Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/4-FO2MSSgkJKoNy_9e61ryfJd6A.roa
File:                     4-FO2MSSgkJKoNy_9e61ryfJd6A.roa (raw, json)
Hash identifier:          wxEPqKpyOL0pT6KtxTe9x54y7kLqkUpjgX3wOeYOy24=
Subject key identifier:   E3:E1:4E:D8:C4:92:82:42:4A:A0:DC:BF:F5:EE:B5:AF:27:C9:77:A0
Certificate issuer:       /CN=845c58752f3336422ff0ee1726474591e7a41e5f
Certificate serial:       0190783045904A6FD56A348C0F82535BEB88
Authority key identifier: 84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/4-FO2MSSgkJKoNy_9e61ryfJd6A.roa
Signing time:             Wed 03 Jul 2024 10:42:27 +0000
ROA not before:           Wed 03 Jul 2024 10:42:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215547
IP address blocks:        185.91.24.0/22 maxlen: 24
                          2a00:1932::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:30:45:90:4a:6f:d5:6a:34:8c:0f:82:53:5b:eb:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845c58752f3336422ff0ee1726474591e7a41e5f
        Validity
            Not Before: Jul  3 10:42:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3e14ed8c49282424aa0dcbff5eeb5af27c977a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:12:15:c8:40:ce:fc:07:a1:e6:88:a7:cc:67:
                    37:96:87:2b:a2:67:2f:f8:49:fa:1d:02:4d:87:81:
                    b1:bd:9a:96:83:ac:8a:ce:59:9d:66:f4:a7:d2:41:
                    b8:7d:85:1c:69:68:a6:05:14:bc:ca:cb:e0:0d:54:
                    2e:a3:10:1b:52:6d:af:c5:ed:f1:f9:81:5c:d8:cf:
                    dc:38:24:18:91:63:d9:13:e3:61:51:2c:49:d2:7c:
                    c1:40:62:6d:26:7f:cd:60:ef:1b:eb:d7:7d:41:02:
                    95:ea:3b:cf:d1:a5:8f:2b:31:4d:7b:3b:1c:ec:59:
                    c3:36:4d:31:e0:6f:2f:f2:87:7a:cc:41:85:e0:ee:
                    54:34:15:95:39:91:89:60:d8:3a:36:e4:f7:ed:dd:
                    74:1e:0d:f4:df:9c:a2:1f:3a:c3:47:70:f2:11:d5:
                    3a:79:8a:46:04:3c:df:51:b4:e8:02:c6:7c:e7:26:
                    0e:e0:82:9f:d2:40:2e:3a:5c:24:05:7f:3e:d4:a3:
                    a3:0a:a1:17:06:28:54:91:b8:e9:3e:49:72:89:65:
                    03:16:ec:25:bd:87:97:65:3f:30:2a:c5:dc:d8:37:
                    c7:38:66:fc:60:7f:ed:1c:a4:58:d5:ac:08:b1:2e:
                    7a:2f:39:45:00:38:91:b1:28:02:fc:69:08:65:cc:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E1:4E:D8:C4:92:82:42:4A:A0:DC:BF:F5:EE:B5:AF:27:C9:77:A0
            X509v3 Authority Key Identifier:
                keyid:84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/4-FO2MSSgkJKoNy_9e61ryfJd6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.24.0/22
                IPv6:
                  2a00:1932::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:71:0d:68:fc:41:96:2a:95:8d:c7:1a:2e:75:cb:db:0b:0f:
         97:a7:97:7d:1e:60:09:8a:29:47:43:4b:7d:30:b3:5d:b5:83:
         c1:3a:53:47:63:c8:47:09:e5:3d:23:dc:54:11:bc:59:24:8e:
         e8:4f:e3:cf:f5:45:56:27:37:d2:1d:5b:78:94:0a:3b:7b:45:
         11:3b:34:ec:93:f8:71:8a:09:2a:83:78:39:4d:56:a1:6c:a6:
         76:0c:d3:7c:5c:8b:44:b4:bb:96:5d:80:8e:13:08:44:91:6c:
         d4:52:4d:3b:9c:1a:45:1c:0c:b2:05:d6:63:f6:30:55:03:f9:
         69:75:52:6d:6e:90:fc:07:bd:2e:0c:a3:2c:1b:ef:d4:05:94:
         99:c1:2b:b5:03:48:da:7c:e4:00:7e:8c:a6:e7:44:4a:00:25:
         c7:54:ed:8d:e8:4c:01:21:f4:c8:1a:d9:94:70:60:7a:e6:b3:
         65:7e:5f:75:87:c6:bd:e2:11:51:89:b4:fb:7e:35:7f:d3:53:
         78:65:7e:0b:a2:7c:32:5f:8c:3b:76:f4:32:d6:16:6b:5d:a1:
         bb:fb:aa:5a:55:4c:95:2f:c4:f4:a1:ee:e0:fe:76:d2:bf:e4:
         d2:14:63:b2:7e:83:bc:68:aa:35:9e:cd:78:31:33:f5:ea:84:
         9f:e0:64:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZB4MEWQSm/VajSMD4JTW+uIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWM1ODc1MmYzMzM2NDIyZmYwZWUxNzI2NDc0NTkxZTdh
NDFlNWYwHhcNMjQwNzAzMTA0MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2UxNGVkOGM0OTI4MjQyNGFhMGRjYmZmNWVlYjVhZjI3Yzk3N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxIVyEDO/Aeh5oinzGc3locromcv
+En6HQJNh4GxvZqWg6yKzlmdZvSn0kG4fYUcaWimBRS8ysvgDVQuoxAbUm2vxe3x
+YFc2M/cOCQYkWPZE+NhUSxJ0nzBQGJtJn/NYO8b69d9QQKV6jvP0aWPKzFNezsc
7FnDNk0x4G8v8od6zEGF4O5UNBWVOZGJYNg6NuT37d10Hg3035yiHzrDR3DyEdU6
eYpGBDzfUbToAsZ85yYO4IKf0kAuOlwkBX8+1KOjCqEXBihUkbjpPklyiWUDFuwl
vYeXZT8wKsXc2DfHOGb8YH/tHKRY1awIsS56LzlFADiRsSgC/GkIZcyqGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOPhTtjEkoJCSqDcv/Xuta8nyXegMB8GA1UdIwQY
MBaAFIRcWHUvMzZCL/DuFyZHRZHnpB5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYt
ZjEzNGU1MWNjMDViLzEvNC1GTzJNU1Nna0pLb055XzllNjFyeWZKZDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYtZjEzNGU1MWNjMDVi
LzEvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVsYMA0E
AgACMAcDBQAqABkyMA0GCSqGSIb3DQEBCwUAA4IBAQCNcQ1o/EGWKpWNxxoudcvb
Cw+Xp5d9HmAJiilHQ0t9MLNdtYPBOlNHY8hHCeU9I9xUEbxZJI7oT+PP9UVWJzfS
HVt4lAo7e0UROzTsk/hxigkqg3g5TVahbKZ2DNN8XItEtLuWXYCOEwhEkWzUUk07
nBpFHAyyBdZj9jBVA/lpdVJtbpD8B70uDKMsG+/UBZSZwSu1A0jafOQAfoym50RK
ACXHVO2N6EwBIfTIGtmUcGB65rNlfl91h8a94hFRibT7fjV/01N4ZX4LonwyX4w7
dvQy1hZrXaG7+6paVUyVL8T0oe7g/nbSv+TSFGOyfoO8aKo1ns14MTP16oSf4GSy
-----END CERTIFICATE-----