Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e3b27b-d4d3-4904-9fb5-442b18aaf56f/1/CdGWG0aXiAsGLPUNOk7AhXTL9XE.roa
File:                     CdGWG0aXiAsGLPUNOk7AhXTL9XE.roa (raw, json)
Hash identifier:          3H/RxL9TDxwSfyX3/fSr2GyxuXMODweC7zGhAJGw3yE=
Subject key identifier:   09:D1:96:1B:46:97:88:0B:06:2C:F5:0D:3A:4E:C0:85:74:CB:F5:71
Certificate issuer:       /CN=d47cce8a97e202a8b44b26f57f4f70950218e52c
Certificate serial:       018CC26D1A9C2FEFBA7008F479AD21B4CE26
Authority key identifier: D4:7C:CE:8A:97:E2:02:A8:B4:4B:26:F5:7F:4F:70:95:02:18:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HzOipfiAqi0Syb1f09wlQIY5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e3b27b-d4d3-4904-9fb5-442b18aaf56f/1/CdGWG0aXiAsGLPUNOk7AhXTL9XE.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        171.22.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e3b27b-d4d3-4904-9fb5-442b18aaf56f/1/1HzOipfiAqi0Syb1f09wlQIY5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e3b27b-d4d3-4904-9fb5-442b18aaf56f/1/1HzOipfiAqi0Syb1f09wlQIY5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HzOipfiAqi0Syb1f09wlQIY5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 22:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1a:9c:2f:ef:ba:70:08:f4:79:ad:21:b4:ce:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d47cce8a97e202a8b44b26f57f4f70950218e52c
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09d1961b4697880b062cf50d3a4ec08574cbf571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ff:be:0b:d0:ea:26:fc:7f:2e:5e:c5:9f:20:
                    4a:67:4f:a0:0e:98:3e:47:e7:d1:b3:30:4f:1f:8f:
                    ac:c4:b4:f0:e5:f2:d3:21:70:d4:fe:55:db:16:67:
                    56:31:0c:1c:3d:c6:f9:1f:43:31:69:72:f2:d4:57:
                    34:84:2b:96:8a:08:8b:22:12:e0:da:e2:bd:63:af:
                    c8:54:6d:fb:cf:3e:7b:4a:1a:8c:2f:3d:e5:10:9c:
                    8e:67:f2:8a:b2:bb:45:e2:b5:52:43:8d:81:86:b8:
                    31:04:e6:e6:32:3b:50:70:a0:fa:36:46:e6:b6:e9:
                    d1:2d:07:0d:bf:52:1e:90:5b:32:8f:f4:aa:f4:29:
                    c1:f4:7a:cd:8e:17:dc:b9:b8:89:b0:c3:ec:e8:09:
                    f1:a0:a1:3e:ee:e2:58:40:9b:8e:a6:4c:3d:30:ab:
                    83:5c:32:91:76:9e:3b:77:4b:fc:29:fa:50:00:d7:
                    ff:e6:70:4b:7c:78:f4:ba:dd:f2:a8:ae:28:65:2f:
                    8f:97:34:15:5c:a6:c5:8b:f6:62:52:06:aa:49:21:
                    91:49:d8:80:cc:8a:62:1e:fc:11:2f:a5:dd:e9:da:
                    7f:16:1e:f7:64:63:ab:7a:14:0c:d3:6f:29:e6:45:
                    26:3d:d0:4b:4b:01:56:a1:b8:de:1b:af:c9:75:c6:
                    9c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D1:96:1B:46:97:88:0B:06:2C:F5:0D:3A:4E:C0:85:74:CB:F5:71
            X509v3 Authority Key Identifier:
                keyid:D4:7C:CE:8A:97:E2:02:A8:B4:4B:26:F5:7F:4F:70:95:02:18:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HzOipfiAqi0Syb1f09wlQIY5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e3b27b-d4d3-4904-9fb5-442b18aaf56f/1/CdGWG0aXiAsGLPUNOk7AhXTL9XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e3b27b-d4d3-4904-9fb5-442b18aaf56f/1/1HzOipfiAqi0Syb1f09wlQIY5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:0c:04:37:8f:54:39:c2:86:a6:13:6b:d8:0b:da:fa:43:bd:
         ab:ad:70:ac:1c:7c:f2:68:b4:51:42:99:0b:b8:26:cc:5a:2a:
         4d:e4:ae:b5:ff:11:ae:0b:17:4f:f6:32:18:31:cf:45:32:20:
         10:d5:48:f4:14:bd:3f:bc:1b:5e:44:81:48:25:a2:a2:0a:6e:
         39:e3:47:c8:05:91:3f:7c:e7:d1:8a:72:9f:af:8a:d2:07:00:
         d8:20:37:5c:f3:51:28:5c:7d:7e:9b:b9:6d:57:2f:f7:92:23:
         20:c8:4c:65:b4:83:3b:83:9d:75:c8:aa:57:dc:9d:46:8a:d8:
         f0:13:39:97:49:3e:13:fd:36:ee:85:ae:31:8f:9f:58:a9:df:
         64:20:b6:1c:ab:5e:81:65:73:41:04:ca:8e:47:15:fd:9c:b4:
         22:26:fb:5f:c8:14:fe:ae:ef:5a:ec:ac:db:8a:ef:ea:00:2b:
         d8:92:e0:62:e2:b9:f6:28:1b:37:df:04:dd:0e:25:4f:f2:6b:
         a9:78:b7:da:77:3b:ac:d1:8f:6e:85:46:44:1c:c7:24:02:62:
         dd:16:11:79:ba:0a:fe:c7:b1:cb:1f:1d:20:a8:15:9e:7e:36:
         7d:87:6a:80:a7:f2:9e:60:b1:ab:7b:af:0d:37:36:65:48:40:
         d9:6f:87:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRqcL++6cAj0ea0htM4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0N2NjZThhOTdlMjAyYThiNDRiMjZmNTdmNGY3MDk1MDIx
OGU1MmMwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQxOTYxYjQ2OTc4ODBiMDYyY2Y1MGQzYTRlYzA4NTc0Y2JmNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP++C9DqJvx/Ll7FnyBKZ0+gDpg+
R+fRszBPH4+sxLTw5fLTIXDU/lXbFmdWMQwcPcb5H0MxaXLy1Fc0hCuWigiLIhLg
2uK9Y6/IVG37zz57ShqMLz3lEJyOZ/KKsrtF4rVSQ42BhrgxBObmMjtQcKD6Nkbm
tunRLQcNv1IekFsyj/Sq9CnB9HrNjhfcubiJsMPs6AnxoKE+7uJYQJuOpkw9MKuD
XDKRdp47d0v8KfpQANf/5nBLfHj0ut3yqK4oZS+PlzQVXKbFi/ZiUgaqSSGRSdiA
zIpiHvwRL6Xd6dp/Fh73ZGOrehQM028p5kUmPdBLSwFWobjeG6/JdcacswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnRlhtGl4gLBiz1DTpOwIV0y/VxMB8GA1UdIwQY
MBaAFNR8zoqX4gKotEsm9X9PcJUCGOUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUh6T2lwZmlBcWkwU3liMWYwOXdsUUlZNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lM2IyN2ItZDRkMy00OTA0LTlmYjUt
NDQyYjE4YWFmNTZmLzEvQ2RHV0cwYVhpQXNHTFBVTk9rN0FoWFRMOVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lM2IyN2ItZDRkMy00OTA0LTlmYjUtNDQyYjE4YWFmNTZm
LzEvMUh6T2lwZmlBcWkwU3liMWYwOXdsUUlZNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxYAMA0G
CSqGSIb3DQEBCwUAA4IBAQCHDAQ3j1Q5woamE2vYC9r6Q72rrXCsHHzyaLRRQpkL
uCbMWipN5K61/xGuCxdP9jIYMc9FMiAQ1Uj0FL0/vBteRIFIJaKiCm4540fIBZE/
fOfRinKfr4rSBwDYIDdc81EoXH1+m7ltVy/3kiMgyExltIM7g511yKpX3J1Gitjw
EzmXST4T/Tbuha4xj59Yqd9kILYcq16BZXNBBMqORxX9nLQiJvtfyBT+ru9a7Kzb
iu/qACvYkuBi4rn2KBs33wTdDiVP8mupeLfadzus0Y9uhUZEHMckAmLdFhF5ugr+
x7HLHx0gqBWefjZ9h2qAp/KeYLGre68NNzZlSEDZb4ev
-----END CERTIFICATE-----