Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/abbb9f-4f10-4e44-aca3-04275a2919a7/1/cpD-29I4WlppTYDhbsZQVEJaMDc.roa
File:                     cpD-29I4WlppTYDhbsZQVEJaMDc.roa (raw, json)
Hash identifier:          kSwxdyqoE+wVkIu6HS+SMqK4xO4r/ZcsMSYZd3Yk4VE=
Subject key identifier:   72:90:FE:DB:D2:38:5A:5A:69:4D:80:E1:6E:C6:50:54:42:5A:30:37
Certificate issuer:       /CN=10280ad741e72328085d5fa5797a8451f5fb0238
Certificate serial:       018D15A901880838CDFD4884D371E2AD5EC9
Authority key identifier: 10:28:0A:D7:41:E7:23:28:08:5D:5F:A5:79:7A:84:51:F5:FB:02:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECgK10HnIygIXV-leXqEUfX7Ajg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/abbb9f-4f10-4e44-aca3-04275a2919a7/1/cpD-29I4WlppTYDhbsZQVEJaMDc.roa
Signing time:             Wed 17 Jan 2024 04:23:33 +0000
ROA not before:           Wed 17 Jan 2024 04:23:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202766
IP address blocks:        185.83.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/abbb9f-4f10-4e44-aca3-04275a2919a7/1/ECgK10HnIygIXV-leXqEUfX7Ajg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/abbb9f-4f10-4e44-aca3-04275a2919a7/1/ECgK10HnIygIXV-leXqEUfX7Ajg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECgK10HnIygIXV-leXqEUfX7Ajg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:15:a9:01:88:08:38:cd:fd:48:84:d3:71:e2:ad:5e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10280ad741e72328085d5fa5797a8451f5fb0238
        Validity
            Not Before: Jan 17 04:23:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7290fedbd2385a5a694d80e16ec65054425a3037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a4:f0:65:7b:ce:f5:ed:48:37:54:4d:0a:4c:
                    6c:85:dc:2c:fc:40:70:1a:eb:c1:95:2d:ea:a6:4c:
                    21:75:42:99:b9:50:20:c2:fc:88:77:67:50:01:98:
                    50:b4:da:1a:34:ec:95:cf:82:44:5a:65:01:2e:10:
                    d5:b8:3d:47:f4:0a:90:86:ca:79:97:c9:3b:33:97:
                    ba:00:16:d0:0f:7b:35:82:5d:21:55:83:4c:04:83:
                    de:e4:72:b8:a1:e9:06:e4:40:27:73:37:ba:9a:bf:
                    5a:ae:08:68:a1:7e:ee:58:75:9b:61:26:a5:d7:a6:
                    66:bb:75:da:96:3d:20:9b:a4:40:96:1f:ea:d6:c2:
                    2c:af:71:b2:3f:42:3b:1a:f4:68:91:e4:57:84:84:
                    84:02:44:65:a4:ca:24:05:4a:44:40:82:e2:75:c1:
                    79:ea:9f:94:46:3f:e4:ed:53:1e:26:08:26:a0:71:
                    96:ea:a6:65:de:8e:a2:3d:96:0c:27:21:ef:82:52:
                    be:3a:b9:02:6b:01:1b:9a:2d:ed:3a:a8:8c:bd:8d:
                    12:0b:fe:e4:54:09:c0:cc:e8:87:ac:4c:7f:95:fe:
                    f1:36:9a:cf:4b:fb:0f:1a:40:9c:20:e5:83:f7:00:
                    ff:c1:b4:be:56:f4:82:69:18:6e:9c:5a:70:7a:0b:
                    18:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:90:FE:DB:D2:38:5A:5A:69:4D:80:E1:6E:C6:50:54:42:5A:30:37
            X509v3 Authority Key Identifier:
                keyid:10:28:0A:D7:41:E7:23:28:08:5D:5F:A5:79:7A:84:51:F5:FB:02:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECgK10HnIygIXV-leXqEUfX7Ajg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/abbb9f-4f10-4e44-aca3-04275a2919a7/1/cpD-29I4WlppTYDhbsZQVEJaMDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/abbb9f-4f10-4e44-aca3-04275a2919a7/1/ECgK10HnIygIXV-leXqEUfX7Ajg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:7a:60:a8:ed:6f:00:69:b4:28:a3:12:4e:e7:51:b6:ee:e1:
         37:dd:88:cc:41:0b:12:fe:90:8e:8d:8c:44:3f:f5:e1:b4:68:
         2d:5d:66:a7:c0:93:01:18:79:20:62:1b:7f:a0:9e:e5:a4:48:
         29:e1:bf:0b:b4:0d:5a:3c:3a:8e:8b:74:be:74:46:4b:ba:1b:
         dd:6d:ca:05:c6:71:58:0f:af:b8:fb:73:07:28:4e:b4:73:76:
         6b:57:75:4d:26:a5:ae:a4:dc:1a:94:c1:51:b2:9c:23:4f:54:
         19:2d:58:80:95:b1:62:5b:0c:ae:c1:1d:12:52:1b:e6:72:f7:
         97:fd:7f:65:19:4d:86:5a:03:fd:92:8c:9a:35:1b:c9:81:e9:
         df:60:c2:a1:1a:fd:66:d4:c0:e3:9f:bd:d6:d3:41:6d:29:d3:
         a7:eb:06:3d:55:a4:e8:2d:cb:86:96:b5:e3:88:a0:4e:c9:d5:
         98:c4:40:7d:32:29:bd:73:9f:50:09:90:60:c4:40:2a:a5:7c:
         cc:78:49:c9:87:26:63:59:a3:0d:03:e9:8e:71:ff:ed:e0:3a:
         88:28:8c:30:59:b8:71:b0:c0:d8:dc:82:75:27:53:30:f3:2f:
         28:cf:d9:05:3e:4e:76:c1:9c:0c:d0:5c:19:a8:57:38:c3:92:
         6a:d4:bc:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0VqQGICDjN/UiE03HirV7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjgwYWQ3NDFlNzIzMjgwODVkNWZhNTc5N2E4NDUxZjVm
YjAyMzgwHhcNMjQwMTE3MDQyMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjkwZmVkYmQyMzg1YTVhNjk0ZDgwZTE2ZWM2NTA1NDQyNWEzMDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqTwZXvO9e1IN1RNCkxshdws/EBw
GuvBlS3qpkwhdUKZuVAgwvyId2dQAZhQtNoaNOyVz4JEWmUBLhDVuD1H9AqQhsp5
l8k7M5e6ABbQD3s1gl0hVYNMBIPe5HK4oekG5EAncze6mr9arghooX7uWHWbYSal
16Zmu3Xalj0gm6RAlh/q1sIsr3GyP0I7GvRokeRXhISEAkRlpMokBUpEQILidcF5
6p+URj/k7VMeJggmoHGW6qZl3o6iPZYMJyHvglK+OrkCawEbmi3tOqiMvY0SC/7k
VAnAzOiHrEx/lf7xNprPS/sPGkCcIOWD9wD/wbS+VvSCaRhunFpwegsYYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKQ/tvSOFpaaU2A4W7GUFRCWjA3MB8GA1UdIwQY
MBaAFBAoCtdB5yMoCF1fpXl6hFH1+wI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNnSzEwSG5JeWdJWFYtbGVYcUVVZlg3QWpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hYmJiOWYtNGYxMC00ZTQ0LWFjYTMt
MDQyNzVhMjkxOWE3LzEvY3BELTI5STRXbHBwVFlEaGJzWlFWRUphTURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hYmJiOWYtNGYxMC00ZTQ0LWFjYTMtMDQyNzVhMjkxOWE3
LzEvRUNnSzEwSG5JeWdJWFYtbGVYcUVVZlg3QWpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVOgMA0G
CSqGSIb3DQEBCwUAA4IBAQCpemCo7W8AabQooxJO51G27uE33YjMQQsS/pCOjYxE
P/XhtGgtXWanwJMBGHkgYht/oJ7lpEgp4b8LtA1aPDqOi3S+dEZLuhvdbcoFxnFY
D6+4+3MHKE60c3ZrV3VNJqWupNwalMFRspwjT1QZLViAlbFiWwyuwR0SUhvmcveX
/X9lGU2GWgP9koyaNRvJgenfYMKhGv1m1MDjn73W00FtKdOn6wY9VaToLcuGlrXj
iKBOydWYxEB9Mim9c59QCZBgxEAqpXzMeEnJhyZjWaMNA+mOcf/t4DqIKIwwWbhx
sMDY3IJ1J1Mw8y8oz9kFPk52wZwM0FwZqFc4w5Jq1LwE
-----END CERTIFICATE-----