Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f559a7-442a-4e4e-99e5-7638f09a9364/1/0mrA1rxnVJOEOMZ97q9cKwSFxYs.roa
File:                     0mrA1rxnVJOEOMZ97q9cKwSFxYs.roa (raw, json)
Hash identifier:          40w5k1Zq0hxmOLhnNbQEnUtl7DyeeRRQi2UpMHa+p+8=
Subject key identifier:   D2:6A:C0:D6:BC:67:54:93:84:38:C6:7D:EE:AF:5C:2B:04:85:C5:8B
Certificate issuer:       /CN=c03f604e98f465872795f2aa4804d7a2f80ab4fd
Certificate serial:       018CCF660C474F0296542EA4F37320DADF7E
Authority key identifier: C0:3F:60:4E:98:F4:65:87:27:95:F2:AA:48:04:D7:A2:F8:0A:B4:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wD9gTpj0ZYcnlfKqSATXovgKtP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f559a7-442a-4e4e-99e5-7638f09a9364/1/0mrA1rxnVJOEOMZ97q9cKwSFxYs.roa
Signing time:             Wed 03 Jan 2024 12:57:00 +0000
ROA not before:           Wed 03 Jan 2024 12:57:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201105
IP address blocks:        185.198.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f559a7-442a-4e4e-99e5-7638f09a9364/1/wD9gTpj0ZYcnlfKqSATXovgKtP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f559a7-442a-4e4e-99e5-7638f09a9364/1/wD9gTpj0ZYcnlfKqSATXovgKtP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wD9gTpj0ZYcnlfKqSATXovgKtP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:66:0c:47:4f:02:96:54:2e:a4:f3:73:20:da:df:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c03f604e98f465872795f2aa4804d7a2f80ab4fd
        Validity
            Not Before: Jan  3 12:57:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d26ac0d6bc6754938438c67deeaf5c2b0485c58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:77:51:fa:a3:52:7c:27:96:72:4b:4d:c4:af:
                    b6:92:1a:8e:dc:9b:77:fa:b4:9c:c1:1d:50:dd:ac:
                    8e:4e:a2:47:d4:14:99:5f:3a:ad:63:b0:66:06:bc:
                    84:fd:2f:20:5a:88:2f:df:91:cb:4b:bb:fd:49:8d:
                    51:10:39:6b:03:d2:e9:c8:fb:ed:ae:f7:83:c6:99:
                    c6:f6:1a:49:ce:6f:46:29:a5:cb:f1:f2:c4:d8:9c:
                    dc:d5:f6:eb:6a:71:83:7c:b2:80:a4:dc:ea:b3:79:
                    59:92:52:13:ba:bd:f9:b5:2e:9e:74:28:36:1c:75:
                    81:6b:fd:0a:08:9b:16:d0:a3:70:47:4e:51:3b:53:
                    e2:d4:8d:b2:2d:68:52:f4:7f:a9:6b:6e:4d:42:bb:
                    84:a5:fb:27:2f:48:50:ae:c5:d0:55:c4:72:3d:f3:
                    f0:50:18:0c:67:15:a6:c2:2a:d7:67:f2:53:6f:6a:
                    03:f8:91:b1:32:23:02:71:f6:ea:ef:a6:ff:8a:ff:
                    bc:32:49:0b:4d:ea:46:ed:7a:bf:85:1a:ee:0f:db:
                    9a:47:49:14:37:b4:7b:a4:ce:14:96:81:8d:b7:de:
                    08:17:10:49:2b:27:f4:ab:9c:57:93:be:d9:6c:d8:
                    d6:a5:7a:30:a5:4b:55:8d:35:53:24:08:fd:d2:6b:
                    77:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6A:C0:D6:BC:67:54:93:84:38:C6:7D:EE:AF:5C:2B:04:85:C5:8B
            X509v3 Authority Key Identifier:
                keyid:C0:3F:60:4E:98:F4:65:87:27:95:F2:AA:48:04:D7:A2:F8:0A:B4:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wD9gTpj0ZYcnlfKqSATXovgKtP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f559a7-442a-4e4e-99e5-7638f09a9364/1/0mrA1rxnVJOEOMZ97q9cKwSFxYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f559a7-442a-4e4e-99e5-7638f09a9364/1/wD9gTpj0ZYcnlfKqSATXovgKtP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:6e:fd:aa:9e:73:fb:6c:80:8e:f3:32:02:ae:c8:cd:5d:81:
         e8:4a:6b:08:80:46:86:22:b7:bb:93:f1:3f:14:c7:f2:cf:e8:
         aa:7f:a3:3a:75:0f:0d:ef:17:5a:fe:f1:ae:e1:7d:37:6b:b6:
         15:22:ea:48:84:29:59:4c:25:9e:e3:6d:6a:e3:b2:9c:e2:3b:
         a5:12:09:a0:5a:62:93:e3:a1:95:b6:fe:87:f2:d8:11:7e:92:
         b7:ec:6f:63:34:e6:d2:c6:3d:76:4e:b7:d3:fa:40:77:38:0a:
         17:0e:32:70:97:b9:62:8b:c3:2c:38:1c:f1:b2:18:37:e3:89:
         7a:1c:5e:de:56:d8:76:ba:26:07:46:01:32:d9:8b:9b:21:32:
         13:3a:a8:35:5b:41:6a:af:af:18:a2:70:8b:b2:e4:ce:16:92:
         a6:96:56:f3:38:3a:7a:e0:bf:e3:a1:03:7e:54:f2:1c:a0:a6:
         38:a8:7e:c9:fa:46:72:e7:89:39:89:8a:09:74:98:a8:76:18:
         d4:e4:8b:ab:ce:f7:85:5a:11:74:bf:dc:64:84:72:9e:63:19:
         dc:7e:2f:74:a7:83:9b:ad:31:9d:d3:6d:dd:f4:22:d7:76:f2:
         eb:d4:57:a0:78:49:b7:27:a7:1d:1c:b4:38:a8:69:d6:2b:9d:
         a1:8f:9b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzPZgxHTwKWVC6k83Mg2t9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwM2Y2MDRlOThmNDY1ODcyNzk1ZjJhYTQ4MDRkN2EyZjgw
YWI0ZmQwHhcNMjQwMTAzMTI1NzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjZhYzBkNmJjNjc1NDkzODQzOGM2N2RlZWFmNWMyYjA0ODVjNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHdR+qNSfCeWcktNxK+2khqO3Jt3
+rScwR1Q3ayOTqJH1BSZXzqtY7BmBryE/S8gWogv35HLS7v9SY1REDlrA9LpyPvt
rveDxpnG9hpJzm9GKaXL8fLE2Jzc1fbranGDfLKApNzqs3lZklITur35tS6edCg2
HHWBa/0KCJsW0KNwR05RO1Pi1I2yLWhS9H+pa25NQruEpfsnL0hQrsXQVcRyPfPw
UBgMZxWmwirXZ/JTb2oD+JGxMiMCcfbq76b/iv+8MkkLTepG7Xq/hRruD9uaR0kU
N7R7pM4UloGNt94IFxBJKyf0q5xXk77ZbNjWpXowpUtVjTVTJAj90mt3FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJqwNa8Z1SThDjGfe6vXCsEhcWLMB8GA1UdIwQY
MBaAFMA/YE6Y9GWHJ5XyqkgE16L4CrT9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0Q5Z1RwajBaWWNubGZLcVNBVFhvdmdLdFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mNTU5YTctNDQyYS00ZTRlLTk5ZTUt
NzYzOGYwOWE5MzY0LzEvMG1yQTFyeG5WSk9FT01aOTdxOWNLd1NGeFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mNTU5YTctNDQyYS00ZTRlLTk5ZTUtNzYzOGYwOWE5MzY0
LzEvd0Q5Z1RwajBaWWNubGZLcVNBVFhvdmdLdFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuca0MA0G
CSqGSIb3DQEBCwUAA4IBAQCLbv2qnnP7bICO8zICrsjNXYHoSmsIgEaGIre7k/E/
FMfyz+iqf6M6dQ8N7xda/vGu4X03a7YVIupIhClZTCWe421q47Kc4julEgmgWmKT
46GVtv6H8tgRfpK37G9jNObSxj12TrfT+kB3OAoXDjJwl7lii8MsOBzxshg344l6
HF7eVth2uiYHRgEy2YubITITOqg1W0Fqr68YonCLsuTOFpKmllbzODp64L/joQN+
VPIcoKY4qH7J+kZy54k5iYoJdJiodhjU5IurzveFWhF0v9xkhHKeYxncfi90p4Ob
rTGd023d9CLXdvLr1FegeEm3J6cdHLQ4qGnWK52hj5sp
-----END CERTIFICATE-----