Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/oDM0Cv-MceD1qmxUAJiVKueMxxI.roa
File:                     oDM0Cv-MceD1qmxUAJiVKueMxxI.roa (raw, json)
Hash identifier:          fcjJ9pYwN8VOkh3JRMjiKpWvdFJ1RjN9yu7uspw4GVQ=
Subject key identifier:   A0:33:34:0A:FF:8C:71:E0:F5:AA:6C:54:00:98:95:2A:E7:8C:C7:12
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       018CC94CC85949626291CF572E9EB7E32BA2
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/oDM0Cv-MceD1qmxUAJiVKueMxxI.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49562
IP address blocks:        185.2.172.0/23 maxlen: 23
                          185.2.172.0/22 maxlen: 22
                          2a02:80c0::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c8:59:49:62:62:91:cf:57:2e:9e:b7:e3:2b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a033340aff8c71e0f5aa6c540098952ae78cc712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1c:bf:6d:5f:c0:57:c9:3f:84:03:b5:0b:1d:
                    cf:de:d6:23:10:55:0f:80:2e:f3:13:b4:63:6b:d5:
                    3d:60:54:72:17:60:46:a0:97:77:04:f6:63:4c:fc:
                    03:24:7b:3b:83:e1:64:16:3a:50:1c:c6:8a:46:b4:
                    7d:59:18:44:a4:ac:cc:d9:89:24:ff:22:31:fc:e1:
                    ed:b5:e8:a1:fe:22:ea:e6:1b:61:f7:1a:df:c8:89:
                    87:9c:ed:30:61:aa:f1:2b:64:0d:fa:28:8a:b7:4f:
                    01:87:29:96:02:69:e1:a3:56:8d:6a:ff:1d:39:15:
                    07:81:99:37:02:e3:48:58:3d:3a:d3:31:57:c6:2d:
                    8a:20:e3:e5:72:96:45:07:a2:af:c8:98:d3:c5:6a:
                    e4:2e:1b:69:26:48:39:6f:ab:eb:a5:e4:20:24:27:
                    60:8d:fb:60:60:54:b3:bb:d6:bb:e9:19:2c:c9:33:
                    1b:45:a7:f9:af:97:fc:94:d3:59:5c:84:4b:58:9a:
                    1b:de:22:59:0e:00:49:9d:63:d9:20:ce:62:40:27:
                    77:bb:5f:18:1f:87:1d:e7:94:8b:19:dd:9d:f0:df:
                    2e:ab:a5:fe:c0:18:a5:fc:32:40:e1:24:4a:89:27:
                    d2:c1:0d:8c:b5:1d:9e:54:08:e1:12:ab:34:01:92:
                    c6:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:33:34:0A:FF:8C:71:E0:F5:AA:6C:54:00:98:95:2A:E7:8C:C7:12
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/oDM0Cv-MceD1qmxUAJiVKueMxxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.172.0/22
                IPv6:
                  2a02:80c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         7c:be:92:2d:ca:e8:a7:2c:97:c2:16:0c:03:4f:3e:71:5a:dd:
         84:8c:4e:f0:26:fd:4c:25:d7:1e:93:73:ae:e7:85:1a:6c:26:
         1f:d2:45:30:f2:19:5a:0a:56:88:e5:69:cb:d7:12:6f:8d:c0:
         ee:31:67:70:8c:61:66:54:2b:32:fa:7a:35:7f:bd:96:a2:8a:
         1c:e9:e3:77:9b:7d:e3:ef:ba:4f:5e:f1:2d:9d:bc:a0:af:e5:
         b4:dd:b4:ab:a3:bc:31:00:95:fa:79:78:03:b9:6d:61:bf:a5:
         40:3d:42:8d:ac:01:d2:04:df:cf:dc:c8:62:53:cc:fe:58:b5:
         8f:b1:f5:fd:b6:c1:15:35:81:a0:dc:65:95:5a:2e:8a:38:8c:
         89:11:c0:74:83:79:fa:c4:f3:26:65:c5:e8:aa:85:61:ed:d9:
         d4:5f:11:f2:6f:6b:04:51:44:a8:74:a9:4c:61:ac:55:eb:f2:
         23:55:25:c1:07:ea:79:71:a9:04:17:e3:08:c6:b3:6d:91:da:
         ff:52:cf:27:30:fd:db:98:f3:a9:5b:ae:72:f3:21:b4:cc:d7:
         b7:28:ff:c1:46:6a:6b:f3:07:2d:bc:10:61:5a:e2:33:ec:1b:
         a2:12:3b:ff:26:f9:90:45:d2:95:ed:b3:e6:ad:5c:39:fb:e0:
         bf:62:e6:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTMhZSWJikc9XLp634yuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDMzMzQwYWZmOGM3MWUwZjVhYTZjNTQwMDk4OTUyYWU3OGNjNzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBy/bV/AV8k/hAO1Cx3P3tYjEFUP
gC7zE7Rja9U9YFRyF2BGoJd3BPZjTPwDJHs7g+FkFjpQHMaKRrR9WRhEpKzM2Ykk
/yIx/OHtteih/iLq5hth9xrfyImHnO0wYarxK2QN+iiKt08BhymWAmnho1aNav8d
ORUHgZk3AuNIWD060zFXxi2KIOPlcpZFB6KvyJjTxWrkLhtpJkg5b6vrpeQgJCdg
jftgYFSzu9a76RksyTMbRaf5r5f8lNNZXIRLWJob3iJZDgBJnWPZIM5iQCd3u18Y
H4cd55SLGd2d8N8uq6X+wBil/DJA4SRKiSfSwQ2MtR2eVAjhEqs0AZLGMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKAzNAr/jHHg9apsVACYlSrnjMcSMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvb0RNMEN2LU1jZUQxcW14VUFKaVZLdWVNeHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQKsMA0E
AgACMAcDBQIqAoDAMA0GCSqGSIb3DQEBCwUAA4IBAQB8vpItyuinLJfCFgwDTz5x
Wt2EjE7wJv1MJdcek3Ou54UabCYf0kUw8hlaClaI5WnL1xJvjcDuMWdwjGFmVCsy
+no1f72Woooc6eN3m33j77pPXvEtnbygr+W03bSro7wxAJX6eXgDuW1hv6VAPUKN
rAHSBN/P3MhiU8z+WLWPsfX9tsEVNYGg3GWVWi6KOIyJEcB0g3n6xPMmZcXoqoVh
7dnUXxHyb2sEUUSodKlMYaxV6/IjVSXBB+p5cakEF+MIxrNtkdr/Us8nMP3bmPOp
W65y8yG0zNe3KP/BRmpr8wctvBBhWuIz7BuiEjv/JvmQRdKV7bPmrVw5++C/YuZY
-----END CERTIFICATE-----