Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/gXNcdvdIoLRSU8uzJVQNdnNxXiY.roa
File:                     gXNcdvdIoLRSU8uzJVQNdnNxXiY.roa (raw, json)
Hash identifier:          lDSPUnQYbCBZ9gje+Lf+5DS5V8m2VdYWAm9fPXMes8s=
Subject key identifier:   81:73:5C:76:F7:48:A0:B4:52:53:CB:B3:25:54:0D:76:73:71:5E:26
Certificate issuer:       /CN=c1db041afabfd8c11f0b10b523799b65cfde3908
Certificate serial:       018D407A7D34A3C9406170084550C6732FF7
Authority key identifier: C1:DB:04:1A:FA:BF:D8:C1:1F:0B:10:B5:23:79:9B:65:CF:DE:39:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wdsEGvq_2MEfCxC1I3mbZc_eOQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/gXNcdvdIoLRSU8uzJVQNdnNxXiY.roa
Signing time:             Thu 25 Jan 2024 11:56:25 +0000
ROA not before:           Thu 25 Jan 2024 11:56:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        185.235.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/wdsEGvq_2MEfCxC1I3mbZc_eOQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/wdsEGvq_2MEfCxC1I3mbZc_eOQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wdsEGvq_2MEfCxC1I3mbZc_eOQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:7a:7d:34:a3:c9:40:61:70:08:45:50:c6:73:2f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1db041afabfd8c11f0b10b523799b65cfde3908
        Validity
            Not Before: Jan 25 11:56:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81735c76f748a0b45253cbb325540d7673715e26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0b:ca:4c:3b:0b:ed:33:3d:c1:db:67:ed:13:
                    7d:b7:63:38:c8:aa:90:27:48:2c:14:1e:4a:ab:f8:
                    e9:64:99:6a:17:85:16:95:53:90:73:37:8d:91:e6:
                    df:ca:7f:a4:85:5e:26:1c:62:ac:0d:32:78:e0:79:
                    13:22:79:c2:b3:e4:3c:ec:1f:ce:aa:87:24:1b:be:
                    83:40:79:9e:d1:c1:b8:6f:0b:fb:95:98:9e:58:60:
                    5b:ca:39:85:c6:de:e2:cd:24:f4:f4:48:8a:e6:2c:
                    f5:8e:37:25:d3:74:06:1b:3c:6d:a2:89:e5:74:f6:
                    5e:2e:aa:01:97:eb:f9:c0:ba:4e:16:64:15:93:9b:
                    55:af:8c:4c:5f:19:12:f4:d6:71:52:c1:85:70:59:
                    1d:ac:98:ff:a1:35:73:cf:fa:91:0d:a9:01:32:1b:
                    15:8b:a3:f7:97:61:17:5e:69:8a:a3:13:49:37:81:
                    2e:53:88:56:b6:ea:8d:1b:2c:91:35:cb:68:cd:f3:
                    07:ab:95:4f:74:41:68:f4:cf:d2:83:78:e5:01:d3:
                    19:f0:e8:77:40:d4:5d:7c:e2:32:2b:90:c3:95:96:
                    28:18:b2:62:17:b2:56:61:33:fd:d2:73:9b:8b:16:
                    48:0e:bc:06:85:18:53:28:de:fb:4a:a4:0b:a0:af:
                    89:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:73:5C:76:F7:48:A0:B4:52:53:CB:B3:25:54:0D:76:73:71:5E:26
            X509v3 Authority Key Identifier:
                keyid:C1:DB:04:1A:FA:BF:D8:C1:1F:0B:10:B5:23:79:9B:65:CF:DE:39:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wdsEGvq_2MEfCxC1I3mbZc_eOQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/gXNcdvdIoLRSU8uzJVQNdnNxXiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/wdsEGvq_2MEfCxC1I3mbZc_eOQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:4e:3b:c1:a2:6b:85:05:cb:29:ef:12:9c:71:31:a6:65:12:
         11:81:a5:39:f5:86:fe:eb:70:37:9d:fc:6f:75:4f:99:2a:f4:
         ab:d8:23:c7:0f:f8:de:03:c3:05:42:22:1d:19:22:b9:f3:aa:
         6a:cb:e2:a5:bc:b5:69:d8:f3:37:ef:be:63:b1:c2:d4:47:bb:
         44:42:83:c2:83:25:4e:1c:2f:4d:bb:d3:b6:26:99:31:05:42:
         6c:4c:6e:be:52:a2:45:12:01:16:2b:8b:dc:99:0f:a1:6a:8b:
         ff:dc:a2:c4:7e:19:f5:29:ce:31:fc:41:d0:8b:a0:bb:3a:49:
         6b:ad:34:4d:da:38:28:3f:ce:5a:e4:36:36:5c:af:32:02:7c:
         9c:04:56:e9:c7:d1:3d:90:e1:a1:df:91:24:12:4e:e9:f7:41:
         34:17:40:26:e7:63:19:fe:5b:9b:8a:f3:fb:89:e8:27:31:a3:
         bf:08:c5:65:b2:5c:50:cd:83:43:31:3b:81:2b:b8:01:dd:8a:
         e1:21:2c:f9:b6:2d:d8:ea:bc:80:10:2d:24:74:0c:f7:6e:e5:
         02:32:bd:54:87:be:4a:e1:49:03:6b:d9:f7:ba:b9:63:e8:a2:
         c0:85:08:5a:4d:be:b6:e7:fe:0e:3e:0c:ff:c7:e7:7d:ca:f7:
         d7:54:3d:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Aen00o8lAYXAIRVDGcy/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZGIwNDFhZmFiZmQ4YzExZjBiMTBiNTIzNzk5YjY1Y2Zk
ZTM5MDgwHhcNMjQwMTI1MTE1NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTczNWM3NmY3NDhhMGI0NTI1M2NiYjMyNTU0MGQ3NjczNzE1ZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQvKTDsL7TM9wdtn7RN9t2M4yKqQ
J0gsFB5Kq/jpZJlqF4UWlVOQczeNkebfyn+khV4mHGKsDTJ44HkTInnCs+Q87B/O
qockG76DQHme0cG4bwv7lZieWGBbyjmFxt7izST09EiK5iz1jjcl03QGGzxtoonl
dPZeLqoBl+v5wLpOFmQVk5tVr4xMXxkS9NZxUsGFcFkdrJj/oTVzz/qRDakBMhsV
i6P3l2EXXmmKoxNJN4EuU4hWtuqNGyyRNctozfMHq5VPdEFo9M/Sg3jlAdMZ8Oh3
QNRdfOIyK5DDlZYoGLJiF7JWYTP90nObixZIDrwGhRhTKN77SqQLoK+JAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFzXHb3SKC0UlPLsyVUDXZzcV4mMB8GA1UdIwQY
MBaAFMHbBBr6v9jBHwsQtSN5m2XP3jkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2RzRUd2cV8yTUVmQ3hDMUkzbWJaY19lT1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC81ZTA0ODktMTdjZi00MjJjLWFhNDAt
MmZiMDk0NGI1MTk0LzEvZ1hOY2R2ZElvTFJTVTh1ekpWUU5kbk54WGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC81ZTA0ODktMTdjZi00MjJjLWFhNDAtMmZiMDk0NGI1MTk0
LzEvd2RzRUd2cV8yTUVmQ3hDMUkzbWJaY19lT1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueusMA0G
CSqGSIb3DQEBCwUAA4IBAQA8TjvBomuFBcsp7xKccTGmZRIRgaU59Yb+63A3nfxv
dU+ZKvSr2CPHD/jeA8MFQiIdGSK586pqy+KlvLVp2PM3775jscLUR7tEQoPCgyVO
HC9Nu9O2JpkxBUJsTG6+UqJFEgEWK4vcmQ+haov/3KLEfhn1Kc4x/EHQi6C7Oklr
rTRN2jgoP85a5DY2XK8yAnycBFbpx9E9kOGh35EkEk7p90E0F0Am52MZ/lubivP7
iegnMaO/CMVlslxQzYNDMTuBK7gB3YrhISz5ti3Y6ryAEC0kdAz3buUCMr1Uh75K
4UkDa9n3urlj6KLAhQhaTb625/4OPgz/x+d9yvfXVD0k
-----END CERTIFICATE-----