Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/4QEFirhebcm8tga1kKPYGBdu5d0.roa
File:                     4QEFirhebcm8tga1kKPYGBdu5d0.roa (raw, json)
Hash identifier:          RePJ9xpjsslbIEyJjurXDqGOGy4mDe5emZDWUYTbyH0=
Subject key identifier:   E1:01:05:8A:B8:5E:6D:C9:BC:B6:06:B5:90:A3:D8:18:17:6E:E5:DD
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF2B0E92185FED843D4848F3F19F4
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/4QEFirhebcm8tga1kKPYGBdu5d0.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62445
IP address blocks:        194.102.241.0/24 maxlen: 24
                          85.120.246.0/24 maxlen: 24
                          85.120.244.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f2:b0:e9:21:85:fe:d8:43:d4:84:8f:3f:19:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e101058ab85e6dc9bcb606b590a3d818176ee5dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ef:e3:a5:12:e2:eb:c0:76:f7:8e:fe:a4:3b:
                    1c:bf:e5:a9:1b:3c:2a:93:9b:b6:e8:b0:93:e9:df:
                    f0:cd:54:43:82:3d:58:47:11:9d:ba:ac:9a:c1:97:
                    ab:6c:c1:72:a2:50:4b:2a:da:3b:e9:28:5f:4f:32:
                    f9:a6:27:a2:1b:d7:50:2e:1e:f9:e1:46:c0:ce:3a:
                    2d:2b:df:3e:92:c5:23:7a:6c:25:db:cd:f9:52:d2:
                    c7:20:bb:1c:65:10:4b:65:46:f3:5a:93:fc:32:30:
                    33:b2:0b:b0:57:80:94:9f:0d:b1:bc:69:13:49:3b:
                    59:5b:6f:d7:84:59:aa:8a:fd:9d:7a:70:25:cf:b4:
                    e1:53:18:1f:e7:90:e1:59:49:6c:1b:1b:e3:bf:03:
                    c3:ad:4c:49:2e:2f:73:f9:ae:55:30:7a:99:b9:0e:
                    b8:55:85:59:56:13:b1:2f:b6:34:09:95:85:12:7d:
                    77:92:07:a3:3a:90:ae:4f:25:62:4c:82:53:7f:af:
                    1f:af:ba:a6:7a:50:c4:71:f2:85:5f:76:9e:48:d2:
                    18:cc:d7:18:23:fc:0e:2d:46:53:39:c4:7c:dc:9a:
                    7d:d7:fc:de:4e:0d:bf:8b:c0:0f:22:13:d9:26:74:
                    0e:d2:90:6b:9b:a5:78:22:ce:d5:bf:df:1b:4f:c9:
                    3b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:01:05:8A:B8:5E:6D:C9:BC:B6:06:B5:90:A3:D8:18:17:6E:E5:DD
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/4QEFirhebcm8tga1kKPYGBdu5d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.244.0-85.120.246.255
                  194.102.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:7f:36:53:1f:b3:f2:38:25:cd:de:f8:95:b0:74:02:b2:36:
         27:12:9c:b7:bd:56:e5:92:94:fa:75:8e:ea:a9:a2:1d:5c:92:
         ef:59:83:9e:c4:b0:3e:a0:b9:71:3d:df:c0:31:58:90:85:b3:
         29:58:cd:10:ad:b6:f2:08:60:0f:2f:27:4b:e8:9a:f5:1c:49:
         ba:9e:54:d0:db:da:3e:7e:7d:11:b7:d4:c9:37:65:57:e7:a7:
         d7:30:71:80:91:19:1a:23:55:c3:94:96:82:4d:9b:eb:e1:0b:
         2a:f4:56:c2:02:a5:5c:c0:cc:57:ca:16:03:41:5c:ba:d8:63:
         31:82:b7:d9:e0:a1:c0:be:e6:c7:c6:53:52:50:5b:a5:d7:4a:
         41:cb:93:83:17:ac:ba:7d:36:ac:dd:c9:36:47:75:8b:3c:2d:
         14:56:59:b5:4a:50:6e:90:7a:cc:d8:f9:fb:d8:88:2e:0f:b9:
         37:5a:14:2f:f3:e7:05:4e:26:7e:90:a5:f8:b8:9a:e6:ca:da:
         b1:88:cf:d6:8b:06:90:23:e0:a2:4d:2d:96:14:5a:6f:ab:25:
         95:55:35:09:3c:fd:47:ac:88:59:df:f1:b4:c1:c2:23:02:43:
         b1:81:1c:ff:35:90:8d:4b:11:0e:e6:e7:2a:74:07:1c:22:48:
         8c:fe:f6:fe
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGSvKw6SGF/thD1ISPPxn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTAxMDU4YWI4NWU2ZGM5YmNiNjA2YjU5MGEzZDgxODE3NmVlNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu/jpRLi68B2947+pDscv+WpGzwq
k5u26LCT6d/wzVRDgj1YRxGduqyawZerbMFyolBLKto76ShfTzL5pieiG9dQLh75
4UbAzjotK98+ksUjemwl2835UtLHILscZRBLZUbzWpP8MjAzsguwV4CUnw2xvGkT
STtZW2/XhFmqiv2denAlz7ThUxgf55DhWUlsGxvjvwPDrUxJLi9z+a5VMHqZuQ64
VYVZVhOxL7Y0CZWFEn13kgejOpCuTyViTIJTf68fr7qmelDEcfKFX3aeSNIYzNcY
I/wOLUZTOcR83Jp91/zeTg2/i8APIhPZJnQO0pBrm6V4Is7Vv98bT8k7YwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOEBBYq4Xm3JvLYGtZCj2BgXbuXdMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvNFFFRmlyaGViY204dGdhMWtLUFlHQmR1NWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJVePQD
BABVePYDBADCZvEwDQYJKoZIhvcNAQELBQADggEBAHR/NlMfs/I4Jc3e+JWwdAKy
NicSnLe9VuWSlPp1juqpoh1cku9Zg57EsD6guXE938AxWJCFsylYzRCttvIIYA8v
J0vomvUcSbqeVNDb2j5+fRG31Mk3ZVfnp9cwcYCRGRojVcOUloJNm+vhCyr0VsIC
pVzAzFfKFgNBXLrYYzGCt9ngocC+5sfGU1JQW6XXSkHLk4MXrLp9NqzdyTZHdYs8
LRRWWbVKUG6QeszY+fvYiC4PuTdaFC/z5wVOJn6Qpfi4mubK2rGIz9aLBpAj4KJN
LZYUWm+rJZVVNQk8/UesiFnf8bTBwiMCQ7GBHP81kI1LEQ7m5yp0BxwiSIz+9v4=
-----END CERTIFICATE-----