Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/mR8tt892naZEz9Yu7Nl01ALwEts.roa
File:                     mR8tt892naZEz9Yu7Nl01ALwEts.roa (raw, json)
Hash identifier:          sxi9hOsNSSBAYrdl3YLP+l0UEn84kQoPHxhrD3KG6B4=
Subject key identifier:   99:1F:2D:B7:CF:76:9D:A6:44:CF:D6:2E:EC:D9:74:D4:02:F0:12:DB
Certificate issuer:       /CN=c4064476c2c47f778474a14816c1e06a40813e5c
Certificate serial:       018CC7264D481FDDA313A2D76A12291F8258
Authority key identifier: C4:06:44:76:C2:C4:7F:77:84:74:A1:48:16:C1:E0:6A:40:81:3E:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xAZEdsLEf3eEdKFIFsHgakCBPlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/mR8tt892naZEz9Yu7Nl01ALwEts.roa
Signing time:             Mon 01 Jan 2024 22:30:25 +0000
ROA not before:           Mon 01 Jan 2024 22:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15725
IP address blocks:        185.98.236.0/22 maxlen: 24
                          217.17.192.0/20 maxlen: 24
                          2001:4bd8::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/xAZEdsLEf3eEdKFIFsHgakCBPlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/xAZEdsLEf3eEdKFIFsHgakCBPlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xAZEdsLEf3eEdKFIFsHgakCBPlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:4d:48:1f:dd:a3:13:a2:d7:6a:12:29:1f:82:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4064476c2c47f778474a14816c1e06a40813e5c
        Validity
            Not Before: Jan  1 22:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=991f2db7cf769da644cfd62eecd974d402f012db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:1d:a7:4b:5b:1d:f2:d3:77:ae:f5:44:20:
                    fc:f7:d0:c2:69:3b:9a:0f:33:72:26:ba:90:80:7d:
                    95:d6:31:dd:3d:7d:e1:69:b4:09:81:ac:5a:e1:25:
                    df:b8:14:19:dc:9e:79:20:27:df:cd:f4:f5:c3:e9:
                    fc:3b:32:9e:dc:29:d5:c9:12:9c:d2:8f:83:e1:8e:
                    da:85:58:d6:a2:0d:76:cd:2c:29:e7:17:fa:78:fe:
                    46:ae:5b:95:19:20:18:53:b5:33:8f:22:a7:97:37:
                    25:f3:55:70:90:d0:30:1e:97:a9:40:65:4f:ff:a3:
                    f3:d7:48:31:4e:10:c2:d4:36:01:3b:68:ad:ce:58:
                    5d:34:54:1c:85:8e:a5:72:33:5b:5a:73:ef:0c:a9:
                    e0:0f:de:9a:61:60:d6:09:d2:87:03:56:68:a4:f4:
                    82:81:9e:d1:be:de:17:2a:ab:0d:e5:86:f8:db:d5:
                    7e:06:08:04:b9:aa:61:e6:82:04:88:ef:57:d7:33:
                    75:5c:7f:ac:38:24:ff:91:5b:e6:52:39:4a:ef:9f:
                    5f:7e:4d:5e:1f:76:00:e6:7d:ca:b6:ac:d2:aa:a8:
                    72:27:a7:f6:bc:75:f1:fd:dd:17:0f:c0:63:aa:5b:
                    4a:e5:42:cc:7d:73:8b:c2:7a:cf:9c:30:2f:bc:34:
                    4f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:1F:2D:B7:CF:76:9D:A6:44:CF:D6:2E:EC:D9:74:D4:02:F0:12:DB
            X509v3 Authority Key Identifier:
                keyid:C4:06:44:76:C2:C4:7F:77:84:74:A1:48:16:C1:E0:6A:40:81:3E:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xAZEdsLEf3eEdKFIFsHgakCBPlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/mR8tt892naZEz9Yu7Nl01ALwEts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9a7df7-18ba-41f7-880a-746777e21c5b/1/xAZEdsLEf3eEdKFIFsHgakCBPlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.236.0/22
                  217.17.192.0/20
                IPv6:
                  2001:4bd8::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:2f:e0:64:f4:de:71:34:b4:02:e6:cb:72:d4:2b:c3:1b:10:
         b4:bb:3a:95:9a:f0:f3:b6:6b:c9:99:84:0b:32:4b:27:38:7a:
         3b:b1:d1:a5:16:21:77:50:48:f3:d7:04:b9:62:44:64:b0:98:
         88:b3:9b:e7:c2:f8:10:45:79:45:0a:21:8f:7c:50:b5:a1:91:
         8f:56:e1:e9:4d:92:4b:dd:ea:3a:a4:1a:1b:1a:35:43:6b:93:
         60:09:4c:6f:63:60:e2:26:3e:7e:dd:d1:99:ee:be:66:4e:c3:
         0f:91:0a:4e:ca:26:a6:c5:75:b1:3a:b6:ca:b7:b3:b6:7d:e3:
         97:05:0d:a5:ed:51:fe:50:bb:24:f0:5e:5f:75:78:89:b4:13:
         3f:23:e8:8f:22:0a:55:c3:88:1e:46:f4:5e:61:8d:60:99:af:
         a5:d7:97:be:1c:82:90:f2:bb:21:9e:2a:3a:34:20:86:36:fb:
         11:23:c3:85:4c:47:ed:e5:c7:29:eb:4c:14:b9:c4:31:25:4a:
         f5:e1:f0:07:8b:c4:af:0a:4e:57:af:3f:08:8e:21:df:a9:71:
         42:2a:ca:bd:b8:7a:12:b2:c7:7f:67:e1:f0:3a:42:87:95:3e:
         f9:b3:cc:4b:cd:4b:02:e2:00:44:dd:0e:7f:8d:7a:cd:fa:71:
         67:4e:4c:a5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJk1IH92jE6LXahIpH4JYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MDY0NDc2YzJjNDdmNzc4NDc0YTE0ODE2YzFlMDZhNDA4
MTNlNWMwHhcNMjQwMTAxMjIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTFmMmRiN2NmNzY5ZGE2NDRjZmQ2MmVlY2Q5NzRkNDAyZjAxMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0Ydp0tbHfLTd671RCD899DCaTua
DzNyJrqQgH2V1jHdPX3habQJgaxa4SXfuBQZ3J55ICffzfT1w+n8OzKe3CnVyRKc
0o+D4Y7ahVjWog12zSwp5xf6eP5GrluVGSAYU7UzjyKnlzcl81VwkNAwHpepQGVP
/6Pz10gxThDC1DYBO2itzlhdNFQchY6lcjNbWnPvDKngD96aYWDWCdKHA1ZopPSC
gZ7Rvt4XKqsN5Yb429V+BggEuaph5oIEiO9X1zN1XH+sOCT/kVvmUjlK759ffk1e
H3YA5n3KtqzSqqhyJ6f2vHXx/d0XD8BjqltK5ULMfXOLwnrPnDAvvDRPdwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJkfLbfPdp2mRM/WLuzZdNQC8BLbMB8GA1UdIwQY
MBaAFMQGRHbCxH93hHShSBbB4GpAgT5cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEFaRWRzTEVmM2VFZEtGSUZzSGdha0NCUGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85YTdkZjctMThiYS00MWY3LTg4MGEt
NzQ2Nzc3ZTIxYzViLzEvbVI4dHQ4OTJuYVpFejlZdTdObDAxQUx3RXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85YTdkZjctMThiYS00MWY3LTg4MGEtNzQ2Nzc3ZTIxYzVi
LzEveEFaRWRzTEVmM2VFZEtGSUZzSGdha0NCUGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWLsAwQE
2RHAMA0EAgACMAcDBQMgAUvYMA0GCSqGSIb3DQEBCwUAA4IBAQCGL+Bk9N5xNLQC
5sty1CvDGxC0uzqVmvDztmvJmYQLMksnOHo7sdGlFiF3UEjz1wS5YkRksJiIs5vn
wvgQRXlFCiGPfFC1oZGPVuHpTZJL3eo6pBobGjVDa5NgCUxvY2DiJj5+3dGZ7r5m
TsMPkQpOyiamxXWxOrbKt7O2feOXBQ2l7VH+ULsk8F5fdXiJtBM/I+iPIgpVw4ge
RvReYY1gma+l15e+HIKQ8rshnio6NCCGNvsRI8OFTEft5ccp60wUucQxJUr14fAH
i8SvCk5Xrz8IjiHfqXFCKsq9uHoSssd/Z+HwOkKHlT75s8xLzUsC4gBE3Q5/jXrN
+nFnTkyl
-----END CERTIFICATE-----