Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/meG7D8NzHU_JU7Sb656v9lnuQ4s.roa
File:                     meG7D8NzHU_JU7Sb656v9lnuQ4s.roa (raw, json)
Hash identifier:          2PQT3JOVTRc/ULQkygMce8TiVM57CuW2MBxpB6xt99s=
Subject key identifier:   99:E1:BB:0F:C3:73:1D:4F:C9:53:B4:9B:EB:9E:AF:F6:59:EE:43:8B
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018D7F40964B1B76714668AF56E1080AECA0
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/meG7D8NzHU_JU7Sb656v9lnuQ4s.roa
Signing time:             Tue 06 Feb 2024 16:29:15 +0000
ROA not before:           Tue 06 Feb 2024 16:29:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210893
IP address blocks:        185.210.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:40:96:4b:1b:76:71:46:68:af:56:e1:08:0a:ec:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Feb  6 16:29:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99e1bb0fc3731d4fc953b49beb9eaff659ee438b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4d:8a:d5:8d:ce:7b:6b:14:d7:35:b1:aa:f8:
                    75:af:56:9b:0a:3e:c6:cf:4e:09:27:ee:62:a5:fb:
                    66:b8:8d:26:25:8b:7f:a9:b1:24:f4:55:a3:7e:a1:
                    61:40:66:84:6e:48:12:c1:2f:56:55:15:b1:73:0f:
                    1f:c8:8a:72:45:06:14:f4:54:01:a7:76:ee:b5:72:
                    f2:04:ba:b8:45:ad:59:0b:85:a5:11:3c:35:24:d7:
                    76:64:33:14:6e:cb:02:8b:92:f8:09:72:cf:7c:e3:
                    e2:a0:25:18:84:c0:a8:75:72:59:e9:41:49:2d:fb:
                    81:35:ab:d1:58:7d:d7:23:28:42:75:57:d9:5b:ab:
                    76:7e:b0:19:de:6f:ee:c5:0c:f4:6a:45:5c:7b:8a:
                    a2:1c:6b:e3:31:06:89:77:0a:d8:f5:63:66:6e:1d:
                    47:f1:7c:e8:6f:eb:21:f8:94:02:d6:b6:62:e8:dd:
                    8e:f5:6f:da:b2:b6:96:07:75:61:1f:fc:14:d4:12:
                    e7:25:6e:c1:82:6e:7b:8e:c2:fa:7c:69:05:3e:ce:
                    1f:5f:c8:ec:2a:5e:a2:89:0e:f1:cd:2f:5e:6e:4b:
                    b4:99:a4:7a:84:8a:5d:8e:d4:f5:0b:fa:5c:ca:44:
                    d3:cd:a8:51:e8:07:2c:0c:0b:c0:3b:75:b1:6e:c4:
                    16:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E1:BB:0F:C3:73:1D:4F:C9:53:B4:9B:EB:9E:AF:F6:59:EE:43:8B
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/meG7D8NzHU_JU7Sb656v9lnuQ4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:50:d0:3a:f8:2e:c2:c4:99:2b:1f:0a:69:f0:81:ef:9c:eb:
         60:df:78:93:66:f2:5a:b5:64:74:fc:f1:a9:dd:ab:ae:5f:cd:
         1f:d0:02:94:14:a0:87:6d:e7:36:30:32:36:b6:eb:8b:e6:6d:
         39:fe:9b:df:eb:d4:a9:bd:e0:1b:88:7e:6c:d6:d9:61:a3:c4:
         78:44:26:0a:df:3e:b5:da:da:be:08:15:aa:70:8f:81:a1:44:
         8d:f3:41:c2:f3:5c:de:31:c7:07:5a:88:d1:81:52:c2:39:fa:
         64:71:c2:7b:c7:71:98:59:a0:28:6b:3a:8e:c1:74:f1:fb:1a:
         de:74:85:be:7c:b7:f9:b1:33:b2:c0:77:1d:6c:04:d1:ad:cb:
         4f:69:81:ac:28:cb:0a:4c:f8:99:c1:52:8e:60:a0:3b:07:e2:
         f3:d5:92:6b:35:4c:95:30:90:94:4c:6e:a4:87:05:5d:4a:7b:
         45:4e:2c:46:29:ef:82:11:c4:88:ea:52:99:20:ef:d3:e4:df:
         ae:1a:b6:64:bf:cc:2b:b7:74:d8:2f:c2:ab:10:b6:fe:8d:0e:
         f2:97:f0:20:32:fd:3e:bd:2e:76:91:d8:33:73:86:d0:8f:ea:
         b1:18:a0:e4:b6:d3:25:b8:b9:14:97:49:ec:a8:6e:2c:8a:d0:
         9f:4c:70:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1/QJZLG3ZxRmivVuEICuygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwMjA2MTYyOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWUxYmIwZmMzNzMxZDRmYzk1M2I0OWJlYjllYWZmNjU5ZWU0MzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlE2K1Y3Oe2sU1zWxqvh1r1abCj7G
z04JJ+5ipftmuI0mJYt/qbEk9FWjfqFhQGaEbkgSwS9WVRWxcw8fyIpyRQYU9FQB
p3butXLyBLq4Ra1ZC4WlETw1JNd2ZDMUbssCi5L4CXLPfOPioCUYhMCodXJZ6UFJ
LfuBNavRWH3XIyhCdVfZW6t2frAZ3m/uxQz0akVce4qiHGvjMQaJdwrY9WNmbh1H
8Xzob+sh+JQC1rZi6N2O9W/asraWB3VhH/wU1BLnJW7Bgm57jsL6fGkFPs4fX8js
Kl6iiQ7xzS9ebku0maR6hIpdjtT1C/pcykTTzahR6AcsDAvAO3WxbsQWtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnhuw/Dcx1PyVO0m+uer/ZZ7kOLMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvbWVHN0Q4TnpIVV9KVTdTYjY1NnY5bG51UTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudKqMA0G
CSqGSIb3DQEBCwUAA4IBAQBMUNA6+C7CxJkrHwpp8IHvnOtg33iTZvJatWR0/PGp
3auuX80f0AKUFKCHbec2MDI2tuuL5m05/pvf69SpveAbiH5s1tlho8R4RCYK3z61
2tq+CBWqcI+BoUSN80HC81zeMccHWojRgVLCOfpkccJ7x3GYWaAoazqOwXTx+xre
dIW+fLf5sTOywHcdbATRrctPaYGsKMsKTPiZwVKOYKA7B+Lz1ZJrNUyVMJCUTG6k
hwVdSntFTixGKe+CEcSI6lKZIO/T5N+uGrZkv8wrt3TYL8KrELb+jQ7yl/AgMv0+
vS52kdgzc4bQj+qxGKDkttMluLkUl0nsqG4sitCfTHDL
-----END CERTIFICATE-----