Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/DCuDB0mxJDVa6T8DSYCB2qJ_taY.roa
File:                     DCuDB0mxJDVa6T8DSYCB2qJ_taY.roa (raw, json)
Hash identifier:          v4Q7ry9G48V884OOYFNHuOeaDhcevZ0blTMOxAVcXFI=
Subject key identifier:   0C:2B:83:07:49:B1:24:35:5A:E9:3F:03:49:80:81:DA:A2:7F:B5:A6
Certificate issuer:       /CN=4650c6c02a9bde4e17187f05b0eca950483bf92d
Certificate serial:       018CC424C09F344E8FE6ACC97381F8D255F6
Authority key identifier: 46:50:C6:C0:2A:9B:DE:4E:17:18:7F:05:B0:EC:A9:50:48:3B:F9:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RlDGwCqb3k4XGH8FsOypUEg7-S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/DCuDB0mxJDVa6T8DSYCB2qJ_taY.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202743
IP address blocks:        185.155.20.0/22 maxlen: 22
                          188.211.28.0/23 maxlen: 23
                          2a0a:b080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/RlDGwCqb3k4XGH8FsOypUEg7-S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/RlDGwCqb3k4XGH8FsOypUEg7-S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RlDGwCqb3k4XGH8FsOypUEg7-S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c0:9f:34:4e:8f:e6:ac:c9:73:81:f8:d2:55:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4650c6c02a9bde4e17187f05b0eca950483bf92d
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c2b830749b124355ae93f03498081daa27fb5a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:cf:aa:69:4d:88:93:9b:f4:27:27:84:47:
                    4e:8c:e5:16:1d:fe:7c:cc:36:f2:92:9d:fc:4f:6c:
                    69:6e:0b:9b:cb:1d:d8:11:a8:b3:7a:09:b3:e4:b2:
                    b2:80:d1:a4:eb:09:64:5a:56:54:a7:08:af:af:cf:
                    1c:d1:2e:b3:1a:d4:1f:f4:bf:98:9f:70:43:6b:d7:
                    3d:fa:34:13:fc:9b:4d:f4:87:23:89:00:ff:f5:31:
                    1f:df:93:c4:6a:9b:a9:fa:7d:05:a6:cb:2c:fe:09:
                    7e:3b:7f:51:9c:06:32:1f:c5:8f:ec:75:61:9e:6c:
                    42:14:c7:43:33:9d:ef:42:9d:d7:36:6b:69:25:1e:
                    4d:f6:9e:7c:4b:50:49:61:56:5d:11:71:70:1f:06:
                    10:40:42:08:2a:c6:be:5a:c0:e9:7f:d5:09:6e:32:
                    d1:cf:36:5d:44:25:a3:f6:6e:46:ed:38:6e:5c:06:
                    0b:55:f0:81:8e:18:ea:78:a6:2a:9f:b3:dc:70:7f:
                    bf:b6:24:ee:43:3e:77:93:c6:33:c8:13:60:26:17:
                    7e:f2:8b:9f:da:06:8b:25:45:c8:3d:05:bf:87:c0:
                    ff:33:59:3d:ec:84:e7:4b:3d:c2:30:bd:8a:52:f4:
                    1c:c7:0b:0f:07:eb:03:62:c2:58:84:cb:28:7d:47:
                    f0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:2B:83:07:49:B1:24:35:5A:E9:3F:03:49:80:81:DA:A2:7F:B5:A6
            X509v3 Authority Key Identifier:
                keyid:46:50:C6:C0:2A:9B:DE:4E:17:18:7F:05:B0:EC:A9:50:48:3B:F9:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RlDGwCqb3k4XGH8FsOypUEg7-S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/DCuDB0mxJDVa6T8DSYCB2qJ_taY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/RlDGwCqb3k4XGH8FsOypUEg7-S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.20.0/22
                  188.211.28.0/23
                IPv6:
                  2a0a:b080::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:f7:b0:f4:0f:4d:12:66:ab:48:66:46:c2:42:e4:58:4c:33:
         9c:5d:8f:6a:c7:fc:56:be:d3:0a:38:ff:4a:7c:e7:14:4f:1f:
         ed:0b:f6:a3:63:c0:64:44:42:c6:25:86:05:a2:cc:f5:31:17:
         a1:1f:81:6f:39:78:1e:e2:bc:ce:35:99:0c:c2:96:4b:7f:e5:
         07:3c:5e:6e:d1:d1:60:12:52:6a:28:e3:64:ac:0f:85:48:2b:
         8a:30:f8:2e:2b:a1:9c:4a:ae:5e:38:62:01:76:54:c8:99:2b:
         ac:e9:4a:95:a1:e1:e2:7f:a1:e8:ca:3e:66:6b:f3:eb:df:a7:
         1b:0e:d0:88:23:ec:23:13:2b:43:d5:e0:c7:ac:fd:91:52:99:
         7e:77:60:10:8c:08:65:4e:6f:53:85:2a:de:fb:6f:cd:60:83:
         2e:0c:2c:ba:cf:f4:f7:73:c2:1d:e1:c1:5f:61:b6:54:4a:89:
         03:40:a3:d1:db:83:e5:16:f1:10:8f:db:c3:45:01:df:4e:1a:
         d9:cb:f5:ca:fc:2e:e9:99:2d:54:e1:4e:2f:f6:9a:cc:0c:84:
         20:17:bd:39:4e:75:ff:e8:20:7a:23:ce:c3:de:3e:4f:32:9d:
         51:ba:00:eb:bb:81:b8:7f:01:42:92:94:9c:9e:c0:47:78:c9:
         52:ad:41:05
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJMCfNE6P5qzJc4H40lX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NTBjNmMwMmE5YmRlNGUxNzE4N2YwNWIwZWNhOTUwNDgz
YmY5MmQwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzJiODMwNzQ5YjEyNDM1NWFlOTNmMDM0OTgwODFkYWEyN2ZiNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7DPqmlNiJOb9CcnhEdOjOUWHf58
zDbykp38T2xpbgubyx3YEaizegmz5LKygNGk6wlkWlZUpwivr88c0S6zGtQf9L+Y
n3BDa9c9+jQT/JtN9IcjiQD/9TEf35PEapup+n0Fpsss/gl+O39RnAYyH8WP7HVh
nmxCFMdDM53vQp3XNmtpJR5N9p58S1BJYVZdEXFwHwYQQEIIKsa+WsDpf9UJbjLR
zzZdRCWj9m5G7ThuXAYLVfCBjhjqeKYqn7PccH+/tiTuQz53k8YzyBNgJhd+8ouf
2gaLJUXIPQW/h8D/M1k97ITnSz3CML2KUvQcxwsPB+sDYsJYhMsofUfwpwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAwrgwdJsSQ1Wuk/A0mAgdqif7WmMB8GA1UdIwQY
MBaAFEZQxsAqm95OFxh/BbDsqVBIO/ktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmxER3dDcWIzazRYR0g4RnNPeXBVRWc3LVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zNzM0MTQtOWNlNC00NmY1LTk0MGUt
NDljMjQyOTJlOWJkLzEvREN1REIwbXhKRFZhNlQ4RFNZQ0IycUpfdGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zNzM0MTQtOWNlNC00NmY1LTk0MGUtNDljMjQyOTJlOWJk
LzEvUmxER3dDcWIzazRYR0g4RnNPeXBVRWc3LVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZsUAwQB
vNMcMA0EAgACMAcDBQMqCrCAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ97D0D00SZqtI
ZkbCQuRYTDOcXY9qx/xWvtMKOP9KfOcUTx/tC/ajY8BkRELGJYYFosz1MRehH4Fv
OXge4rzONZkMwpZLf+UHPF5u0dFgElJqKONkrA+FSCuKMPguK6GcSq5eOGIBdlTI
mSus6UqVoeHif6Hoyj5ma/Pr36cbDtCII+wjEytD1eDHrP2RUpl+d2AQjAhlTm9T
hSre+2/NYIMuDCy6z/T3c8Id4cFfYbZUSokDQKPR24PlFvEQj9vDRQHfThrZy/XK
/C7pmS1U4U4v9prMDIQgF705TnX/6CB6I87D3j5PMp1RugDru4G4fwFCkpScnsBH
eMlSrUEF
-----END CERTIFICATE-----