Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/p33G1puFFXo_Q5DFZ5EjFv88etM.roa
File:                     p33G1puFFXo_Q5DFZ5EjFv88etM.roa (raw, json)
Hash identifier:          /rPXFU52V3NOrjuKB0KTGCXrUYZgRpTKyn10wvWzH/0=
Subject key identifier:   A7:7D:C6:D6:9B:85:15:7A:3F:43:90:C5:67:91:23:16:FF:3C:7A:D3
Certificate issuer:       /CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
Certificate serial:       018CC6B8EABDC76A79810AEEC8C389F1DB29
Authority key identifier: 80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/p33G1puFFXo_Q5DFZ5EjFv88etM.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138971
IP address blocks:        185.228.94.0/24 maxlen: 24
                          185.228.95.0/24 maxlen: 24
                          185.228.92.0/22 maxlen: 22
                          185.228.92.0/24 maxlen: 24
                          185.228.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ea:bd:c7:6a:79:81:0a:ee:c8:c3:89:f1:db:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a77dc6d69b85157a3f4390c567912316ff3c7ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:96:21:d8:f6:e6:eb:7d:80:99:3b:c5:9b:eb:
                    84:46:b0:5c:94:a6:6f:49:b4:de:66:73:0d:39:fc:
                    a7:bc:51:23:f4:b5:ca:55:87:3a:f0:91:98:15:2a:
                    83:3f:7c:5d:1f:c5:5a:03:bf:e7:eb:7f:00:aa:82:
                    be:62:ec:8d:cf:5c:2a:39:3a:f3:f1:4e:14:97:a0:
                    cd:14:b3:24:c0:01:cd:59:bd:3e:49:dc:f0:2c:a8:
                    dd:bf:21:b2:54:dd:2c:47:27:51:73:57:c2:0c:17:
                    44:f0:65:3a:30:c7:8d:d4:f1:5a:7f:93:83:a9:a1:
                    6e:2e:2d:f6:e4:0c:66:ca:dc:c5:63:3a:1a:cb:62:
                    9f:e3:ab:76:4c:f0:3b:74:d2:c0:b9:f7:22:7f:84:
                    04:4e:2a:86:6e:26:fa:6a:13:a5:17:63:27:45:7b:
                    60:b3:5b:31:7b:78:de:e4:6b:62:ec:1f:60:51:f4:
                    97:00:dc:82:e6:ce:3b:9b:41:0b:34:b0:fe:e2:9b:
                    b3:9e:88:78:c9:44:44:b2:e3:3c:35:11:77:5b:15:
                    0a:23:37:73:04:f3:5e:c8:e5:5f:f0:66:5d:2f:65:
                    9b:22:98:37:a6:b1:33:11:32:07:32:6a:0d:96:e9:
                    61:e1:c5:04:57:99:0a:f8:a8:99:7a:15:06:fb:3f:
                    bf:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7D:C6:D6:9B:85:15:7A:3F:43:90:C5:67:91:23:16:FF:3C:7A:D3
            X509v3 Authority Key Identifier:
                keyid:80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/p33G1puFFXo_Q5DFZ5EjFv88etM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:42:9a:ff:f7:25:96:52:eb:17:eb:7d:41:44:76:56:33:fd:
         47:f3:47:ec:3c:4f:87:aa:73:5d:97:89:18:d5:95:ca:dc:75:
         f8:18:fa:bc:c2:c9:56:bc:d3:6e:84:f1:a4:68:cd:24:00:95:
         b3:43:ce:d9:d3:d2:42:94:8f:88:d8:a2:44:6d:64:ac:cc:13:
         4c:49:07:b9:4b:1a:fe:9b:e8:36:df:55:3d:51:df:c8:fa:87:
         9b:c8:c4:4d:30:4f:8c:fe:9a:ee:ca:e1:0d:52:f0:be:c5:4a:
         b8:59:e9:19:ca:7f:6e:02:e4:0a:06:df:d7:98:c7:12:3f:8c:
         6a:2d:40:d4:17:cf:29:c0:0b:1d:e8:a8:d1:31:f3:e3:7e:0a:
         f8:c6:b7:b6:56:cb:4e:60:ae:3b:4d:47:01:16:b4:d7:c1:71:
         40:97:9b:d2:41:01:75:a9:12:e2:7a:d0:82:bc:51:62:0b:3f:
         ce:b1:70:e1:1d:06:3b:a2:7e:cd:cc:b6:be:1c:b9:44:59:fd:
         e9:19:1c:b5:90:aa:c7:80:58:94:20:bb:17:65:05:4e:81:19:
         dc:58:9e:00:a7:3c:90:79:b6:3c:30:55:42:10:ae:3d:d7:a2:
         fd:78:65:ff:39:63:ff:29:f5:a8:4b:b6:b7:ef:26:7a:76:b1:
         de:49:d0:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOq9x2p5gQruyMOJ8dspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDYwOGExNDExOGIxYThkY2RkZWJiYjQwZjk2ZWNkNDhm
ODVjNzEwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdkYzZkNjliODUxNTdhM2Y0MzkwYzU2NzkxMjMxNmZmM2M3YWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZYh2Pbm632AmTvFm+uERrBclKZv
SbTeZnMNOfynvFEj9LXKVYc68JGYFSqDP3xdH8VaA7/n638AqoK+YuyNz1wqOTrz
8U4Ul6DNFLMkwAHNWb0+SdzwLKjdvyGyVN0sRydRc1fCDBdE8GU6MMeN1PFaf5OD
qaFuLi325AxmytzFYzoay2Kf46t2TPA7dNLAufcif4QETiqGbib6ahOlF2MnRXtg
s1sxe3je5Gti7B9gUfSXANyC5s47m0ELNLD+4puznoh4yUREsuM8NRF3WxUKIzdz
BPNeyOVf8GZdL2WbIpg3prEzETIHMmoNlulh4cUEV5kK+KiZehUG+z+/dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd9xtabhRV6P0OQxWeRIxb/PHrTMB8GA1UdIwQY
MBaAFIDWCKFBGLGo3N3ru0D5bs1I+FxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEt
OTkyOGRkM2YyZjgyLzEvcDMzRzFwdUZGWG9fUTVERlo1RWpGdjg4ZXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEtOTkyOGRkM2YyZjgy
LzEvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueRcMA0G
CSqGSIb3DQEBCwUAA4IBAQCvQpr/9yWWUusX631BRHZWM/1H80fsPE+HqnNdl4kY
1ZXK3HX4GPq8wslWvNNuhPGkaM0kAJWzQ87Z09JClI+I2KJEbWSszBNMSQe5Sxr+
m+g231U9Ud/I+oebyMRNME+M/pruyuENUvC+xUq4WekZyn9uAuQKBt/XmMcSP4xq
LUDUF88pwAsd6KjRMfPjfgr4xre2VstOYK47TUcBFrTXwXFAl5vSQQF1qRLietCC
vFFiCz/OsXDhHQY7on7NzLa+HLlEWf3pGRy1kKrHgFiUILsXZQVOgRncWJ4ApzyQ
ebY8MFVCEK4916L9eGX/OWP/KfWoS7a37yZ6drHeSdAz
-----END CERTIFICATE-----