Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ac1fa9-4ec8-4016-9add-4c3be9a28d93/1/kcg3Xj8trRnzcM_dg-EGi69r-wY.roa
File:                     kcg3Xj8trRnzcM_dg-EGi69r-wY.roa (raw, json)
Hash identifier:          4ngwGxT7IXHE053A4712Yt8BcTjXlpXcaV0UJ60gWuo=
Subject key identifier:   91:C8:37:5E:3F:2D:AD:19:F3:70:CF:DD:83:E1:06:8B:AF:6B:FB:06
Certificate issuer:       /CN=7be0af45ab4e57456f5a0a40dfa84f8d80610664
Certificate serial:       018CC49395B8597AD610DEC37EA3150BFB83
Authority key identifier: 7B:E0:AF:45:AB:4E:57:45:6F:5A:0A:40:DF:A8:4F:8D:80:61:06:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e-CvRatOV0VvWgpA36hPjYBhBmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ac1fa9-4ec8-4016-9add-4c3be9a28d93/1/kcg3Xj8trRnzcM_dg-EGi69r-wY.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206922
IP address blocks:        185.67.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ac1fa9-4ec8-4016-9add-4c3be9a28d93/1/e-CvRatOV0VvWgpA36hPjYBhBmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ac1fa9-4ec8-4016-9add-4c3be9a28d93/1/e-CvRatOV0VvWgpA36hPjYBhBmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e-CvRatOV0VvWgpA36hPjYBhBmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:b8:59:7a:d6:10:de:c3:7e:a3:15:0b:fb:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7be0af45ab4e57456f5a0a40dfa84f8d80610664
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91c8375e3f2dad19f370cfdd83e1068baf6bfb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:77:a7:c8:f1:af:16:a7:a3:29:f0:42:a0:05:
                    9f:50:42:a7:a9:a3:9d:ea:62:2b:01:c4:6e:d3:d5:
                    31:e8:92:b4:40:a4:ac:8d:39:67:6f:11:ef:29:51:
                    f7:e9:e1:a4:7f:45:15:84:c7:3e:55:2b:80:04:c8:
                    79:fd:0f:af:aa:8d:d8:66:9f:64:12:73:9f:58:ac:
                    c7:85:18:25:97:68:4a:97:79:07:0c:80:af:f8:6a:
                    ac:74:9e:f3:9c:d2:45:08:87:d5:70:92:cf:9c:d8:
                    c1:95:c8:c1:25:8b:73:c7:14:5b:bc:f0:37:af:d1:
                    db:dc:9f:1b:82:44:57:d9:d0:81:11:36:f8:00:19:
                    5e:24:c5:da:c3:6a:6e:a4:69:57:c6:05:41:fd:25:
                    35:f0:61:89:74:a6:3b:70:0f:1c:0a:af:ca:f8:73:
                    69:83:e9:c7:de:8b:f1:a8:c2:5e:a3:95:78:c1:7b:
                    73:bd:dd:24:66:c8:cd:c2:94:49:03:6e:04:40:67:
                    65:33:33:73:48:ee:3e:69:00:d6:0e:cf:b6:5f:f3:
                    9b:60:b9:49:84:ab:cd:ec:23:d5:61:67:1f:f9:68:
                    30:a1:8c:8a:32:1e:ee:e6:21:b7:bd:4f:a7:e7:dd:
                    78:e4:d8:b5:40:25:5a:5e:2b:5a:fc:97:e6:16:73:
                    4d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C8:37:5E:3F:2D:AD:19:F3:70:CF:DD:83:E1:06:8B:AF:6B:FB:06
            X509v3 Authority Key Identifier:
                keyid:7B:E0:AF:45:AB:4E:57:45:6F:5A:0A:40:DF:A8:4F:8D:80:61:06:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e-CvRatOV0VvWgpA36hPjYBhBmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ac1fa9-4ec8-4016-9add-4c3be9a28d93/1/kcg3Xj8trRnzcM_dg-EGi69r-wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ac1fa9-4ec8-4016-9add-4c3be9a28d93/1/e-CvRatOV0VvWgpA36hPjYBhBmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b0:93:76:42:e5:be:0f:41:a9:a1:28:ef:04:3f:42:64:15:
         f4:46:4d:3a:9c:be:e2:0a:08:51:92:c8:6a:5d:b4:19:95:e6:
         f1:d1:9c:83:37:91:01:8c:a8:fb:47:74:9d:54:ab:6f:38:49:
         28:5a:cb:f2:c1:32:21:09:48:b1:cb:a9:e1:9d:20:9f:78:d4:
         00:39:14:d0:e7:72:5e:8b:d5:eb:2a:52:31:58:25:07:1c:fc:
         77:80:57:09:3d:1c:b4:28:a7:c9:db:d2:7c:f3:0d:91:7d:fd:
         bf:bd:2d:e2:82:07:fc:59:21:15:95:34:b9:9b:63:18:db:0e:
         48:20:e4:15:d7:90:b9:c8:9b:09:24:80:8f:cd:18:a5:a2:ef:
         c0:4c:c1:f6:9a:ea:d5:b8:25:a3:be:34:e5:d6:5b:66:84:95:
         60:e8:8e:c4:4f:01:11:d4:e2:6d:d1:61:26:8f:d8:90:d7:33:
         3b:d3:09:70:16:3c:15:4e:42:79:ca:61:7a:a3:32:02:16:2e:
         b6:e8:c4:4a:f7:f6:38:28:c5:38:5b:77:ab:41:83:ab:84:3b:
         20:59:51:e1:f5:40:d7:e4:e1:aa:a0:8d:b7:60:d2:d8:48:18:
         9a:76:5d:9c:0e:0f:be:de:b8:44:ba:a3:e5:42:f7:4d:8c:30:
         09:dc:07:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5W4WXrWEN7DfqMVC/uDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZTBhZjQ1YWI0ZTU3NDU2ZjVhMGE0MGRmYTg0ZjhkODA2
MTA2NjQwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM4Mzc1ZTNmMmRhZDE5ZjM3MGNmZGQ4M2UxMDY4YmFmNmJmYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHenyPGvFqejKfBCoAWfUEKnqaOd
6mIrAcRu09Ux6JK0QKSsjTlnbxHvKVH36eGkf0UVhMc+VSuABMh5/Q+vqo3YZp9k
EnOfWKzHhRgll2hKl3kHDICv+GqsdJ7znNJFCIfVcJLPnNjBlcjBJYtzxxRbvPA3
r9Hb3J8bgkRX2dCBETb4ABleJMXaw2pupGlXxgVB/SU18GGJdKY7cA8cCq/K+HNp
g+nH3ovxqMJeo5V4wXtzvd0kZsjNwpRJA24EQGdlMzNzSO4+aQDWDs+2X/ObYLlJ
hKvN7CPVYWcf+WgwoYyKMh7u5iG3vU+n59145Ni1QCVaXita/JfmFnNNCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHIN14/La0Z83DP3YPhBouva/sGMB8GA1UdIwQY
MBaAFHvgr0WrTldFb1oKQN+oT42AYQZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZS1DdlJhdE9WMFZ2V2dwQTM2aFBqWUJoQm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9hYzFmYTktNGVjOC00MDE2LTlhZGQt
NGMzYmU5YTI4ZDkzLzEva2NnM1hqOHRyUm56Y01fZGctRUdpNjlyLXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9hYzFmYTktNGVjOC00MDE2LTlhZGQtNGMzYmU5YTI4ZDkz
LzEvZS1DdlJhdE9WMFZ2V2dwQTM2aFBqWUJoQm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUOjMA0G
CSqGSIb3DQEBCwUAA4IBAQApsJN2QuW+D0GpoSjvBD9CZBX0Rk06nL7iCghRkshq
XbQZlebx0ZyDN5EBjKj7R3SdVKtvOEkoWsvywTIhCUixy6nhnSCfeNQAORTQ53Je
i9XrKlIxWCUHHPx3gFcJPRy0KKfJ29J88w2Rff2/vS3iggf8WSEVlTS5m2MY2w5I
IOQV15C5yJsJJICPzRilou/ATMH2murVuCWjvjTl1ltmhJVg6I7ETwER1OJt0WEm
j9iQ1zM70wlwFjwVTkJ5ymF6ozICFi626MRK9/Y4KMU4W3erQYOrhDsgWVHh9UDX
5OGqoI23YNLYSBiadl2cDg++3rhEuqPlQvdNjDAJ3Af0
-----END CERTIFICATE-----