Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/E7Dw8ALgnUgg6tyOl9hpP8EHl7s.roa
File:                     E7Dw8ALgnUgg6tyOl9hpP8EHl7s.roa (raw, json)
Hash identifier:          C2AgMM8i3wUtNqD0NTeCpkF1Jd6IDRBJzXKDcRwPgFU=
Subject key identifier:   13:B0:F0:F0:02:E0:9D:48:20:EA:DC:8E:97:D8:69:3F:C1:07:97:BB
Certificate issuer:       /CN=ad0618bc00d911a5d5eebf9c5896a41bf2898ecb
Certificate serial:       018CC9BBEBAE64809DFDA4E86AC8D01CF40B
Authority key identifier: AD:06:18:BC:00:D9:11:A5:D5:EE:BF:9C:58:96:A4:1B:F2:89:8E:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQYYvADZEaXV7r-cWJakG_KJjss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/E7Dw8ALgnUgg6tyOl9hpP8EHl7s.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199361
IP address blocks:        185.77.232.0/22 maxlen: 24
                          185.20.76.0/23 maxlen: 24
                          2a00:49e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/rQYYvADZEaXV7r-cWJakG_KJjss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/rQYYvADZEaXV7r-cWJakG_KJjss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQYYvADZEaXV7r-cWJakG_KJjss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:eb:ae:64:80:9d:fd:a4:e8:6a:c8:d0:1c:f4:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0618bc00d911a5d5eebf9c5896a41bf2898ecb
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13b0f0f002e09d4820eadc8e97d8693fc10797bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a1:68:69:17:f9:84:50:86:ce:b8:bc:1f:cc:
                    f0:b7:3d:ac:30:95:cf:c0:02:c9:90:aa:16:2b:22:
                    06:26:98:8f:ce:d9:9f:58:f7:c8:5c:a4:ec:59:d6:
                    6d:ee:3f:e6:64:d3:d7:b7:fe:e3:2a:2f:40:0d:63:
                    94:a8:c7:bc:e5:47:42:ad:27:91:43:80:a9:9e:9a:
                    8b:e2:ba:c2:6f:7c:24:8b:17:ac:dc:5b:35:7a:47:
                    1d:08:2f:ab:8f:e0:d7:03:ec:75:4c:3a:df:33:a0:
                    2b:7f:77:f3:ca:8d:42:f4:dd:a8:b9:19:37:94:3e:
                    6a:26:2c:77:33:d1:b1:40:82:22:5b:c3:64:d7:1b:
                    1d:05:18:14:c9:03:70:b5:f2:d4:c0:14:57:ce:d6:
                    7f:6a:b5:5b:de:75:0e:23:b5:da:4e:3d:20:ce:5a:
                    62:70:c3:4f:3d:38:bd:54:d7:38:85:76:0a:16:6c:
                    3d:55:a2:d4:50:89:ea:d3:d7:7b:ba:c4:73:f9:41:
                    a7:07:b8:ef:51:54:5a:70:17:62:cb:a1:1e:3b:d7:
                    a7:74:2e:25:12:90:e3:a7:5d:e5:74:72:f5:93:25:
                    d9:c1:f7:ac:0f:04:4f:2d:f0:95:13:db:af:18:28:
                    5e:8e:6a:0a:47:88:31:52:4d:17:d0:5a:9f:b9:c4:
                    ab:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B0:F0:F0:02:E0:9D:48:20:EA:DC:8E:97:D8:69:3F:C1:07:97:BB
            X509v3 Authority Key Identifier:
                keyid:AD:06:18:BC:00:D9:11:A5:D5:EE:BF:9C:58:96:A4:1B:F2:89:8E:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQYYvADZEaXV7r-cWJakG_KJjss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/E7Dw8ALgnUgg6tyOl9hpP8EHl7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/rQYYvADZEaXV7r-cWJakG_KJjss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.76.0/23
                  185.77.232.0/22
                IPv6:
                  2a00:49e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:dc:49:a8:de:6d:ba:fe:71:3d:0f:0e:79:b9:40:63:5b:0b:
         8b:da:d2:21:c6:38:ef:d2:00:33:be:06:24:07:98:d7:fe:a3:
         d3:fd:f0:08:53:f7:80:4c:d6:e6:9f:04:e2:25:c1:3f:ee:51:
         93:bc:4e:36:f5:c5:da:60:17:e3:64:2d:ee:10:3a:d4:cd:2c:
         f1:fb:e7:e9:4a:47:a1:0a:fa:77:ed:5d:4b:c2:e9:52:93:0c:
         75:c5:43:fd:a3:51:36:17:2c:0d:01:39:cb:a4:ca:24:e3:31:
         45:b6:fd:b9:3e:4b:4f:4b:b6:df:c7:2a:ef:70:53:33:fc:03:
         e0:73:dc:b4:a4:38:16:c9:27:71:c9:90:85:ec:eb:0d:22:11:
         c3:3a:f2:de:d7:af:23:b3:81:b9:c3:52:83:43:3b:6f:40:77:
         b7:80:a2:13:bc:d4:d2:a6:2c:c9:9e:ff:f9:fc:af:84:8a:62:
         2b:8f:6a:f2:b0:90:64:44:68:2d:a8:08:03:af:4e:cb:9f:9e:
         e5:65:f0:d8:b5:2c:29:e0:4a:12:5c:c9:03:0a:c9:68:0d:53:
         58:0c:f9:8b:ee:ab:31:62:7e:2e:9a:36:c6:f8:7a:82:4d:66:
         e8:a5:20:8b:93:25:37:18:f1:46:71:ba:e2:70:d1:8e:98:2b:
         2b:43:4b:d9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJu+uuZICd/aToasjQHPQLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMDYxOGJjMDBkOTExYTVkNWVlYmY5YzU4OTZhNDFiZjI4
OThlY2IwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2IwZjBmMDAyZTA5ZDQ4MjBlYWRjOGU5N2Q4NjkzZmMxMDc5N2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6FoaRf5hFCGzri8H8zwtz2sMJXP
wALJkKoWKyIGJpiPztmfWPfIXKTsWdZt7j/mZNPXt/7jKi9ADWOUqMe85UdCrSeR
Q4CpnpqL4rrCb3wkixes3Fs1ekcdCC+rj+DXA+x1TDrfM6Arf3fzyo1C9N2ouRk3
lD5qJix3M9GxQIIiW8Nk1xsdBRgUyQNwtfLUwBRXztZ/arVb3nUOI7XaTj0gzlpi
cMNPPTi9VNc4hXYKFmw9VaLUUInq09d7usRz+UGnB7jvUVRacBdiy6EeO9endC4l
EpDjp13ldHL1kyXZwfesDwRPLfCVE9uvGChejmoKR4gxUk0X0FqfucSrFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBOw8PAC4J1IIOrcjpfYaT/BB5e7MB8GA1UdIwQY
MBaAFK0GGLwA2RGl1e6/nFiWpBvyiY7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclFZWXZBRFpFYVhWN3ItY1dKYWtHX0tKanNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS85ZjM1ZTktYTE3YS00OGNkLTk0MDIt
MzFkMjQ1ZjNiM2I4LzEvRTdEdzhBTGduVWdnNnR5T2w5aHBQOEVIbDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS85ZjM1ZTktYTE3YS00OGNkLTk0MDItMzFkMjQ1ZjNiM2I4
LzEvclFZWXZBRFpFYVhWN3ItY1dKYWtHX0tKanNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBuRRMAwQC
uU3oMA0EAgACMAcDBQAqAEngMA0GCSqGSIb3DQEBCwUAA4IBAQCw3Emo3m26/nE9
Dw55uUBjWwuL2tIhxjjv0gAzvgYkB5jX/qPT/fAIU/eATNbmnwTiJcE/7lGTvE42
9cXaYBfjZC3uEDrUzSzx++fpSkehCvp37V1LwulSkwx1xUP9o1E2FywNATnLpMok
4zFFtv25PktPS7bfxyrvcFMz/APgc9y0pDgWySdxyZCF7OsNIhHDOvLe168js4G5
w1KDQztvQHe3gKITvNTSpizJnv/5/K+EimIrj2rysJBkRGgtqAgDr07Ln57lZfDY
tSwp4EoSXMkDCsloDVNYDPmL7qsxYn4umjbG+HqCTWbopSCLkyU3GPFGcbricNGO
mCsrQ0vZ
-----END CERTIFICATE-----