Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/InxReL7uJlPszmJ-svuoM4a5NxE.roa
File:                     InxReL7uJlPszmJ-svuoM4a5NxE.roa (raw, json)
Hash identifier:          HVWUl84d23dPqIR0rkHwTHtI0+vKvKlpIOWa57FLaXc=
Subject key identifier:   22:7C:51:78:BE:EE:26:53:EC:CE:62:7E:B2:FB:A8:33:86:B9:37:11
Certificate issuer:       /CN=e38f10a2c792d0d365678a36ca7f7f1409ca3afd
Certificate serial:       018CC7270BCFB504181D5D7E46F0A043922A
Authority key identifier: E3:8F:10:A2:C7:92:D0:D3:65:67:8A:36:CA:7F:7F:14:09:CA:3A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/448QoseS0NNlZ4o2yn9_FAnKOv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/InxReL7uJlPszmJ-svuoM4a5NxE.roa
Signing time:             Mon 01 Jan 2024 22:31:14 +0000
ROA not before:           Mon 01 Jan 2024 22:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64472
IP address blocks:        185.162.182.0/24 maxlen: 24
                          185.162.180.0/23 maxlen: 23
                          2a0a:9000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/448QoseS0NNlZ4o2yn9_FAnKOv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/448QoseS0NNlZ4o2yn9_FAnKOv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/448QoseS0NNlZ4o2yn9_FAnKOv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0b:cf:b5:04:18:1d:5d:7e:46:f0:a0:43:92:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e38f10a2c792d0d365678a36ca7f7f1409ca3afd
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=227c5178beee2653ecce627eb2fba83386b93711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:33:b0:3e:16:11:5c:27:07:1d:4b:94:e8:d1:
                    9a:84:9e:b7:98:57:a0:a4:30:0a:17:d5:c1:0e:b1:
                    9a:9c:4a:9e:2c:f4:ab:a3:7d:0e:aa:e3:44:a2:1b:
                    dc:c2:bb:75:67:51:c4:a8:d5:06:01:99:a8:6d:47:
                    a3:c4:83:ec:e7:4b:5c:18:40:96:86:31:cc:02:4c:
                    84:d1:78:63:8b:70:a3:9a:96:18:96:b3:f5:5d:0f:
                    53:c5:45:79:ed:4e:c0:cf:7d:da:61:b1:89:76:8e:
                    f8:b7:26:96:56:49:b1:d2:38:c0:51:86:7c:86:f7:
                    4f:2e:7b:79:bf:f7:c3:3d:15:ea:6b:e9:76:29:18:
                    c2:cf:f3:e4:53:3d:bc:8b:59:11:ad:e6:13:4a:c8:
                    be:6f:4f:2e:d3:31:09:a7:a9:f9:7b:0d:83:6a:cc:
                    e3:93:d5:34:2b:c4:27:f4:ba:d1:c4:eb:2d:86:38:
                    d0:d2:81:3c:c9:d2:61:b1:a1:43:4a:71:2d:9d:fe:
                    cd:a9:ef:b3:89:bd:37:cb:cf:0b:85:e2:29:85:3f:
                    f2:fe:31:c7:cd:9e:ed:0a:80:28:e8:30:6d:89:ef:
                    64:30:19:2a:96:3c:38:bf:00:6b:d2:86:ff:26:13:
                    2c:a0:2f:62:ee:0f:9b:8e:b4:a2:6c:5a:13:04:85:
                    51:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7C:51:78:BE:EE:26:53:EC:CE:62:7E:B2:FB:A8:33:86:B9:37:11
            X509v3 Authority Key Identifier:
                keyid:E3:8F:10:A2:C7:92:D0:D3:65:67:8A:36:CA:7F:7F:14:09:CA:3A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/448QoseS0NNlZ4o2yn9_FAnKOv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/InxReL7uJlPszmJ-svuoM4a5NxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/448QoseS0NNlZ4o2yn9_FAnKOv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.180.0-185.162.182.255
                IPv6:
                  2a0a:9000::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:7d:c5:ee:b1:ee:03:ce:70:c4:86:1f:d5:1c:47:ae:ca:65:
         0a:ea:14:24:31:76:e3:86:10:ec:cc:ab:5c:a6:f7:0b:63:6c:
         50:ff:a7:dd:e2:45:6b:f0:90:6f:45:6a:cf:91:84:a9:7b:38:
         e6:b5:7a:b6:9d:d4:44:dc:e7:0a:e2:11:16:23:dd:12:15:0a:
         da:1b:f5:47:e2:20:15:df:cd:79:d5:ac:f1:ff:69:e0:bb:3b:
         5a:79:37:85:16:71:39:a2:9a:b9:fc:ce:cc:0d:f2:81:13:75:
         6b:d1:fc:e2:fd:23:6a:7e:07:81:02:6c:dc:2c:5b:e7:a7:6a:
         c5:8a:55:80:1f:e2:67:9b:49:05:97:0a:e4:a6:a0:ff:76:ad:
         a9:87:2e:be:8e:dc:24:f6:e5:a3:52:9e:70:a5:01:fe:d5:bb:
         cb:95:6c:1f:ef:c9:62:6e:19:6e:16:63:25:52:1b:43:bf:f6:
         7c:21:60:95:aa:c0:33:94:01:8f:77:4c:9d:8b:9f:05:92:64:
         11:db:7b:e1:95:cf:11:83:71:b6:09:5a:ce:88:61:2b:db:4e:
         72:08:39:63:52:4d:53:25:0b:65:b8:c4:56:cb:55:d5:be:fd:
         69:3b:50:7b:e7:a6:47:33:76:01:00:12:d5:ff:75:d7:43:ab:
         ba:c3:cf:84
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJwvPtQQYHV1+RvCgQ5IqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOGYxMGEyYzc5MmQwZDM2NTY3OGEzNmNhN2Y3ZjE0MDlj
YTNhZmQwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdjNTE3OGJlZWUyNjUzZWNjZTYyN2ViMmZiYTgzMzg2YjkzNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzOwPhYRXCcHHUuU6NGahJ63mFeg
pDAKF9XBDrGanEqeLPSro30OquNEohvcwrt1Z1HEqNUGAZmobUejxIPs50tcGECW
hjHMAkyE0Xhji3CjmpYYlrP1XQ9TxUV57U7Az33aYbGJdo74tyaWVkmx0jjAUYZ8
hvdPLnt5v/fDPRXqa+l2KRjCz/PkUz28i1kRreYTSsi+b08u0zEJp6n5ew2Daszj
k9U0K8Qn9LrRxOsthjjQ0oE8ydJhsaFDSnEtnf7Nqe+zib03y88LheIphT/y/jHH
zZ7tCoAo6DBtie9kMBkqljw4vwBr0ob/JhMsoC9i7g+bjrSibFoTBIVRbwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCJ8UXi+7iZT7M5ifrL7qDOGuTcRMB8GA1UdIwQY
MBaAFOOPEKLHktDTZWeKNsp/fxQJyjr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDQ4UW9zZVMwTk5sWjRvMnluOV9GQW5LT3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81MzM1ZTItMTU5OC00ODIyLTgyMjct
ODM1M2FhNDBiYWViLzEvSW54UmVMN3VKbFBzem1KLXN2dW9NNGE1TnhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81MzM1ZTItMTU5OC00ODIyLTgyMjctODM1M2FhNDBiYWVi
LzEvNDQ4UW9zZVMwTk5sWjRvMnluOV9GQW5LT3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5orQD
BAC5orYwDQQCAAIwBwMFAyoKkAAwDQYJKoZIhvcNAQELBQADggEBAGh9xe6x7gPO
cMSGH9UcR67KZQrqFCQxduOGEOzMq1ym9wtjbFD/p93iRWvwkG9Fas+RhKl7OOa1
erad1ETc5wriERYj3RIVCtob9UfiIBXfzXnVrPH/aeC7O1p5N4UWcTmimrn8zswN
8oETdWvR/OL9I2p+B4ECbNwsW+enasWKVYAf4mebSQWXCuSmoP92ramHLr6O3CT2
5aNSnnClAf7Vu8uVbB/vyWJuGW4WYyVSG0O/9nwhYJWqwDOUAY93TJ2LnwWSZBHb
e+GVzxGDcbYJWs6IYSvbTnIIOWNSTVMlC2W4xFbLVdW+/Wk7UHvnpkczdgEAEtX/
dddDq7rDz4Q=
-----END CERTIFICATE-----