Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/32656b-237b-4acf-b824-9236c68ef427/1/b1vO5iU7ywFXVIAHMcMmPKDKedY.roa
File:                     b1vO5iU7ywFXVIAHMcMmPKDKedY.roa (raw, json)
Hash identifier:          9rLn0QcL9XvzlWkW2ts8Wl3lB6C9OGK8q42wuJJ45MA=
Subject key identifier:   6F:5B:CE:E6:25:3B:CB:01:57:54:80:07:31:C3:26:3C:A0:CA:79:D6
Certificate issuer:       /CN=1244dce2b45c71f45baf8b53c689ebdfacbafec3
Certificate serial:       018D3A87F4A36B2C6FA1274A1AFE2C21BF2F
Authority key identifier: 12:44:DC:E2:B4:5C:71:F4:5B:AF:8B:53:C6:89:EB:DF:AC:BA:FE:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EkTc4rRccfRbr4tTxonr36y6_sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/32656b-237b-4acf-b824-9236c68ef427/1/b1vO5iU7ywFXVIAHMcMmPKDKedY.roa
Signing time:             Wed 24 Jan 2024 08:13:24 +0000
ROA not before:           Wed 24 Jan 2024 08:13:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        185.29.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/32656b-237b-4acf-b824-9236c68ef427/1/EkTc4rRccfRbr4tTxonr36y6_sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/32656b-237b-4acf-b824-9236c68ef427/1/EkTc4rRccfRbr4tTxonr36y6_sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EkTc4rRccfRbr4tTxonr36y6_sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:87:f4:a3:6b:2c:6f:a1:27:4a:1a:fe:2c:21:bf:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1244dce2b45c71f45baf8b53c689ebdfacbafec3
        Validity
            Not Before: Jan 24 08:13:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f5bcee6253bcb015754800731c3263ca0ca79d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5b:cf:c3:3b:7d:21:37:ca:b8:a3:dc:3e:7c:
                    6a:95:df:97:f9:96:18:09:a9:87:14:01:b4:4a:89:
                    35:3f:26:5e:aa:6c:77:5b:6b:66:eb:7a:fd:83:66:
                    f7:5f:6c:0f:f8:80:cd:be:4d:d7:7b:1b:d4:82:e6:
                    a9:aa:01:f9:9e:77:cc:ca:92:68:89:42:b3:06:24:
                    62:a2:14:bb:3c:95:9d:f6:02:f9:2f:4a:86:ae:a9:
                    61:3b:1b:a9:3a:1f:22:ea:c4:db:93:f0:f1:13:ac:
                    6c:28:9b:fe:f9:d3:26:36:61:2d:44:5e:86:62:39:
                    f4:68:3f:66:b5:ca:3e:2a:8a:ee:69:4d:23:0e:72:
                    b4:8e:49:31:a9:96:04:29:0b:5d:b0:d8:26:7c:ba:
                    d0:c7:69:7d:2b:2c:9f:99:44:17:41:4d:1d:67:7b:
                    9f:75:3c:ce:a0:86:d8:87:fc:02:98:55:a6:36:98:
                    2f:5d:e6:db:dc:8f:4c:89:7c:29:8a:93:89:a8:90:
                    23:3e:49:f6:9a:da:2d:9b:ea:6f:f9:13:e4:ea:04:
                    33:8f:56:2f:73:da:2d:51:dd:9e:b4:f7:0e:dd:34:
                    ff:a7:87:8b:cd:77:82:b5:c3:e6:00:2f:af:0b:93:
                    a0:b8:da:1c:d5:ea:28:9d:85:6c:9f:7c:de:7c:e6:
                    54:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:5B:CE:E6:25:3B:CB:01:57:54:80:07:31:C3:26:3C:A0:CA:79:D6
            X509v3 Authority Key Identifier:
                keyid:12:44:DC:E2:B4:5C:71:F4:5B:AF:8B:53:C6:89:EB:DF:AC:BA:FE:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EkTc4rRccfRbr4tTxonr36y6_sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/32656b-237b-4acf-b824-9236c68ef427/1/b1vO5iU7ywFXVIAHMcMmPKDKedY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/32656b-237b-4acf-b824-9236c68ef427/1/EkTc4rRccfRbr4tTxonr36y6_sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:22:c4:05:7a:ab:17:94:82:43:f2:72:51:dd:cd:ff:ec:0e:
         4d:2a:53:6a:f7:5b:ff:d7:de:79:27:b6:a7:5b:66:2c:89:df:
         af:4d:6f:71:63:58:81:71:2b:a8:d9:30:17:4b:76:a2:3f:3d:
         ba:68:94:3e:5a:cd:2c:be:01:80:d3:f2:87:9e:c6:a8:bd:1e:
         83:a9:58:39:ee:73:0d:8f:2b:c7:7c:b0:61:15:22:80:a6:32:
         5d:3f:64:af:d1:07:9c:12:7c:af:6b:2c:78:5b:15:7b:40:f2:
         4c:db:d8:57:ee:77:3f:5e:b2:1d:8d:e1:2d:02:71:16:03:d3:
         3c:49:79:de:c4:06:c3:8c:d5:2c:0a:58:61:e2:2c:7b:3f:2a:
         3e:65:a2:29:e9:09:86:1b:42:2a:a7:4b:d0:8a:e6:fe:25:6c:
         f8:fd:ea:83:f8:0a:53:c5:2a:b8:ed:f1:73:a5:ed:7e:ed:5a:
         33:31:56:7d:c7:ad:da:a0:1b:b4:2f:e5:49:24:89:ed:06:62:
         c6:86:99:f1:9a:69:40:91:92:d6:1f:20:5c:5c:ef:d0:06:96:
         7d:6c:2d:f3:0f:e9:02:77:af:af:b7:f7:2d:83:6a:90:80:05:
         79:d4:d4:c6:5b:41:e2:94:bd:f4:12:13:1d:6b:22:1f:4a:b2:
         f9:d0:4f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY06h/SjayxvoSdKGv4sIb8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNDRkY2UyYjQ1YzcxZjQ1YmFmOGI1M2M2ODllYmRmYWNi
YWZlYzMwHhcNMjQwMTI0MDgxMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjViY2VlNjI1M2JjYjAxNTc1NDgwMDczMWMzMjYzY2EwY2E3OWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVvPwzt9ITfKuKPcPnxqld+X+ZYY
CamHFAG0Sok1PyZeqmx3W2tm63r9g2b3X2wP+IDNvk3XexvUguapqgH5nnfMypJo
iUKzBiRiohS7PJWd9gL5L0qGrqlhOxupOh8i6sTbk/DxE6xsKJv++dMmNmEtRF6G
Yjn0aD9mtco+KoruaU0jDnK0jkkxqZYEKQtdsNgmfLrQx2l9KyyfmUQXQU0dZ3uf
dTzOoIbYh/wCmFWmNpgvXebb3I9MiXwpipOJqJAjPkn2mtotm+pv+RPk6gQzj1Yv
c9otUd2etPcO3TT/p4eLzXeCtcPmAC+vC5OguNoc1eoonYVsn3zefOZUhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9bzuYlO8sBV1SABzHDJjygynnWMB8GA1UdIwQY
MBaAFBJE3OK0XHH0W6+LU8aJ69+suv7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWtUYzRyUmNjZlJicjR0VHhvbnIzNnk2X3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zMjY1NmItMjM3Yi00YWNmLWI4MjQt
OTIzNmM2OGVmNDI3LzEvYjF2TzVpVTd5d0ZYVklBSE1jTW1QS0RLZWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zMjY1NmItMjM3Yi00YWNmLWI4MjQtOTIzNmM2OGVmNDI3
LzEvRWtUYzRyUmNjZlJicjR0VHhvbnIzNnk2X3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR3sMA0G
CSqGSIb3DQEBCwUAA4IBAQBvIsQFeqsXlIJD8nJR3c3/7A5NKlNq91v/1955J7an
W2Ysid+vTW9xY1iBcSuo2TAXS3aiPz26aJQ+Ws0svgGA0/KHnsaovR6DqVg57nMN
jyvHfLBhFSKApjJdP2Sv0QecEnyvayx4WxV7QPJM29hX7nc/XrIdjeEtAnEWA9M8
SXnexAbDjNUsClhh4ix7Pyo+ZaIp6QmGG0Iqp0vQiub+JWz4/eqD+ApTxSq47fFz
pe1+7VozMVZ9x63aoBu0L+VJJIntBmLGhpnxmmlAkZLWHyBcXO/QBpZ9bC3zD+kC
d6+vt/ctg2qQgAV51NTGW0HilL30EhMdayIfSrL50E9J
-----END CERTIFICATE-----