Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/1-44KcdQB4ISUGAUGWmPDCOF2-lQ.roa
File:                     1-44KcdQB4ISUGAUGWmPDCOF2-lQ.roa (raw, json)
Hash identifier:          pOEJ0+LNDdkOTKdta1N6mwCGsR+V4QSPQqTmNDo82QM=
Subject key identifier:   FB:8E:0A:71:D4:01:E0:84:94:18:05:06:5A:63:C3:08:E1:76:FA:54
Certificate issuer:       /CN=1c99cebe0cf09903903d19c1ca0ae62421764859
Certificate serial:       018CC9BC0C5CDEC00FC00A2A14D56B9D6F98
Authority key identifier: 1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/1-44KcdQB4ISUGAUGWmPDCOF2-lQ.roa
Signing time:             Tue 02 Jan 2024 10:33:13 +0000
ROA not before:           Tue 02 Jan 2024 10:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16186
IP address blocks:        185.116.4.0/22 maxlen: 22
                          89.105.48.0/20 maxlen: 20
                          2001:820::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 17:29:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0c:5c:de:c0:0f:c0:0a:2a:14:d5:6b:9d:6f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c99cebe0cf09903903d19c1ca0ae62421764859
        Validity
            Not Before: Jan  2 10:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb8e0a71d401e084941805065a63c308e176fa54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:dd:ab:5a:4f:b0:e8:ba:a7:f4:50:5e:38:e1:
                    10:ae:3b:8c:3e:64:49:fd:68:fc:20:ab:c7:1a:0b:
                    20:50:c8:07:4a:26:3f:36:76:7e:61:9e:dd:39:52:
                    f4:3a:52:0c:c2:b7:3f:48:cd:79:e2:02:bb:67:7f:
                    04:35:de:63:6f:bb:e1:a4:68:80:62:4a:f8:67:14:
                    a9:3f:8d:da:36:24:fb:98:78:99:d9:44:88:1c:78:
                    29:a9:ca:bf:b2:a7:a9:14:05:f1:76:d4:08:5f:7f:
                    ed:be:11:6b:26:67:87:d8:70:b2:49:62:f9:24:c2:
                    79:b8:6f:b4:5a:ae:4a:0b:f3:ed:30:fd:75:6a:78:
                    b9:df:82:9c:dc:2b:96:2a:31:07:53:22:e0:5c:fd:
                    19:3b:6f:77:c4:ab:2d:ef:4e:2e:32:5f:9f:c8:2f:
                    38:c7:f6:95:59:d9:b9:aa:45:7a:76:ac:b6:7a:dd:
                    4f:e7:dc:b2:20:43:a7:04:41:00:c2:1e:7e:da:72:
                    2f:d7:d9:c4:06:fe:e4:ff:df:b3:ab:4b:19:42:10:
                    5d:42:98:ae:35:66:fe:57:93:bd:74:55:e8:4e:56:
                    d0:7c:d6:02:1b:04:6b:9e:2c:2c:b7:9c:81:6f:d5:
                    ce:f8:eb:68:e4:f5:68:25:6c:04:13:de:db:7a:15:
                    7d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:8E:0A:71:D4:01:E0:84:94:18:05:06:5A:63:C3:08:E1:76:FA:54
            X509v3 Authority Key Identifier:
                keyid:1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/1-44KcdQB4ISUGAUGWmPDCOF2-lQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.48.0/20
                  185.116.4.0/22
                IPv6:
                  2001:820::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:87:b8:1b:ed:1c:68:82:be:0e:61:32:3c:d0:36:6a:86:3b:
         01:ae:b2:db:22:ed:c0:60:75:f1:9c:f8:60:27:44:c8:ca:f3:
         52:50:1e:90:cf:0f:c7:8e:d8:d7:d6:ec:ee:cc:46:37:5c:f7:
         6e:33:1d:05:0e:7b:ef:87:e6:a0:01:19:5b:c1:f2:59:43:f2:
         76:d4:19:07:d8:b3:12:8e:93:9d:2f:eb:ea:71:c3:7f:46:96:
         1e:9a:36:cf:2b:91:e4:d6:1f:ac:d9:b2:89:8d:2b:4c:35:90:
         58:19:05:9e:c1:9c:78:f3:b8:b0:1f:d2:8b:ab:9a:5b:cb:5d:
         09:8f:02:ac:94:c2:79:28:e5:57:12:49:54:2b:4a:b8:af:37:
         5b:5f:cc:e9:4f:f8:6e:af:73:65:5e:89:8d:9a:22:7a:2f:e5:
         51:3c:99:25:f0:11:99:04:35:5f:d1:32:c5:bf:cf:c1:0e:2d:
         fa:10:e9:73:53:d0:c4:84:c6:d9:5a:e5:4d:fe:13:0c:b8:42:
         d8:05:61:af:78:b8:5d:6c:e3:4d:6f:1a:61:3d:d8:28:9e:11:
         f3:17:f4:32:c1:bb:b7:f6:a2:73:ba:40:4e:ba:d1:12:f3:da:
         9d:62:a8:94:06:74:7c:78:cc:86:36:94:c1:12:c7:4c:c5:69:
         73:8c:50:11
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzJvAxc3sAPwAoqFNVrnW+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTljZWJlMGNmMDk5MDM5MDNkMTljMWNhMGFlNjI0MjE3
NjQ4NTkwHhcNMjQwMTAyMTAzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjhlMGE3MWQ0MDFlMDg0OTQxODA1MDY1YTYzYzMwOGUxNzZmYTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkt2rWk+w6Lqn9FBeOOEQrjuMPmRJ
/Wj8IKvHGgsgUMgHSiY/NnZ+YZ7dOVL0OlIMwrc/SM154gK7Z38ENd5jb7vhpGiA
Ykr4ZxSpP43aNiT7mHiZ2USIHHgpqcq/sqepFAXxdtQIX3/tvhFrJmeH2HCySWL5
JMJ5uG+0Wq5KC/PtMP11ani534Kc3CuWKjEHUyLgXP0ZO293xKst704uMl+fyC84
x/aVWdm5qkV6dqy2et1P59yyIEOnBEEAwh5+2nIv19nEBv7k/9+zq0sZQhBdQpiu
NWb+V5O9dFXoTlbQfNYCGwRrniwst5yBb9XO+Oto5PVoJWwEE97behV9KQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPuOCnHUAeCElBgFBlpjwwjhdvpUMB8GA1UdIwQY
MBaAFByZzr4M8JkDkD0ZwcoK5iQhdkhZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2Ut
OGMyNWI1ZmIyNzZmLzEvMS00NEtjZFFCNElTVUdBVUdXbVBEQ09GMi1sUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjkvM2ZlYTFhLTU3YmMtNDkzYS05YTNlLThjMjViNWZiMjc2
Zi8xL0hKbk92Z3p3bVFPUVBSbkJ5Z3JtSkNGMlNGay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBFlpMAME
Arl0BDANBAIAAjAHAwUAIAEIIDANBgkqhkiG9w0BAQsFAAOCAQEAWIe4G+0caIK+
DmEyPNA2aoY7Aa6y2yLtwGB18Zz4YCdEyMrzUlAekM8Px47Y19bs7sxGN1z3bjMd
BQ5774fmoAEZW8HyWUPydtQZB9izEo6TnS/r6nHDf0aWHpo2zyuR5NYfrNmyiY0r
TDWQWBkFnsGcePO4sB/Si6uaW8tdCY8CrJTCeSjlVxJJVCtKuK83W1/M6U/4bq9z
ZV6JjZoiei/lUTyZJfARmQQ1X9Eyxb/PwQ4t+hDpc1PQxITG2VrlTf4TDLhC2AVh
r3i4XWzjTW8aYT3YKJ4R8xf0MsG7t/aic7pATrrREvPanWKolAZ0fHjMhjaUwRLH
TMVpc4xQEQ==
-----END CERTIFICATE-----