Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/18feb3-f3d2-49f3-90d2-9d4b16b59de6/1/i_OwqYQ4eJ_T1-ssG4RT_t_anP0.roa
File:                     i_OwqYQ4eJ_T1-ssG4RT_t_anP0.roa (raw, json)
Hash identifier:          aRwaMYnNlZwAcLQFAIsvUz9uQRQlE2ljvhAQOABALJI=
Subject key identifier:   8B:F3:B0:A9:84:38:78:9F:D3:D7:EB:2C:1B:84:53:FE:DF:DA:9C:FD
Certificate issuer:       /CN=082a6e377f1c885a6d73f3f569fd06d7ea4c7a45
Certificate serial:       018CCA2853EB881A74E35CBA49B338AA779D
Authority key identifier: 08:2A:6E:37:7F:1C:88:5A:6D:73:F3:F5:69:FD:06:D7:EA:4C:7A:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCpuN38ciFptc_P1af0G1-pMekU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/18feb3-f3d2-49f3-90d2-9d4b16b59de6/1/i_OwqYQ4eJ_T1-ssG4RT_t_anP0.roa
Signing time:             Tue 02 Jan 2024 12:31:29 +0000
ROA not before:           Tue 02 Jan 2024 12:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57795
IP address blocks:        185.157.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/18feb3-f3d2-49f3-90d2-9d4b16b59de6/1/CCpuN38ciFptc_P1af0G1-pMekU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/18feb3-f3d2-49f3-90d2-9d4b16b59de6/1/CCpuN38ciFptc_P1af0G1-pMekU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCpuN38ciFptc_P1af0G1-pMekU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:53:eb:88:1a:74:e3:5c:ba:49:b3:38:aa:77:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082a6e377f1c885a6d73f3f569fd06d7ea4c7a45
        Validity
            Not Before: Jan  2 12:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bf3b0a98438789fd3d7eb2c1b8453fedfda9cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4d:0c:90:0c:38:b5:c9:13:f8:12:3a:bb:35:
                    d4:f2:2c:db:ac:19:62:22:bd:ea:f8:04:7d:bc:ed:
                    5d:f2:0e:e1:0c:52:a2:8e:4c:5c:4c:e5:e5:74:86:
                    ca:d7:6b:70:87:62:f5:66:90:20:ea:b7:a0:aa:01:
                    9b:5d:79:53:f9:62:ef:ed:1e:68:6b:56:3c:ac:6b:
                    a5:a7:f2:90:a4:ec:e4:b2:23:43:e9:40:b0:64:1a:
                    d7:e5:f6:1f:1c:f1:38:b1:fb:e8:72:b1:69:c8:c5:
                    80:ae:d1:5c:3c:7c:d9:47:7c:ca:13:e9:0b:75:e7:
                    14:7d:28:14:ba:2d:8e:f3:b1:32:4e:13:fb:4b:2f:
                    f5:5d:25:d6:36:5d:6f:ea:16:4d:ef:5a:76:55:84:
                    26:c1:4d:93:22:93:81:4e:9d:35:01:71:1e:7e:22:
                    7f:68:38:97:e3:c3:85:9c:f8:0e:47:80:88:e4:93:
                    b0:4c:5b:bd:a8:b1:1a:fb:06:5d:60:da:ea:33:d2:
                    56:ec:43:cc:5f:c6:c4:68:8d:9e:f4:c7:86:d0:8a:
                    5b:df:2c:6d:30:3f:bb:dd:fe:b6:27:92:02:85:da:
                    0f:db:71:d3:6d:f7:cb:cb:d9:00:c7:cc:f9:76:15:
                    5d:96:8c:e4:6f:1a:56:5c:4d:47:7b:7a:92:17:cc:
                    17:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F3:B0:A9:84:38:78:9F:D3:D7:EB:2C:1B:84:53:FE:DF:DA:9C:FD
            X509v3 Authority Key Identifier:
                keyid:08:2A:6E:37:7F:1C:88:5A:6D:73:F3:F5:69:FD:06:D7:EA:4C:7A:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCpuN38ciFptc_P1af0G1-pMekU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/18feb3-f3d2-49f3-90d2-9d4b16b59de6/1/i_OwqYQ4eJ_T1-ssG4RT_t_anP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/18feb3-f3d2-49f3-90d2-9d4b16b59de6/1/CCpuN38ciFptc_P1af0G1-pMekU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:0d:ab:d3:43:e5:7a:28:e7:53:a3:7d:ac:e9:28:bf:d7:74:
         24:08:47:3e:3c:ab:e7:2b:92:a5:82:b4:80:a5:2a:52:4f:3f:
         08:b9:84:d3:f0:5a:66:d6:55:26:1c:89:c9:42:99:01:7a:4d:
         9f:3d:94:45:8c:54:04:9e:63:38:4f:5f:0f:d8:90:d5:4f:69:
         75:88:5a:89:6a:a0:a3:74:35:0f:90:e4:6f:8b:3b:dc:7f:10:
         16:2a:50:61:c7:e0:9d:54:fb:6f:26:3b:37:77:c4:c0:96:67:
         36:3c:a0:01:0d:d1:77:66:c2:0e:31:86:8b:37:2d:2c:35:d9:
         00:92:cd:1b:af:41:80:dc:63:08:f2:ad:b0:4f:90:68:52:b3:
         68:bd:f9:59:34:8b:52:5c:05:12:73:96:47:8c:5e:82:ba:9d:
         7f:57:3d:80:11:c1:4b:09:64:87:f4:43:9e:58:e6:7c:7c:6d:
         40:3a:0b:3d:c8:d8:a2:be:bf:c9:57:05:4f:56:90:08:bc:67:
         6d:ce:8c:40:b3:26:2d:42:c9:23:3e:7f:87:66:0e:6f:c9:c1:
         2d:39:66:51:eb:09:4c:27:ae:ee:e7:99:41:26:92:8f:43:44:
         34:02:2e:e8:56:76:d7:c0:22:89:e5:91:aa:b3:96:69:2e:49:
         1b:88:37:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKFPriBp041y6SbM4qnedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MmE2ZTM3N2YxYzg4NWE2ZDczZjNmNTY5ZmQwNmQ3ZWE0
YzdhNDUwHhcNMjQwMTAyMTIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmYzYjBhOTg0Mzg3ODlmZDNkN2ViMmMxYjg0NTNmZWRmZGE5Y2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk00MkAw4tckT+BI6uzXU8izbrBli
Ir3q+AR9vO1d8g7hDFKijkxcTOXldIbK12twh2L1ZpAg6regqgGbXXlT+WLv7R5o
a1Y8rGulp/KQpOzksiND6UCwZBrX5fYfHPE4sfvocrFpyMWArtFcPHzZR3zKE+kL
decUfSgUui2O87EyThP7Sy/1XSXWNl1v6hZN71p2VYQmwU2TIpOBTp01AXEefiJ/
aDiX48OFnPgOR4CI5JOwTFu9qLEa+wZdYNrqM9JW7EPMX8bEaI2e9MeG0Ipb3yxt
MD+73f62J5IChdoP23HTbffLy9kAx8z5dhVdlozkbxpWXE1He3qSF8wXmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvzsKmEOHif09frLBuEU/7f2pz9MB8GA1UdIwQY
MBaAFAgqbjd/HIhabXPz9Wn9BtfqTHpFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0NwdU4zOGNpRnB0Y19QMWFmMEcxLXBNZWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8xOGZlYjMtZjNkMi00OWYzLTkwZDIt
OWQ0YjE2YjU5ZGU2LzEvaV9Pd3FZUTRlSl9UMS1zc0c0UlRfdF9hblAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8xOGZlYjMtZjNkMi00OWYzLTkwZDItOWQ0YjE2YjU5ZGU2
LzEvQ0NwdU4zOGNpRnB0Y19QMWFmMEcxLXBNZWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ2QMA0G
CSqGSIb3DQEBCwUAA4IBAQAwDavTQ+V6KOdTo32s6Si/13QkCEc+PKvnK5KlgrSA
pSpSTz8IuYTT8Fpm1lUmHInJQpkBek2fPZRFjFQEnmM4T18P2JDVT2l1iFqJaqCj
dDUPkORvizvcfxAWKlBhx+CdVPtvJjs3d8TAlmc2PKABDdF3ZsIOMYaLNy0sNdkA
ks0br0GA3GMI8q2wT5BoUrNovflZNItSXAUSc5ZHjF6Cup1/Vz2AEcFLCWSH9EOe
WOZ8fG1AOgs9yNiivr/JVwVPVpAIvGdtzoxAsyYtQskjPn+HZg5vycEtOWZR6wlM
J67u55lBJpKPQ0Q0Ai7oVnbXwCKJ5ZGqs5ZpLkkbiDcz
-----END CERTIFICATE-----