Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/AUnkV6XEKtxbP8gm_jE7Z1QsKWs.roa
File:                     AUnkV6XEKtxbP8gm_jE7Z1QsKWs.roa (raw, json)
Hash identifier:          cPpG8LGNvzjfOetj/9bg4Qamc65v5eZvi2pM37VUI7k=
Subject key identifier:   01:49:E4:57:A5:C4:2A:DC:5B:3F:C8:26:FE:31:3B:67:54:2C:29:6B
Certificate issuer:       /CN=9442ced12d7bb049cd1cdf8df7ba5a957655386c
Certificate serial:       018CC26D145C4FC5ABFE4987D4FDB4CEF351
Authority key identifier: 94:42:CE:D1:2D:7B:B0:49:CD:1C:DF:8D:F7:BA:5A:95:76:55:38:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lELO0S17sEnNHN-N97palXZVOGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/AUnkV6XEKtxbP8gm_jE7Z1QsKWs.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51263
IP address blocks:        185.164.180.0/22 maxlen: 22
                          2a0b:4c00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/lELO0S17sEnNHN-N97palXZVOGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/lELO0S17sEnNHN-N97palXZVOGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lELO0S17sEnNHN-N97palXZVOGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:14:5c:4f:c5:ab:fe:49:87:d4:fd:b4:ce:f3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9442ced12d7bb049cd1cdf8df7ba5a957655386c
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0149e457a5c42adc5b3fc826fe313b67542c296b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:39:c7:44:32:3f:20:2a:3c:17:8d:ed:dc:fc:
                    14:d9:26:77:5a:da:f1:ff:05:30:00:c5:25:ce:0a:
                    c8:7a:3b:27:fe:f0:b6:fc:33:d9:49:c5:dc:73:b8:
                    63:ec:68:22:08:b7:fd:98:2c:65:42:48:a4:b5:7c:
                    de:0d:7b:ef:9c:b7:c8:4a:95:8b:53:79:84:6a:ff:
                    a2:00:b1:13:af:4a:9c:a7:a0:94:87:53:c7:69:19:
                    e1:5e:d0:18:e8:7a:0a:b9:73:b6:75:c8:f5:aa:05:
                    70:68:63:50:09:dc:8b:de:3e:13:b8:a2:a2:bd:08:
                    86:5e:22:9f:e4:07:e0:fa:d6:87:dc:a5:12:04:95:
                    ac:a8:5f:fb:c0:76:aa:64:e9:c3:51:1b:0f:85:fd:
                    84:3f:80:3d:f0:25:7c:1c:f5:0a:74:84:3f:51:8d:
                    d2:58:7b:3d:e9:b8:94:7e:6e:64:f4:13:6e:0b:67:
                    5a:8d:21:c3:43:6c:5a:5d:2f:a1:d1:31:cb:51:ea:
                    60:d0:af:de:39:a6:d7:8d:23:c1:99:70:fb:f4:90:
                    06:39:e5:1c:50:ba:f8:00:64:7e:96:f4:e8:e2:d2:
                    15:d1:18:87:b3:3c:72:c7:01:14:32:3c:5e:c7:3c:
                    6d:51:4e:a3:f0:32:1c:99:ff:9c:d2:cb:03:2a:3a:
                    75:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:49:E4:57:A5:C4:2A:DC:5B:3F:C8:26:FE:31:3B:67:54:2C:29:6B
            X509v3 Authority Key Identifier:
                keyid:94:42:CE:D1:2D:7B:B0:49:CD:1C:DF:8D:F7:BA:5A:95:76:55:38:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lELO0S17sEnNHN-N97palXZVOGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/AUnkV6XEKtxbP8gm_jE7Z1QsKWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/lELO0S17sEnNHN-N97palXZVOGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.180.0/22
                IPv6:
                  2a0b:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:c8:0f:4f:21:1b:aa:d4:3c:e4:81:2a:df:75:cc:80:3e:62:
         07:36:82:e6:5d:d7:a4:91:0b:ec:69:89:80:b0:04:e6:88:07:
         4f:fb:18:90:ce:01:e5:f1:03:4d:6b:04:59:27:7b:d4:c3:a1:
         aa:15:a6:dd:28:54:a3:96:9e:72:85:1b:6f:1f:f6:6d:a6:32:
         a8:68:b8:e3:64:56:20:9d:f0:53:ae:30:ad:7a:92:62:8f:48:
         20:6d:b5:bc:c6:31:d0:fe:36:96:76:50:63:e9:d9:99:12:57:
         0d:cf:e7:5f:7c:85:e5:4d:e3:8a:25:2b:6e:4b:d0:0d:b5:81:
         e1:b7:49:c3:c3:12:78:3c:f1:7a:91:55:41:0f:92:b9:57:56:
         00:45:b2:48:11:43:6a:d4:5f:73:79:45:98:c3:d1:77:fb:ab:
         4c:ec:56:3d:26:02:e9:94:61:64:ac:53:06:ac:ff:c9:93:fe:
         bd:ed:d3:c9:b3:fb:0f:fb:c6:32:41:26:16:13:b2:99:8a:8d:
         87:8f:5f:5b:52:bb:3c:55:b0:c1:13:b1:62:85:b8:66:b0:2a:
         b6:69:6a:4f:13:02:d5:4f:dc:3f:6b:40:7a:4b:1a:85:e6:4a:
         56:58:99:39:c6:ab:41:34:9d:93:b3:11:7d:8d:65:0e:af:55:
         69:63:50:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbRRcT8Wr/kmH1P20zvNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NDJjZWQxMmQ3YmIwNDljZDFjZGY4ZGY3YmE1YTk1NzY1
NTM4NmMwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTQ5ZTQ1N2E1YzQyYWRjNWIzZmM4MjZmZTMxM2I2NzU0MmMyOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTnHRDI/ICo8F43t3PwU2SZ3Wtrx
/wUwAMUlzgrIejsn/vC2/DPZScXcc7hj7GgiCLf9mCxlQkiktXzeDXvvnLfISpWL
U3mEav+iALETr0qcp6CUh1PHaRnhXtAY6HoKuXO2dcj1qgVwaGNQCdyL3j4TuKKi
vQiGXiKf5Afg+taH3KUSBJWsqF/7wHaqZOnDURsPhf2EP4A98CV8HPUKdIQ/UY3S
WHs96biUfm5k9BNuC2dajSHDQ2xaXS+h0THLUepg0K/eOabXjSPBmXD79JAGOeUc
ULr4AGR+lvTo4tIV0RiHszxyxwEUMjxexzxtUU6j8DIcmf+c0ssDKjp1xQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAFJ5FelxCrcWz/IJv4xO2dULClrMB8GA1UdIwQY
MBaAFJRCztEte7BJzRzfjfe6WpV2VThsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEVMTzBTMTdzRW5OSE4tTjk3cGFsWFpWT0d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85ZjJmZmEtMjM3Yi00NzRiLTg4ODAt
NDZmZDQ2ZDZiNTQ3LzEvQVVua1Y2WEVLdHhiUDhnbV9qRTdaMVFzS1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85ZjJmZmEtMjM3Yi00NzRiLTg4ODAtNDZmZDQ2ZDZiNTQ3
LzEvbEVMTzBTMTdzRW5OSE4tTjk3cGFsWFpWT0d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaS0MA0E
AgACMAcDBQMqC0wAMA0GCSqGSIb3DQEBCwUAA4IBAQB7yA9PIRuq1DzkgSrfdcyA
PmIHNoLmXdekkQvsaYmAsATmiAdP+xiQzgHl8QNNawRZJ3vUw6GqFabdKFSjlp5y
hRtvH/ZtpjKoaLjjZFYgnfBTrjCtepJij0ggbbW8xjHQ/jaWdlBj6dmZElcNz+df
fIXlTeOKJStuS9ANtYHht0nDwxJ4PPF6kVVBD5K5V1YARbJIEUNq1F9zeUWYw9F3
+6tM7FY9JgLplGFkrFMGrP/Jk/697dPJs/sP+8YyQSYWE7KZio2Hj19bUrs8VbDB
E7FihbhmsCq2aWpPEwLVT9w/a0B6SxqF5kpWWJk5xqtBNJ2TsxF9jWUOr1VpY1BR
-----END CERTIFICATE-----