Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/46c20c-f166-4041-a01b-0efec6ea77c6/1/MAVnev72dAha3uio8eDziU__MwI.roa
File:                     MAVnev72dAha3uio8eDziU__MwI.roa (raw, json)
Hash identifier:          trGP88BmXbzsJJxaujANkX/zl99O/1IQQ1hrJCgjofw=
Subject key identifier:   30:05:67:7A:FE:F6:74:08:5A:DE:E8:A8:F1:E0:F3:89:4F:FF:33:02
Certificate issuer:       /CN=d3acd2b7b7473af4350ea1aba83d177585ceedad
Certificate serial:       018CCA2BAD67CCD9C149E4020B633CBA3A8C
Authority key identifier: D3:AC:D2:B7:B7:47:3A:F4:35:0E:A1:AB:A8:3D:17:75:85:CE:ED:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06zSt7dHOvQ1DqGrqD0XdYXO7a0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/46c20c-f166-4041-a01b-0efec6ea77c6/1/MAVnev72dAha3uio8eDziU__MwI.roa
Signing time:             Tue 02 Jan 2024 12:35:09 +0000
ROA not before:           Tue 02 Jan 2024 12:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205360
IP address blocks:        185.221.4.0/22 maxlen: 22
                          2a0b:fec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/46c20c-f166-4041-a01b-0efec6ea77c6/1/06zSt7dHOvQ1DqGrqD0XdYXO7a0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/46c20c-f166-4041-a01b-0efec6ea77c6/1/06zSt7dHOvQ1DqGrqD0XdYXO7a0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06zSt7dHOvQ1DqGrqD0XdYXO7a0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ad:67:cc:d9:c1:49:e4:02:0b:63:3c:ba:3a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3acd2b7b7473af4350ea1aba83d177585ceedad
        Validity
            Not Before: Jan  2 12:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3005677afef674085adee8a8f1e0f3894fff3302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8f:b8:29:01:33:87:d7:47:a6:c4:a6:84:6f:
                    e5:99:6d:0e:71:82:7a:d4:38:fc:44:6f:63:47:14:
                    1b:9d:db:c8:7a:8d:d8:c5:10:48:b3:59:d9:79:4f:
                    31:c9:a9:d6:0e:ab:bf:fd:0e:82:c6:52:08:8f:30:
                    40:be:9b:5c:35:73:f1:c8:b0:d0:3e:29:fd:9e:6d:
                    36:20:8e:c2:b1:c1:4e:e3:88:2e:e3:1b:66:82:1f:
                    24:b2:14:e2:1a:0b:4b:d2:fa:ad:f3:2b:91:ac:94:
                    29:7d:26:26:ab:ab:29:2c:17:75:f0:ac:da:14:2d:
                    8d:f9:fd:7f:b2:3e:0c:d7:b2:61:e0:d2:12:2a:c0:
                    d5:75:59:69:2e:5b:68:64:00:86:e6:11:c5:30:cb:
                    36:25:aa:fe:e1:85:c3:8f:a5:99:ed:d6:66:f6:c6:
                    37:1b:55:f1:62:37:af:68:31:23:8b:6a:d4:75:b6:
                    43:68:12:b0:ff:58:13:75:d0:81:26:8d:4f:90:71:
                    01:ed:96:bf:10:08:da:a5:5e:b2:1d:76:44:f2:fa:
                    7e:8d:92:c4:04:c2:7b:d4:e9:8e:99:99:c0:2a:cc:
                    cb:ce:26:ef:f5:40:73:a8:fd:ab:8c:b9:de:b4:c4:
                    e4:72:76:da:40:87:33:6d:88:2e:87:2b:e2:d0:92:
                    a7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:05:67:7A:FE:F6:74:08:5A:DE:E8:A8:F1:E0:F3:89:4F:FF:33:02
            X509v3 Authority Key Identifier:
                keyid:D3:AC:D2:B7:B7:47:3A:F4:35:0E:A1:AB:A8:3D:17:75:85:CE:ED:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06zSt7dHOvQ1DqGrqD0XdYXO7a0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/46c20c-f166-4041-a01b-0efec6ea77c6/1/MAVnev72dAha3uio8eDziU__MwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/46c20c-f166-4041-a01b-0efec6ea77c6/1/06zSt7dHOvQ1DqGrqD0XdYXO7a0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.4.0/22
                IPv6:
                  2a0b:fec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:fe:99:78:7e:93:b3:55:11:4a:08:38:79:89:38:0a:64:bc:
         1d:e4:25:02:97:d1:14:29:fc:92:80:e4:bf:61:25:48:b6:b1:
         27:5f:62:a5:26:a7:64:1e:4a:d5:53:29:ce:72:69:9a:42:d6:
         57:b9:42:1f:3e:7e:50:97:ac:18:dc:7b:ae:be:b0:f2:62:65:
         40:7a:0e:a2:34:3d:30:c4:62:c6:74:94:e2:13:4c:ab:0b:aa:
         d8:8c:3b:fe:6d:24:85:d0:b4:91:c9:07:25:ba:38:d8:92:a1:
         4a:7f:11:f8:94:94:f6:3d:cc:69:b7:6e:85:d6:1e:05:d4:8b:
         17:f4:6a:35:b8:8f:f5:09:ee:7e:4e:09:73:48:e7:fa:dd:26:
         d8:5d:ed:b4:02:26:4a:6b:8e:e8:df:20:4d:24:49:42:c1:55:
         bd:31:1d:ee:a8:b5:8f:1c:84:b2:df:ac:1f:1a:3d:45:84:92:
         7b:31:9c:7f:43:f7:a7:c9:3c:40:74:f3:ac:78:b9:62:0c:85:
         5f:ec:57:7b:06:59:c2:ca:ce:f7:0e:b5:55:d2:7a:65:3d:fb:
         68:c6:44:73:ac:df:10:02:10:3c:60:cf:53:62:ce:da:1d:6e:
         b8:78:f1:a3:79:c7:30:fa:8b:3d:81:ae:4a:54:3f:01:c7:f3:
         f9:e4:2e:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK61nzNnBSeQCC2M8ujqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWNkMmI3Yjc0NzNhZjQzNTBlYTFhYmE4M2QxNzc1ODVj
ZWVkYWQwHhcNMjQwMTAyMTIzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDA1Njc3YWZlZjY3NDA4NWFkZWU4YThmMWUwZjM4OTRmZmYzMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuI+4KQEzh9dHpsSmhG/lmW0OcYJ6
1Dj8RG9jRxQbndvIeo3YxRBIs1nZeU8xyanWDqu//Q6CxlIIjzBAvptcNXPxyLDQ
Pin9nm02II7CscFO44gu4xtmgh8kshTiGgtL0vqt8yuRrJQpfSYmq6spLBd18Kza
FC2N+f1/sj4M17Jh4NISKsDVdVlpLltoZACG5hHFMMs2Jar+4YXDj6WZ7dZm9sY3
G1XxYjevaDEji2rUdbZDaBKw/1gTddCBJo1PkHEB7Za/EAjapV6yHXZE8vp+jZLE
BMJ71OmOmZnAKszLzibv9UBzqP2rjLnetMTkcnbaQIczbYguhyvi0JKncQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDAFZ3r+9nQIWt7oqPHg84lP/zMCMB8GA1UdIwQY
MBaAFNOs0re3Rzr0NQ6hq6g9F3WFzu2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ6U3Q3ZEhPdlExRHFHcnFEMFhkWVhPN2EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80NmMyMGMtZjE2Ni00MDQxLWEwMWIt
MGVmZWM2ZWE3N2M2LzEvTUFWbmV2NzJkQWhhM3VpbzhlRHppVV9fTXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80NmMyMGMtZjE2Ni00MDQxLWEwMWItMGVmZWM2ZWE3N2M2
LzEvMDZ6U3Q3ZEhPdlExRHFHcnFEMFhkWVhPN2EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud0EMA0E
AgACMAcDBQMqC/7AMA0GCSqGSIb3DQEBCwUAA4IBAQCk/pl4fpOzVRFKCDh5iTgK
ZLwd5CUCl9EUKfySgOS/YSVItrEnX2KlJqdkHkrVUynOcmmaQtZXuUIfPn5Ql6wY
3HuuvrDyYmVAeg6iND0wxGLGdJTiE0yrC6rYjDv+bSSF0LSRyQclujjYkqFKfxH4
lJT2Pcxpt26F1h4F1IsX9Go1uI/1Ce5+TglzSOf63SbYXe20AiZKa47o3yBNJElC
wVW9MR3uqLWPHISy36wfGj1FhJJ7MZx/Q/enyTxAdPOseLliDIVf7Fd7BlnCys73
DrVV0nplPftoxkRzrN8QAhA8YM9TYs7aHW64ePGjeccw+os9ga5KVD8Bx/P55C7J
-----END CERTIFICATE-----