Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/d47909-a560-409c-b839-c5e7821579f1/1/R1yNQfKMrRti0hQitkmLp-iVlGg.roa
File:                     R1yNQfKMrRti0hQitkmLp-iVlGg.roa (raw, json)
Hash identifier:          j35Lu412VdZxN1S8E49ZTQ8hldyRRGZQtaIBz69HYBw=
Subject key identifier:   47:5C:8D:41:F2:8C:AD:1B:62:D2:14:22:B6:49:8B:A7:E8:95:94:68
Certificate issuer:       /CN=90ae538e2a91346f0402598b0ff2fb9a95c07c39
Certificate serial:       018CCA2B99ED11B7F0A9392D50230F1BDC49
Authority key identifier: 90:AE:53:8E:2A:91:34:6F:04:02:59:8B:0F:F2:FB:9A:95:C0:7C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kK5TjiqRNG8EAlmLD_L7mpXAfDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/d47909-a560-409c-b839-c5e7821579f1/1/R1yNQfKMrRti0hQitkmLp-iVlGg.roa
Signing time:             Tue 02 Jan 2024 12:35:04 +0000
ROA not before:           Tue 02 Jan 2024 12:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29396
IP address blocks:        185.128.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/d47909-a560-409c-b839-c5e7821579f1/1/kK5TjiqRNG8EAlmLD_L7mpXAfDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/d47909-a560-409c-b839-c5e7821579f1/1/kK5TjiqRNG8EAlmLD_L7mpXAfDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kK5TjiqRNG8EAlmLD_L7mpXAfDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:99:ed:11:b7:f0:a9:39:2d:50:23:0f:1b:dc:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90ae538e2a91346f0402598b0ff2fb9a95c07c39
        Validity
            Not Before: Jan  2 12:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=475c8d41f28cad1b62d21422b6498ba7e8959468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3e:62:ea:c5:f3:f0:71:f9:dd:2e:21:ab:8f:
                    41:3e:69:ec:32:28:28:2e:49:3c:4b:9c:93:e6:3d:
                    3e:b4:f9:ab:ed:b5:68:22:64:ab:ff:3a:ac:7b:12:
                    55:4e:97:89:dd:63:6b:df:7f:32:e1:26:54:e8:8a:
                    44:fb:12:39:96:22:fc:6a:94:c5:50:4b:37:35:df:
                    77:15:ed:99:99:c9:62:69:95:a1:51:8c:82:f1:8e:
                    10:e0:80:b4:63:a1:c5:da:0a:04:c5:ee:43:01:79:
                    e2:4d:76:16:df:53:c2:61:41:38:89:d6:10:7a:93:
                    91:59:2e:2d:ae:f7:69:3f:2f:6d:be:5f:c9:64:25:
                    59:e5:11:69:94:64:64:e0:6d:2d:65:4b:b5:ca:84:
                    7e:0d:38:9e:26:61:31:83:dd:7f:18:a5:05:64:63:
                    56:43:34:6f:ff:17:d1:7d:51:90:21:52:53:f0:f3:
                    60:f9:6c:70:7c:49:21:b3:18:68:2f:6c:32:5a:03:
                    c1:ee:bb:03:bb:2d:ff:7e:e4:11:53:cb:a6:1b:87:
                    1e:3d:7a:1e:4d:eb:23:a0:7c:5a:20:84:22:b6:70:
                    be:6a:3e:39:c6:f8:84:b3:11:18:4f:84:a7:53:1c:
                    ed:c0:db:1d:3c:c7:79:78:73:5e:15:32:ad:ec:bc:
                    34:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5C:8D:41:F2:8C:AD:1B:62:D2:14:22:B6:49:8B:A7:E8:95:94:68
            X509v3 Authority Key Identifier:
                keyid:90:AE:53:8E:2A:91:34:6F:04:02:59:8B:0F:F2:FB:9A:95:C0:7C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kK5TjiqRNG8EAlmLD_L7mpXAfDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/d47909-a560-409c-b839-c5e7821579f1/1/R1yNQfKMrRti0hQitkmLp-iVlGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/d47909-a560-409c-b839-c5e7821579f1/1/kK5TjiqRNG8EAlmLD_L7mpXAfDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:4c:53:32:9b:01:00:c6:a9:c2:73:7e:1b:4e:40:1b:ba:b7:
         13:de:0d:3d:80:83:f5:54:3f:02:04:77:d1:57:6e:ff:5d:42:
         9b:2a:2f:4b:c1:77:5b:98:df:55:a9:c9:04:90:9c:f2:80:c1:
         ad:f2:c5:94:8a:5e:2e:3c:3d:2f:32:dc:b7:4a:f5:d3:ae:fa:
         49:bc:4a:a7:a7:7f:1a:74:a3:08:51:40:ff:24:eb:07:ee:41:
         28:ac:a3:56:1a:3e:48:ff:e4:70:2e:44:fb:a9:a2:1b:99:c5:
         6a:2e:35:f7:5a:c9:6d:52:c9:79:30:a0:ef:1d:a3:8f:99:f0:
         97:16:b6:4b:b6:e0:b0:20:fd:1f:ad:f1:8f:85:80:ca:a4:a4:
         2f:c1:de:de:a3:7d:5a:e2:78:bf:28:2e:44:10:ec:be:2e:4c:
         18:57:51:32:b8:58:7f:67:f1:4e:e1:76:02:fc:8c:82:c8:fa:
         88:fa:c5:e9:8d:19:2e:66:18:49:56:09:3f:ac:55:a7:c0:ee:
         37:f0:e8:6e:0c:ed:04:3c:27:25:81:33:67:84:d2:a3:92:be:
         d3:a8:0a:5a:7e:2f:18:07:17:29:6a:10:96:23:1d:aa:0b:6c:
         ae:81:fe:77:b4:39:b7:f6:10:5d:18:f5:46:7b:c3:15:b0:67:
         ae:3f:9b:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5ntEbfwqTktUCMPG9xJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYWU1MzhlMmE5MTM0NmYwNDAyNTk4YjBmZjJmYjlhOTVj
MDdjMzkwHhcNMjQwMTAyMTIzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzVjOGQ0MWYyOGNhZDFiNjJkMjE0MjJiNjQ5OGJhN2U4OTU5NDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhT5i6sXz8HH53S4hq49BPmnsMigo
Lkk8S5yT5j0+tPmr7bVoImSr/zqsexJVTpeJ3WNr338y4SZU6IpE+xI5liL8apTF
UEs3Nd93Fe2ZmcliaZWhUYyC8Y4Q4IC0Y6HF2goExe5DAXniTXYW31PCYUE4idYQ
epORWS4trvdpPy9tvl/JZCVZ5RFplGRk4G0tZUu1yoR+DTieJmExg91/GKUFZGNW
QzRv/xfRfVGQIVJT8PNg+WxwfEkhsxhoL2wyWgPB7rsDuy3/fuQRU8umG4cePXoe
TesjoHxaIIQitnC+aj45xviEsxEYT4SnUxztwNsdPMd5eHNeFTKt7Lw0TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdcjUHyjK0bYtIUIrZJi6folZRoMB8GA1UdIwQY
MBaAFJCuU44qkTRvBAJZiw/y+5qVwHw5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0s1VGppcVJORzhFQWxtTERfTDdtcFhBZkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kNDc5MDktYTU2MC00MDljLWI4Mzkt
YzVlNzgyMTU3OWYxLzEvUjF5TlFmS01yUnRpMGhRaXRrbUxwLWlWbEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kNDc5MDktYTU2MC00MDljLWI4MzktYzVlNzgyMTU3OWYx
LzEva0s1VGppcVJORzhFQWxtTERfTDdtcFhBZkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYAgMA0G
CSqGSIb3DQEBCwUAA4IBAQBgTFMymwEAxqnCc34bTkAburcT3g09gIP1VD8CBHfR
V27/XUKbKi9LwXdbmN9VqckEkJzygMGt8sWUil4uPD0vMty3SvXTrvpJvEqnp38a
dKMIUUD/JOsH7kEorKNWGj5I/+RwLkT7qaIbmcVqLjX3WsltUsl5MKDvHaOPmfCX
FrZLtuCwIP0frfGPhYDKpKQvwd7eo31a4ni/KC5EEOy+LkwYV1EyuFh/Z/FO4XYC
/IyCyPqI+sXpjRkuZhhJVgk/rFWnwO438OhuDO0EPCclgTNnhNKjkr7TqApafi8Y
BxcpahCWIx2qC2yugf53tDm39hBdGPVGe8MVsGeuP5s/
-----END CERTIFICATE-----