Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/N_-cIJWFYhXxi45M5K01dyL4X5s.roa
File:                     N_-cIJWFYhXxi45M5K01dyL4X5s.roa (raw, json)
Hash identifier:          g2No6Ic8ZMhOuKFrTn4KH7sLcvcFOhgqpqGESz2Papk=
Subject key identifier:   37:FF:9C:20:95:85:62:15:F1:8B:8E:4C:E4:AD:35:77:22:F8:5F:9B
Certificate issuer:       /CN=49b2444644c43348d7c50f4e50e74356e9896dbf
Certificate serial:       018CC6B8DEA55FA248AEA34AEAE88E6AB709
Authority key identifier: 49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/N_-cIJWFYhXxi45M5K01dyL4X5s.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        185.85.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:de:a5:5f:a2:48:ae:a3:4a:ea:e8:8e:6a:b7:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49b2444644c43348d7c50f4e50e74356e9896dbf
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ff9c2095856215f18b8e4ce4ad357722f85f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:88:65:dd:40:a8:86:b0:13:8a:e0:ab:8b:90:
                    0a:7f:d5:8f:97:0b:6f:cb:c9:39:18:19:6b:cb:b1:
                    fe:23:ad:6f:b8:56:18:db:c2:8c:34:9a:ae:6b:46:
                    46:5c:c6:a4:6d:0e:ce:45:db:f8:13:99:ad:94:0d:
                    29:6a:9c:51:5b:6d:fd:dc:ae:3f:d2:c8:24:d0:1c:
                    ed:b1:cf:1c:c5:71:b7:d7:c8:30:29:35:12:e6:e0:
                    94:87:26:f0:70:64:22:1f:d8:21:11:b5:14:0c:21:
                    85:1f:cc:98:62:9d:74:02:c4:d4:53:bb:bf:a5:9d:
                    99:b2:2f:2e:e3:6d:f2:93:4c:2a:4a:be:b2:d3:a5:
                    6d:70:b7:6b:7c:00:5f:97:f0:b5:0a:8f:f5:d1:9c:
                    db:c7:03:6c:14:83:3c:5e:65:6a:60:a0:81:3d:99:
                    2e:df:36:2f:f8:e2:37:4c:31:1c:54:7b:be:61:30:
                    99:e4:63:30:c5:7b:a2:ee:99:aa:fb:8d:b1:29:2f:
                    d8:e8:09:00:73:35:54:1b:20:ae:28:39:17:ed:c4:
                    e3:0e:d0:c7:e7:f1:83:71:d5:d9:1e:94:54:7b:ce:
                    7c:0f:3f:f0:6e:1e:48:54:69:c5:35:28:c3:67:da:
                    98:f6:c2:b1:20:fc:e2:36:4c:b5:c7:12:ed:99:3a:
                    b3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FF:9C:20:95:85:62:15:F1:8B:8E:4C:E4:AD:35:77:22:F8:5F:9B
            X509v3 Authority Key Identifier:
                keyid:49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/N_-cIJWFYhXxi45M5K01dyL4X5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:32:6a:fa:5c:c5:f5:c1:a0:05:73:c6:64:95:a0:d6:80:54:
         16:a4:04:5a:61:89:49:5a:45:f3:bf:d0:b4:0e:13:bf:78:bf:
         33:0a:60:16:60:b1:b7:09:74:96:d0:46:7f:57:f0:5b:bd:c6:
         f1:a6:ef:75:47:c8:4e:52:aa:3c:af:85:0b:25:c8:55:ce:35:
         cb:5f:0e:30:d1:9c:33:65:f1:98:4e:1f:fa:cc:92:b2:25:4b:
         b1:03:09:60:8d:e5:35:c6:e0:01:7d:a0:13:60:3d:e6:78:a9:
         9f:45:43:46:86:56:d8:dc:2c:09:69:81:c8:70:7e:a9:a6:fd:
         c4:50:c4:3d:70:6f:8e:c1:65:b8:72:d1:a5:2c:8a:28:f2:52:
         93:4a:c3:24:a6:cc:d8:5b:5b:04:7b:f2:fd:41:ba:38:ba:96:
         48:3e:6f:41:27:fe:3f:ee:f1:13:40:12:80:66:3a:5a:59:b5:
         6a:eb:88:13:0d:c0:77:69:f2:cf:3f:00:2a:e4:94:30:9e:c7:
         57:46:ac:32:a8:a7:e2:04:dd:4e:71:f9:20:91:0b:49:d2:74:
         3f:d4:bc:15:04:b1:8d:ca:b8:43:03:3f:4a:e1:57:8d:81:e6:
         cf:af:f4:1c:a9:5f:17:a2:65:d7:22:ab:f5:ca:35:bf:cb:bc:
         7e:65:13:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuN6lX6JIrqNK6uiOarcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YjI0NDQ2NDRjNDMzNDhkN2M1MGY0ZTUwZTc0MzU2ZTk4
OTZkYmYwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ZmOWMyMDk1ODU2MjE1ZjE4YjhlNGNlNGFkMzU3NzIyZjg1ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4hl3UCohrATiuCri5AKf9WPlwtv
y8k5GBlry7H+I61vuFYY28KMNJqua0ZGXMakbQ7ORdv4E5mtlA0papxRW2393K4/
0sgk0Bztsc8cxXG318gwKTUS5uCUhybwcGQiH9ghEbUUDCGFH8yYYp10AsTUU7u/
pZ2Zsi8u423yk0wqSr6y06VtcLdrfABfl/C1Co/10ZzbxwNsFIM8XmVqYKCBPZku
3zYv+OI3TDEcVHu+YTCZ5GMwxXui7pmq+42xKS/Y6AkAczVUGyCuKDkX7cTjDtDH
5/GDcdXZHpRUe858Dz/wbh5IVGnFNSjDZ9qY9sKxIPziNky1xxLtmTqzawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf/nCCVhWIV8YuOTOStNXci+F+bMB8GA1UdIwQY
MBaAFEmyREZExDNI18UPTlDnQ1bpiW2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzkt
NzUzZDk2OWEwNzAyLzEvTl8tY0lKV0ZZaFh4aTQ1TTVLMDFkeUw0WDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzktNzUzZDk2OWEwNzAy
LzEvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVXoMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Mmr6XMX1waAFc8ZklaDWgFQWpARaYYlJWkXzv9C0
DhO/eL8zCmAWYLG3CXSW0EZ/V/Bbvcbxpu91R8hOUqo8r4ULJchVzjXLXw4w0Zwz
ZfGYTh/6zJKyJUuxAwlgjeU1xuABfaATYD3meKmfRUNGhlbY3CwJaYHIcH6ppv3E
UMQ9cG+OwWW4ctGlLIoo8lKTSsMkpszYW1sEe/L9Qbo4upZIPm9BJ/4/7vETQBKA
ZjpaWbVq64gTDcB3afLPPwAq5JQwnsdXRqwyqKfiBN1OcfkgkQtJ0nQ/1LwVBLGN
yrhDAz9K4VeNgebPr/QcqV8XomXXIqv1yjW/y7x+ZRPK
-----END CERTIFICATE-----