Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/reWZT0UORhg7cGXlbPTGhHYkFTM.roa
File:                     reWZT0UORhg7cGXlbPTGhHYkFTM.roa (raw, json)
Hash identifier:          F9qgGcdxO88fnHlxcWmoRdiJYW44zdoxjl1CpOMMi0Q=
Subject key identifier:   AD:E5:99:4F:45:0E:46:18:3B:70:65:E5:6C:F4:C6:84:76:24:15:33
Certificate issuer:       /CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
Certificate serial:       018CC4251C20AA3BA64BF72CF0E031632930
Authority key identifier: AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/reWZT0UORhg7cGXlbPTGhHYkFTM.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43998
IP address blocks:        185.111.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1c:20:aa:3b:a6:4b:f7:2c:f0:e0:31:63:29:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ade5994f450e46183b7065e56cf4c68476241533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d8:c7:7a:fe:48:3d:42:ce:1a:d2:8c:e3:32:
                    39:6d:6b:ed:25:c7:8b:77:93:c6:6d:32:89:58:f8:
                    3c:a0:d5:19:aa:c7:53:11:9f:38:d8:1d:1f:46:84:
                    01:83:40:c6:24:97:d5:01:c2:89:5f:fe:a3:de:34:
                    46:97:04:a8:38:1b:ce:0e:66:a3:98:05:a8:37:06:
                    4c:e4:24:4c:21:ab:a3:e1:93:0e:f3:31:50:be:af:
                    f5:c6:f6:ad:b5:2e:a5:ea:bf:a7:41:bf:22:e3:63:
                    f7:f3:dd:9b:f5:ec:c5:46:84:35:4c:70:9e:3f:10:
                    a9:5e:34:ab:51:50:4a:f6:56:a8:3f:a1:ba:f5:74:
                    e1:7b:66:0d:c5:2b:aa:27:8a:dd:df:f3:f9:a0:c7:
                    95:48:f8:ee:07:5a:ec:d0:f5:cd:dc:13:44:2d:0f:
                    b4:13:fd:a0:46:c5:b6:41:34:15:5a:6f:6e:01:c0:
                    50:85:e3:21:96:20:7f:8c:31:4c:f0:fc:40:7e:33:
                    4c:a2:5d:51:f4:66:6b:55:c4:58:77:db:57:36:e0:
                    61:42:1b:6b:96:04:51:2f:a8:e8:09:e1:28:44:db:
                    8a:8e:92:0b:94:92:88:4f:65:e1:8c:16:5b:bd:b8:
                    79:ab:eb:00:cb:56:78:d0:a3:0f:6f:b0:ff:85:64:
                    f2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E5:99:4F:45:0E:46:18:3B:70:65:E5:6C:F4:C6:84:76:24:15:33
            X509v3 Authority Key Identifier:
                keyid:AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/reWZT0UORhg7cGXlbPTGhHYkFTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:b6:76:9e:32:44:58:7e:93:ac:6e:df:e2:33:e1:74:6c:08:
         1f:74:87:06:07:65:5d:ec:1e:94:18:31:3e:9a:5c:21:7f:89:
         49:f0:3d:64:72:dd:41:42:db:b1:c4:05:4d:c3:75:fd:5f:d6:
         2f:a4:64:15:78:45:06:b4:b6:65:eb:4e:47:83:ab:97:a5:40:
         f8:e7:10:00:70:9a:1a:8a:47:9d:c2:30:7d:be:20:5f:d6:99:
         23:85:da:12:c0:70:59:e8:9e:b1:ec:58:fe:bc:75:98:e9:43:
         6f:4f:9e:3e:c2:5a:79:d6:36:70:7d:1f:4f:df:58:2f:eb:7f:
         c6:c5:9c:aa:dd:db:9a:a4:3b:ab:9c:c3:c3:1c:ea:04:cc:9f:
         74:11:de:ac:16:16:a2:c2:7c:12:bb:76:86:6b:0b:94:bb:bf:
         7c:79:3d:a4:30:11:8d:54:67:1c:02:b3:b1:b5:e3:52:68:db:
         ef:a2:7a:0e:8a:71:bd:ef:94:2c:4b:6e:5e:d1:42:65:b4:c2:
         87:62:d6:38:ff:a5:cd:5a:1b:8d:99:83:f6:38:a2:20:81:b5:
         95:ac:24:1a:7b:a0:07:28:65:91:2d:30:e0:54:e6:35:7a:e0:
         30:6d:3a:76:0f:75:6f:e7:73:d7:2c:af:76:49:9f:ec:32:c1:
         43:26:fe:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRwgqjumS/cs8OAxYykwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNGYwMGY1YzNhYjNkZjRjNjc0YTQxMGQ4YTBmMDE4MmZi
NWU5MTgwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGU1OTk0ZjQ1MGU0NjE4M2I3MDY1ZTU2Y2Y0YzY4NDc2MjQxNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA69jHev5IPULOGtKM4zI5bWvtJceL
d5PGbTKJWPg8oNUZqsdTEZ842B0fRoQBg0DGJJfVAcKJX/6j3jRGlwSoOBvODmaj
mAWoNwZM5CRMIauj4ZMO8zFQvq/1xvattS6l6r+nQb8i42P3892b9ezFRoQ1THCe
PxCpXjSrUVBK9laoP6G69XThe2YNxSuqJ4rd3/P5oMeVSPjuB1rs0PXN3BNELQ+0
E/2gRsW2QTQVWm9uAcBQheMhliB/jDFM8PxAfjNMol1R9GZrVcRYd9tXNuBhQhtr
lgRRL6joCeEoRNuKjpILlJKIT2XhjBZbvbh5q+sAy1Z40KMPb7D/hWTy0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3lmU9FDkYYO3Bl5Wz0xoR2JBUzMB8GA1UdIwQY
MBaAFKtPAPXDqz30xnSkENig8BgvtekYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUt
Mzg1M2QzNDBjOWE2LzEvcmVXWlQwVU9SaGc3Y0dYbGJQVEdoSFlrRlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUtMzg1M2QzNDBjOWE2
LzEvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW90MA0G
CSqGSIb3DQEBCwUAA4IBAQDBtnaeMkRYfpOsbt/iM+F0bAgfdIcGB2Vd7B6UGDE+
mlwhf4lJ8D1kct1BQtuxxAVNw3X9X9YvpGQVeEUGtLZl605Hg6uXpUD45xAAcJoa
ikedwjB9viBf1pkjhdoSwHBZ6J6x7Fj+vHWY6UNvT54+wlp51jZwfR9P31gv63/G
xZyq3duapDurnMPDHOoEzJ90Ed6sFhaiwnwSu3aGawuUu798eT2kMBGNVGccArOx
teNSaNvvonoOinG975QsS25e0UJltMKHYtY4/6XNWhuNmYP2OKIggbWVrCQae6AH
KGWRLTDgVOY1euAwbTp2D3Vv53PXLK92SZ/sMsFDJv7G
-----END CERTIFICATE-----