Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/ou8vqErz9aaXoJroiQNfDTitK74.roa
File:                     ou8vqErz9aaXoJroiQNfDTitK74.roa (raw, json)
Hash identifier:          VIMCbVTEUczSw+zIT6cLlxi1D1G41hO+iCLIpiM2tSU=
Subject key identifier:   A2:EF:2F:A8:4A:F3:F5:A6:97:A0:9A:E8:89:03:5F:0D:38:AD:2B:BE
Certificate issuer:       /CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
Certificate serial:       018CC801143BC81229C009775933493E7090
Authority key identifier: B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/ou8vqErz9aaXoJroiQNfDTitK74.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207044
IP address blocks:        185.106.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:14:3b:c8:12:29:c0:09:77:59:33:49:3e:70:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2ef2fa84af3f5a697a09ae889035f0d38ad2bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d5:10:28:b3:a3:52:b4:7d:ce:f6:6f:70:d3:
                    73:cd:95:7f:cd:5f:4c:7d:d2:28:42:4f:0c:d0:e9:
                    7d:f2:2a:e9:d2:cd:c3:58:53:09:80:4f:be:8e:02:
                    fa:00:60:0b:41:0f:d7:de:90:b8:bb:20:52:09:37:
                    50:ba:f0:53:5a:44:75:c7:43:50:53:cd:26:7e:dc:
                    3c:13:dd:93:3a:59:e4:61:0b:18:e2:4c:8f:4e:4b:
                    1e:28:c3:81:b7:2e:c8:6b:b8:b4:ef:63:80:90:d9:
                    c4:bb:f9:f4:ad:d3:32:92:0b:ee:60:15:bb:6d:cd:
                    9e:c0:9e:a0:ca:76:50:14:c2:f8:ce:8b:0c:d9:35:
                    31:eb:ba:b2:1b:3c:9a:d8:29:be:b3:b1:c1:08:7a:
                    a1:91:82:e5:ec:e6:82:c9:6a:13:63:df:f4:8c:66:
                    ad:07:be:cf:7d:43:32:51:18:ce:8e:a7:f3:a8:00:
                    5e:3a:e4:9c:f8:41:c9:66:07:6b:0a:84:27:fb:e0:
                    32:2e:92:ba:b8:2e:35:33:55:45:87:1d:13:74:03:
                    48:1f:6d:92:e5:6e:67:9e:44:e6:88:c5:cc:bd:8c:
                    22:d1:74:15:92:50:9a:6a:8d:3e:b9:9b:2c:a8:23:
                    23:86:9d:59:df:20:e2:91:7d:b0:e4:cc:07:64:cf:
                    48:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:EF:2F:A8:4A:F3:F5:A6:97:A0:9A:E8:89:03:5F:0D:38:AD:2B:BE
            X509v3 Authority Key Identifier:
                keyid:B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/ou8vqErz9aaXoJroiQNfDTitK74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:46:de:65:9e:7b:56:1a:54:32:e7:c0:21:48:7c:b1:19:ca:
         46:1f:51:5f:bd:9c:90:9f:ef:46:26:c4:0c:32:21:ca:53:7e:
         bc:24:92:80:27:7d:7d:55:2c:f3:7c:65:cb:b6:9c:ba:57:1b:
         ac:d2:5d:db:89:2f:31:4c:90:8b:65:36:12:8d:89:ca:ad:1a:
         35:10:9c:cd:fe:11:cc:66:ec:2a:89:19:b8:b6:35:79:52:94:
         e9:6e:6f:3d:41:8a:ee:1a:32:8f:e3:d8:8b:97:08:19:c9:c5:
         1a:b2:4f:82:6b:58:39:50:4b:1c:c8:15:0f:cb:c5:9b:59:25:
         42:6d:09:74:ad:60:d2:12:63:81:12:ae:ca:8e:66:14:cb:54:
         04:ab:f9:b7:bb:76:31:f6:53:5f:ff:f1:40:32:e7:b6:b2:74:
         c6:2a:fe:33:85:6f:a9:b0:01:bb:82:83:bd:19:37:8f:ec:aa:
         5c:3c:40:2b:e2:28:77:6e:4e:d9:5c:4d:d1:5b:93:b4:ff:3a:
         a8:1f:c7:75:e8:93:8d:38:69:5e:1c:03:29:44:4d:0f:57:03:
         6e:63:80:fa:e3:51:91:e1:92:05:1e:9d:01:e2:5c:10:8f:8a:
         44:88:0e:e5:5b:44:ec:d1:87:0b:7b:0b:74:5e:b6:f1:5e:a4:
         9e:b3:3e:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARQ7yBIpwAl3WTNJPnCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOGJiNjJhNDdiMWEyYWVkYjcwZjMyZjU4Yzk3OWJhMGM3
NzdmMDYwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmVmMmZhODRhZjNmNWE2OTdhMDlhZTg4OTAzNWYwZDM4YWQyYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstUQKLOjUrR9zvZvcNNzzZV/zV9M
fdIoQk8M0Ol98irp0s3DWFMJgE++jgL6AGALQQ/X3pC4uyBSCTdQuvBTWkR1x0NQ
U80mftw8E92TOlnkYQsY4kyPTkseKMOBty7Ia7i072OAkNnEu/n0rdMykgvuYBW7
bc2ewJ6gynZQFML4zosM2TUx67qyGzya2Cm+s7HBCHqhkYLl7OaCyWoTY9/0jGat
B77PfUMyURjOjqfzqABeOuSc+EHJZgdrCoQn++AyLpK6uC41M1VFhx0TdANIH22S
5W5nnkTmiMXMvYwi0XQVklCaao0+uZssqCMjhp1Z3yDikX2w5MwHZM9I0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLvL6hK8/Wml6Ca6IkDXw04rSu+MB8GA1UdIwQY
MBaAFLOLtipHsaKu23DzL1jJeboMd38GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgt
MDYwNWMwODlmYzM4LzEvb3U4dnFFcno5YWFYb0pyb2lRTmZEVGl0Szc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgtMDYwNWMwODlmYzM4
LzEvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWpYMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Rt5lnntWGlQy58AhSHyxGcpGH1FfvZyQn+9GJsQM
MiHKU368JJKAJ319VSzzfGXLtpy6Vxus0l3biS8xTJCLZTYSjYnKrRo1EJzN/hHM
ZuwqiRm4tjV5UpTpbm89QYruGjKP49iLlwgZycUask+Ca1g5UEscyBUPy8WbWSVC
bQl0rWDSEmOBEq7KjmYUy1QEq/m3u3Yx9lNf//FAMue2snTGKv4zhW+psAG7goO9
GTeP7KpcPEAr4ih3bk7ZXE3RW5O0/zqoH8d16JONOGleHAMpRE0PVwNuY4D641GR
4ZIFHp0B4lwQj4pEiA7lW0Ts0YcLewt0XrbxXqSesz52
-----END CERTIFICATE-----