Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/4HGsqSXDicxQcWWFpHRdr_LfRhg.roa
File:                     4HGsqSXDicxQcWWFpHRdr_LfRhg.roa (raw, json)
Hash identifier:          ZX4oi/fjz5eAFeZVMiZBMHhS8q7SKTC4SiN8mNZAzAw=
Subject key identifier:   E0:71:AC:A9:25:C3:89:CC:50:71:65:85:A4:74:5D:AF:F2:DF:46:18
Certificate issuer:       /CN=1d9c072f2db3ef1f260505bbfa0efea18c2970b1
Certificate serial:       018CC34930A569C3F3B699106B7D4547CF09
Authority key identifier: 1D:9C:07:2F:2D:B3:EF:1F:26:05:05:BB:FA:0E:FE:A1:8C:29:70:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HZwHLy2z7x8mBQW7-g7-oYwpcLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/4HGsqSXDicxQcWWFpHRdr_LfRhg.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48258
IP address blocks:        185.254.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/HZwHLy2z7x8mBQW7-g7-oYwpcLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/HZwHLy2z7x8mBQW7-g7-oYwpcLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HZwHLy2z7x8mBQW7-g7-oYwpcLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:30:a5:69:c3:f3:b6:99:10:6b:7d:45:47:cf:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d9c072f2db3ef1f260505bbfa0efea18c2970b1
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e071aca925c389cc50716585a4745daff2df4618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:35:aa:a1:c1:8d:27:02:79:9c:d5:07:91:bf:
                    69:2b:06:5a:c1:a9:fc:ad:12:c5:b0:5a:e6:f1:a6:
                    01:66:af:c2:2b:aa:12:68:d5:42:bd:9b:18:fc:31:
                    c8:90:38:64:3c:bd:4f:cf:3e:03:2b:0b:ea:a0:2f:
                    be:f5:ec:dd:5b:88:bc:93:e9:c3:90:c8:e6:c3:2d:
                    b4:8e:73:4a:75:e5:7b:76:4e:b6:75:42:c3:80:84:
                    75:09:68:22:30:e3:cd:29:a6:bc:09:38:f7:9f:eb:
                    ec:88:c3:40:77:f1:ac:42:f0:f3:2c:4c:2f:38:77:
                    37:dc:93:2d:d7:30:c3:24:cd:de:5e:10:07:14:0e:
                    58:70:72:91:e5:ca:ef:8f:bd:c2:ab:dd:d5:84:ad:
                    67:34:8e:30:8c:fd:8e:76:08:f7:ef:82:0b:a2:20:
                    79:a2:c5:4c:36:72:6a:4f:71:a2:6f:15:92:39:da:
                    5f:4e:42:32:02:76:89:e6:81:8e:b0:ba:4b:b3:45:
                    d2:f7:55:77:f7:6b:5f:8b:c9:91:58:9f:91:42:f3:
                    06:40:d3:36:e4:7e:57:0a:22:6d:06:9f:2b:34:3e:
                    24:c0:1b:84:0a:c3:09:d1:ac:13:23:a1:70:60:5e:
                    0e:53:4d:75:03:00:18:e1:e8:ca:a7:63:2f:ec:f7:
                    37:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:71:AC:A9:25:C3:89:CC:50:71:65:85:A4:74:5D:AF:F2:DF:46:18
            X509v3 Authority Key Identifier:
                keyid:1D:9C:07:2F:2D:B3:EF:1F:26:05:05:BB:FA:0E:FE:A1:8C:29:70:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HZwHLy2z7x8mBQW7-g7-oYwpcLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/4HGsqSXDicxQcWWFpHRdr_LfRhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/HZwHLy2z7x8mBQW7-g7-oYwpcLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:c5:d0:1a:b2:86:73:f3:ab:ea:2b:90:17:6b:8b:3c:a7:f9:
         51:b9:3b:78:10:d9:a5:de:49:9e:f4:a9:37:c4:16:10:46:a5:
         4f:c8:c1:69:8c:3b:fa:d7:5f:db:98:ea:c2:f1:fa:42:6c:69:
         29:43:d4:66:ca:6f:54:cf:1c:74:04:bb:83:05:22:94:ea:d4:
         34:a0:08:d4:e8:be:b4:82:ea:e6:15:91:a7:b2:cf:c8:45:ad:
         93:55:2b:78:41:4f:ff:55:7f:73:d2:ca:bc:1f:46:95:4c:bb:
         ec:cb:dc:2a:b1:b4:16:df:a4:b0:21:81:3a:50:85:37:53:e4:
         4d:30:12:d6:0c:94:e3:4b:2f:29:b4:4a:d4:57:bc:0c:34:f5:
         72:c8:c2:22:18:fd:97:4e:7a:11:c1:70:fd:c2:9f:d6:13:56:
         d2:5a:ef:5d:62:3a:b2:59:5e:78:0d:24:c0:d9:3b:d3:b3:b6:
         ad:a9:13:d4:bc:dd:df:68:4d:e1:70:7a:3d:b0:e4:f7:33:7a:
         e4:ba:0a:f4:62:c1:09:d8:31:50:4c:8d:b2:ed:7e:9d:e2:83:
         6c:ca:24:a3:1c:fc:8d:81:91:cb:d1:6e:48:9d:cc:30:86:fb:
         2c:9e:9d:e3:91:29:7b:a9:0c:45:b3:a0:d1:dc:60:cd:0a:97:
         3b:88:d3:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTClacPztpkQa31FR88JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkOWMwNzJmMmRiM2VmMWYyNjA1MDViYmZhMGVmZWExOGMy
OTcwYjEwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDcxYWNhOTI1YzM4OWNjNTA3MTY1ODVhNDc0NWRhZmYyZGY0NjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzWqocGNJwJ5nNUHkb9pKwZawan8
rRLFsFrm8aYBZq/CK6oSaNVCvZsY/DHIkDhkPL1Pzz4DKwvqoC++9ezdW4i8k+nD
kMjmwy20jnNKdeV7dk62dULDgIR1CWgiMOPNKaa8CTj3n+vsiMNAd/GsQvDzLEwv
OHc33JMt1zDDJM3eXhAHFA5YcHKR5crvj73Cq93VhK1nNI4wjP2Odgj374ILoiB5
osVMNnJqT3GibxWSOdpfTkIyAnaJ5oGOsLpLs0XS91V392tfi8mRWJ+RQvMGQNM2
5H5XCiJtBp8rND4kwBuECsMJ0awTI6FwYF4OU011AwAY4ejKp2Mv7Pc3MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBxrKklw4nMUHFlhaR0Xa/y30YYMB8GA1UdIwQY
MBaAFB2cBy8ts+8fJgUFu/oO/qGMKXCxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFp3SEx5Mno3eDhtQlFXNy1nNy1vWXdwY0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jNTUwZTMtZjAyNC00NmI4LTg3ZWMt
NDUwZTI0ZTA4OTFkLzEvNEhHc3FTWERpY3hRY1dXRnBIUmRyX0xmUmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jNTUwZTMtZjAyNC00NmI4LTg3ZWMtNDUwZTI0ZTA4OTFk
LzEvSFp3SEx5Mno3eDhtQlFXNy1nNy1vWXdwY0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf7gMA0G
CSqGSIb3DQEBCwUAA4IBAQBnxdAasoZz86vqK5AXa4s8p/lRuTt4ENml3kme9Kk3
xBYQRqVPyMFpjDv611/bmOrC8fpCbGkpQ9Rmym9Uzxx0BLuDBSKU6tQ0oAjU6L60
gurmFZGnss/IRa2TVSt4QU//VX9z0sq8H0aVTLvsy9wqsbQW36SwIYE6UIU3U+RN
MBLWDJTjSy8ptErUV7wMNPVyyMIiGP2XTnoRwXD9wp/WE1bSWu9dYjqyWV54DSTA
2TvTs7atqRPUvN3faE3hcHo9sOT3M3rkugr0YsEJ2DFQTI2y7X6d4oNsyiSjHPyN
gZHL0W5Incwwhvssnp3jkSl7qQxFs6DR3GDNCpc7iNPR
-----END CERTIFICATE-----