Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4KNv5HcJHLEH6tqhn3Eq3qmQp6I.roa
File:                     4KNv5HcJHLEH6tqhn3Eq3qmQp6I.roa (raw, json)
Hash identifier:          skN4EiD++SzPS/IrDyBfRyxNIWPDsoExOokLDIDdJKc=
Subject key identifier:   E0:A3:6F:E4:77:09:1C:B1:07:EA:DA:A1:9F:71:2A:DE:A9:90:A7:A2
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500BDE14B0AE07F5286046EF7E88446
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4KNv5HcJHLEH6tqhn3Eq3qmQp6I.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49476
IP address blocks:        185.13.157.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:bd:e1:4b:0a:e0:7f:52:86:04:6e:f7:e8:84:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0a36fe477091cb107eadaa19f712adea990a7a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:8a:c7:b1:7c:14:17:c6:ae:0a:ea:0e:7e:b8:
                    a2:88:c3:ce:0c:7a:e4:ee:69:d1:77:4d:35:d9:00:
                    e9:92:9e:71:2a:7e:63:35:f9:a2:72:02:ac:e6:57:
                    a6:38:a5:ce:cb:48:61:e9:ee:4b:aa:4f:77:9e:52:
                    c2:21:a1:a4:c0:e4:cb:45:ce:ff:a1:93:40:40:34:
                    ea:cc:10:e3:11:61:1e:41:98:2c:44:98:3e:fb:82:
                    5a:10:dc:88:e7:85:d0:c7:31:43:a7:21:e2:c6:e2:
                    74:2b:e0:b5:43:c3:d9:d7:d1:e0:55:fc:b3:ba:7c:
                    2c:81:3a:89:38:56:7b:3c:9c:30:25:c1:24:2d:50:
                    54:b5:b5:f7:6b:3b:33:0a:e1:95:84:03:2f:fc:8e:
                    b9:12:38:d4:d1:99:c0:8f:9a:1d:9f:9f:7c:e9:68:
                    be:6f:e2:ad:e0:60:da:f1:3b:d7:f3:d2:4e:c6:b5:
                    0e:86:eb:22:ad:26:6b:13:45:36:2a:3d:76:24:9b:
                    22:e9:fe:45:be:ab:03:e7:ac:cd:e3:cf:da:88:4e:
                    15:fc:69:ce:c9:ab:f7:ff:67:00:c6:0b:d4:a0:5e:
                    a6:c3:4a:96:72:b3:d2:47:30:f7:9b:62:7e:6a:90:
                    97:2b:ad:c4:4f:03:f8:57:94:17:e3:c7:ed:e3:38:
                    e3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A3:6F:E4:77:09:1C:B1:07:EA:DA:A1:9F:71:2A:DE:A9:90:A7:A2
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4KNv5HcJHLEH6tqhn3Eq3qmQp6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b3:07:ae:8e:91:a9:10:c1:11:ab:7a:0f:71:2e:2f:a7:15:
         5a:1e:60:4c:3e:de:08:69:1e:de:5d:13:95:86:4b:08:48:ca:
         ce:35:d3:f3:88:d1:61:96:75:50:ac:6d:6f:35:9d:cd:a2:61:
         f8:14:98:97:a3:a1:6c:a3:0c:89:e3:17:29:fe:55:ca:9f:e5:
         74:f9:29:41:35:af:a5:e6:22:5e:e7:64:84:a1:10:a2:7b:7d:
         0c:5c:7d:90:02:94:7c:fe:31:05:dc:64:92:71:9e:78:2c:ed:
         2c:fd:85:c3:ae:41:a1:71:79:08:8c:28:6a:d1:25:a1:9e:a4:
         42:e2:8c:32:6d:cd:26:fc:bd:23:48:aa:fc:41:dd:0a:a1:87:
         8e:e9:fe:66:0f:b3:ba:4a:77:fb:6e:c5:36:db:71:53:04:11:
         e5:cf:9e:75:29:5f:49:c7:f5:5a:14:f7:6d:e7:d9:2c:2e:66:
         87:2a:95:ef:b5:40:87:fd:a2:cc:b1:d6:51:c2:f9:41:76:ac:
         30:2b:a3:dc:c9:3c:d0:36:cf:79:6b:18:f0:35:e4:0f:a2:bf:
         c7:7c:0c:90:38:ab:f7:88:bb:5c:24:e0:8c:2d:26:01:ad:d9:
         f5:6f:97:42:a0:49:32:6e:d2:a0:d6:a3:61:bc:a3:1f:12:2b:
         92:23:62:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAL3hSwrgf1KGBG736IRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGEzNmZlNDc3MDkxY2IxMDdlYWRhYTE5ZjcxMmFkZWE5OTBhN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIrHsXwUF8auCuoOfriiiMPODHrk
7mnRd0012QDpkp5xKn5jNfmicgKs5lemOKXOy0hh6e5Lqk93nlLCIaGkwOTLRc7/
oZNAQDTqzBDjEWEeQZgsRJg++4JaENyI54XQxzFDpyHixuJ0K+C1Q8PZ19HgVfyz
unwsgTqJOFZ7PJwwJcEkLVBUtbX3azszCuGVhAMv/I65EjjU0ZnAj5odn5986Wi+
b+Kt4GDa8TvX89JOxrUOhusirSZrE0U2Kj12JJsi6f5FvqsD56zN48/aiE4V/GnO
yav3/2cAxgvUoF6mw0qWcrPSRzD3m2J+apCXK63ETwP4V5QX48ft4zjjlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCjb+R3CRyxB+raoZ9xKt6pkKeiMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvNEtOdjVIY0pITEVINnRxaG4zRXEzcW1RcDZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ2dMA0G
CSqGSIb3DQEBCwUAA4IBAQAJsweujpGpEMERq3oPcS4vpxVaHmBMPt4IaR7eXROV
hksISMrONdPziNFhlnVQrG1vNZ3NomH4FJiXo6FsowyJ4xcp/lXKn+V0+SlBNa+l
5iJe52SEoRCie30MXH2QApR8/jEF3GSScZ54LO0s/YXDrkGhcXkIjChq0SWhnqRC
4owybc0m/L0jSKr8Qd0KoYeO6f5mD7O6Snf7bsU223FTBBHlz551KV9Jx/VaFPdt
59ksLmaHKpXvtUCH/aLMsdZRwvlBdqwwK6PcyTzQNs95axjwNeQPor/HfAyQOKv3
iLtcJOCMLSYBrdn1b5dCoEkybtKg1qNhvKMfEiuSI2Kj
-----END CERTIFICATE-----