Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/f870c4-bdc9-453b-b3c8-491d30f4a2c8/1/atRZqPWXQdLu01jjNGXvRiMxEYE.roa
File:                     atRZqPWXQdLu01jjNGXvRiMxEYE.roa (raw, json)
Hash identifier:          FT/tZV5kcojn0G8csEsTe8Ikk6uqJhX2hic3iki1upA=
Subject key identifier:   6A:D4:59:A8:F5:97:41:D2:EE:D3:58:E3:34:65:EF:46:23:31:11:81
Certificate issuer:       /CN=4e98acc86f41c4715b10c1dd52631c32a8194a30
Certificate serial:       018CC6B794E01B156C272B0FC02AA2D2EA9B
Authority key identifier: 4E:98:AC:C8:6F:41:C4:71:5B:10:C1:DD:52:63:1C:32:A8:19:4A:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TpisyG9BxHFbEMHdUmMcMqgZSjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/f870c4-bdc9-453b-b3c8-491d30f4a2c8/1/atRZqPWXQdLu01jjNGXvRiMxEYE.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59925
IP address blocks:        185.66.36.0/22 maxlen: 22
                          2a03:1e20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/f870c4-bdc9-453b-b3c8-491d30f4a2c8/1/TpisyG9BxHFbEMHdUmMcMqgZSjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/f870c4-bdc9-453b-b3c8-491d30f4a2c8/1/TpisyG9BxHFbEMHdUmMcMqgZSjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TpisyG9BxHFbEMHdUmMcMqgZSjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:e0:1b:15:6c:27:2b:0f:c0:2a:a2:d2:ea:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e98acc86f41c4715b10c1dd52631c32a8194a30
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad459a8f59741d2eed358e33465ef4623311181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0e:4c:a1:39:e3:64:28:ee:bd:b7:69:71:b4:
                    e9:b9:70:47:e5:a0:db:15:79:40:91:14:79:2a:31:
                    17:f7:5f:06:8f:40:fa:c8:05:10:c5:1d:b0:8b:09:
                    2a:a0:b7:12:46:86:f6:0c:8c:16:ef:68:1e:0d:78:
                    d0:5b:c9:fc:f2:f5:bd:01:50:8d:df:ec:80:08:a1:
                    1e:af:53:62:22:66:46:48:7e:cb:3b:e9:c0:33:e7:
                    51:4a:b9:63:b9:cf:f1:80:5d:f0:2b:84:a3:9c:20:
                    75:d0:d1:f7:46:a5:e6:4f:d8:a1:0a:4b:e3:2f:ee:
                    f1:15:eb:38:f2:40:83:6f:38:6a:7f:da:35:50:6f:
                    4f:07:24:0c:70:26:eb:89:07:31:1c:f3:ce:8b:0b:
                    62:84:5e:1b:13:2c:76:7a:f9:72:d5:b8:b5:a0:b3:
                    6d:cc:0d:9f:86:69:63:02:41:36:62:a1:6f:6f:b7:
                    47:35:9f:31:60:9c:74:64:e5:a3:ea:c8:b2:6e:d0:
                    fc:71:08:35:ec:b8:c2:c6:e8:82:a9:97:62:3c:7f:
                    e7:84:61:38:09:84:d7:94:ef:dc:6b:00:3a:bf:af:
                    3a:0d:ab:7e:3d:10:4b:a6:1f:85:5b:c8:c7:1e:4e:
                    99:67:ca:f7:18:14:43:05:a7:a6:39:db:87:df:b2:
                    9e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D4:59:A8:F5:97:41:D2:EE:D3:58:E3:34:65:EF:46:23:31:11:81
            X509v3 Authority Key Identifier:
                keyid:4E:98:AC:C8:6F:41:C4:71:5B:10:C1:DD:52:63:1C:32:A8:19:4A:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TpisyG9BxHFbEMHdUmMcMqgZSjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/f870c4-bdc9-453b-b3c8-491d30f4a2c8/1/atRZqPWXQdLu01jjNGXvRiMxEYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/f870c4-bdc9-453b-b3c8-491d30f4a2c8/1/TpisyG9BxHFbEMHdUmMcMqgZSjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.36.0/22
                IPv6:
                  2a03:1e20::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:eb:55:b8:c0:df:11:43:4e:39:5f:f4:69:a1:3b:16:f1:27:
         ad:c3:39:2d:40:af:8f:a2:d7:b1:64:09:e2:2c:ce:81:8e:84:
         da:f8:ec:a4:ae:d7:e1:8b:c1:a5:a3:7c:15:3c:c1:49:2e:40:
         ba:ac:8e:24:35:8c:b0:2d:8c:83:d9:70:2e:da:d0:e0:64:64:
         97:0e:6d:55:79:96:7f:58:ff:ad:5f:70:97:9e:8f:f2:ff:07:
         32:1a:2e:f6:f1:cd:4c:d0:b0:a3:f4:15:86:85:f8:da:73:17:
         17:03:0e:07:ff:1c:12:63:8f:8a:3e:08:ad:12:f8:31:e9:9b:
         78:94:eb:f8:f8:ca:47:fe:69:88:49:80:8c:26:69:10:1d:89:
         82:d4:57:79:05:d3:bd:e2:73:97:a2:50:ec:e0:b1:c1:f2:bc:
         7d:36:63:8f:56:67:69:44:3f:2c:f0:71:22:ac:0a:af:42:31:
         b0:f0:a5:1a:b3:b3:ec:50:ee:be:e2:35:86:19:33:2e:4f:a6:
         a0:78:7f:af:d0:b0:5b:95:d2:90:d3:5e:37:69:1a:22:94:88:
         cd:ef:bf:9c:24:e5:df:fb:b2:5e:50:65:eb:1a:07:3d:58:36:
         8b:2b:1d:7b:91:b6:cf:4d:08:14:bf:8d:d3:bd:26:f7:d7:e6:
         63:c6:29:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt5TgGxVsJysPwCqi0uqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlOThhY2M4NmY0MWM0NzE1YjEwYzFkZDUyNjMxYzMyYTgx
OTRhMzAwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ0NTlhOGY1OTc0MWQyZWVkMzU4ZTMzNDY1ZWY0NjIzMzExMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ5MoTnjZCjuvbdpcbTpuXBH5aDb
FXlAkRR5KjEX918Gj0D6yAUQxR2wiwkqoLcSRob2DIwW72geDXjQW8n88vW9AVCN
3+yACKEer1NiImZGSH7LO+nAM+dRSrljuc/xgF3wK4SjnCB10NH3RqXmT9ihCkvj
L+7xFes48kCDbzhqf9o1UG9PByQMcCbriQcxHPPOiwtihF4bEyx2evly1bi1oLNt
zA2fhmljAkE2YqFvb7dHNZ8xYJx0ZOWj6siybtD8cQg17LjCxuiCqZdiPH/nhGE4
CYTXlO/cawA6v686Dat+PRBLph+FW8jHHk6ZZ8r3GBRDBaemOduH37KeFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGrUWaj1l0HS7tNY4zRl70YjMRGBMB8GA1UdIwQY
MBaAFE6YrMhvQcRxWxDB3VJjHDKoGUowMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHBpc3lHOUJ4SEZiRU1IZFVtTWNNcWdaU2pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9mODcwYzQtYmRjOS00NTNiLWIzYzgt
NDkxZDMwZjRhMmM4LzEvYXRSWnFQV1hRZEx1MDFqak5HWHZSaU14RVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9mODcwYzQtYmRjOS00NTNiLWIzYzgtNDkxZDMwZjRhMmM4
LzEvVHBpc3lHOUJ4SEZiRU1IZFVtTWNNcWdaU2pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUIkMA0E
AgACMAcDBQAqAx4gMA0GCSqGSIb3DQEBCwUAA4IBAQCd61W4wN8RQ045X/RpoTsW
8SetwzktQK+PotexZAniLM6BjoTa+Oykrtfhi8Glo3wVPMFJLkC6rI4kNYywLYyD
2XAu2tDgZGSXDm1VeZZ/WP+tX3CXno/y/wcyGi728c1M0LCj9BWGhfjacxcXAw4H
/xwSY4+KPgitEvgx6Zt4lOv4+MpH/mmISYCMJmkQHYmC1Fd5BdO94nOXolDs4LHB
8rx9NmOPVmdpRD8s8HEirAqvQjGw8KUas7PsUO6+4jWGGTMuT6ageH+v0LBbldKQ
0143aRoilIjN77+cJOXf+7JeUGXrGgc9WDaLKx17kbbPTQgUv43TvSb31+Zjximx
-----END CERTIFICATE-----