Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/93620e-7528-4aac-9212-c7857a033962/1/l37gg86HemD7M32EdJH0gKW9tfo.roa
File:                     l37gg86HemD7M32EdJH0gKW9tfo.roa (raw, json)
Hash identifier:          hcWtWwPNuF2ZWH2GlUk5E8AFw+4CkBoJ7X8DODR9O84=
Subject key identifier:   97:7E:E0:83:CE:87:7A:60:FB:33:7D:84:74:91:F4:80:A5:BD:B5:FA
Certificate issuer:       /CN=c3a882b10f1ba9ea4ba1fa7706db64747e62a413
Certificate serial:       018CC42539AE99416A06AC6A42BD51AFE95B
Authority key identifier: C3:A8:82:B1:0F:1B:A9:EA:4B:A1:FA:77:06:DB:64:74:7E:62:A4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6iCsQ8bqepLofp3BttkdH5ipBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/93620e-7528-4aac-9212-c7857a033962/1/l37gg86HemD7M32EdJH0gKW9tfo.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205373
IP address blocks:        185.220.160.0/22 maxlen: 24
                          2a0b:f940::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/93620e-7528-4aac-9212-c7857a033962/1/w6iCsQ8bqepLofp3BttkdH5ipBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/93620e-7528-4aac-9212-c7857a033962/1/w6iCsQ8bqepLofp3BttkdH5ipBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6iCsQ8bqepLofp3BttkdH5ipBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:39:ae:99:41:6a:06:ac:6a:42:bd:51:af:e9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3a882b10f1ba9ea4ba1fa7706db64747e62a413
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=977ee083ce877a60fb337d847491f480a5bdb5fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:14:a2:bf:a3:76:10:13:48:ea:61:2c:70:47:
                    b6:80:ca:8d:21:e6:93:99:45:5f:8f:ad:0d:d3:9e:
                    24:87:9b:2a:6c:94:64:fd:76:24:9b:c4:89:18:67:
                    21:81:29:57:84:14:20:27:c7:32:76:40:47:e8:37:
                    dd:1c:6f:92:6f:9f:12:c3:db:ca:bf:2e:e0:7e:b4:
                    7a:6c:f8:dc:bf:f9:75:8f:88:19:54:e6:7e:45:56:
                    04:a7:38:4a:8e:79:ef:e9:ab:3d:09:3f:1f:df:4a:
                    85:0e:96:d9:a4:f9:a7:9f:45:9e:ac:46:18:9b:18:
                    3f:ce:33:a7:1c:ee:be:1f:ea:6e:af:d5:75:31:dc:
                    4f:1e:f8:91:b7:f2:06:80:2d:96:d2:46:4e:93:72:
                    6d:df:f2:ac:6e:df:fd:c9:dd:bf:46:49:0a:9e:2c:
                    26:98:c7:c0:38:0e:91:ef:1f:7f:6e:1a:b1:4c:ad:
                    5a:d0:d5:09:33:d1:64:ea:f4:6c:d8:e0:e0:10:f0:
                    c6:9a:9e:3e:9b:c8:14:7c:4c:93:d7:de:80:e1:3a:
                    40:cb:43:01:5c:ce:8d:14:8a:62:a7:c3:e0:e5:61:
                    21:81:9d:10:8b:b1:9b:1c:5c:39:84:24:40:54:a1:
                    10:03:70:3f:9a:f3:01:00:1b:fa:17:45:61:c4:f7:
                    fd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7E:E0:83:CE:87:7A:60:FB:33:7D:84:74:91:F4:80:A5:BD:B5:FA
            X509v3 Authority Key Identifier:
                keyid:C3:A8:82:B1:0F:1B:A9:EA:4B:A1:FA:77:06:DB:64:74:7E:62:A4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6iCsQ8bqepLofp3BttkdH5ipBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/93620e-7528-4aac-9212-c7857a033962/1/l37gg86HemD7M32EdJH0gKW9tfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/93620e-7528-4aac-9212-c7857a033962/1/w6iCsQ8bqepLofp3BttkdH5ipBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.160.0/22
                IPv6:
                  2a0b:f940::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:ec:a0:64:2d:7b:f4:54:e5:ce:db:71:4f:e0:29:75:a4:fc:
         a2:10:6b:85:77:35:bf:60:a3:d0:8d:56:42:29:5d:1e:11:1b:
         7f:5f:11:29:c9:d3:80:f2:3e:32:d6:0d:18:5e:5d:55:0a:0e:
         24:23:e6:f5:c4:93:d1:df:67:5b:78:d6:93:1c:b8:8d:92:1e:
         bc:e3:23:3b:84:80:a4:be:19:c4:03:4f:ea:02:3c:cd:6a:a4:
         72:b0:27:12:6c:08:ff:27:c7:af:e5:82:0a:e6:84:cb:e3:2c:
         46:24:19:10:a1:a4:da:16:e8:37:08:92:ea:92:1b:0f:15:18:
         64:e7:da:0d:ef:a2:9c:83:29:5d:9b:21:47:26:c8:c6:f0:aa:
         17:2e:0e:ce:14:74:fe:cf:53:a2:9f:5d:5e:d2:ba:85:e5:89:
         07:c8:c5:ad:ff:ae:0a:69:29:53:fd:10:48:4c:d1:dd:6a:40:
         76:96:f3:4e:29:78:b8:06:03:e8:94:2b:41:cf:bf:b7:ec:e3:
         e1:fa:fa:63:ba:ba:3f:40:a1:4d:25:a2:c3:21:19:00:9c:0c:
         a0:b7:5c:72:a5:d3:bd:f5:f0:b8:de:2a:b2:9f:ea:46:66:e2:
         c0:25:1a:11:da:09:4c:df:b1:5f:c0:52:ff:bc:64:b8:79:78:
         43:85:5b:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJTmumUFqBqxqQr1Rr+lbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYTg4MmIxMGYxYmE5ZWE0YmExZmE3NzA2ZGI2NDc0N2U2
MmE0MTMwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdlZTA4M2NlODc3YTYwZmIzMzdkODQ3NDkxZjQ4MGE1YmRiNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxSiv6N2EBNI6mEscEe2gMqNIeaT
mUVfj60N054kh5sqbJRk/XYkm8SJGGchgSlXhBQgJ8cydkBH6DfdHG+Sb58Sw9vK
vy7gfrR6bPjcv/l1j4gZVOZ+RVYEpzhKjnnv6as9CT8f30qFDpbZpPmnn0WerEYY
mxg/zjOnHO6+H+pur9V1MdxPHviRt/IGgC2W0kZOk3Jt3/Ksbt/9yd2/RkkKniwm
mMfAOA6R7x9/bhqxTK1a0NUJM9Fk6vRs2ODgEPDGmp4+m8gUfEyT196A4TpAy0MB
XM6NFIpip8Pg5WEhgZ0Qi7GbHFw5hCRAVKEQA3A/mvMBABv6F0VhxPf9VwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJd+4IPOh3pg+zN9hHSR9IClvbX6MB8GA1UdIwQY
MBaAFMOogrEPG6nqS6H6dwbbZHR+YqQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZpQ3NROGJxZXBMb2ZwM0J0dGtkSDVpcEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85MzYyMGUtNzUyOC00YWFjLTkyMTIt
Yzc4NTdhMDMzOTYyLzEvbDM3Z2c4NkhlbUQ3TTMyRWRKSDBnS1c5dGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85MzYyMGUtNzUyOC00YWFjLTkyMTItYzc4NTdhMDMzOTYy
LzEvdzZpQ3NROGJxZXBMb2ZwM0J0dGtkSDVpcEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudygMA0E
AgACMAcDBQAqC/lAMA0GCSqGSIb3DQEBCwUAA4IBAQAM7KBkLXv0VOXO23FP4Cl1
pPyiEGuFdzW/YKPQjVZCKV0eERt/XxEpydOA8j4y1g0YXl1VCg4kI+b1xJPR32db
eNaTHLiNkh684yM7hICkvhnEA0/qAjzNaqRysCcSbAj/J8ev5YIK5oTL4yxGJBkQ
oaTaFug3CJLqkhsPFRhk59oN76KcgyldmyFHJsjG8KoXLg7OFHT+z1Oin11e0rqF
5YkHyMWt/64KaSlT/RBITNHdakB2lvNOKXi4BgPolCtBz7+37OPh+vpjuro/QKFN
JaLDIRkAnAygt1xypdO99fC43iqyn+pGZuLAJRoR2glM37FfwFL/vGS4eXhDhVs6
-----END CERTIFICATE-----