Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/d197d3-53c5-4ed1-9873-c45b28aabc1a/1/sMC75iWp8Ljd9LRCblJJgt_on8g.roa
File:                     sMC75iWp8Ljd9LRCblJJgt_on8g.roa (raw, json)
Hash identifier:          /aHl623Cxhb+GEeyfjZ2zytXXTEHuub/KXUWoU3nmCQ=
Subject key identifier:   B0:C0:BB:E6:25:A9:F0:B8:DD:F4:B4:42:6E:52:49:82:DF:E8:9F:C8
Certificate issuer:       /CN=c1d4ce8e33f7084b08c45aa177f2e33f690817a0
Certificate serial:       018CC9BBD9C27A8AB9434A6016A08C939E75
Authority key identifier: C1:D4:CE:8E:33:F7:08:4B:08:C4:5A:A1:77:F2:E3:3F:69:08:17:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wdTOjjP3CEsIxFqhd_LjP2kIF6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/d197d3-53c5-4ed1-9873-c45b28aabc1a/1/sMC75iWp8Ljd9LRCblJJgt_on8g.roa
Signing time:             Tue 02 Jan 2024 10:33:00 +0000
ROA not before:           Tue 02 Jan 2024 10:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30873
IP address blocks:        185.80.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/d197d3-53c5-4ed1-9873-c45b28aabc1a/1/wdTOjjP3CEsIxFqhd_LjP2kIF6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/d197d3-53c5-4ed1-9873-c45b28aabc1a/1/wdTOjjP3CEsIxFqhd_LjP2kIF6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wdTOjjP3CEsIxFqhd_LjP2kIF6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:d9:c2:7a:8a:b9:43:4a:60:16:a0:8c:93:9e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1d4ce8e33f7084b08c45aa177f2e33f690817a0
        Validity
            Not Before: Jan  2 10:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0c0bbe625a9f0b8ddf4b4426e524982dfe89fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:74:e1:3f:0c:62:d2:90:e8:22:e6:b2:a0:03:
                    9a:79:fb:8c:46:89:b6:b2:4b:02:9d:5e:97:4d:c2:
                    68:f3:7c:b0:e4:78:db:44:06:8e:68:bc:38:c9:d2:
                    82:3e:30:ec:1c:46:5f:59:5e:6f:29:ae:0d:3c:89:
                    3e:71:06:b6:e6:5c:86:c5:28:83:6d:e5:3c:52:80:
                    cc:28:73:8c:72:3e:37:c1:b1:d5:1e:2a:b4:ae:21:
                    ea:cc:30:d6:ed:03:b3:ad:3f:e1:70:c4:2c:b8:76:
                    02:46:02:3f:c2:67:52:e3:f3:c0:4f:d8:33:21:0b:
                    53:d4:f7:d4:bf:4e:bf:a3:c2:8b:c7:39:2d:4f:c6:
                    09:16:ff:80:de:3b:1d:42:c3:24:cd:27:ad:a0:55:
                    31:09:9b:51:e7:15:fc:0a:f9:99:12:92:79:ae:56:
                    dc:a4:f7:46:8d:be:1d:8c:da:a4:a1:eb:53:e6:ba:
                    36:49:d9:3a:7b:db:71:7b:cf:34:bb:8f:13:bd:8d:
                    96:73:6d:af:11:0d:d0:23:4b:ac:be:16:2c:8d:b9:
                    75:fa:f5:a3:a9:12:6d:9b:3b:d9:0a:23:56:f7:23:
                    bc:6c:8c:4e:3c:02:a8:f1:ad:55:81:c3:c4:97:9c:
                    00:9b:e5:bc:f7:18:08:e9:2b:78:27:2b:85:f1:03:
                    d4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C0:BB:E6:25:A9:F0:B8:DD:F4:B4:42:6E:52:49:82:DF:E8:9F:C8
            X509v3 Authority Key Identifier:
                keyid:C1:D4:CE:8E:33:F7:08:4B:08:C4:5A:A1:77:F2:E3:3F:69:08:17:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wdTOjjP3CEsIxFqhd_LjP2kIF6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d197d3-53c5-4ed1-9873-c45b28aabc1a/1/sMC75iWp8Ljd9LRCblJJgt_on8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d197d3-53c5-4ed1-9873-c45b28aabc1a/1/wdTOjjP3CEsIxFqhd_LjP2kIF6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:37:5c:09:ae:82:14:d8:2e:b5:00:28:b1:27:3b:ff:b6:52:
         d0:2f:22:b9:27:12:68:97:7b:62:db:f2:f0:c5:6b:a4:10:a8:
         4f:2e:08:a0:6f:76:f2:51:80:31:73:e0:70:df:ce:f9:bc:26:
         43:01:29:ad:38:89:97:1e:59:b4:92:ca:89:26:96:90:ea:9a:
         d1:08:b1:b9:f6:3d:30:21:02:b1:4b:bf:72:b5:f1:af:18:c9:
         64:84:de:83:ae:a7:89:f0:35:f3:c0:3a:f1:2a:b9:a1:87:24:
         fc:86:90:cb:c1:19:e3:86:b8:65:7e:39:6f:f5:c9:14:f0:de:
         b0:59:63:a4:99:28:a2:ed:29:dd:f8:72:e2:26:cd:b7:62:56:
         b4:a5:8f:07:f5:93:49:cd:4b:ee:59:61:d4:e9:e8:68:af:5e:
         f3:ac:d4:87:da:b4:be:01:ef:e6:26:7d:ab:db:fa:69:b0:ed:
         ff:c2:e2:7c:1b:3b:8e:19:47:a0:70:9c:b7:e7:92:ea:93:8c:
         45:05:27:c0:5c:a7:74:64:cd:ab:3f:ea:7e:2d:70:68:66:fe:
         06:67:ec:39:86:b4:64:70:52:0d:62:20:ed:1b:4c:a8:7a:a2:
         9c:d6:53:15:b8:c5:9a:d5:50:c2:32:38:37:5a:11:b5:61:a5:
         8d:c6:32:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu9nCeoq5Q0pgFqCMk551MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZDRjZThlMzNmNzA4NGIwOGM0NWFhMTc3ZjJlMzNmNjkw
ODE3YTAwHhcNMjQwMTAyMTAzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGMwYmJlNjI1YTlmMGI4ZGRmNGI0NDI2ZTUyNDk4MmRmZTg5ZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHThPwxi0pDoIuayoAOaefuMRom2
sksCnV6XTcJo83yw5HjbRAaOaLw4ydKCPjDsHEZfWV5vKa4NPIk+cQa25lyGxSiD
beU8UoDMKHOMcj43wbHVHiq0riHqzDDW7QOzrT/hcMQsuHYCRgI/wmdS4/PAT9gz
IQtT1PfUv06/o8KLxzktT8YJFv+A3jsdQsMkzSetoFUxCZtR5xX8CvmZEpJ5rlbc
pPdGjb4djNqkoetT5ro2Sdk6e9txe880u48TvY2Wc22vEQ3QI0usvhYsjbl1+vWj
qRJtmzvZCiNW9yO8bIxOPAKo8a1VgcPEl5wAm+W89xgI6St4JyuF8QPUowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDAu+YlqfC43fS0Qm5SSYLf6J/IMB8GA1UdIwQY
MBaAFMHUzo4z9whLCMRaoXfy4z9pCBegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2RUT2pqUDNDRXNJeEZxaGRfTGpQMmtJRjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9kMTk3ZDMtNTNjNS00ZWQxLTk4NzMt
YzQ1YjI4YWFiYzFhLzEvc01DNzVpV3A4TGpkOUxSQ2JsSkpndF9vbjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9kMTk3ZDMtNTNjNS00ZWQxLTk4NzMtYzQ1YjI4YWFiYzFh
LzEvd2RUT2pqUDNDRXNJeEZxaGRfTGpQMmtJRjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVCMMA0G
CSqGSIb3DQEBCwUAA4IBAQAJN1wJroIU2C61ACixJzv/tlLQLyK5JxJol3ti2/Lw
xWukEKhPLgigb3byUYAxc+Bw3875vCZDASmtOImXHlm0ksqJJpaQ6prRCLG59j0w
IQKxS79ytfGvGMlkhN6DrqeJ8DXzwDrxKrmhhyT8hpDLwRnjhrhlfjlv9ckU8N6w
WWOkmSii7Snd+HLiJs23Yla0pY8H9ZNJzUvuWWHU6ehor17zrNSH2rS+Ae/mJn2r
2/ppsO3/wuJ8GzuOGUegcJy355Lqk4xFBSfAXKd0ZM2rP+p+LXBoZv4GZ+w5hrRk
cFINYiDtG0yoeqKc1lMVuMWa1VDCMjg3WhG1YaWNxjKX
-----END CERTIFICATE-----