Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/4K1Z5ixiMgvhnm6BpdLKvrbiY9A.roa
File:                     4K1Z5ixiMgvhnm6BpdLKvrbiY9A.roa (raw, json)
Hash identifier:          b6Yi8ujqtVAtCLVjMI5t4L5ZcUgkWnSyUrvd4RtFKdk=
Subject key identifier:   E0:AD:59:E6:2C:62:32:0B:E1:9E:6E:81:A5:D2:CA:BE:B6:E2:63:D0
Certificate issuer:       /CN=44348141fc46dc0187087cbc86556e9a449ee1e7
Certificate serial:       018CC802DB5C7ACF34D69744C490BCE957B3
Authority key identifier: 44:34:81:41:FC:46:DC:01:87:08:7C:BC:86:55:6E:9A:44:9E:E1:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RDSBQfxG3AGHCHy8hlVumkSe4ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/4K1Z5ixiMgvhnm6BpdLKvrbiY9A.roa
Signing time:             Tue 02 Jan 2024 02:31:19 +0000
ROA not before:           Tue 02 Jan 2024 02:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25367
IP address blocks:        212.63.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/RDSBQfxG3AGHCHy8hlVumkSe4ec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/RDSBQfxG3AGHCHy8hlVumkSe4ec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RDSBQfxG3AGHCHy8hlVumkSe4ec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:db:5c:7a:cf:34:d6:97:44:c4:90:bc:e9:57:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44348141fc46dc0187087cbc86556e9a449ee1e7
        Validity
            Not Before: Jan  2 02:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0ad59e62c62320be19e6e81a5d2cabeb6e263d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:e1:d0:cc:5a:41:92:38:b2:41:0b:d6:45:
                    b5:f5:7b:f8:e8:0d:90:8e:06:5f:fc:5d:a4:d3:c8:
                    9d:8f:1a:84:71:89:39:76:13:c5:fb:61:7a:82:40:
                    87:e5:ba:8f:d1:7f:aa:49:16:1e:82:8d:4f:56:a1:
                    52:c3:93:a8:b5:8e:96:99:13:c1:ab:f7:ac:4b:b6:
                    e8:1d:5f:71:b5:03:4c:71:d6:a2:d8:c6:a6:ca:5f:
                    eb:1f:fd:ca:44:86:11:6d:de:93:25:cb:3b:ad:9e:
                    7c:45:48:ee:58:7a:c2:7b:60:7b:3c:7a:95:80:e8:
                    73:94:33:1e:58:9b:49:dc:fd:eb:ea:15:22:2c:b8:
                    fc:4a:21:35:6f:21:95:a9:31:8f:24:9f:10:42:a5:
                    a3:b2:2a:49:4c:d0:d4:4d:a9:15:9a:29:cb:19:a0:
                    b7:31:15:f0:45:db:b4:2c:6a:4f:7e:8a:fb:15:ae:
                    19:39:91:db:f4:76:10:ca:6e:a9:2a:82:49:a6:11:
                    7e:68:9f:7e:c7:f1:4e:db:cc:7e:1a:b2:75:75:d2:
                    71:6d:44:d1:99:9c:97:55:49:48:f4:2c:76:73:f6:
                    43:04:21:10:6c:b9:af:15:9f:17:99:77:c2:44:12:
                    ce:19:c1:92:b0:0b:7e:66:eb:55:b4:20:7c:dc:e0:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:AD:59:E6:2C:62:32:0B:E1:9E:6E:81:A5:D2:CA:BE:B6:E2:63:D0
            X509v3 Authority Key Identifier:
                keyid:44:34:81:41:FC:46:DC:01:87:08:7C:BC:86:55:6E:9A:44:9E:E1:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RDSBQfxG3AGHCHy8hlVumkSe4ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/4K1Z5ixiMgvhnm6BpdLKvrbiY9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/RDSBQfxG3AGHCHy8hlVumkSe4ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.63.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a5:0d:f6:09:93:d5:5d:03:b5:d0:5c:77:5d:a2:0f:c5:06:07:
         1d:d4:24:74:a0:e9:5f:0f:a1:7e:8e:19:51:46:82:36:bd:37:
         87:d8:2b:b3:e1:59:7f:e0:8b:08:f5:86:21:64:e9:3b:d6:79:
         20:3c:bf:a3:c7:ba:83:27:ab:7a:2c:a6:f1:54:45:e1:92:ee:
         84:df:6c:d2:8b:9c:f9:b9:71:d5:02:e3:a0:d8:72:a7:65:ee:
         07:b4:bf:4c:6b:56:89:74:b5:51:b2:a5:c4:e4:86:7a:f1:55:
         a5:43:86:fa:c0:27:46:d8:0c:99:5e:fc:2c:ac:d9:98:86:91:
         f4:41:50:f5:31:9f:be:a7:53:16:5b:48:1e:71:d0:a0:8d:e4:
         16:e5:31:3a:a2:1a:7d:9e:9d:cd:bb:2a:07:54:46:fb:62:4f:
         4d:49:de:c7:b2:e5:0a:dd:b3:69:82:c0:0d:3c:12:94:cc:fb:
         e3:5d:1d:46:9c:5f:64:2c:06:f3:b1:cf:1b:59:5e:8b:5b:5e:
         7f:a9:98:8f:f9:84:d4:8b:e2:f0:c2:26:53:a5:aa:4f:bd:aa:
         9d:54:2e:c1:1b:e9:44:45:1c:b5:4c:a0:b2:fc:92:e8:a3:65:
         9e:79:fa:7a:cb:e7:17:64:65:9b:6d:82:22:10:67:a9:46:20:
         70:e6:d3:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAttces801pdExJC86VezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MzQ4MTQxZmM0NmRjMDE4NzA4N2NiYzg2NTU2ZTlhNDQ5
ZWUxZTcwHhcNMjQwMTAyMDIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGFkNTllNjJjNjIzMjBiZTE5ZTZlODFhNWQyY2FiZWI2ZTI2M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLDh0MxaQZI4skEL1kW19Xv46A2Q
jgZf/F2k08idjxqEcYk5dhPF+2F6gkCH5bqP0X+qSRYego1PVqFSw5OotY6WmRPB
q/esS7boHV9xtQNMcdai2Mamyl/rH/3KRIYRbd6TJcs7rZ58RUjuWHrCe2B7PHqV
gOhzlDMeWJtJ3P3r6hUiLLj8SiE1byGVqTGPJJ8QQqWjsipJTNDUTakVminLGaC3
MRXwRdu0LGpPfor7Fa4ZOZHb9HYQym6pKoJJphF+aJ9+x/FO28x+GrJ1ddJxbUTR
mZyXVUlI9Cx2c/ZDBCEQbLmvFZ8XmXfCRBLOGcGSsAt+ZutVtCB83OBDywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCtWeYsYjIL4Z5ugaXSyr624mPQMB8GA1UdIwQY
MBaAFEQ0gUH8RtwBhwh8vIZVbppEnuHnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkRTQlFmeEczQUdIQ0h5OGhsVnVta1NlNGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8yMmZhNDItYjAyZi00MzExLTkwZmIt
NDVhMTEyYTFlN2FjLzEvNEsxWjVpeGlNZ3Zobm02QnBkTEt2cmJpWTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8yMmZhNDItYjAyZi00MzExLTkwZmItNDVhMTEyYTFlN2Fj
LzEvUkRTQlFmeEczQUdIQ0h5OGhsVnVta1NlNGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1D/gMA0G
CSqGSIb3DQEBCwUAA4IBAQClDfYJk9VdA7XQXHddog/FBgcd1CR0oOlfD6F+jhlR
RoI2vTeH2Cuz4Vl/4IsI9YYhZOk71nkgPL+jx7qDJ6t6LKbxVEXhku6E32zSi5z5
uXHVAuOg2HKnZe4HtL9Ma1aJdLVRsqXE5IZ68VWlQ4b6wCdG2AyZXvwsrNmYhpH0
QVD1MZ++p1MWW0gecdCgjeQW5TE6ohp9np3NuyoHVEb7Yk9NSd7HsuUK3bNpgsAN
PBKUzPvjXR1GnF9kLAbzsc8bWV6LW15/qZiP+YTUi+LwwiZTpapPvaqdVC7BG+lE
RRy1TKCy/JLoo2Weefp6y+cXZGWbbYIiEGepRiBw5tPH
-----END CERTIFICATE-----