Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/fBjNw050bpO0WIM_D9WRFR2Aj0I.roa
File:                     fBjNw050bpO0WIM_D9WRFR2Aj0I.roa (raw, json)
Hash identifier:          0B8GeuuTaJPWhOmcsMjmro93+RDrBLxkdoEFqd5Y2b8=
Subject key identifier:   7C:18:CD:C3:4E:74:6E:93:B4:58:83:3F:0F:D5:91:15:1D:80:8F:42
Certificate issuer:       /CN=267d9ecb9964825d44dd266bbd32aa0804bc10f7
Certificate serial:       018CC4922E76C3AFDDB10883BB44B8A83B11
Authority key identifier: 26:7D:9E:CB:99:64:82:5D:44:DD:26:6B:BD:32:AA:08:04:BC:10:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/fBjNw050bpO0WIM_D9WRFR2Aj0I.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205996
IP address blocks:        185.199.164.0/22 maxlen: 24
                          2a0d:4900::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2e:76:c3:af:dd:b1:08:83:bb:44:b8:a8:3b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=267d9ecb9964825d44dd266bbd32aa0804bc10f7
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c18cdc34e746e93b458833f0fd591151d808f42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c2:33:00:6e:3f:6c:7a:7d:a2:f7:9d:8a:6a:
                    e3:27:8f:67:22:c6:48:69:3d:78:fc:75:ac:21:e3:
                    1a:2e:8e:72:47:a6:af:47:de:91:06:db:a6:6d:e2:
                    84:93:b3:45:4a:3f:4e:bc:d9:c6:bc:c0:cf:a5:1f:
                    ea:50:b4:1a:6f:b7:f3:4e:b4:b9:e6:46:9f:cf:d7:
                    03:d8:4f:3a:d2:02:a1:9c:c0:13:0e:bb:a4:e2:e9:
                    aa:35:bc:fd:97:4e:7b:dd:a3:70:8e:69:b0:6a:ea:
                    23:d2:20:e9:71:1d:5f:97:5b:a5:87:d7:f0:75:1e:
                    3b:35:ed:0c:d6:25:59:9c:95:68:7b:14:84:73:7c:
                    42:51:5c:53:65:5b:77:b4:b6:b2:88:17:3a:95:03:
                    4d:28:0f:e5:71:af:f5:4f:ad:7b:2d:41:37:7c:eb:
                    1f:dd:3d:24:8b:41:42:0f:3b:6e:a0:77:c9:52:66:
                    5e:5c:e8:5f:5d:2d:91:9c:4e:3f:27:a1:d2:0d:8f:
                    e6:2a:3a:70:7e:7f:4a:d4:5b:d0:35:28:25:81:bb:
                    31:00:0b:be:b5:6a:89:fa:fc:03:3b:ad:34:7b:d8:
                    cd:d9:8a:59:21:6e:56:d5:14:a3:f1:ba:98:5a:67:
                    9d:46:42:10:e1:a6:7e:50:30:16:e6:fd:19:d3:a0:
                    30:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:18:CD:C3:4E:74:6E:93:B4:58:83:3F:0F:D5:91:15:1D:80:8F:42
            X509v3 Authority Key Identifier:
                keyid:26:7D:9E:CB:99:64:82:5D:44:DD:26:6B:BD:32:AA:08:04:BC:10:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/fBjNw050bpO0WIM_D9WRFR2Aj0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.164.0/22
                IPv6:
                  2a0d:4900::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:40:3b:35:e2:a4:3d:32:d0:d5:2c:02:5d:32:8c:e1:04:45:
         92:6f:5c:41:91:14:04:18:cb:3d:bd:47:a2:e2:12:61:a1:72:
         19:37:9e:50:9c:0d:56:35:fb:54:bf:a6:67:f5:0e:19:df:fa:
         1f:3d:a9:b6:02:4c:36:51:cb:ba:64:00:35:56:73:1f:0c:92:
         4b:15:d4:ba:55:41:af:e8:4c:2a:64:fa:70:39:e0:74:5a:c3:
         f4:4a:1b:e5:3d:2c:db:00:2e:27:a5:80:61:72:08:9f:9b:dd:
         6e:ab:cb:8b:54:7a:e0:d9:01:d8:45:b3:5e:07:e8:aa:c4:0b:
         39:13:59:34:4a:dc:27:b7:32:50:fd:13:61:b5:4e:27:ae:76:
         f9:b1:72:48:a4:27:8b:8a:66:c9:85:0d:8b:eb:fc:c2:2a:1b:
         ea:a9:19:7f:6b:fb:e1:45:c5:6c:09:09:b4:5f:14:6c:2c:f8:
         98:5e:2a:48:2e:16:d0:d6:5e:f9:47:07:9a:0d:14:b5:0b:af:
         46:4d:92:d0:14:fc:d6:2a:74:70:4a:15:39:13:a7:38:c6:2f:
         dc:98:24:23:5b:d5:2b:16:70:b4:a7:4a:82:19:f4:2f:c9:fe:
         06:f1:7f:10:35:53:ab:7b:f1:3c:ac:4a:03:65:53:8d:b1:29:
         65:f3:8b:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEki52w6/dsQiDu0S4qDsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2N2Q5ZWNiOTk2NDgyNWQ0NGRkMjY2YmJkMzJhYTA4MDRi
YzEwZjcwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzE4Y2RjMzRlNzQ2ZTkzYjQ1ODgzM2YwZmQ1OTExNTFkODA4ZjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMIzAG4/bHp9ovedimrjJ49nIsZI
aT14/HWsIeMaLo5yR6avR96RBtumbeKEk7NFSj9OvNnGvMDPpR/qULQab7fzTrS5
5kafz9cD2E860gKhnMATDruk4umqNbz9l0573aNwjmmwauoj0iDpcR1fl1ulh9fw
dR47Ne0M1iVZnJVoexSEc3xCUVxTZVt3tLayiBc6lQNNKA/lca/1T617LUE3fOsf
3T0ki0FCDztuoHfJUmZeXOhfXS2RnE4/J6HSDY/mKjpwfn9K1FvQNSglgbsxAAu+
tWqJ+vwDO600e9jN2YpZIW5W1RSj8bqYWmedRkIQ4aZ+UDAW5v0Z06AwmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHwYzcNOdG6TtFiDPw/VkRUdgI9CMB8GA1UdIwQY
MBaAFCZ9nsuZZIJdRN0ma70yqggEvBD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm4yZXk1bGtnbDFFM1NacnZUS3FDQVM4RVBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yOWFjODQtNDM2NS00ZWJhLTk4NzMt
MzkxYmNlNzFmZWExLzEvZkJqTncwNTBicE8wV0lNX0Q5V1JGUjJBajBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yOWFjODQtNDM2NS00ZWJhLTk4NzMtMzkxYmNlNzFmZWEx
LzEvSm4yZXk1bGtnbDFFM1NacnZUS3FDQVM4RVBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucekMA0E
AgACMAcDBQAqDUkAMA0GCSqGSIb3DQEBCwUAA4IBAQBCQDs14qQ9MtDVLAJdMozh
BEWSb1xBkRQEGMs9vUei4hJhoXIZN55QnA1WNftUv6Zn9Q4Z3/ofPam2Akw2Ucu6
ZAA1VnMfDJJLFdS6VUGv6EwqZPpwOeB0WsP0ShvlPSzbAC4npYBhcgifm91uq8uL
VHrg2QHYRbNeB+iqxAs5E1k0StwntzJQ/RNhtU4nrnb5sXJIpCeLimbJhQ2L6/zC
KhvqqRl/a/vhRcVsCQm0XxRsLPiYXipILhbQ1l75RweaDRS1C69GTZLQFPzWKnRw
ShU5E6c4xi/cmCQjW9UrFnC0p0qCGfQvyf4G8X8QNVOre/E8rEoDZVONsSll84vi
-----END CERTIFICATE-----