Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/Ad4x4tf647DJcpGM7M04miK2liM.roa
File:                     Ad4x4tf647DJcpGM7M04miK2liM.roa (raw, json)
Hash identifier:          FyFzo60KvbmeLFzUcEI0e31SXYduRAjQU5nFqJWsX80=
Subject key identifier:   01:DE:31:E2:D7:FA:E3:B0:C9:72:91:8C:EC:CD:38:9A:22:B6:96:23
Certificate issuer:       /CN=3c1b83888696fc44478c693d6e7803e9516250e6
Certificate serial:       018CC8DF80D36A58750CC8285B4C4B892EEF
Authority key identifier: 3C:1B:83:88:86:96:FC:44:47:8C:69:3D:6E:78:03:E9:51:62:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PBuDiIaW_ERHjGk9bngD6VFiUOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/Ad4x4tf647DJcpGM7M04miK2liM.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216442
IP address blocks:        185.51.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/PBuDiIaW_ERHjGk9bngD6VFiUOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/PBuDiIaW_ERHjGk9bngD6VFiUOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PBuDiIaW_ERHjGk9bngD6VFiUOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:80:d3:6a:58:75:0c:c8:28:5b:4c:4b:89:2e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1b83888696fc44478c693d6e7803e9516250e6
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01de31e2d7fae3b0c972918ceccd389a22b69623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a5:c7:c2:66:2f:98:12:6a:67:c7:88:16:15:
                    0a:b9:29:1d:aa:7e:e0:9a:ce:ca:ad:7b:e5:b7:b9:
                    ab:c6:e5:0e:98:42:62:cf:c7:d7:b1:55:3d:9a:0d:
                    c8:7d:25:fb:fa:ff:dc:cd:32:bb:d5:9f:d5:13:29:
                    6d:51:c0:87:c8:8c:17:2c:34:b4:fd:33:bb:a8:1b:
                    e9:1f:18:55:ed:6e:4b:76:b1:fb:f7:84:9d:7f:78:
                    a9:3f:a5:c9:de:0d:ef:e2:ef:6d:ba:b2:ce:db:98:
                    2a:3f:e4:da:6c:34:54:86:bc:98:6d:8a:c8:bf:cf:
                    19:6e:d3:8f:3e:f7:77:c3:42:c2:07:5d:09:63:75:
                    67:9d:dc:4c:fc:34:56:c0:1a:da:b8:b8:c7:20:a9:
                    14:32:5d:ec:c2:73:5a:38:1f:8c:36:6f:10:db:3b:
                    6b:ff:7f:5a:da:3f:33:b9:59:3f:e9:79:11:39:53:
                    0b:0c:e1:fc:9e:3d:01:09:2c:f0:99:8b:5f:c5:a7:
                    2f:b1:36:01:93:ea:01:9f:49:8d:d4:67:c3:23:83:
                    0b:63:c8:63:47:f1:73:fd:c3:7f:fb:3f:13:18:72:
                    c6:f8:36:85:b5:03:31:65:60:a1:68:36:bf:3c:f3:
                    44:42:66:bb:a4:18:c4:2e:2b:bf:ea:6f:6d:a2:77:
                    1f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:DE:31:E2:D7:FA:E3:B0:C9:72:91:8C:EC:CD:38:9A:22:B6:96:23
            X509v3 Authority Key Identifier:
                keyid:3C:1B:83:88:86:96:FC:44:47:8C:69:3D:6E:78:03:E9:51:62:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PBuDiIaW_ERHjGk9bngD6VFiUOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/Ad4x4tf647DJcpGM7M04miK2liM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/PBuDiIaW_ERHjGk9bngD6VFiUOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:fd:d3:f8:86:b1:da:c2:10:e1:4d:2b:75:fe:0c:24:6a:a2:
         82:0d:b8:4c:17:5a:da:c6:10:96:db:af:4f:c7:65:ab:64:6c:
         f3:9d:cd:de:76:f7:99:e6:48:29:39:84:31:d0:e1:4b:cf:5d:
         7d:f3:c7:34:e9:20:ea:74:91:d2:20:db:12:b9:13:c5:5b:91:
         c6:71:fc:63:b1:dc:bb:96:fc:c0:46:9a:3a:30:01:99:61:23:
         9a:b5:88:c0:20:61:86:e2:04:57:71:33:b4:3e:7c:1c:f7:13:
         09:a4:f9:93:bc:32:d0:58:24:96:1f:e9:86:95:a1:95:77:70:
         cb:c6:6e:2a:9b:88:cd:a1:e9:1b:3c:27:d0:8c:27:c1:6a:71:
         eb:22:07:fc:12:e2:97:61:c1:58:0f:12:5d:b7:1a:80:b1:1d:
         27:e3:a4:20:01:f5:09:5b:d3:21:4e:1d:a6:46:df:d4:12:ad:
         ae:33:e8:b9:ef:86:60:5c:4b:49:fa:0a:8a:9c:f5:bb:a0:3e:
         c3:81:82:65:3d:40:aa:d6:21:65:fe:c9:87:ec:53:44:77:49:
         c5:46:07:d4:2e:40:88:5e:78:0a:62:03:e9:b8:8e:89:d6:8b:
         e1:ea:94:bd:04:fd:0f:a5:94:91:de:7d:58:d5:5b:5d:65:d1:
         4b:79:3f:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34DTalh1DMgoW0xLiS7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWI4Mzg4ODY5NmZjNDQ0NzhjNjkzZDZlNzgwM2U5NTE2
MjUwZTYwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWRlMzFlMmQ3ZmFlM2IwYzk3MjkxOGNlY2NkMzg5YTIyYjY5NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqXHwmYvmBJqZ8eIFhUKuSkdqn7g
ms7KrXvlt7mrxuUOmEJiz8fXsVU9mg3IfSX7+v/czTK71Z/VEyltUcCHyIwXLDS0
/TO7qBvpHxhV7W5LdrH794Sdf3ipP6XJ3g3v4u9turLO25gqP+TabDRUhryYbYrI
v88ZbtOPPvd3w0LCB10JY3VnndxM/DRWwBrauLjHIKkUMl3swnNaOB+MNm8Q2ztr
/39a2j8zuVk/6XkROVMLDOH8nj0BCSzwmYtfxacvsTYBk+oBn0mN1GfDI4MLY8hj
R/Fz/cN/+z8TGHLG+DaFtQMxZWChaDa/PPNEQma7pBjELiu/6m9toncfvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHeMeLX+uOwyXKRjOzNOJoitpYjMB8GA1UdIwQY
MBaAFDwbg4iGlvxER4xpPW54A+lRYlDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEJ1RGlJYVdfRVJIakdrOWJuZ0Q2VkZpVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9kNTU2ODMtZmVjMi00N2ZkLWFjNmUt
OWU4MmRhNzMxNWNmLzEvQWQ0eDR0ZjY0N0RKY3BHTTdNMDRtaUsybGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9kNTU2ODMtZmVjMi00N2ZkLWFjNmUtOWU4MmRhNzMxNWNm
LzEvUEJ1RGlJYVdfRVJIakdrOWJuZ0Q2VkZpVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTOsMA0G
CSqGSIb3DQEBCwUAA4IBAQC//dP4hrHawhDhTSt1/gwkaqKCDbhMF1raxhCW269P
x2WrZGzznc3edveZ5kgpOYQx0OFLz11988c06SDqdJHSINsSuRPFW5HGcfxjsdy7
lvzARpo6MAGZYSOatYjAIGGG4gRXcTO0Pnwc9xMJpPmTvDLQWCSWH+mGlaGVd3DL
xm4qm4jNoekbPCfQjCfBanHrIgf8EuKXYcFYDxJdtxqAsR0n46QgAfUJW9MhTh2m
Rt/UEq2uM+i574ZgXEtJ+gqKnPW7oD7DgYJlPUCq1iFl/smH7FNEd0nFRgfULkCI
XngKYgPpuI6J1ovh6pS9BP0PpZSR3n1Y1VtdZdFLeT/f
-----END CERTIFICATE-----