Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/K1DLzWKkK_TDqsM6lFF29lKQSZQ.roa
File:                     K1DLzWKkK_TDqsM6lFF29lKQSZQ.roa (raw, json)
Hash identifier:          X/QpZSth8CPE1WDX5nfIU2PtP/F6f27ZKXOoc3WFJas=
Subject key identifier:   2B:50:CB:CD:62:A4:2B:F4:C3:AA:C3:3A:94:51:76:F6:52:90:49:94
Certificate issuer:       /CN=794f6b59b439d1769932059d198428cb806ae753
Certificate serial:       018CC5DBF27B1A3F8D9A434EBF79FDD6DCE0
Authority key identifier: 79:4F:6B:59:B4:39:D1:76:99:32:05:9D:19:84:28:CB:80:6A:E7:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eU9rWbQ50XaZMgWdGYQoy4Bq51M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/K1DLzWKkK_TDqsM6lFF29lKQSZQ.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205743
IP address blocks:        185.208.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/eU9rWbQ50XaZMgWdGYQoy4Bq51M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/eU9rWbQ50XaZMgWdGYQoy4Bq51M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eU9rWbQ50XaZMgWdGYQoy4Bq51M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f2:7b:1a:3f:8d:9a:43:4e:bf:79:fd:d6:dc:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=794f6b59b439d1769932059d198428cb806ae753
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b50cbcd62a42bf4c3aac33a945176f652904994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a3:4d:b2:5d:e4:24:e6:d0:d6:26:ab:fc:f6:
                    50:9a:0f:0f:b6:4e:e2:b6:2d:eb:e0:3c:6d:42:cd:
                    45:b5:02:cc:af:c8:0e:fa:a1:d2:f3:db:3a:4b:ca:
                    9b:f4:6d:1e:63:fb:e2:be:c2:4d:d5:63:47:bc:e0:
                    9a:6d:ed:21:ad:ff:d8:8d:6b:47:5f:9d:03:a0:1e:
                    8f:45:92:c6:7f:d6:60:b8:9f:fa:5b:53:47:e3:82:
                    45:ce:cc:08:93:bb:24:eb:84:a6:76:ff:32:47:ce:
                    66:19:3c:04:1a:7c:d9:6c:5d:c0:85:95:32:13:bf:
                    6b:14:ed:fc:54:af:b0:42:54:02:a8:cd:b8:41:bd:
                    a4:d1:07:fa:6f:eb:5b:56:12:1b:0c:87:8f:25:7b:
                    8a:f8:66:dc:a8:70:8b:7e:51:dc:2f:75:16:34:e1:
                    c1:05:8c:53:d9:14:8a:c1:00:58:9b:03:a6:56:74:
                    15:51:2e:78:a0:cc:7e:96:43:64:cd:96:35:04:0b:
                    7b:9c:75:2d:10:83:df:71:36:e1:97:ba:cc:85:1a:
                    95:f3:3f:89:a8:22:a1:f2:bb:c7:04:f8:9f:f2:2d:
                    bc:9f:31:fb:b4:04:93:f7:ef:9c:49:de:b7:8a:36:
                    f5:75:45:e9:67:38:e6:27:59:eb:d0:66:5c:31:f8:
                    87:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:50:CB:CD:62:A4:2B:F4:C3:AA:C3:3A:94:51:76:F6:52:90:49:94
            X509v3 Authority Key Identifier:
                keyid:79:4F:6B:59:B4:39:D1:76:99:32:05:9D:19:84:28:CB:80:6A:E7:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eU9rWbQ50XaZMgWdGYQoy4Bq51M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/K1DLzWKkK_TDqsM6lFF29lKQSZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/17d0ad-801c-4814-b891-e0a652004878/1/eU9rWbQ50XaZMgWdGYQoy4Bq51M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:79:30:81:b5:53:e5:2e:35:e6:c2:30:91:4a:aa:3c:24:4e:
         15:0e:68:be:0f:00:78:39:65:e0:03:9c:4a:f4:7c:ee:90:22:
         cd:3c:57:ea:d1:cf:b2:dd:35:da:2e:e6:aa:39:47:71:a4:1a:
         84:16:2c:fe:15:75:27:9c:50:22:23:8c:39:7a:ac:bc:d6:37:
         f7:bd:75:b5:43:47:74:f1:f9:53:d1:11:14:0c:67:10:33:e0:
         4e:52:ba:14:bd:c5:84:27:f3:6b:0a:20:b6:31:f3:7f:45:04:
         1f:be:f7:8d:e6:ee:39:27:2f:b6:56:50:90:2f:52:ef:97:62:
         fc:9f:10:d0:91:8e:77:fd:16:28:8e:05:4e:9a:44:c0:6a:5f:
         81:70:18:5f:22:51:af:71:9d:7d:c0:ae:b3:24:ec:1f:42:f0:
         ba:21:5d:55:6c:a3:79:9a:02:14:47:28:81:f1:cb:c4:2e:f7:
         f3:eb:d2:c4:91:15:a4:c2:1c:c9:5c:6c:b6:5f:6f:dd:08:4c:
         19:44:b5:51:ff:16:fd:f2:a4:6d:87:29:48:e0:18:d9:77:6a:
         c5:3c:4f:4c:72:16:26:d3:38:2a:ca:21:10:e7:19:57:08:07:
         3d:73:64:d8:70:13:cf:9a:7f:8f:a8:f2:76:72:39:8b:cf:c0:
         09:11:e7:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/J7Gj+NmkNOv3n91tzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NGY2YjU5YjQzOWQxNzY5OTMyMDU5ZDE5ODQyOGNiODA2
YWU3NTMwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjUwY2JjZDYyYTQyYmY0YzNhYWMzM2E5NDUxNzZmNjUyOTA0OTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKNNsl3kJObQ1iar/PZQmg8Ptk7i
ti3r4DxtQs1FtQLMr8gO+qHS89s6S8qb9G0eY/vivsJN1WNHvOCabe0hrf/YjWtH
X50DoB6PRZLGf9ZguJ/6W1NH44JFzswIk7sk64Smdv8yR85mGTwEGnzZbF3AhZUy
E79rFO38VK+wQlQCqM24Qb2k0Qf6b+tbVhIbDIePJXuK+GbcqHCLflHcL3UWNOHB
BYxT2RSKwQBYmwOmVnQVUS54oMx+lkNkzZY1BAt7nHUtEIPfcTbhl7rMhRqV8z+J
qCKh8rvHBPif8i28nzH7tAST9++cSd63ijb1dUXpZzjmJ1nr0GZcMfiHowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtQy81ipCv0w6rDOpRRdvZSkEmUMB8GA1UdIwQY
MBaAFHlPa1m0OdF2mTIFnRmEKMuAaudTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVU5cldiUTUwWGFaTWdXZEdZUW95NEJxNTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xN2QwYWQtODAxYy00ODE0LWI4OTEt
ZTBhNjUyMDA0ODc4LzEvSzFETHpXS2tLX1REcXNNNmxGRjI5bEtRU1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xN2QwYWQtODAxYy00ODE0LWI4OTEtZTBhNjUyMDA0ODc4
LzEvZVU5cldiUTUwWGFaTWdXZEdZUW95NEJxNTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudAEMA0G
CSqGSIb3DQEBCwUAA4IBAQBieTCBtVPlLjXmwjCRSqo8JE4VDmi+DwB4OWXgA5xK
9HzukCLNPFfq0c+y3TXaLuaqOUdxpBqEFiz+FXUnnFAiI4w5eqy81jf3vXW1Q0d0
8flT0REUDGcQM+BOUroUvcWEJ/NrCiC2MfN/RQQfvveN5u45Jy+2VlCQL1Lvl2L8
nxDQkY53/RYojgVOmkTAal+BcBhfIlGvcZ19wK6zJOwfQvC6IV1VbKN5mgIURyiB
8cvELvfz69LEkRWkwhzJXGy2X2/dCEwZRLVR/xb98qRthylI4BjZd2rFPE9MchYm
0zgqyiEQ5xlXCAc9c2TYcBPPmn+PqPJ2cjmLz8AJEedD
-----END CERTIFICATE-----