Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/b79IO16GOxyORT_2owOnQK8hpD8.roa
File:                     b79IO16GOxyORT_2owOnQK8hpD8.roa (raw, json)
Hash identifier:          gFWXHAYXhVgy3OlAJBcLZ3cfPrWmSiJHR77ZY0x/bWk=
Subject key identifier:   6F:BF:48:3B:5E:86:3B:1C:8E:45:3F:F6:A3:03:A7:40:AF:21:A4:3F
Certificate issuer:       /CN=3787b324b0d32fb1a3678b02c482286d4c26ba0f
Certificate serial:       018CC4935454B31846D14BD480386E96AC25
Authority key identifier: 37:87:B3:24:B0:D3:2F:B1:A3:67:8B:02:C4:82:28:6D:4C:26:BA:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/b79IO16GOxyORT_2owOnQK8hpD8.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.222.116.0/22 maxlen: 22
                          2a0c:3800::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:54:54:b3:18:46:d1:4b:d4:80:38:6e:96:ac:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3787b324b0d32fb1a3678b02c482286d4c26ba0f
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fbf483b5e863b1c8e453ff6a303a740af21a43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b3:6b:26:a5:8a:2f:7b:42:a9:08:b2:7c:ed:
                    50:c2:8b:13:9c:a4:e5:85:33:33:bf:0c:e6:90:cf:
                    ca:65:06:7f:84:cc:01:ea:90:f2:91:b4:41:3c:99:
                    0f:0e:c0:c4:a8:e6:07:dd:70:28:2a:59:e6:3b:24:
                    59:df:5f:8a:9a:71:41:5c:31:83:c1:e6:81:46:29:
                    d9:e5:ed:fd:53:c5:7a:c6:f6:56:51:02:e4:8a:45:
                    4d:86:aa:8d:73:f3:65:c5:8f:a2:a3:93:bc:c7:32:
                    61:94:2d:db:3c:3d:75:38:90:22:5c:18:23:6a:9d:
                    db:34:7d:d4:c8:aa:43:70:30:81:b9:e0:a6:54:fa:
                    dd:27:d3:a2:76:e8:e5:58:2a:13:e3:9d:b7:55:f3:
                    65:e7:52:67:c4:7b:f3:6c:d0:de:2f:d7:2a:f7:d9:
                    f0:40:56:2c:7f:d6:0d:e2:aa:7f:bc:f7:cf:a1:32:
                    45:8c:ff:90:36:b7:bc:07:e1:ba:c1:9e:0e:85:1a:
                    54:2c:e3:07:98:1b:e4:67:69:e3:cb:51:c7:63:da:
                    d4:a0:70:20:25:3a:9c:7e:ea:c0:67:5e:77:5d:fe:
                    26:95:b2:b9:1c:93:e7:56:6c:96:2a:cc:ba:84:af:
                    6c:d6:cd:59:44:51:6d:ba:45:83:50:2a:f5:01:4a:
                    86:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BF:48:3B:5E:86:3B:1C:8E:45:3F:F6:A3:03:A7:40:AF:21:A4:3F
            X509v3 Authority Key Identifier:
                keyid:37:87:B3:24:B0:D3:2F:B1:A3:67:8B:02:C4:82:28:6D:4C:26:BA:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/b79IO16GOxyORT_2owOnQK8hpD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.116.0/22
                IPv6:
                  2a0c:3800::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:0e:fb:60:0b:80:21:d8:74:af:82:82:7a:9e:87:3f:39:f5:
         22:27:d1:fd:8d:e7:9c:df:33:71:5f:62:bb:c6:44:fc:59:5d:
         e0:d0:a4:fe:de:e4:7b:a0:fb:03:60:11:36:2a:af:8c:02:c9:
         1d:5f:7c:3c:fa:be:5f:c3:91:61:34:35:ad:94:f4:ca:df:90:
         58:16:44:25:f7:7a:1f:97:90:9c:6a:38:29:06:78:b8:fb:e5:
         f5:22:8c:15:73:f5:e1:93:ea:50:ee:31:37:f3:25:51:88:a0:
         1e:3d:a2:84:80:5c:7b:45:04:41:9a:13:c7:d2:e0:86:d1:31:
         e7:49:4f:ce:28:cb:d3:2e:66:ed:16:75:ac:73:f8:1c:fc:c7:
         b3:fd:d5:86:ba:0d:6f:b8:d3:31:1e:7b:b8:51:61:8d:ce:89:
         2f:44:f6:51:97:63:d3:f5:96:89:b1:d9:f0:4e:b6:b8:41:5f:
         32:82:52:c0:c5:84:79:19:63:0b:07:a1:5a:a4:4d:35:d5:3c:
         9c:50:c5:d2:88:3e:20:14:d6:5e:3e:b4:92:81:f0:17:af:a6:
         1c:b8:15:13:61:0f:f5:ae:64:1c:af:ce:26:31:8a:6c:a5:6f:
         0c:f5:6c:eb:85:6b:d1:df:e8:34:b7:37:99:dc:86:ad:6b:ce:
         e1:a5:a0:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk1RUsxhG0UvUgDhulqwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODdiMzI0YjBkMzJmYjFhMzY3OGIwMmM0ODIyODZkNGMy
NmJhMGYwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJmNDgzYjVlODYzYjFjOGU0NTNmZjZhMzAzYTc0MGFmMjFhNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbNrJqWKL3tCqQiyfO1QwosTnKTl
hTMzvwzmkM/KZQZ/hMwB6pDykbRBPJkPDsDEqOYH3XAoKlnmOyRZ31+KmnFBXDGD
weaBRinZ5e39U8V6xvZWUQLkikVNhqqNc/NlxY+io5O8xzJhlC3bPD11OJAiXBgj
ap3bNH3UyKpDcDCBueCmVPrdJ9OidujlWCoT4523VfNl51JnxHvzbNDeL9cq99nw
QFYsf9YN4qp/vPfPoTJFjP+QNre8B+G6wZ4OhRpULOMHmBvkZ2njy1HHY9rUoHAg
JTqcfurAZ153Xf4mlbK5HJPnVmyWKsy6hK9s1s1ZRFFtukWDUCr1AUqG/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG+/SDtehjscjkU/9qMDp0CvIaQ/MB8GA1UdIwQY
MBaAFDeHsySw0y+xo2eLAsSCKG1MJroPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRlekpMRFRMN0dqWjRzQ3hJSW9iVXdtdWc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS82MDIyNDQtNzY5OS00MTAzLWJjN2Ut
YzQ3MTE0ODIzODBlLzEvYjc5SU8xNkdPeHlPUlRfMm93T25RSzhocEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS82MDIyNDQtNzY5OS00MTAzLWJjN2UtYzQ3MTE0ODIzODBl
LzEvTjRlekpMRFRMN0dqWjRzQ3hJSW9iVXdtdWc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud50MA0E
AgACMAcDBQAqDDgAMA0GCSqGSIb3DQEBCwUAA4IBAQBiDvtgC4Ah2HSvgoJ6noc/
OfUiJ9H9jeec3zNxX2K7xkT8WV3g0KT+3uR7oPsDYBE2Kq+MAskdX3w8+r5fw5Fh
NDWtlPTK35BYFkQl93ofl5CcajgpBni4++X1IowVc/Xhk+pQ7jE38yVRiKAePaKE
gFx7RQRBmhPH0uCG0THnSU/OKMvTLmbtFnWsc/gc/Mez/dWGug1vuNMxHnu4UWGN
zokvRPZRl2PT9ZaJsdnwTra4QV8yglLAxYR5GWMLB6FapE011TycUMXSiD4gFNZe
PrSSgfAXr6YcuBUTYQ/1rmQcr84mMYpspW8M9WzrhWvR3+g0tzeZ3Iata87hpaDN
-----END CERTIFICATE-----