Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/pV4dMffvDJQbaMJgemiXkJ-1BkE.roa
File:                     pV4dMffvDJQbaMJgemiXkJ-1BkE.roa (raw, json)
Hash identifier:          0gKdJRShOU2f787Xvi/37exFi7Z97Pdr6PdGFnbbe5E=
Subject key identifier:   A5:5E:1D:31:F7:EF:0C:94:1B:68:C2:60:7A:68:97:90:9F:B5:06:41
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       018CC64A04F86D591E34DDBCA505E6F3D175
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/pV4dMffvDJQbaMJgemiXkJ-1BkE.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.69.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:04:f8:6d:59:1e:34:dd:bc:a5:05:e6:f3:d1:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a55e1d31f7ef0c941b68c2607a6897909fb50641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:91:c7:a1:1a:a4:63:47:51:1f:50:8f:9c:71:
                    8f:4e:f9:95:d8:03:d2:69:09:1d:fa:44:13:81:53:
                    35:e9:c7:06:4c:27:ec:e4:2f:78:83:6e:be:76:8b:
                    cd:98:b3:c4:23:f5:71:4a:fe:62:47:7c:b7:51:5e:
                    fd:86:67:83:25:92:98:92:28:68:30:24:10:0f:84:
                    4c:c9:e4:98:6c:4d:10:e4:27:f0:37:a3:33:5d:d3:
                    75:61:a5:51:4d:5a:fd:75:cc:10:23:db:58:9e:2d:
                    1c:5c:20:4f:e5:eb:69:8a:61:20:7d:0a:e7:16:20:
                    46:48:1f:9b:ed:27:87:9c:1a:20:69:97:88:3f:a0:
                    06:9f:8d:5c:80:eb:55:92:f1:31:da:73:cd:b5:85:
                    66:7a:c2:cd:13:e2:fe:04:50:d0:b7:7f:e4:5d:61:
                    b3:d9:b4:ee:16:93:8a:a4:52:2f:79:b9:66:f9:2a:
                    87:40:85:ac:f6:61:0b:d6:36:2f:15:b7:f2:34:5c:
                    98:1b:1f:3a:1b:71:cf:40:4d:1e:c0:b5:f6:5b:6a:
                    3c:11:1a:5d:c0:6f:58:65:ad:b9:5d:1f:fa:04:eb:
                    be:28:da:95:fb:89:5a:ce:46:d6:4f:57:55:3a:ca:
                    fb:38:e7:cf:6b:de:ac:dd:45:6d:11:7f:6e:c3:6a:
                    db:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:5E:1D:31:F7:EF:0C:94:1B:68:C2:60:7A:68:97:90:9F:B5:06:41
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/pV4dMffvDJQbaMJgemiXkJ-1BkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:ed:22:ce:14:e6:55:1c:93:39:2a:04:76:81:a9:fa:d2:58:
         7e:3c:11:28:7f:f2:df:ca:93:6b:40:5d:14:1b:8d:85:21:83:
         f4:fd:18:74:fa:26:fd:47:f5:0e:4a:44:e6:8e:28:6b:08:56:
         e0:59:9d:15:5f:22:9c:8c:e9:cf:43:80:42:73:42:5a:be:98:
         bd:1c:c7:6e:41:39:8c:12:53:9a:b0:50:37:c8:27:42:85:2e:
         41:39:58:1d:83:ec:de:17:1a:ee:da:31:2e:ac:cf:4b:f9:fb:
         f5:38:d5:27:93:12:48:df:44:4d:fa:3e:b8:93:5d:ea:72:a1:
         c7:46:cd:a5:28:c4:8e:46:d6:6d:1b:c9:14:b0:76:34:b5:79:
         bf:84:ba:51:11:f1:5f:0a:01:72:34:f7:49:6e:4f:55:9a:59:
         7b:b5:c8:2e:7f:1c:89:8f:37:af:ef:fb:2e:5d:37:11:8d:3b:
         a5:4a:24:63:2b:23:0b:9a:a2:60:99:df:07:bb:ac:9c:d1:60:
         a8:cb:72:27:8c:31:20:d1:18:ea:6a:ef:ed:92:29:3c:0e:21:
         30:82:89:68:dc:46:f8:52:db:c4:3d:e4:ca:ce:78:7e:3e:c8:
         4f:43:fd:6c:33:e3:51:0e:4e:86:fc:4a:94:75:9c:3e:bf:2f:
         c8:01:7e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSgT4bVkeNN28pQXm89F1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTVlMWQzMWY3ZWYwYzk0MWI2OGMyNjA3YTY4OTc5MDlmYjUwNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8pHHoRqkY0dRH1CPnHGPTvmV2APS
aQkd+kQTgVM16ccGTCfs5C94g26+dovNmLPEI/VxSv5iR3y3UV79hmeDJZKYkiho
MCQQD4RMyeSYbE0Q5CfwN6MzXdN1YaVRTVr9dcwQI9tYni0cXCBP5etpimEgfQrn
FiBGSB+b7SeHnBogaZeIP6AGn41cgOtVkvEx2nPNtYVmesLNE+L+BFDQt3/kXWGz
2bTuFpOKpFIveblm+SqHQIWs9mEL1jYvFbfyNFyYGx86G3HPQE0ewLX2W2o8ERpd
wG9YZa25XR/6BOu+KNqV+4lazkbWT1dVOsr7OOfPa96s3UVtEX9uw2rbkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVeHTH37wyUG2jCYHpol5CftQZBMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvcFY0ZE1mZnZESlFiYU1KZ2VtaVhrSi0xQmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUXcMA0G
CSqGSIb3DQEBCwUAA4IBAQCK7SLOFOZVHJM5KgR2gan60lh+PBEof/LfypNrQF0U
G42FIYP0/Rh0+ib9R/UOSkTmjihrCFbgWZ0VXyKcjOnPQ4BCc0Javpi9HMduQTmM
ElOasFA3yCdChS5BOVgdg+zeFxru2jEurM9L+fv1ONUnkxJI30RN+j64k13qcqHH
Rs2lKMSORtZtG8kUsHY0tXm/hLpREfFfCgFyNPdJbk9Vmll7tcgufxyJjzev7/su
XTcRjTulSiRjKyMLmqJgmd8Hu6yc0WCoy3InjDEg0Rjqau/tkik8DiEwgolo3Eb4
UtvEPeTKznh+PshPQ/1sM+NRDk6G/EqUdZw+vy/IAX6E
-----END CERTIFICATE-----