Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ee4748-4eab-4e55-b64a-2c7a11c1fbaf/1/RfPDqVQQTn9AP-r-gR4nTbhLcyU.roa
File:                     RfPDqVQQTn9AP-r-gR4nTbhLcyU.roa (raw, json)
Hash identifier:          cjf2e72ipmRfxniEZiNvLJqf5Ta8HlIhuQCuB/Kj9XA=
Subject key identifier:   45:F3:C3:A9:54:10:4E:7F:40:3F:EA:FE:81:1E:27:4D:B8:4B:73:25
Certificate issuer:       /CN=95d61ae8472c5c8fcd813756c164c2f1864d3c90
Certificate serial:       018CC86F923F70E027E4BD8FBF258AF4A990
Authority key identifier: 95:D6:1A:E8:47:2C:5C:8F:CD:81:37:56:C1:64:C2:F1:86:4D:3C:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldYa6EcsXI_NgTdWwWTC8YZNPJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ee4748-4eab-4e55-b64a-2c7a11c1fbaf/1/RfPDqVQQTn9AP-r-gR4nTbhLcyU.roa
Signing time:             Tue 02 Jan 2024 04:30:04 +0000
ROA not before:           Tue 02 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200423
IP address blocks:        185.107.220.0/22 maxlen: 24
                          2a06:4600::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ee4748-4eab-4e55-b64a-2c7a11c1fbaf/1/ldYa6EcsXI_NgTdWwWTC8YZNPJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ee4748-4eab-4e55-b64a-2c7a11c1fbaf/1/ldYa6EcsXI_NgTdWwWTC8YZNPJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldYa6EcsXI_NgTdWwWTC8YZNPJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:92:3f:70:e0:27:e4:bd:8f:bf:25:8a:f4:a9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d61ae8472c5c8fcd813756c164c2f1864d3c90
        Validity
            Not Before: Jan  2 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45f3c3a954104e7f403feafe811e274db84b7325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c0:28:67:80:d5:04:3f:ab:b8:f0:2c:a4:6e:
                    86:fc:e9:69:24:04:38:44:40:73:4d:e6:d3:fb:6d:
                    27:25:f5:49:fc:35:50:cc:93:1e:3c:8f:b9:43:b2:
                    59:0c:0e:95:db:f0:89:2f:a4:a2:67:8b:60:ff:98:
                    55:8c:d8:7c:1d:fb:16:f3:d8:67:fb:60:4c:57:90:
                    09:7e:d8:12:93:5c:56:64:ec:28:bb:67:4f:9a:08:
                    5f:dd:81:be:b6:0f:fe:fe:cf:94:e5:eb:d7:f5:cd:
                    3b:c1:1b:04:87:f3:1e:67:66:6a:58:cc:ff:f9:bc:
                    c9:56:91:6e:81:b4:ea:e4:51:e3:6d:6b:45:ee:40:
                    fd:b6:ae:16:cd:ba:be:f7:18:2e:89:ee:df:d8:a9:
                    4b:e9:37:3e:69:a5:dd:a2:31:e4:83:a3:9a:67:b7:
                    25:f3:94:d0:47:17:40:02:4b:73:6c:8a:39:77:f5:
                    75:50:a5:d5:fe:41:bf:2c:75:c6:af:76:d4:11:0e:
                    16:a8:6a:b6:b7:4a:ab:ea:ef:e9:f1:06:f2:db:5c:
                    69:bd:8f:8b:e5:50:ed:13:60:8d:05:58:ad:06:ff:
                    99:45:68:c7:39:d8:01:6f:de:7e:01:95:c2:35:7f:
                    69:12:a9:e3:25:61:61:88:fa:b9:05:c9:ae:2e:07:
                    5f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F3:C3:A9:54:10:4E:7F:40:3F:EA:FE:81:1E:27:4D:B8:4B:73:25
            X509v3 Authority Key Identifier:
                keyid:95:D6:1A:E8:47:2C:5C:8F:CD:81:37:56:C1:64:C2:F1:86:4D:3C:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldYa6EcsXI_NgTdWwWTC8YZNPJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ee4748-4eab-4e55-b64a-2c7a11c1fbaf/1/RfPDqVQQTn9AP-r-gR4nTbhLcyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ee4748-4eab-4e55-b64a-2c7a11c1fbaf/1/ldYa6EcsXI_NgTdWwWTC8YZNPJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.220.0/22
                IPv6:
                  2a06:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:af:1a:ea:17:e7:ce:cf:7d:9a:59:9d:77:eb:08:7c:1c:d5:
         fa:c1:9b:a7:a4:e1:4c:f1:d7:d3:bb:06:de:80:2e:24:8d:8e:
         b9:1c:b6:89:4b:4a:b2:7f:13:70:6f:e7:1d:93:61:6a:cc:c6:
         1b:1d:cd:7f:04:7e:af:bb:3f:1b:c6:74:1b:20:26:bd:43:9e:
         d3:53:c7:0e:a3:03:57:c5:1f:c5:73:5d:40:3b:63:8c:bb:e9:
         30:58:35:ca:e1:eb:b6:28:91:6f:04:7e:3a:e5:e6:c4:df:b8:
         b5:56:b4:00:c7:98:f8:e7:1b:cc:73:e5:dd:6b:d7:a6:6e:90:
         78:a1:22:8b:6b:cd:20:03:c1:23:b1:c9:86:8a:f6:d4:a4:00:
         7e:7c:0c:5f:af:e5:67:b3:cb:d5:14:a8:ea:f0:ee:26:b8:dc:
         67:49:8b:59:a9:3a:70:b0:d4:06:5d:21:a8:42:4f:e1:02:cc:
         de:97:79:73:86:ae:7d:4c:45:ed:4b:a5:ca:61:f8:fc:ee:19:
         fb:f3:9e:35:f1:3d:3b:60:ce:d1:46:ff:ef:32:5e:94:75:eb:
         ea:29:c2:ac:9a:c8:de:80:52:3e:38:87:c7:fe:6e:9a:58:31:
         a9:f6:88:65:48:3b:9e:e6:9e:05:32:fd:31:b2:ec:44:d8:d0:
         6c:3c:77:92
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb5I/cOAn5L2PvyWK9KmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDYxYWU4NDcyYzVjOGZjZDgxMzc1NmMxNjRjMmYxODY0
ZDNjOTAwHhcNMjQwMTAyMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWYzYzNhOTU0MTA0ZTdmNDAzZmVhZmU4MTFlMjc0ZGI4NGI3MzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcAoZ4DVBD+ruPAspG6G/OlpJAQ4
REBzTebT+20nJfVJ/DVQzJMePI+5Q7JZDA6V2/CJL6SiZ4tg/5hVjNh8HfsW89hn
+2BMV5AJftgSk1xWZOwou2dPmghf3YG+tg/+/s+U5evX9c07wRsEh/MeZ2ZqWMz/
+bzJVpFugbTq5FHjbWtF7kD9tq4Wzbq+9xguie7f2KlL6Tc+aaXdojHkg6OaZ7cl
85TQRxdAAktzbIo5d/V1UKXV/kG/LHXGr3bUEQ4WqGq2t0qr6u/p8Qby21xpvY+L
5VDtE2CNBVitBv+ZRWjHOdgBb95+AZXCNX9pEqnjJWFhiPq5BcmuLgdfMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEXzw6lUEE5/QD/q/oEeJ024S3MlMB8GA1UdIwQY
MBaAFJXWGuhHLFyPzYE3VsFkwvGGTTyQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRZYTZFY3NYSV9OZ1RkV3dXVEM4WVpOUEpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lZTQ3NDgtNGVhYi00ZTU1LWI2NGEt
MmM3YTExYzFmYmFmLzEvUmZQRHFWUVFUbjlBUC1yLWdSNG5UYmhMY3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lZTQ3NDgtNGVhYi00ZTU1LWI2NGEtMmM3YTExYzFmYmFm
LzEvbGRZYTZFY3NYSV9OZ1RkV3dXVEM4WVpOUEpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWvcMA0E
AgACMAcDBQMqBkYAMA0GCSqGSIb3DQEBCwUAA4IBAQBsrxrqF+fOz32aWZ136wh8
HNX6wZunpOFM8dfTuwbegC4kjY65HLaJS0qyfxNwb+cdk2FqzMYbHc1/BH6vuz8b
xnQbICa9Q57TU8cOowNXxR/Fc11AO2OMu+kwWDXK4eu2KJFvBH465ebE37i1VrQA
x5j45xvMc+Xda9embpB4oSKLa80gA8EjscmGivbUpAB+fAxfr+Vns8vVFKjq8O4m
uNxnSYtZqTpwsNQGXSGoQk/hAszel3lzhq59TEXtS6XKYfj87hn785418T07YM7R
Rv/vMl6UdevqKcKsmsjegFI+OIfH/m6aWDGp9ohlSDue5p4FMv0xsuxE2NBsPHeS
-----END CERTIFICATE-----