Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/wMhGWoQ1fihL0qEQdB_TQV3xH2E.roa
File:                     wMhGWoQ1fihL0qEQdB_TQV3xH2E.roa (raw, json)
Hash identifier:          DTOsU2PHsWzBFtnHfqs8BPtbLbUvB7vohBsqtSWN/FA=
Subject key identifier:   C0:C8:46:5A:84:35:7E:28:4B:D2:A1:10:74:1F:D3:41:5D:F1:1F:61
Certificate issuer:       /CN=4bd444c864e9e85d35376e0f68281799f6281f14
Certificate serial:       018CC7944CC5DA9D50AC0FDEDEB9E6B53F88
Authority key identifier: 4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/wMhGWoQ1fihL0qEQdB_TQV3xH2E.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60717
IP address blocks:        185.13.92.0/22 maxlen: 22
                          2a02:f480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4c:c5:da:9d:50:ac:0f:de:de:b9:e6:b5:3f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd444c864e9e85d35376e0f68281799f6281f14
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0c8465a84357e284bd2a110741fd3415df11f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f5:8e:02:53:9a:3f:f6:bc:a7:12:65:a7:79:
                    88:ed:a6:8b:cc:a2:53:40:bf:df:dc:8a:24:eb:96:
                    fc:af:2c:25:8c:04:35:b5:33:cd:1a:d8:55:db:2a:
                    52:cd:59:f2:17:a9:c0:e6:da:aa:df:9d:d9:2e:15:
                    97:4b:49:57:cc:f7:bf:14:c4:34:6f:3c:59:03:df:
                    6c:78:68:a9:c3:5d:80:af:1a:c6:a6:01:9a:db:a4:
                    d2:b1:07:15:8b:34:f7:fd:56:b4:f5:1b:9b:a9:6b:
                    c5:14:59:0f:89:f0:e8:59:b1:f2:04:a4:5b:7b:5f:
                    9e:1d:6d:ee:7f:e9:00:cc:e1:d7:57:17:13:c3:63:
                    b8:67:a2:5e:42:d7:91:03:a8:42:18:d8:a6:e1:c8:
                    ae:a9:58:2f:ec:b2:49:10:34:72:07:88:92:79:c5:
                    c6:d2:cb:3d:c0:4e:8f:de:67:61:f5:2a:71:a9:1b:
                    60:58:e4:3e:a2:2c:a1:15:dd:42:34:2f:d6:09:dc:
                    19:7a:cf:ce:1d:25:f6:39:30:a8:6f:b3:b3:f6:50:
                    ae:8e:3a:80:f0:b0:0f:43:4a:7a:33:9c:79:6d:9f:
                    38:d4:48:e9:9d:d6:45:78:ca:bb:17:7d:da:25:44:
                    2b:fe:69:55:ba:cf:39:f7:a8:ea:10:0a:4b:43:e5:
                    f9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C8:46:5A:84:35:7E:28:4B:D2:A1:10:74:1F:D3:41:5D:F1:1F:61
            X509v3 Authority Key Identifier:
                keyid:4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/wMhGWoQ1fihL0qEQdB_TQV3xH2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.92.0/22
                IPv6:
                  2a02:f480::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:f5:84:35:65:4f:fe:01:8b:38:42:ea:f9:83:a2:20:04:67:
         ed:5e:54:bb:b2:2e:c9:6e:41:84:2b:c3:4b:ee:13:59:28:d2:
         16:55:22:ca:42:e0:88:7f:a5:13:30:0f:bb:97:1c:51:81:c6:
         85:cf:d2:c1:0f:32:79:cb:85:5d:c6:e3:db:1c:ea:08:8e:4e:
         20:32:6a:7e:9f:f7:0b:88:c2:5c:ac:ca:f5:34:9f:f4:64:56:
         68:50:1f:cd:00:bc:04:4e:a3:c3:2e:09:04:aa:91:d6:20:7e:
         c5:b6:22:a0:61:6d:ca:01:2f:f8:2e:83:9f:95:01:ce:f4:f3:
         c5:4e:e5:2c:c5:2c:52:be:1c:49:0e:90:22:de:e7:93:4d:dc:
         8b:f5:46:64:88:3e:e2:c7:77:66:47:32:6f:11:6e:21:3d:82:
         13:e1:97:28:f4:eb:da:07:44:d6:d5:09:01:55:20:c3:9c:e5:
         ee:d3:76:38:a8:3e:4d:60:0b:d5:cd:d5:21:30:de:a7:da:92:
         bc:e6:06:dc:33:b7:be:fc:ff:57:7e:a5:1a:84:72:36:7d:9e:
         13:35:75:85:60:d6:0e:69:62:25:9a:49:5d:e6:5b:19:fe:24:
         55:22:93:ae:c0:fd:be:01:03:fd:f3:36:91:c5:84:f0:ea:52:
         c0:c2:a8:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlEzF2p1QrA/e3rnmtT+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDQ0NGM4NjRlOWU4NWQzNTM3NmUwZjY4MjgxNzk5ZjYy
ODFmMTQwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGM4NDY1YTg0MzU3ZTI4NGJkMmExMTA3NDFmZDM0MTVkZjExZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/WOAlOaP/a8pxJlp3mI7aaLzKJT
QL/f3Iok65b8rywljAQ1tTPNGthV2ypSzVnyF6nA5tqq353ZLhWXS0lXzPe/FMQ0
bzxZA99seGipw12ArxrGpgGa26TSsQcVizT3/Va09RubqWvFFFkPifDoWbHyBKRb
e1+eHW3uf+kAzOHXVxcTw2O4Z6JeQteRA6hCGNim4ciuqVgv7LJJEDRyB4iSecXG
0ss9wE6P3mdh9SpxqRtgWOQ+oiyhFd1CNC/WCdwZes/OHSX2OTCob7Oz9lCujjqA
8LAPQ0p6M5x5bZ841EjpndZFeMq7F33aJUQr/mlVus8596jqEApLQ+X5nwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMDIRlqENX4oS9KhEHQf00Fd8R9hMB8GA1UdIwQY
MBaAFEvURMhk6ehdNTduD2goF5n2KB8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMt
MjkwOTVhZDFjY2VkLzEvd01oR1dvUTFmaWhMMHFFUWRCX1RRVjN4SDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMtMjkwOTVhZDFjY2Vk
LzEvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ1cMA0E
AgACMAcDBQMqAvSAMA0GCSqGSIb3DQEBCwUAA4IBAQAt9YQ1ZU/+AYs4Qur5g6Ig
BGftXlS7si7JbkGEK8NL7hNZKNIWVSLKQuCIf6UTMA+7lxxRgcaFz9LBDzJ5y4Vd
xuPbHOoIjk4gMmp+n/cLiMJcrMr1NJ/0ZFZoUB/NALwETqPDLgkEqpHWIH7FtiKg
YW3KAS/4LoOflQHO9PPFTuUsxSxSvhxJDpAi3ueTTdyL9UZkiD7ix3dmRzJvEW4h
PYIT4Zco9OvaB0TW1QkBVSDDnOXu03Y4qD5NYAvVzdUhMN6n2pK85gbcM7e+/P9X
fqUahHI2fZ4TNXWFYNYOaWIlmkld5lsZ/iRVIpOuwP2+AQP98zaRxYTw6lLAwqjU
-----END CERTIFICATE-----