Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/A0wNRtYNAv5pN1_gcmsf_bUnfRk.roa
File:                     A0wNRtYNAv5pN1_gcmsf_bUnfRk.roa (raw, json)
Hash identifier:          4qrjlA1OwrQa2t6aCVFRejTm2sBkHP6eFx4xuqVqR3U=
Subject key identifier:   03:4C:0D:46:D6:0D:02:FE:69:37:5F:E0:72:6B:1F:FD:B5:27:7D:19
Certificate issuer:       /CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
Certificate serial:       018CC26D6DBE146BD80F2CF4E405CCE1F710
Authority key identifier: F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/A0wNRtYNAv5pN1_gcmsf_bUnfRk.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.71.219.0/24 maxlen: 24
                          185.71.216.0/24 maxlen: 24
                          185.71.217.0/24 maxlen: 24
                          185.71.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6d:be:14:6b:d8:0f:2c:f4:e4:05:cc:e1:f7:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=034c0d46d60d02fe69375fe0726b1ffdb5277d19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:eb:af:61:9a:83:bf:04:e1:f0:59:1b:f3:92:
                    39:c3:71:77:cc:ba:2d:69:ca:e7:6a:a0:fd:0b:ac:
                    a0:11:45:0c:3c:38:07:2e:a0:ba:6d:97:a9:ac:e9:
                    31:88:a9:fc:8a:1d:cd:7a:ac:97:8a:85:67:a7:fb:
                    77:48:83:b3:d2:87:b7:97:2e:24:4c:76:5c:dc:9f:
                    b5:45:f8:bf:fe:fb:13:3a:77:07:c0:23:79:a3:b5:
                    d4:f4:49:7b:23:97:17:5e:f0:60:de:22:91:81:90:
                    12:49:4b:18:36:cb:76:2b:ae:da:01:e5:98:74:ea:
                    9c:c1:06:d2:6f:93:ea:fc:68:0a:a7:29:ff:1c:65:
                    6c:89:4a:d1:ee:03:6b:bf:75:70:c7:fc:af:34:58:
                    e7:6b:bd:59:99:a2:1d:45:90:86:b5:ca:4f:4f:ce:
                    1c:2a:bf:34:1d:fc:37:ab:72:57:34:57:8d:52:bb:
                    06:ce:e0:45:dd:13:eb:bd:45:f1:f8:f3:ca:6f:99:
                    34:ce:29:83:79:b5:4b:22:a5:05:da:7c:45:c0:63:
                    39:0d:ed:af:7a:8c:c9:cf:3c:ff:b7:f5:4d:90:81:
                    31:91:3b:44:90:d9:dd:18:36:24:6e:07:57:ef:b0:
                    2c:29:d6:27:b0:6d:05:47:fb:f6:8a:77:0a:4c:75:
                    a7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4C:0D:46:D6:0D:02:FE:69:37:5F:E0:72:6B:1F:FD:B5:27:7D:19
            X509v3 Authority Key Identifier:
                keyid:F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/A0wNRtYNAv5pN1_gcmsf_bUnfRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:e7:c9:cb:08:b5:b3:76:73:1f:03:4d:13:13:90:01:00:5b:
         4a:67:a3:12:f3:b7:ae:61:53:de:7f:36:1b:bc:bb:15:b0:51:
         e6:52:13:3e:53:d1:5f:3a:c9:07:e5:32:d1:f5:19:7b:1e:7c:
         d6:2c:9f:77:f5:b0:fc:5b:aa:d6:cb:ba:3b:3d:00:3c:84:c6:
         b5:53:d2:cd:36:a5:55:dd:43:de:a1:e5:34:ab:f5:50:a2:91:
         d9:ad:5b:4f:ff:9a:63:0d:95:01:90:4b:c5:be:a2:f4:04:ad:
         0b:61:6c:b7:21:0f:e8:13:fb:b3:0f:66:a1:4a:f6:55:4d:77:
         ff:15:ac:3c:e6:d5:9a:d4:f0:ae:c3:f6:64:86:e6:8e:38:c0:
         c3:7a:a9:da:92:b6:a1:73:82:a1:ac:91:ef:f4:f1:35:7b:42:
         f7:31:93:ab:12:64:93:0e:aa:9a:61:d2:54:66:b0:91:67:5f:
         d4:03:f9:9c:8a:da:be:dc:7a:13:87:9e:b8:51:e2:ae:38:dd:
         88:62:d9:3b:c8:8d:d6:d1:5d:e0:bd:2f:cb:47:96:58:23:74:
         bb:79:f3:92:1d:b9:f4:20:58:5d:33:e7:0e:6a:0e:a1:b3:eb:
         22:58:4c:36:e6:c5:46:4d:84:59:a9:8f:5b:91:0b:b2:1b:cb:
         6a:f7:9c:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbW2+FGvYDyz05AXM4fcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzM1M2YzNjhkZDgwMWNkNjEwMjIzMmRmYTFjZWE2OWRk
OGNiNmMwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRjMGQ0NmQ2MGQwMmZlNjkzNzVmZTA3MjZiMWZmZGI1Mjc3ZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuuvYZqDvwTh8Fkb85I5w3F3zLot
acrnaqD9C6ygEUUMPDgHLqC6bZeprOkxiKn8ih3NeqyXioVnp/t3SIOz0oe3ly4k
THZc3J+1Rfi//vsTOncHwCN5o7XU9El7I5cXXvBg3iKRgZASSUsYNst2K67aAeWY
dOqcwQbSb5Pq/GgKpyn/HGVsiUrR7gNrv3Vwx/yvNFjna71ZmaIdRZCGtcpPT84c
Kr80Hfw3q3JXNFeNUrsGzuBF3RPrvUXx+PPKb5k0zimDebVLIqUF2nxFwGM5De2v
eozJzzz/t/VNkIExkTtEkNndGDYkbgdX77AsKdYnsG0FR/v2incKTHWnrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANMDUbWDQL+aTdf4HJrH/21J30ZMB8GA1UdIwQY
MBaAFPUzU/No3YAc1hAiMt+hzqad2MtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEt
MGVjN2VjYjI1MDMwLzEvQTB3TlJ0WU5BdjVwTjFfZ2Ntc2ZfYlVuZlJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEtMGVjN2VjYjI1MDMw
LzEvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUfYMA0G
CSqGSIb3DQEBCwUAA4IBAQAL58nLCLWzdnMfA00TE5ABAFtKZ6MS87euYVPefzYb
vLsVsFHmUhM+U9FfOskH5TLR9Rl7HnzWLJ939bD8W6rWy7o7PQA8hMa1U9LNNqVV
3UPeoeU0q/VQopHZrVtP/5pjDZUBkEvFvqL0BK0LYWy3IQ/oE/uzD2ahSvZVTXf/
Faw85tWa1PCuw/ZkhuaOOMDDeqnakrahc4KhrJHv9PE1e0L3MZOrEmSTDqqaYdJU
ZrCRZ1/UA/mcitq+3HoTh564UeKuON2IYtk7yI3W0V3gvS/LR5ZYI3S7efOSHbn0
IFhdM+cOag6hs+siWEw25sVGTYRZqY9bkQuyG8tq95wp
-----END CERTIFICATE-----