Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/87e666-7248-4240-b4e4-959559b96f87/1/nA6xks4oQE9N25Xp7uQGkNyo-7Y.roa
File:                     nA6xks4oQE9N25Xp7uQGkNyo-7Y.roa (raw, json)
Hash identifier:          F+E2ylwyKz3DO5lKloF7/MKQO4W4GhOJOnJmcBpu/7Y=
Subject key identifier:   9C:0E:B1:92:CE:28:40:4F:4D:DB:95:E9:EE:E4:06:90:DC:A8:FB:B6
Certificate issuer:       /CN=71b2b04ff9b72ebfbeb918385233e028c8f3fdf1
Certificate serial:       01942444B98192F3651EE0169E728D0C0556
Authority key identifier: 71:B2:B0:4F:F9:B7:2E:BF:BE:B9:18:38:52:33:E0:28:C8:F3:FD:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cbKwT_m3Lr--uRg4UjPgKMjz_fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/87e666-7248-4240-b4e4-959559b96f87/1/nA6xks4oQE9N25Xp7uQGkNyo-7Y.roa
Signing time:             Wed 01 Jan 2025 23:47:51 +0000
ROA not before:           Wed 01 Jan 2025 23:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199372
IP address blocks:        185.18.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/87e666-7248-4240-b4e4-959559b96f87/1/cbKwT_m3Lr--uRg4UjPgKMjz_fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/87e666-7248-4240-b4e4-959559b96f87/1/cbKwT_m3Lr--uRg4UjPgKMjz_fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cbKwT_m3Lr--uRg4UjPgKMjz_fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:b9:81:92:f3:65:1e:e0:16:9e:72:8d:0c:05:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71b2b04ff9b72ebfbeb918385233e028c8f3fdf1
        Validity
            Not Before: Jan  1 23:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c0eb192ce28404f4ddb95e9eee40690dca8fbb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c5:3c:01:ed:a9:ff:80:35:cf:b7:21:c4:f3:
                    7c:4f:e4:a0:ba:a8:17:93:ff:44:14:ff:ce:93:e8:
                    ee:09:60:9a:d2:b4:6b:87:97:7c:8e:f8:e7:f6:6e:
                    4c:c2:88:35:0a:dc:0d:67:7c:34:ec:34:d3:9e:f4:
                    19:aa:b1:ed:87:02:b0:9f:c1:20:52:27:17:52:56:
                    df:eb:06:d3:ff:19:3e:33:d1:49:e2:bb:7c:c0:f7:
                    5c:e8:a0:4f:98:a0:b0:a7:05:41:e8:1c:8b:b6:9f:
                    ac:18:71:c5:54:f4:ac:76:be:7f:85:e1:0a:b0:2f:
                    7e:00:92:28:b3:07:f3:2b:6b:fa:b2:02:98:f6:95:
                    8a:a7:ea:32:6b:83:72:ed:68:7a:6a:24:eb:d6:9e:
                    9e:cd:b1:35:58:0a:fa:56:c1:c4:ef:de:e0:a0:e9:
                    14:91:9f:aa:05:cb:4f:c0:e6:e3:13:35:79:31:af:
                    f2:c9:a1:65:a8:0e:cf:fb:33:ef:2c:63:4d:6d:49:
                    58:2d:d2:1c:74:14:66:da:51:e7:3d:2c:a6:44:8b:
                    64:0d:1d:91:9b:f0:fd:b3:cc:8b:7f:0b:0a:b3:8c:
                    a4:0c:25:dd:f3:27:9c:5a:24:8a:9e:cd:22:19:6b:
                    fb:bc:8d:de:dc:bb:7d:75:78:a5:75:78:13:40:7d:
                    ed:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0E:B1:92:CE:28:40:4F:4D:DB:95:E9:EE:E4:06:90:DC:A8:FB:B6
            X509v3 Authority Key Identifier:
                keyid:71:B2:B0:4F:F9:B7:2E:BF:BE:B9:18:38:52:33:E0:28:C8:F3:FD:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cbKwT_m3Lr--uRg4UjPgKMjz_fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/87e666-7248-4240-b4e4-959559b96f87/1/nA6xks4oQE9N25Xp7uQGkNyo-7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/87e666-7248-4240-b4e4-959559b96f87/1/cbKwT_m3Lr--uRg4UjPgKMjz_fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:75:2a:cf:cf:09:e5:8d:af:8a:07:fb:9d:9b:fc:77:d9:66:
         df:e9:14:33:0c:4f:46:e2:36:4e:2e:07:a9:a9:95:cb:4c:cc:
         32:7f:65:12:2b:da:04:cc:13:32:ba:38:2c:2d:78:49:8e:c4:
         a8:b8:15:82:f0:51:f1:d9:21:8b:ed:f8:d9:37:89:8d:ae:7f:
         d4:77:1c:c8:87:7c:a0:62:0e:22:1c:6b:cb:43:d6:15:79:12:
         2b:00:ea:f2:f8:9a:00:d5:39:c9:f9:0b:ee:11:75:a7:8d:90:
         dd:f3:3d:d3:f6:cc:d2:67:9f:64:82:b2:9f:18:22:7e:ee:1e:
         8b:f9:00:1f:69:df:4a:49:43:69:6a:62:86:2c:cd:19:cd:13:
         30:82:a0:9f:68:18:7d:96:46:17:51:e1:d3:61:ce:f8:ad:9d:
         f0:d6:ff:d9:52:41:7a:71:25:38:4c:37:6e:da:44:9c:e9:ee:
         e6:d1:6c:6c:15:d0:e3:bc:ce:20:1e:9a:68:1c:87:e8:40:6b:
         eb:a7:6e:0a:f5:1b:fd:6f:c3:42:59:26:f6:28:8b:93:c6:f3:
         25:a1:69:b8:80:d3:75:07:35:ae:5a:7b:b5:24:8c:cc:bf:d6:
         ea:ba:0e:b2:55:aa:35:9b:ac:f6:44:85:08:bd:43:7b:3b:bb:
         fc:68:e3:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLmBkvNlHuAWnnKNDAVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYjJiMDRmZjliNzJlYmZiZWI5MTgzODUyMzNlMDI4Yzhm
M2ZkZjEwHhcNMjUwMTAxMjM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBlYjE5MmNlMjg0MDRmNGRkYjk1ZTllZWU0MDY5MGRjYThmYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsU8Ae2p/4A1z7chxPN8T+SguqgX
k/9EFP/Ok+juCWCa0rRrh5d8jvjn9m5Mwog1CtwNZ3w07DTTnvQZqrHthwKwn8Eg
UicXUlbf6wbT/xk+M9FJ4rt8wPdc6KBPmKCwpwVB6ByLtp+sGHHFVPSsdr5/heEK
sC9+AJIoswfzK2v6sgKY9pWKp+oya4Ny7Wh6aiTr1p6ezbE1WAr6VsHE797goOkU
kZ+qBctPwObjEzV5Ma/yyaFlqA7P+zPvLGNNbUlYLdIcdBRm2lHnPSymRItkDR2R
m/D9s8yLfwsKs4ykDCXd8yecWiSKns0iGWv7vI3e3Lt9dXildXgTQH3thwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwOsZLOKEBPTduV6e7kBpDcqPu2MB8GA1UdIwQY
MBaAFHGysE/5ty6/vrkYOFIz4CjI8/3xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2JLd1RfbTNMci0tdVJnNFVqUGdLTWp6X2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84N2U2NjYtNzI0OC00MjQwLWI0ZTQt
OTU5NTU5Yjk2Zjg3LzEvbkE2eGtzNG9RRTlOMjVYcDd1UUdrTnlvLTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84N2U2NjYtNzI0OC00MjQwLWI0ZTQtOTU5NTU5Yjk2Zjg3
LzEvY2JLd1RfbTNMci0tdVJnNFVqUGdLTWp6X2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRK0MA0G
CSqGSIb3DQEBCwUAA4IBAQAZdSrPzwnlja+KB/udm/x32Wbf6RQzDE9G4jZOLgep
qZXLTMwyf2USK9oEzBMyujgsLXhJjsSouBWC8FHx2SGL7fjZN4mNrn/UdxzIh3yg
Yg4iHGvLQ9YVeRIrAOry+JoA1TnJ+QvuEXWnjZDd8z3T9szSZ59kgrKfGCJ+7h6L
+QAfad9KSUNpamKGLM0ZzRMwgqCfaBh9lkYXUeHTYc74rZ3w1v/ZUkF6cSU4TDdu
2kSc6e7m0WxsFdDjvM4gHppoHIfoQGvrp24K9Rv9b8NCWSb2KIuTxvMloWm4gNN1
BzWuWnu1JIzMv9bqug6yVao1m6z2RIUIvUN7O7v8aOOn
-----END CERTIFICATE-----