:df:
                    61:d4:a9:41:58:1e:51:8a:97:9c:f5:e6:24:77:43:
                    4d:55:0a:82:69:8c:01:b1:db:29:d7:4f:ea:25:00:
                    e5:24:6d:af:e8:49:cd:d9:e2:81:23:3a:18:00:7b:
                    da:e2:47:a1:c6:b9:0b:ff:7c:1b:21:6f:51:2e:42:
                    c4:8c:82:bb:59:af:2a:20:ec:36:c6:dd:db:90:1c:
                    65:91:ea:34:54:84:05:e7:ad:59:98:b4:fc:54:ed:
                    69:e6:32:b1:f8:e1:f1:f7:0f:45:05:c5:0a:95:b0:
                    6c:7e:5e:1c:00:d0:15:37:e8:7d:87:ef:96:e9:0f:
                    4e:2e:68:ce:c6:47:2e:d5:fc:be:ba:13:2c:b6:90:
                    b7:c6:b1:b2:3e:b7:68:9d:06:92:6f:93:8f:82:48:
                    e3:32:01:56:e9:12:05:1e:30:3d:f1:7a:4b:4f:6c:
                    b6:69:01:cc:ae:f9:50:dc:7c:58:2c:98:d6:05:c0:
                    90:7c:4d:1e:96:6f:72:da:84:50:03:ba:a3:10:1f:
                    41:a2:06:bc:60:e8:b9:6f:80:f0:68:fc:cc:dc:b2:
                    df:77:1e:97:8b:e9:20:d5:31:2d:25:73:b7:ed:15:
                    f1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A4:DB:09:1F:17:48:6E:34:B5:00:FD:5F:FB:C2:0B:C3:A9:44:5C
            X509v3 Authority Key Identifier:
                keyid:75:90:59:49:E9:63:D3:57:7B:E0:76:32:6C:A0:B9:1F:F3:2F:96:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZBZSelj01d74HYybKC5H_MvloQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/d61f73-ac0b-45bc-a5a4-1a8301b7e6de/1/zqTbCR8XSG40tQD9X_vCC8OpRFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/d61f73-ac0b-45bc-a5a4-1a8301b7e6de/1/dZBZSelj01d74HYybKC5H_MvloQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.146.0/23
                IPv6:
                  2a0d:d600::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:9c:19:b8:2e:dc:96:37:bb:7f:42:dc:90:d9:e9:0c:41:bd:
         70:bc:b6:5e:6b:e2:8c:a2:92:5e:10:f5:04:5a:d5:c5:d3:86:
         00:2a:f8:d0:0a:25:75:3a:fa:07:a9:9d:ee:97:bf:46:8a:50:
         c5:2a:31:63:2f:5a:30:8b:b0:92:9d:61:e6:31:72:78:e9:85:
         5f:32:0a:4d:6a:79:00:5f:95:50:bc:68:07:cc:17:0a:a8:67:
         97:d1:eb:e3:e7:89:e0:1f:83:15:89:50:74:41:2f:87:70:99:
         05:83:35:e6:c8:ec:2c:81:06:78:44:98:05:ed:0e:9f:73:e2:
         66:eb:50:d9:07:68:5b:3b:15:5a:4e:c5:27:e6:ea:73:af:7d:
         da:7d:fa:07:1d:72:94:4b:4a:16:a3:13:87:08:31:1b:40:a8:
         d3:77:61:a0:6d:1a:c2:61:47:e3:d0:28:6a:9a:c5:94:0d:5a:
         68:c4:87:06:23:53:dc:4b:c7:50:2f:d8:04:56:d7:ab:1a:4f:
         e2:60:d0:79:87:be:18:ec:84:b8:f9:57:17:8f:ce:26:a6:dc:
         22:35:9d:40:42:b8:cf:5d:2f:22:46:69:ca:74:24:e6:2b:09:
         42:d1:11:6a:74:47:ee:66:33:ca:08:18:8a:72:e5:3c:81:74:
         42:a0:8d:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtV6gNijR7HmQzs86CQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OTA1OTQ5ZTk2M2QzNTc3YmUwNzYzMjZjYTBiOTFmZjMy
Zjk2ODQwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWE0ZGIwOTFmMTc0ODZlMzRiNTAwZmQ1ZmZiYzIwYmMzYTk0NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5oRI0MZkifXqoCHz2TR1cM/MzwF
koNmlCNG8t9h1KlBWB5Ripec9eYkd0NNVQqCaYwBsdsp10/qJQDlJG2v6EnN2eKB
IzoYAHva4kehxrkL/3wbIW9RLkLEjIK7Wa8qIOw2xt3bkBxlkeo0VIQF561ZmLT8
VO1p5jKx+OHx9w9FBcUKlbBsfl4cANAVN+h9h++W6Q9OLmjOxkcu1fy+uhMstpC3
xrGyPrdonQaSb5OPgkjjMgFW6RIFHjA98XpLT2y2aQHMrvlQ3HxYLJjWBcCQfE0e
lm9y2oRQA7qjEB9Boga8YOi5b4DwaPzM3LLfdx6Xi+kg1TEtJXO37RXxfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM6k2wkfF0huNLUA/V/7wgvDqURcMB8GA1UdIwQY
MBaAFHWQWUnpY9NXe+B2MmyguR/zL5aEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFpCWlNlbGowMWQ3NEhZeWJLQzVIX012bG9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kNjFmNzMtYWMwYi00NWJjLWE1YTQt
MWE4MzAxYjdlNmRlLzEvenFUYkNSOFhTRzQwdFFEOVhfdkNDOE9wUkZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kNjFmNzMtYWMwYi00NWJjLWE1YTQtMWE4MzAxYjdlNmRl
LzEvZFpCWlNlbGowMWQ3NEhZeWJLQzVIX012bG9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBueWSMA0E
AgACMAcDBQAqDdYAMA0GCSqGSIb3DQEBCwUAA4IBAQBCnBm4LtyWN7t/QtyQ2ekM
Qb1wvLZea+KMopJeEPUEWtXF04YAKvjQCiV1OvoHqZ3ul79GilDFKjFjL1owi7CS
nWHmMXJ46YVfMgpNankAX5VQvGgHzBcKqGeX0evj54ngH4MViVB0QS+HcJkFgzXm
yOwsgQZ4RJgF7Q6fc+Jm61DZB2hbOxVaTsUn5upzr33affoHHXKUS0oWoxOHCDEb
QKjTd2GgbRrCYUfj0ChqmsWUDVpoxIcGI1PcS8dQL9gEVterGk/iYNB5h74Y7IS4
+VcXj84mptwiNZ1AQrjPXS8iRmnKdCTmKwlC0RFqdEfuZjPKCBiKcuU8gXRCoI3S
-----END CERTIFICATE-----