Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/83607f-14b4-4217-b6cd-b7bae910c7ac/1/tl4RdW2jq6P3-6N106_qPAd66Lk.roa
File:                     tl4RdW2jq6P3-6N106_qPAd66Lk.roa (raw, json)
Hash identifier:          Tq7ZGHJwoXuz5Q4M53aVeSrw9r9EKAtjro1f837zVWY=
Subject key identifier:   B6:5E:11:75:6D:A3:AB:A3:F7:FB:A3:75:D3:AF:EA:3C:07:7A:E8:B9
Certificate issuer:       /CN=63416ac9a21937788cadc77b7a9f89b6d4c55a4a
Certificate serial:       018CC2DAB6C3DCD5EC704C1E2011686FCA83
Authority key identifier: 63:41:6A:C9:A2:19:37:78:8C:AD:C7:7B:7A:9F:89:B6:D4:C5:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0FqyaIZN3iMrcd7ep-JttTFWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/83607f-14b4-4217-b6cd-b7bae910c7ac/1/tl4RdW2jq6P3-6N106_qPAd66Lk.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57809
IP address blocks:        185.222.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/83607f-14b4-4217-b6cd-b7bae910c7ac/1/Y0FqyaIZN3iMrcd7ep-JttTFWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/83607f-14b4-4217-b6cd-b7bae910c7ac/1/Y0FqyaIZN3iMrcd7ep-JttTFWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0FqyaIZN3iMrcd7ep-JttTFWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b6:c3:dc:d5:ec:70:4c:1e:20:11:68:6f:ca:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63416ac9a21937788cadc77b7a9f89b6d4c55a4a
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b65e11756da3aba3f7fba375d3afea3c077ae8b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:78:be:9d:68:57:48:3e:25:56:b1:61:a6:9f:
                    a6:ed:1b:57:b8:82:4f:bc:02:02:71:df:22:25:46:
                    af:6f:c0:af:31:e1:05:be:15:d3:35:f8:3e:a1:88:
                    cf:88:96:58:6c:e6:65:f8:67:54:0b:0f:89:ef:c2:
                    f1:4e:cd:6e:0f:40:43:55:d9:c5:aa:49:91:d1:c4:
                    8a:b0:f5:98:68:93:57:01:0e:f3:7a:4a:bc:49:1b:
                    6d:ce:f1:9b:cb:af:6e:2a:0a:99:84:b1:40:44:b5:
                    d5:ba:b0:bf:54:8d:86:02:62:a3:11:ba:9a:93:bf:
                    d6:de:60:ba:49:45:17:fe:cc:32:1b:22:66:5d:0d:
                    6e:70:2d:88:65:33:af:73:63:13:57:09:8b:4e:cc:
                    4e:22:44:14:fa:48:b9:e9:e6:b2:f3:4f:b6:f5:fe:
                    b9:3e:5f:ff:5d:dc:28:df:75:0a:26:8a:9f:9d:95:
                    14:19:8b:82:63:7c:6b:41:1d:06:ab:0f:0d:03:d8:
                    3e:f1:ac:dd:21:1c:50:72:8c:c6:56:cc:8f:29:90:
                    b6:2c:dc:2d:5f:d7:1c:3d:05:0c:b4:a8:14:e1:a4:
                    4c:1e:f6:0b:ee:4e:d8:2f:4f:d3:5f:79:37:70:30:
                    bd:9c:0d:04:c9:4e:cd:99:7d:e7:db:a0:ee:dc:21:
                    cc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:5E:11:75:6D:A3:AB:A3:F7:FB:A3:75:D3:AF:EA:3C:07:7A:E8:B9
            X509v3 Authority Key Identifier:
                keyid:63:41:6A:C9:A2:19:37:78:8C:AD:C7:7B:7A:9F:89:B6:D4:C5:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0FqyaIZN3iMrcd7ep-JttTFWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/83607f-14b4-4217-b6cd-b7bae910c7ac/1/tl4RdW2jq6P3-6N106_qPAd66Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/83607f-14b4-4217-b6cd-b7bae910c7ac/1/Y0FqyaIZN3iMrcd7ep-JttTFWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:c8:61:e7:c2:53:f7:c5:70:ec:93:bf:24:51:22:67:a8:f2:
         ca:22:71:f4:92:20:25:20:6f:56:ca:ad:e4:1c:48:a4:6d:c4:
         d9:fa:5b:7a:23:9c:05:d2:c1:8a:e4:4c:03:70:e8:f9:47:a0:
         d0:30:c4:80:f3:d8:a2:be:dd:36:33:2a:8e:0e:a0:51:58:ad:
         78:0b:d8:b1:9b:e7:bf:6d:80:1f:f2:3e:f5:15:2b:7e:5d:22:
         58:4c:4a:bf:62:52:ed:df:c7:bd:cb:9c:3c:0a:9d:93:b8:87:
         bb:7b:cc:dd:aa:57:a0:b7:e8:2c:32:18:75:ad:96:9c:96:b8:
         5e:65:72:d7:8a:49:dd:77:24:34:bb:64:63:d8:3b:41:b5:81:
         87:35:f3:a5:2b:ce:f1:06:0d:77:9c:a7:21:f7:8a:b3:48:22:
         d3:32:b7:f8:a0:21:15:9a:20:29:af:a4:77:72:56:f6:cf:ef:
         b9:a1:e8:85:f1:4c:52:19:8e:56:1d:e8:de:e0:0d:30:7a:4a:
         81:db:02:71:cb:8c:67:6c:bc:7c:e7:d8:76:19:53:58:94:70:
         d2:fa:42:1e:6f:44:ce:60:0b:e5:81:5b:d6:04:20:83:20:b7:
         87:01:d2:78:df:38:a0:5c:23:d4:f4:d1:fc:a3:19:ad:57:15:
         0d:c6:0f:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rbD3NXscEweIBFob8qDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDE2YWM5YTIxOTM3Nzg4Y2FkYzc3YjdhOWY4OWI2ZDRj
NTVhNGEwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjVlMTE3NTZkYTNhYmEzZjdmYmEzNzVkM2FmZWEzYzA3N2FlOGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXi+nWhXSD4lVrFhpp+m7RtXuIJP
vAICcd8iJUavb8CvMeEFvhXTNfg+oYjPiJZYbOZl+GdUCw+J78LxTs1uD0BDVdnF
qkmR0cSKsPWYaJNXAQ7zekq8SRttzvGby69uKgqZhLFARLXVurC/VI2GAmKjEbqa
k7/W3mC6SUUX/swyGyJmXQ1ucC2IZTOvc2MTVwmLTsxOIkQU+ki56eay80+29f65
Pl//Xdwo33UKJoqfnZUUGYuCY3xrQR0Gqw8NA9g+8azdIRxQcozGVsyPKZC2LNwt
X9ccPQUMtKgU4aRMHvYL7k7YL0/TX3k3cDC9nA0EyU7NmX3n26Du3CHMTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZeEXVto6uj9/ujddOv6jwHeui5MB8GA1UdIwQY
MBaAFGNBasmiGTd4jK3He3qfibbUxVpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBGcXlhSVpOM2lNcmNkN2VwLUp0dFRGV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy84MzYwN2YtMTRiNC00MjE3LWI2Y2Qt
YjdiYWU5MTBjN2FjLzEvdGw0UmRXMmpxNlAzLTZOMTA2X3FQQWQ2NkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy84MzYwN2YtMTRiNC00MjE3LWI2Y2QtYjdiYWU5MTBjN2Fj
LzEvWTBGcXlhSVpOM2lNcmNkN2VwLUp0dFRGV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud6QMA0G
CSqGSIb3DQEBCwUAA4IBAQBfyGHnwlP3xXDsk78kUSJnqPLKInH0kiAlIG9Wyq3k
HEikbcTZ+lt6I5wF0sGK5EwDcOj5R6DQMMSA89iivt02MyqODqBRWK14C9ixm+e/
bYAf8j71FSt+XSJYTEq/YlLt38e9y5w8Cp2TuIe7e8zdqlegt+gsMhh1rZaclrhe
ZXLXiknddyQ0u2Rj2DtBtYGHNfOlK87xBg13nKch94qzSCLTMrf4oCEVmiApr6R3
clb2z++5oeiF8UxSGY5WHeje4A0wekqB2wJxy4xnbLx859h2GVNYlHDS+kIeb0TO
YAvlgVvWBCCDILeHAdJ43zigXCPU9NH8oxmtVxUNxg+i
-----END CERTIFICATE-----