Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/631e6a-7d06-4fa1-bfd9-ca74a067febf/1/DExpHn7C8Rd6w42ArDu-r9aoj9Q.roa
File:                     DExpHn7C8Rd6w42ArDu-r9aoj9Q.roa (raw, json)
Hash identifier:          Umy0/zCiDsSXtOf4LwdgsWBIUrrd9VVvi6YxMUAmTaU=
Subject key identifier:   0C:4C:69:1E:7E:C2:F1:17:7A:C3:8D:80:AC:3B:BE:AF:D6:A8:8F:D4
Certificate issuer:       /CN=1492a20754c9a7650b8279b9390689c469d73595
Certificate serial:       018CC3491D7DD8C0135EBC914B44E888C1CB
Authority key identifier: 14:92:A2:07:54:C9:A7:65:0B:82:79:B9:39:06:89:C4:69:D7:35:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJKiB1TJp2ULgnm5OQaJxGnXNZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/631e6a-7d06-4fa1-bfd9-ca74a067febf/1/DExpHn7C8Rd6w42ArDu-r9aoj9Q.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        185.74.140.0/22 maxlen: 22
                          83.219.112.0/20 maxlen: 24
                          2a00:d2e0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/631e6a-7d06-4fa1-bfd9-ca74a067febf/1/FJKiB1TJp2ULgnm5OQaJxGnXNZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/631e6a-7d06-4fa1-bfd9-ca74a067febf/1/FJKiB1TJp2ULgnm5OQaJxGnXNZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FJKiB1TJp2ULgnm5OQaJxGnXNZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1d:7d:d8:c0:13:5e:bc:91:4b:44:e8:88:c1:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1492a20754c9a7650b8279b9390689c469d73595
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c4c691e7ec2f1177ac38d80ac3bbeafd6a88fd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c0:a8:b3:94:c0:21:7b:10:62:19:26:c2:23:
                    dc:6f:b0:bd:ae:0e:ab:8e:75:1b:ed:df:9e:70:70:
                    bb:24:ca:3b:69:05:83:56:ba:37:fb:78:70:b8:26:
                    44:05:14:b2:ed:f2:4f:17:ff:aa:ba:07:c2:5e:ed:
                    af:41:4d:83:b0:67:5c:c9:cf:7e:96:a3:e1:bd:d0:
                    2b:93:f7:79:dc:84:a6:96:c3:67:39:a9:4d:8c:5d:
                    15:60:8d:11:c8:ad:93:18:1b:37:33:88:b1:95:4d:
                    77:65:48:e3:dc:f7:45:40:2d:b8:c9:50:4f:e4:86:
                    f9:bc:07:b5:40:b0:84:0e:3c:2c:e6:28:9c:5f:dd:
                    1a:76:d7:e3:76:ec:c5:63:6f:c2:a7:51:34:cc:86:
                    96:c6:b6:e5:15:ba:66:95:e2:74:8e:8b:a0:3c:a9:
                    80:01:09:2a:af:db:38:51:ef:19:e4:4b:7e:bd:b1:
                    b8:0e:40:16:75:45:3b:ba:06:47:12:34:1e:66:d7:
                    86:b2:32:cf:0a:5e:91:f4:10:42:f6:ad:10:5b:e9:
                    fb:48:f6:13:a1:d5:9d:e7:3f:b5:cd:5b:2d:4b:f9:
                    d6:29:83:2c:07:c7:ee:7f:9a:d9:c8:2d:29:1d:c8:
                    9c:c1:ea:5b:3d:6d:09:43:9d:83:ec:a4:74:0a:37:
                    4b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:4C:69:1E:7E:C2:F1:17:7A:C3:8D:80:AC:3B:BE:AF:D6:A8:8F:D4
            X509v3 Authority Key Identifier:
                keyid:14:92:A2:07:54:C9:A7:65:0B:82:79:B9:39:06:89:C4:69:D7:35:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJKiB1TJp2ULgnm5OQaJxGnXNZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/631e6a-7d06-4fa1-bfd9-ca74a067febf/1/DExpHn7C8Rd6w42ArDu-r9aoj9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/631e6a-7d06-4fa1-bfd9-ca74a067febf/1/FJKiB1TJp2ULgnm5OQaJxGnXNZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.112.0/20
                  185.74.140.0/22
                IPv6:
                  2a00:d2e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:df:76:7c:33:bd:cd:f0:b0:0f:e9:dc:97:13:64:09:c5:81:
         15:53:b0:22:d3:6f:74:45:ed:e2:cf:0c:84:b9:db:9d:b0:83:
         9f:1e:9b:75:46:30:8a:ca:8e:fc:a1:84:35:e4:ae:df:8a:63:
         11:06:d8:83:04:8c:94:dc:16:98:46:3a:1a:ed:be:3a:b3:93:
         bb:fd:6e:74:fe:c1:19:03:fd:11:fc:49:a5:01:23:25:78:85:
         77:4d:4e:d8:06:ef:0d:d8:35:49:0d:38:51:4c:18:13:a8:0a:
         ee:5c:2e:c7:16:aa:bd:a2:e7:a2:9a:ed:3e:ff:62:f6:8e:cf:
         23:53:47:94:17:f6:f3:84:5f:d2:60:41:f9:20:0c:0a:8c:0f:
         87:ef:1d:4d:07:5b:54:27:9a:d2:01:98:1c:27:9b:29:84:48:
         0a:c6:dd:76:b5:47:e0:ff:7a:9f:79:27:26:b7:2e:37:76:3e:
         06:c9:ef:8f:d5:f0:f4:95:f1:2b:1b:a3:f5:ce:b1:f4:55:23:
         f5:fa:24:82:04:b5:4e:31:4f:d2:ac:39:7f:3d:36:65:54:38:
         c3:8b:36:30:e9:63:03:80:30:58:ed:00:72:7f:7d:5b:6f:24:
         89:d2:a8:8b:5a:21:fe:af:43:82:cc:be:59:b2:12:65:67:05:
         9b:76:97:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSR192MATXryRS0ToiMHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0OTJhMjA3NTRjOWE3NjUwYjgyNzliOTM5MDY4OWM0Njlk
NzM1OTUwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzRjNjkxZTdlYzJmMTE3N2FjMzhkODBhYzNiYmVhZmQ2YTg4ZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcCos5TAIXsQYhkmwiPcb7C9rg6r
jnUb7d+ecHC7JMo7aQWDVro3+3hwuCZEBRSy7fJPF/+qugfCXu2vQU2DsGdcyc9+
lqPhvdArk/d53ISmlsNnOalNjF0VYI0RyK2TGBs3M4ixlU13ZUjj3PdFQC24yVBP
5Ib5vAe1QLCEDjws5iicX90adtfjduzFY2/Cp1E0zIaWxrblFbpmleJ0jougPKmA
AQkqr9s4Ue8Z5Et+vbG4DkAWdUU7ugZHEjQeZteGsjLPCl6R9BBC9q0QW+n7SPYT
odWd5z+1zVstS/nWKYMsB8fuf5rZyC0pHcicwepbPW0JQ52D7KR0CjdL2QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAxMaR5+wvEXesONgKw7vq/WqI/UMB8GA1UdIwQY
MBaAFBSSogdUyadlC4J5uTkGicRp1zWVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkpLaUIxVEpwMlVMZ25tNU9RYUp4R25YTlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS82MzFlNmEtN2QwNi00ZmExLWJmZDkt
Y2E3NGEwNjdmZWJmLzEvREV4cEhuN0M4UmQ2dzQyQXJEdS1yOWFvajlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS82MzFlNmEtN2QwNi00ZmExLWJmZDktY2E3NGEwNjdmZWJm
LzEvRkpLaUIxVEpwMlVMZ25tNU9RYUp4R25YTlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEU9twAwQC
uUqMMA0EAgACMAcDBQMqANLgMA0GCSqGSIb3DQEBCwUAA4IBAQBn33Z8M73N8LAP
6dyXE2QJxYEVU7Ai0290Re3izwyEududsIOfHpt1RjCKyo78oYQ15K7fimMRBtiD
BIyU3BaYRjoa7b46s5O7/W50/sEZA/0R/EmlASMleIV3TU7YBu8N2DVJDThRTBgT
qAruXC7HFqq9oueimu0+/2L2js8jU0eUF/bzhF/SYEH5IAwKjA+H7x1NB1tUJ5rS
AZgcJ5sphEgKxt12tUfg/3qfeScmty43dj4Gye+P1fD0lfErG6P1zrH0VSP1+iSC
BLVOMU/SrDl/PTZlVDjDizYw6WMDgDBY7QByf31bbySJ0qiLWiH+r0OCzL5ZshJl
ZwWbdpfk
-----END CERTIFICATE-----