Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/06970a-2866-489d-b71a-84e6cd2232ac/1/MWXMdG44hujpCr4XXbUTxL2HaMg.roa
File:                     MWXMdG44hujpCr4XXbUTxL2HaMg.roa (raw, json)
Hash identifier:          Fs9s/7zurZSNa5jlO+oG5NZ3ox7fMNJ7kHL159q33Rg=
Subject key identifier:   31:65:CC:74:6E:38:86:E8:E9:0A:BE:17:5D:B5:13:C4:BD:87:68:C8
Certificate issuer:       /CN=fc6a4c595f0b2dd05a1fe67287c13ce0ebc80adb
Certificate serial:       018CC3B673A5BBF3752F517A5E27D73C6C48
Authority key identifier: FC:6A:4C:59:5F:0B:2D:D0:5A:1F:E6:72:87:C1:3C:E0:EB:C8:0A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_GpMWV8LLdBaH-Zyh8E84OvICts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/06970a-2866-489d-b71a-84e6cd2232ac/1/MWXMdG44hujpCr4XXbUTxL2HaMg.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203602
IP address blocks:        185.255.244.0/22 maxlen: 22
                          2a0c:61c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/06970a-2866-489d-b71a-84e6cd2232ac/1/_GpMWV8LLdBaH-Zyh8E84OvICts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/06970a-2866-489d-b71a-84e6cd2232ac/1/_GpMWV8LLdBaH-Zyh8E84OvICts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_GpMWV8LLdBaH-Zyh8E84OvICts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:73:a5:bb:f3:75:2f:51:7a:5e:27:d7:3c:6c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc6a4c595f0b2dd05a1fe67287c13ce0ebc80adb
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3165cc746e3886e8e90abe175db513c4bd8768c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:57:94:0f:38:ca:fe:2b:5d:ac:9f:ae:f0:
                    41:b0:e0:71:5d:7f:40:47:3f:4f:79:ac:fe:f3:4c:
                    b7:0c:c9:d8:2a:90:5a:82:bb:b3:38:a8:82:f9:1a:
                    f5:b5:74:3f:1b:f8:09:73:7e:95:bb:f9:18:2a:4a:
                    c5:a1:c9:d2:22:dd:2b:84:a8:27:5a:ed:09:b8:e5:
                    1c:12:61:c4:b1:a4:38:6d:48:5a:fa:ee:67:f0:08:
                    e4:32:5a:76:10:c6:2d:bb:1c:9c:bf:74:88:5c:ef:
                    a5:01:bf:0e:cf:5e:1b:81:c3:77:4f:42:2d:ed:e1:
                    62:99:7f:03:6c:4c:e2:91:ff:a0:b3:a0:eb:25:30:
                    96:91:95:2d:68:9d:ba:df:67:89:82:78:3a:03:f4:
                    06:a1:7d:b0:5f:30:be:e1:b1:01:70:82:58:3a:4f:
                    fa:56:3a:f8:ac:e2:9f:8d:12:cc:dc:4e:0a:f7:e2:
                    b1:60:4d:28:88:47:99:ec:b3:77:74:70:28:97:c2:
                    99:75:d3:b7:07:9c:3a:c5:aa:de:33:fb:38:8d:1b:
                    3e:96:5d:6b:60:8b:bf:b7:f3:74:f8:54:8f:6e:aa:
                    9c:30:e3:35:44:93:a4:ba:96:f7:1d:d5:98:2f:e1:
                    e4:dd:c7:32:de:a8:b9:fc:ee:c0:c7:4e:e1:b5:91:
                    22:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:65:CC:74:6E:38:86:E8:E9:0A:BE:17:5D:B5:13:C4:BD:87:68:C8
            X509v3 Authority Key Identifier:
                keyid:FC:6A:4C:59:5F:0B:2D:D0:5A:1F:E6:72:87:C1:3C:E0:EB:C8:0A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_GpMWV8LLdBaH-Zyh8E84OvICts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/06970a-2866-489d-b71a-84e6cd2232ac/1/MWXMdG44hujpCr4XXbUTxL2HaMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/06970a-2866-489d-b71a-84e6cd2232ac/1/_GpMWV8LLdBaH-Zyh8E84OvICts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.244.0/22
                IPv6:
                  2a0c:61c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:e8:1a:6a:a0:34:00:9f:65:b5:46:06:03:7a:63:c8:74:cb:
         2d:b9:26:14:c2:e9:69:23:42:3c:b8:29:48:c8:3f:28:ab:7f:
         d7:11:ac:e5:e7:e1:08:1a:1a:5b:d5:fb:27:f1:a2:c5:89:aa:
         f8:92:02:89:99:3c:fb:e5:18:74:c6:e6:f6:4e:40:6c:53:2b:
         95:0d:94:ff:8b:72:16:ca:13:a6:02:ce:7e:55:91:8f:f0:a2:
         f4:96:59:34:f4:b6:96:a4:c3:a5:42:f3:75:19:15:b3:d2:43:
         61:92:9d:d2:ad:a5:20:9c:41:90:38:d5:68:6c:0f:8b:4c:7f:
         a2:fa:40:7b:90:2d:27:e3:02:f7:4e:0a:3b:2b:5f:c0:7f:58:
         28:58:c2:0f:43:65:21:c0:cd:e3:4d:65:ab:98:3d:3b:75:19:
         dc:e0:24:d6:86:cd:a7:1f:a0:f9:48:00:1d:74:57:c8:5e:3b:
         10:c9:11:00:2a:0c:9b:3b:9b:e0:9d:33:5c:69:eb:08:df:45:
         48:ab:66:e6:1a:e7:bd:64:9e:4f:07:b5:20:96:41:e9:ac:56:
         26:4f:37:99:d6:8b:e7:7d:bd:26:5a:9c:ce:75:08:e0:c8:84:
         32:2a:93:d0:b8:98:0f:96:5d:68:0f:47:6b:42:56:4a:4f:99:
         34:d7:48:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtnOlu/N1L1F6XifXPGxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNmE0YzU5NWYwYjJkZDA1YTFmZTY3Mjg3YzEzY2UwZWJj
ODBhZGIwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTY1Y2M3NDZlMzg4NmU4ZTkwYWJlMTc1ZGI1MTNjNGJkODc2OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDVXlA84yv4rXayfrvBBsOBxXX9A
Rz9Peaz+80y3DMnYKpBagruzOKiC+Rr1tXQ/G/gJc36Vu/kYKkrFocnSIt0rhKgn
Wu0JuOUcEmHEsaQ4bUha+u5n8AjkMlp2EMYtuxycv3SIXO+lAb8Oz14bgcN3T0It
7eFimX8DbEzikf+gs6DrJTCWkZUtaJ2632eJgng6A/QGoX2wXzC+4bEBcIJYOk/6
Vjr4rOKfjRLM3E4K9+KxYE0oiEeZ7LN3dHAol8KZddO3B5w6xareM/s4jRs+ll1r
YIu/t/N0+FSPbqqcMOM1RJOkupb3HdWYL+Hk3ccy3qi5/O7Ax07htZEivQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDFlzHRuOIbo6Qq+F121E8S9h2jIMB8GA1UdIwQY
MBaAFPxqTFlfCy3QWh/mcofBPODryArbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0dwTVdWOExMZEJhSC1aeWg4RTg0T3ZJQ3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wNjk3MGEtMjg2Ni00ODlkLWI3MWEt
ODRlNmNkMjIzMmFjLzEvTVdYTWRHNDRodWpwQ3I0WFhiVVR4TDJIYU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wNjk3MGEtMjg2Ni00ODlkLWI3MWEtODRlNmNkMjIzMmFj
LzEvX0dwTVdWOExMZEJhSC1aeWg4RTg0T3ZJQ3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf/0MA0E
AgACMAcDBQAqDGHAMA0GCSqGSIb3DQEBCwUAA4IBAQBO6BpqoDQAn2W1RgYDemPI
dMstuSYUwulpI0I8uClIyD8oq3/XEazl5+EIGhpb1fsn8aLFiar4kgKJmTz75Rh0
xub2TkBsUyuVDZT/i3IWyhOmAs5+VZGP8KL0llk09LaWpMOlQvN1GRWz0kNhkp3S
raUgnEGQONVobA+LTH+i+kB7kC0n4wL3Tgo7K1/Af1goWMIPQ2UhwM3jTWWrmD07
dRnc4CTWhs2nH6D5SAAddFfIXjsQyREAKgybO5vgnTNcaesI30VIq2bmGue9ZJ5P
B7UglkHprFYmTzeZ1ovnfb0mWpzOdQjgyIQyKpPQuJgPll1oD0drQlZKT5k010gn
-----END CERTIFICATE-----