Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/Maw9MkzZIAqBNmLsDH-Qo6m-D00.roa
File:                     Maw9MkzZIAqBNmLsDH-Qo6m-D00.roa (raw, json)
Hash identifier:          fNB2ftojaYzfIp3Qt52S6pQX2rHXWGPz9U0P2jZsMJk=
Subject key identifier:   31:AC:3D:32:4C:D9:20:0A:81:36:62:EC:0C:7F:90:A3:A9:BE:0F:4D
Certificate issuer:       /CN=b4a2085c7de3b598216b89fb0f2b1d930de66c19
Certificate serial:       018CC3494CF35794F23AB174F7E293A857FA
Authority key identifier: B4:A2:08:5C:7D:E3:B5:98:21:6B:89:FB:0F:2B:1D:93:0D:E6:6C:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tKIIXH3jtZgha4n7Dysdkw3mbBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/Maw9MkzZIAqBNmLsDH-Qo6m-D00.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.129.18.0/24 maxlen: 24
                          185.129.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/tKIIXH3jtZgha4n7Dysdkw3mbBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/tKIIXH3jtZgha4n7Dysdkw3mbBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tKIIXH3jtZgha4n7Dysdkw3mbBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4c:f3:57:94:f2:3a:b1:74:f7:e2:93:a8:57:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4a2085c7de3b598216b89fb0f2b1d930de66c19
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31ac3d324cd9200a813662ec0c7f90a3a9be0f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a2:5e:db:fe:7d:a8:12:40:56:3b:02:3c:73:
                    63:22:60:09:d7:58:5d:b7:0b:75:cc:90:8a:5e:a4:
                    c8:ed:cf:4a:d1:31:6a:13:61:e0:80:92:59:83:ea:
                    7c:d0:06:bd:39:fa:0e:36:c2:32:f9:2e:1e:43:7f:
                    39:43:51:a0:6a:2f:3f:9e:26:3a:c9:11:6e:84:d9:
                    23:90:4e:d4:1d:e1:06:cb:9e:db:3a:29:a4:2c:e7:
                    db:e6:0e:85:ec:04:71:65:ba:3c:b1:3d:3a:ee:23:
                    5c:70:7d:06:01:df:8d:f8:de:4a:95:fb:55:e8:15:
                    36:c5:33:dd:6c:72:57:e5:25:44:8e:08:2b:d4:af:
                    93:e8:f6:c6:02:2c:af:6f:2d:59:ba:ee:02:db:99:
                    b0:86:93:b1:e0:cb:63:a6:4f:0c:85:4b:02:9d:07:
                    71:d1:d1:b7:e9:b7:47:89:38:46:4c:8f:81:b6:c0:
                    d4:e1:b9:d5:34:b5:8d:c9:58:0f:ee:5b:17:bf:ea:
                    3b:fa:af:e4:d4:6f:0c:1c:0d:45:83:40:06:07:92:
                    82:f8:9a:8f:c1:07:89:88:14:41:4b:f3:b7:48:8c:
                    ee:35:01:23:5e:4d:d3:b2:09:cf:5f:11:68:d6:c7:
                    5a:38:cb:ef:e9:f9:ec:1b:57:58:79:12:5b:96:21:
                    51:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:AC:3D:32:4C:D9:20:0A:81:36:62:EC:0C:7F:90:A3:A9:BE:0F:4D
            X509v3 Authority Key Identifier:
                keyid:B4:A2:08:5C:7D:E3:B5:98:21:6B:89:FB:0F:2B:1D:93:0D:E6:6C:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tKIIXH3jtZgha4n7Dysdkw3mbBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/Maw9MkzZIAqBNmLsDH-Qo6m-D00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d6513d-2d53-4022-8360-3117989601ad/1/tKIIXH3jtZgha4n7Dysdkw3mbBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:ff:bd:42:a3:6e:01:4f:43:55:bd:82:8d:6f:16:a2:7c:c6:
         6a:f4:3c:cf:3a:73:5d:06:9b:e8:01:f7:21:39:dd:be:24:15:
         98:b3:d2:01:d0:7b:2a:fa:75:46:cc:75:46:f3:b9:de:04:af:
         af:de:d9:91:22:da:e2:43:5a:41:8b:62:c5:78:b3:e4:d1:0b:
         e1:16:ff:81:3c:9c:19:34:94:04:56:55:b5:c3:90:fc:c2:66:
         b1:cb:b2:f7:81:d4:85:7a:cc:31:c9:b3:7e:5f:a4:37:a1:91:
         d7:7f:6e:4c:6d:91:97:df:8e:08:93:36:65:aa:16:98:df:30:
         99:2c:d4:d0:d8:20:7b:38:1e:7c:3d:ce:31:f5:3a:6d:5e:94:
         8f:88:96:4c:ad:98:ec:7a:8e:fc:b4:a7:9c:18:7c:dd:ef:8c:
         3e:93:fa:cd:5f:8e:e9:c0:3f:ee:41:3b:ea:ff:ff:d5:30:7e:
         00:fd:92:e3:ab:eb:54:08:1b:36:a3:20:25:06:5c:e4:5e:7d:
         b8:7e:46:d2:96:ae:59:bc:8b:c1:a2:68:99:f4:46:7c:02:ef:
         7e:8e:71:5e:de:e2:60:1b:95:10:d8:cb:23:2c:0d:18:44:c4:
         04:41:7c:3e:8b:68:53:bc:f4:ab:9c:75:85:5d:8a:cf:a4:db:
         2b:54:51:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUzzV5TyOrF09+KTqFf6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YTIwODVjN2RlM2I1OTgyMTZiODlmYjBmMmIxZDkzMGRl
NjZjMTkwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWFjM2QzMjRjZDkyMDBhODEzNjYyZWMwYzdmOTBhM2E5YmUwZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKJe2/59qBJAVjsCPHNjImAJ11hd
twt1zJCKXqTI7c9K0TFqE2HggJJZg+p80Aa9OfoONsIy+S4eQ385Q1Ggai8/niY6
yRFuhNkjkE7UHeEGy57bOimkLOfb5g6F7ARxZbo8sT067iNccH0GAd+N+N5KlftV
6BU2xTPdbHJX5SVEjggr1K+T6PbGAiyvby1Zuu4C25mwhpOx4Mtjpk8MhUsCnQdx
0dG36bdHiThGTI+BtsDU4bnVNLWNyVgP7lsXv+o7+q/k1G8MHA1Fg0AGB5KC+JqP
wQeJiBRBS/O3SIzuNQEjXk3TsgnPXxFo1sdaOMvv6fnsG1dYeRJbliFR9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGsPTJM2SAKgTZi7Ax/kKOpvg9NMB8GA1UdIwQY
MBaAFLSiCFx947WYIWuJ+w8rHZMN5mwZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEtJSVhIM2p0WmdoYTRuN0R5c2RrdzNtYkJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNjUxM2QtMmQ1My00MDIyLTgzNjAt
MzExNzk4OTYwMWFkLzEvTWF3OU1relpJQXFCTm1Mc0RILVFvNm0tRDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNjUxM2QtMmQ1My00MDIyLTgzNjAtMzExNzk4OTYwMWFk
LzEvdEtJSVhIM2p0WmdoYTRuN0R5c2RrdzNtYkJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYESMA0G
CSqGSIb3DQEBCwUAA4IBAQAS/71Co24BT0NVvYKNbxaifMZq9DzPOnNdBpvoAfch
Od2+JBWYs9IB0Hsq+nVGzHVG87neBK+v3tmRItriQ1pBi2LFeLPk0QvhFv+BPJwZ
NJQEVlW1w5D8wmaxy7L3gdSFeswxybN+X6Q3oZHXf25MbZGX344IkzZlqhaY3zCZ
LNTQ2CB7OB58Pc4x9TptXpSPiJZMrZjseo78tKecGHzd74w+k/rNX47pwD/uQTvq
///VMH4A/ZLjq+tUCBs2oyAlBlzkXn24fkbSlq5ZvIvBomiZ9EZ8Au9+jnFe3uJg
G5UQ2MsjLA0YRMQEQXw+i2hTvPSrnHWFXYrPpNsrVFE+
-----END CERTIFICATE-----