Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/va64tOb8kQO7Ri3Z6DH84A2tsZE.roa
File:                     va64tOb8kQO7Ri3Z6DH84A2tsZE.roa (raw, json)
Hash identifier:          rpeoyU3M6EPD1v3iMUNDT341o5bu5Yq1B2GWTV2mYQc=
Subject key identifier:   BD:AE:B8:B4:E6:FC:91:03:BB:46:2D:D9:E8:31:FC:E0:0D:AD:B1:91
Certificate issuer:       /CN=74d032528bb1d159766cd79de4786dcd962a1fbb
Certificate serial:       018CC795142B02B2D77570615195C8581EC3
Authority key identifier: 74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/va64tOb8kQO7Ri3Z6DH84A2tsZE.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8426
IP address blocks:        185.146.92.0/22 maxlen: 22
                          2a07:4f40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:14:2b:02:b2:d7:75:70:61:51:95:c8:58:1e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74d032528bb1d159766cd79de4786dcd962a1fbb
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdaeb8b4e6fc9103bb462dd9e831fce00dadb191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:15:e6:5b:95:5b:43:24:e8:e5:f6:25:2d:be:
                    76:47:66:cb:34:dc:bb:ce:9d:6e:65:87:77:c5:14:
                    57:39:43:8a:bf:55:76:6a:2f:b7:56:20:e0:02:54:
                    47:61:e7:8b:21:62:ee:d5:b1:b3:66:f9:79:41:a9:
                    fe:14:d3:71:47:42:cf:af:fb:21:33:9a:0c:d5:bb:
                    f8:9c:6c:81:23:1d:31:7b:60:70:bd:58:4b:e6:ae:
                    93:1d:c3:03:f6:d8:d8:65:95:4f:5d:af:e2:14:d9:
                    db:c4:3e:61:5f:07:05:5f:73:cf:c9:52:c9:e1:12:
                    57:83:1b:b7:3a:aa:9a:47:4c:9a:8c:55:1f:88:fe:
                    43:c3:de:4d:92:8f:f9:5c:08:0f:64:3d:6c:1b:d7:
                    09:e5:af:3f:b0:02:9a:fa:d0:33:f4:f0:18:f2:59:
                    3a:42:4e:dc:0a:06:69:7f:02:f7:58:33:b5:c3:ea:
                    8e:55:ae:b0:11:30:93:16:fd:85:56:67:c9:1c:28:
                    bd:6a:60:c6:6d:66:09:64:86:bf:e0:22:2c:dc:cd:
                    d7:f0:36:61:92:f9:2a:08:c4:e1:af:15:48:a6:51:
                    33:d2:55:af:f4:e8:31:d1:6d:c7:3d:e9:f1:8a:de:
                    c7:85:e9:37:48:21:4a:77:fe:a4:43:58:9d:56:68:
                    e9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:AE:B8:B4:E6:FC:91:03:BB:46:2D:D9:E8:31:FC:E0:0D:AD:B1:91
            X509v3 Authority Key Identifier:
                keyid:74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/va64tOb8kQO7Ri3Z6DH84A2tsZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.92.0/22
                IPv6:
                  2a07:4f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         f2:b9:27:15:33:b7:d8:a9:99:2d:d3:2f:4c:3c:f7:c1:11:0f:
         0b:84:3b:1d:ea:00:3a:ca:28:b0:36:ca:d6:d7:54:37:b2:fd:
         d8:9d:51:cc:15:e2:2e:c0:cd:6e:44:56:83:d0:25:d9:39:e6:
         c4:d9:5b:a5:d1:e7:52:6a:d4:4d:e9:4b:07:ae:71:21:76:55:
         30:31:f3:95:93:71:25:06:c7:41:b8:05:48:20:6f:ce:7c:a9:
         04:f2:8a:28:55:6b:e2:5b:50:2f:0d:e7:8a:f1:59:65:ad:cf:
         54:c9:4b:2a:cf:db:56:b1:02:2c:18:c9:24:7c:c6:2e:34:f8:
         73:e6:cb:b9:52:d9:01:cc:6b:ec:d3:2c:8e:54:6a:4f:71:d5:
         b8:c9:87:4d:a4:95:75:d2:a2:a8:08:f8:b9:57:ee:27:a0:52:
         b2:eb:a9:be:f7:63:7a:81:63:82:3f:2e:1d:fa:c0:fb:88:38:
         ef:02:8f:b5:2c:d6:cd:47:8e:06:76:b1:59:44:33:1e:6c:b9:
         54:de:a3:fc:dd:2a:d2:53:60:09:4f:1a:4a:99:a2:e8:4c:ab:
         de:28:3d:62:78:e6:c9:4d:80:13:87:78:43:18:29:76:13:5c:
         26:12:86:bd:10:cf:a1:33:7c:f3:0a:26:4f:4d:e3:b8:98:f8:
         33:4c:b2:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlRQrArLXdXBhUZXIWB7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZDAzMjUyOGJiMWQxNTk3NjZjZDc5ZGU0Nzg2ZGNkOTYy
YTFmYmIwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGFlYjhiNGU2ZmM5MTAzYmI0NjJkZDllODMxZmNlMDBkYWRiMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhXmW5VbQyTo5fYlLb52R2bLNNy7
zp1uZYd3xRRXOUOKv1V2ai+3ViDgAlRHYeeLIWLu1bGzZvl5Qan+FNNxR0LPr/sh
M5oM1bv4nGyBIx0xe2BwvVhL5q6THcMD9tjYZZVPXa/iFNnbxD5hXwcFX3PPyVLJ
4RJXgxu3OqqaR0yajFUfiP5Dw95Nko/5XAgPZD1sG9cJ5a8/sAKa+tAz9PAY8lk6
Qk7cCgZpfwL3WDO1w+qOVa6wETCTFv2FVmfJHCi9amDGbWYJZIa/4CIs3M3X8DZh
kvkqCMThrxVIplEz0lWv9Ogx0W3HPenxit7Hhek3SCFKd/6kQ1idVmjpkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL2uuLTm/JEDu0Yt2egx/OANrbGRMB8GA1UdIwQY
MBaAFHTQMlKLsdFZdmzXneR4bc2WKh+7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE5BeVVvdXgwVmwyYk5lZDVIaHR6WllxSDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWE0MjItYTc5MS00ZGNmLTkwZmIt
MmM5MTI3YWI0OGMzLzEvdmE2NHRPYjhrUU83UmkzWjZESDg0QTJ0c1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWE0MjItYTc5MS00ZGNmLTkwZmItMmM5MTI3YWI0OGMz
LzEvZE5BeVVvdXgwVmwyYk5lZDVIaHR6WllxSDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZJcMA0E
AgACMAcDBQMqB09AMA0GCSqGSIb3DQEBCwUAA4IBAQDyuScVM7fYqZkt0y9MPPfB
EQ8LhDsd6gA6yiiwNsrW11Q3sv3YnVHMFeIuwM1uRFaD0CXZOebE2Vul0edSatRN
6UsHrnEhdlUwMfOVk3ElBsdBuAVIIG/OfKkE8oooVWviW1AvDeeK8Vllrc9UyUsq
z9tWsQIsGMkkfMYuNPhz5su5UtkBzGvs0yyOVGpPcdW4yYdNpJV10qKoCPi5V+4n
oFKy66m+92N6gWOCPy4d+sD7iDjvAo+1LNbNR44GdrFZRDMebLlU3qP83SrSU2AJ
TxpKmaLoTKveKD1ieObJTYATh3hDGCl2E1wmEoa9EM+hM3zzCiZPTeO4mPgzTLKH
-----END CERTIFICATE-----