Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/f264e0-c8a5-41d5-9cd1-7f355d40c4e7/1/Dh4nvoZ7csFVaLY4VR-zktPx1_A.roa
File:                     Dh4nvoZ7csFVaLY4VR-zktPx1_A.roa (raw, json)
Hash identifier:          4dG9zaKaxiw4+oaN+ILmhCjupeFAr1W+JKV7ay5HWAs=
Subject key identifier:   0E:1E:27:BE:86:7B:72:C1:55:68:B6:38:55:1F:B3:92:D3:F1:D7:F0
Certificate issuer:       /CN=ca994929166bbd744165fb64f48c35f9b4436a77
Certificate serial:       018CC9BCCD56547AF529C2828AE6A5B3273E
Authority key identifier: CA:99:49:29:16:6B:BD:74:41:65:FB:64:F4:8C:35:F9:B4:43:6A:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yplJKRZrvXRBZftk9Iw1-bRDanc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/f264e0-c8a5-41d5-9cd1-7f355d40c4e7/1/Dh4nvoZ7csFVaLY4VR-zktPx1_A.roa
Signing time:             Tue 02 Jan 2024 10:34:02 +0000
ROA not before:           Tue 02 Jan 2024 10:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60267
IP address blocks:        194.62.56.0/22 maxlen: 22
                          185.154.56.0/22 maxlen: 22
                          185.224.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/f264e0-c8a5-41d5-9cd1-7f355d40c4e7/1/yplJKRZrvXRBZftk9Iw1-bRDanc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/f264e0-c8a5-41d5-9cd1-7f355d40c4e7/1/yplJKRZrvXRBZftk9Iw1-bRDanc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yplJKRZrvXRBZftk9Iw1-bRDanc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:cd:56:54:7a:f5:29:c2:82:8a:e6:a5:b3:27:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca994929166bbd744165fb64f48c35f9b4436a77
        Validity
            Not Before: Jan  2 10:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e1e27be867b72c15568b638551fb392d3f1d7f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f1:94:97:31:c3:cd:ba:64:18:e1:56:4f:ae:
                    bb:df:4b:9f:80:bb:d1:13:95:37:36:2e:3b:49:7c:
                    4e:64:c8:77:48:8d:a0:df:eb:52:ff:8b:a6:a0:ea:
                    c4:93:56:80:94:df:79:c3:1c:1a:a8:75:c0:c4:f9:
                    2c:08:c6:2d:89:e7:93:23:fe:be:20:f4:66:35:8a:
                    f2:0f:92:72:00:42:ee:69:bd:92:55:28:a2:5b:82:
                    16:5c:a3:1e:62:fe:fa:a0:f0:48:9e:84:73:c3:16:
                    6e:eb:11:45:5d:0b:e6:03:1e:af:34:f0:dc:c9:8f:
                    da:83:f4:c6:1e:5b:f6:e4:c8:7e:84:97:f6:e8:57:
                    bf:1a:e4:df:05:27:89:86:ac:df:af:56:5e:d9:49:
                    03:6b:a3:89:62:0c:59:17:04:f6:1f:0c:f9:9e:cc:
                    c0:3d:a7:d9:64:d9:61:81:94:4f:36:82:c1:58:e5:
                    74:79:48:48:4b:90:8b:ee:61:7d:3a:52:72:26:66:
                    25:20:95:a5:3d:55:0c:da:b4:ea:28:a7:15:8a:cf:
                    85:0b:41:53:4d:98:0d:8c:3b:62:95:8e:c6:d4:ee:
                    34:26:0e:64:e8:aa:d3:05:ae:56:11:83:e9:4d:90:
                    97:30:db:f6:2b:70:ae:2e:06:97:9b:74:c9:18:50:
                    a9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:1E:27:BE:86:7B:72:C1:55:68:B6:38:55:1F:B3:92:D3:F1:D7:F0
            X509v3 Authority Key Identifier:
                keyid:CA:99:49:29:16:6B:BD:74:41:65:FB:64:F4:8C:35:F9:B4:43:6A:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yplJKRZrvXRBZftk9Iw1-bRDanc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f264e0-c8a5-41d5-9cd1-7f355d40c4e7/1/Dh4nvoZ7csFVaLY4VR-zktPx1_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f264e0-c8a5-41d5-9cd1-7f355d40c4e7/1/yplJKRZrvXRBZftk9Iw1-bRDanc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.56.0/22
                  185.224.48.0/22
                  194.62.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:ef:1d:67:0d:0c:f5:9e:0b:cb:3a:8e:9a:b0:f7:21:00:94:
         39:e1:65:89:1c:0f:dd:26:3f:ba:e6:e2:19:e2:d0:12:4c:7a:
         b1:22:1c:8e:6b:b5:98:00:fa:97:6b:58:3e:94:7f:49:02:e9:
         8b:ae:d6:0d:d5:8f:09:99:01:ea:fa:1b:37:c6:9a:69:ea:ba:
         2d:1d:77:41:a0:15:4e:40:08:bf:1a:32:9d:1b:09:bc:ad:5b:
         b0:b8:b5:f9:19:ee:d2:9c:43:36:5b:98:0e:da:31:8f:03:43:
         d2:ad:e9:3b:52:0e:7d:96:85:32:5d:cb:f0:eb:4a:25:47:8c:
         53:0d:7a:32:ef:41:c8:49:a2:47:ba:76:3d:81:13:f6:0d:28:
         57:9f:c9:61:e5:8e:cf:8d:b1:ec:c6:e2:8e:a1:25:4e:d8:62:
         b6:7c:8c:ca:ad:4b:a9:f9:a4:0e:c5:1a:3f:ec:11:fa:5d:e0:
         04:90:23:dc:df:ed:b5:0d:d0:ce:07:88:0d:9c:4d:38:de:10:
         a7:3a:aa:19:46:eb:0f:c8:7f:56:69:ce:5a:80:e1:23:18:da:
         b2:0e:9e:17:59:e1:c8:53:01:1a:c3:37:2c:5a:c9:c1:da:61:
         e6:bb:08:a0:92:ac:95:06:38:2a:57:47:49:5f:39:a8:a9:6a:
         e6:5f:23:ee
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvM1WVHr1KcKCiualsyc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTk0OTI5MTY2YmJkNzQ0MTY1ZmI2NGY0OGMzNWY5YjQ0
MzZhNzcwHhcNMjQwMTAyMTAzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTFlMjdiZTg2N2I3MmMxNTU2OGI2Mzg1NTFmYjM5MmQzZjFkN2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfGUlzHDzbpkGOFWT66730ufgLvR
E5U3Ni47SXxOZMh3SI2g3+tS/4umoOrEk1aAlN95wxwaqHXAxPksCMYtieeTI/6+
IPRmNYryD5JyAELuab2SVSiiW4IWXKMeYv76oPBInoRzwxZu6xFFXQvmAx6vNPDc
yY/ag/TGHlv25Mh+hJf26Fe/GuTfBSeJhqzfr1Ze2UkDa6OJYgxZFwT2Hwz5nszA
PafZZNlhgZRPNoLBWOV0eUhIS5CL7mF9OlJyJmYlIJWlPVUM2rTqKKcVis+FC0FT
TZgNjDtilY7G1O40Jg5k6KrTBa5WEYPpTZCXMNv2K3CuLgaXm3TJGFCpuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA4eJ76Ge3LBVWi2OFUfs5LT8dfwMB8GA1UdIwQY
MBaAFMqZSSkWa710QWX7ZPSMNfm0Q2p3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBsSktSWnJ2WFJCWmZ0azlJdzEtYlJEYW5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mMjY0ZTAtYzhhNS00MWQ1LTljZDEt
N2YzNTVkNDBjNGU3LzEvRGg0bnZvWjdjc0ZWYUxZNFZSLXprdFB4MV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mMjY0ZTAtYzhhNS00MWQ1LTljZDEtN2YzNTVkNDBjNGU3
LzEveXBsSktSWnJ2WFJCWmZ0azlJdzEtYlJEYW5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuZo4AwQC
ueAwAwQCwj44MA0GCSqGSIb3DQEBCwUAA4IBAQAe7x1nDQz1ngvLOo6asPchAJQ5
4WWJHA/dJj+65uIZ4tASTHqxIhyOa7WYAPqXa1g+lH9JAumLrtYN1Y8JmQHq+hs3
xppp6rotHXdBoBVOQAi/GjKdGwm8rVuwuLX5Ge7SnEM2W5gO2jGPA0PSrek7Ug59
loUyXcvw60olR4xTDXoy70HISaJHunY9gRP2DShXn8lh5Y7PjbHsxuKOoSVO2GK2
fIzKrUup+aQOxRo/7BH6XeAEkCPc3+21DdDOB4gNnE043hCnOqoZRusPyH9Wac5a
gOEjGNqyDp4XWeHIUwEawzcsWsnB2mHmuwigkqyVBjgqV0dJXzmoqWrmXyPu
-----END CERTIFICATE-----