Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/I4SRUCrk4pxMt_QbEgGsgNA_wVU.roa
File:                     I4SRUCrk4pxMt_QbEgGsgNA_wVU.roa (raw, json)
Hash identifier:          uzYUomAkp0fHc8AoukHo74Xvq9YjvBT5jit/zHlkBJw=
Subject key identifier:   23:84:91:50:2A:E4:E2:9C:4C:B7:F4:1B:12:01:AC:80:D0:3F:C1:55
Certificate issuer:       /CN=ee3be768d28668f490afb74e9aefe41e03495d7a
Certificate serial:       018CC870B8B49AE1FA0B962CDE622AC62476
Authority key identifier: EE:3B:E7:68:D2:86:68:F4:90:AF:B7:4E:9A:EF:E4:1E:03:49:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/I4SRUCrk4pxMt_QbEgGsgNA_wVU.roa
Signing time:             Tue 02 Jan 2024 04:31:19 +0000
ROA not before:           Tue 02 Jan 2024 04:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.19.224.0/22 maxlen: 24
                          185.243.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:b8:b4:9a:e1:fa:0b:96:2c:de:62:2a:c6:24:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee3be768d28668f490afb74e9aefe41e03495d7a
        Validity
            Not Before: Jan  2 04:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=238491502ae4e29c4cb7f41b1201ac80d03fc155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:45:79:92:7e:ce:5c:90:90:eb:b0:f4:98:4d:
                    9c:60:28:be:9f:61:80:ba:40:21:d6:a4:45:75:3b:
                    ff:8d:13:79:21:c5:5a:7a:6c:42:4d:ab:a5:82:26:
                    b8:6c:34:49:cb:eb:80:27:35:f0:83:ce:7c:18:a7:
                    19:9d:bd:b1:d0:e8:8c:fb:2f:22:cf:59:1e:50:f7:
                    2f:39:53:13:cf:51:ca:b7:24:f3:89:11:89:b2:85:
                    db:24:00:ce:1f:fa:19:c9:2a:4a:e2:83:2d:10:75:
                    91:5d:8f:51:7b:21:57:3b:cf:30:19:2c:7b:34:07:
                    c7:00:8c:cd:31:85:59:3e:59:54:7a:83:aa:17:e1:
                    6e:ab:5d:92:47:8e:d4:3b:ba:e0:b4:43:b3:2e:83:
                    b4:ba:02:bc:91:90:e5:11:60:d9:5d:a4:4e:89:fb:
                    93:f3:83:cf:86:26:41:de:42:c0:e2:00:9f:95:73:
                    bd:2e:c1:9b:91:20:1f:35:35:ce:6d:87:ff:b8:f4:
                    84:c7:06:f3:90:59:78:1b:e0:76:30:7b:81:5f:28:
                    c3:ff:f3:44:69:81:c3:db:56:26:51:7d:cd:92:8a:
                    08:8a:6c:00:aa:bd:61:bf:2e:9c:23:34:92:d4:50:
                    4c:a3:e1:ee:4b:58:05:e8:e0:77:27:4f:d1:7a:39:
                    b0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:84:91:50:2A:E4:E2:9C:4C:B7:F4:1B:12:01:AC:80:D0:3F:C1:55
            X509v3 Authority Key Identifier:
                keyid:EE:3B:E7:68:D2:86:68:F4:90:AF:B7:4E:9A:EF:E4:1E:03:49:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/I4SRUCrk4pxMt_QbEgGsgNA_wVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.224.0/22
                  185.243.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:66:5d:97:27:2a:d8:fd:ce:4b:c1:cb:c7:1a:e7:85:26:61:
         80:b1:14:ea:c9:90:64:3b:fe:d5:9e:37:59:1b:62:49:e5:d0:
         6a:7c:c9:0d:39:2e:04:66:78:d4:d5:82:ea:b8:1e:f4:c4:9d:
         7f:ef:e1:7f:b3:ab:93:d1:d0:0d:bc:6c:d3:5b:2d:35:06:aa:
         ce:a0:cc:1a:68:ed:e9:cf:70:bb:d2:d2:69:3e:74:3d:e3:e5:
         ce:47:9d:17:63:ac:b0:74:83:f6:01:69:4b:3c:ee:d0:45:1a:
         3d:d5:a4:b9:8c:ba:33:80:7e:1a:cd:13:be:4b:bc:84:ba:09:
         1d:f0:b8:4c:0b:4b:4f:5b:10:c1:b5:4f:1a:a6:c9:15:f3:42:
         f7:42:ca:fc:1d:2a:7f:8e:b3:ad:73:d8:e2:11:52:1f:6a:3b:
         72:f2:1c:e6:70:bf:c7:f9:14:1e:38:90:1d:df:42:9d:59:35:
         d2:e0:b7:4f:0d:e2:05:19:a5:22:0b:74:9e:c0:32:ad:be:42:
         a3:29:1f:f4:ac:d9:28:33:34:24:3e:fd:ac:00:2e:05:c2:de:
         8d:43:5f:2a:37:98:89:d0:ec:2b:7b:f7:5f:b5:83:5d:de:9f:
         ed:86:8b:56:8e:61:95:eb:b4:77:2b:c2:7d:03:aa:a7:6f:c7:
         75:30:88:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcLi0muH6C5Ys3mIqxiR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlM2JlNzY4ZDI4NjY4ZjQ5MGFmYjc0ZTlhZWZlNDFlMDM0
OTVkN2EwHhcNMjQwMTAyMDQzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzg0OTE1MDJhZTRlMjljNGNiN2Y0MWIxMjAxYWM4MGQwM2ZjMTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0V5kn7OXJCQ67D0mE2cYCi+n2GA
ukAh1qRFdTv/jRN5IcVaemxCTaulgia4bDRJy+uAJzXwg858GKcZnb2x0OiM+y8i
z1keUPcvOVMTz1HKtyTziRGJsoXbJADOH/oZySpK4oMtEHWRXY9ReyFXO88wGSx7
NAfHAIzNMYVZPllUeoOqF+Fuq12SR47UO7rgtEOzLoO0ugK8kZDlEWDZXaROifuT
84PPhiZB3kLA4gCflXO9LsGbkSAfNTXObYf/uPSExwbzkFl4G+B2MHuBXyjD//NE
aYHD21YmUX3NkooIimwAqr1hvy6cIzSS1FBMo+HuS1gF6OB3J0/RejmwfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCOEkVAq5OKcTLf0GxIBrIDQP8FVMB8GA1UdIwQY
MBaAFO4752jShmj0kK+3Tprv5B4DSV16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2p2bmFOS0dhUFNRcjdkT211X2tIZ05KWFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83NDc0ZTEtNGQ2NS00M2I0LThiYjEt
ZmVlZjEwNWYwYTc3LzEvSTRTUlVDcms0cHhNdF9RYkVnR3NnTkFfd1ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83NDc0ZTEtNGQ2NS00M2I0LThiYjEtZmVlZjEwNWYwYTc3
LzEvN2p2bmFOS0dhUFNRcjdkT211X2tIZ05KWFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRPgAwQC
ufMQMA0GCSqGSIb3DQEBCwUAA4IBAQBaZl2XJyrY/c5LwcvHGueFJmGAsRTqyZBk
O/7VnjdZG2JJ5dBqfMkNOS4EZnjU1YLquB70xJ1/7+F/s6uT0dANvGzTWy01BqrO
oMwaaO3pz3C70tJpPnQ94+XOR50XY6ywdIP2AWlLPO7QRRo91aS5jLozgH4azRO+
S7yEugkd8LhMC0tPWxDBtU8apskV80L3Qsr8HSp/jrOtc9jiEVIfajty8hzmcL/H
+RQeOJAd30KdWTXS4LdPDeIFGaUiC3SewDKtvkKjKR/0rNkoMzQkPv2sAC4Fwt6N
Q18qN5iJ0Owre/dftYNd3p/thotWjmGV67R3K8J9A6qnb8d1MIhm
-----END CERTIFICATE-----