Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/mAwrZ-gXbiUuJNhLHCzL3RC7cig.roa
File:                     mAwrZ-gXbiUuJNhLHCzL3RC7cig.roa (raw, json)
Hash identifier:          6dZIH94eDDR4lZGU1rXAhWyFejXqF8mH+hl6gmgY8yc=
Subject key identifier:   98:0C:2B:67:E8:17:6E:25:2E:24:D8:4B:1C:2C:CB:DD:10:BB:72:28
Certificate issuer:       /CN=593897174f967490dbf6189d479df2c9371bf404
Certificate serial:       018CC86F6A915C6E42238E373014FA2713F8
Authority key identifier: 59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/mAwrZ-gXbiUuJNhLHCzL3RC7cig.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8495
IP address blocks:        185.67.36.0/23 maxlen: 24
                          2a05:bc0::/32 maxlen: 64
                          2a05:bc0:1000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6a:91:5c:6e:42:23:8e:37:30:14:fa:27:13:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593897174f967490dbf6189d479df2c9371bf404
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=980c2b67e8176e252e24d84b1c2ccbdd10bb7228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9f:1d:69:e5:7d:ed:1f:9c:59:ed:b6:fd:20:
                    47:4c:4f:6e:43:9b:d4:29:9a:f2:7b:49:28:07:dc:
                    f0:29:63:58:53:86:63:4f:0a:e5:de:81:36:38:d9:
                    d5:b3:71:e4:87:3b:8f:bc:29:8d:0f:8b:98:a8:84:
                    99:85:9f:95:60:0b:de:ea:64:4d:a3:96:af:5b:2b:
                    b9:08:58:73:29:c9:ee:ac:12:78:bd:d9:48:40:f6:
                    e8:4f:da:8d:1e:ef:d9:0f:08:7c:82:48:cd:64:76:
                    95:11:f0:3f:33:6a:aa:64:28:b8:d5:14:7f:09:ad:
                    8d:c6:00:18:78:62:94:4a:4d:c0:e5:d6:c0:fe:29:
                    f3:ac:6a:84:bb:f2:3d:40:b1:ea:6d:ed:09:98:7f:
                    05:70:15:43:d9:53:58:a5:c4:c2:9d:e2:c5:1d:dd:
                    d8:cf:7a:d0:a4:9f:83:44:28:07:f1:21:f1:5c:6d:
                    33:f8:73:fa:bc:75:06:83:ec:6c:87:29:b2:72:81:
                    38:55:d2:9e:e4:69:28:31:91:0f:df:eb:8d:b6:a5:
                    96:85:88:c5:87:2c:e1:63:79:b4:3c:60:68:ec:d8:
                    39:77:76:5c:74:a6:15:1b:5e:0f:1a:1d:e1:e9:22:
                    cd:5d:34:36:e0:e7:c8:39:89:19:c7:cc:7b:21:ad:
                    fd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0C:2B:67:E8:17:6E:25:2E:24:D8:4B:1C:2C:CB:DD:10:BB:72:28
            X509v3 Authority Key Identifier:
                keyid:59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/mAwrZ-gXbiUuJNhLHCzL3RC7cig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.36.0/23
                IPv6:
                  2a05:bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:6d:d2:e4:95:fe:b3:d7:37:14:f4:93:5c:1e:18:59:dc:74:
         8d:a8:84:8c:e1:24:15:28:ae:fd:d3:b0:7d:81:16:bc:26:12:
         1d:88:d5:d2:52:44:40:ca:f1:e0:5e:83:e3:a9:15:c1:a6:f4:
         33:fa:4a:40:a7:de:52:cf:78:1d:fe:3a:de:d8:8b:bc:82:1c:
         f3:00:84:60:b5:cd:b5:ee:52:ce:19:4b:ab:7b:65:29:a0:7c:
         1b:d4:46:80:a6:03:2f:9e:6a:0a:0b:b1:f9:08:eb:36:c1:d3:
         c0:4d:13:2f:d4:05:df:99:87:84:7f:16:b8:0c:81:65:5d:d4:
         2f:e7:ec:2a:96:f9:0f:b4:5a:d3:38:e5:88:a1:96:74:12:7c:
         67:88:e9:e0:c4:7a:9f:eb:c5:3b:72:fb:fd:fc:e7:a4:73:1b:
         43:1c:16:d5:51:e4:ca:c2:72:1b:9c:09:e7:39:ca:df:40:8b:
         22:5a:cc:72:69:09:11:f2:e9:75:28:d0:a2:35:d2:8b:85:df:
         dd:9e:cb:ec:40:1d:b5:be:0a:38:83:be:da:82:ab:64:4f:0e:
         e6:fd:c2:e1:e1:94:d3:6e:10:a4:f9:41:cf:2c:6c:d3:07:76:
         52:27:de:22:4a:31:11:b1:84:fb:f1:6b:8f:c9:70:cd:d6:a7:
         3a:66:1d:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb2qRXG5CI443MBT6JxP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Mzg5NzE3NGY5Njc0OTBkYmY2MTg5ZDQ3OWRmMmM5Mzcx
YmY0MDQwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODBjMmI2N2U4MTc2ZTI1MmUyNGQ4NGIxYzJjY2JkZDEwYmI3MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ8daeV97R+cWe22/SBHTE9uQ5vU
KZrye0koB9zwKWNYU4ZjTwrl3oE2ONnVs3HkhzuPvCmND4uYqISZhZ+VYAve6mRN
o5avWyu5CFhzKcnurBJ4vdlIQPboT9qNHu/ZDwh8gkjNZHaVEfA/M2qqZCi41RR/
Ca2NxgAYeGKUSk3A5dbA/inzrGqEu/I9QLHqbe0JmH8FcBVD2VNYpcTCneLFHd3Y
z3rQpJ+DRCgH8SHxXG0z+HP6vHUGg+xshymycoE4VdKe5GkoMZEP3+uNtqWWhYjF
hyzhY3m0PGBo7Ng5d3ZcdKYVG14PGh3h6SLNXTQ24OfIOYkZx8x7Ia39pQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJgMK2foF24lLiTYSxwsy90Qu3IoMB8GA1UdIwQY
MBaAFFk4lxdPlnSQ2/YYnUed8sk3G/QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTIt
NWY4ZmM3MDc4MzZhLzEvbUF3clotZ1hiaVV1Sk5oTEhDekwzUkM3Y2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTItNWY4ZmM3MDc4MzZh
LzEvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuUMkMA0E
AgACMAcDBQAqBQvAMA0GCSqGSIb3DQEBCwUAA4IBAQAmbdLklf6z1zcU9JNcHhhZ
3HSNqISM4SQVKK7907B9gRa8JhIdiNXSUkRAyvHgXoPjqRXBpvQz+kpAp95Sz3gd
/jre2Iu8ghzzAIRgtc217lLOGUure2UpoHwb1EaApgMvnmoKC7H5COs2wdPATRMv
1AXfmYeEfxa4DIFlXdQv5+wqlvkPtFrTOOWIoZZ0EnxniOngxHqf68U7cvv9/Oek
cxtDHBbVUeTKwnIbnAnnOcrfQIsiWsxyaQkR8ul1KNCiNdKLhd/dnsvsQB21vgo4
g77agqtkTw7m/cLh4ZTTbhCk+UHPLGzTB3ZSJ94iSjERsYT78WuPyXDN1qc6Zh3M
-----END CERTIFICATE-----