Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/4fPV3ghmNtIl6oH4GpBXxRgoX7o.roa
File:                     4fPV3ghmNtIl6oH4GpBXxRgoX7o.roa (raw, json)
Hash identifier:          WdUZEf+580QU/GQd5aA6HXWZKIxdc/gcsoYP5/JTLUM=
Subject key identifier:   E1:F3:D5:DE:08:66:36:D2:25:EA:81:F8:1A:90:57:C5:18:28:5F:BA
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0190FD9F29D5F713B2A86C3BB35FEEBD61CD
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/4fPV3ghmNtIl6oH4GpBXxRgoX7o.roa
Signing time:             Mon 29 Jul 2024 08:33:04 +0000
ROA not before:           Mon 29 Jul 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41087
IP address blocks:        85.120.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fd:9f:29:d5:f7:13:b2:a8:6c:3b:b3:5f:ee:bd:61:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jul 29 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1f3d5de086636d225ea81f81a9057c518285fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:56:5c:1f:ea:fb:c4:54:46:3b:dc:ab:ab:4b:
                    38:7a:b6:af:87:09:4a:f5:e7:64:6c:9e:09:61:22:
                    e6:26:9e:ab:c7:14:8f:d5:29:97:0f:e7:d8:78:b8:
                    66:cd:6b:7b:d8:2d:56:ca:2a:49:74:d0:38:fa:a0:
                    95:74:56:c1:33:b0:11:b6:12:c9:f7:f9:66:db:39:
                    9e:80:5f:11:d0:95:d6:50:c5:ef:63:2e:23:f1:6b:
                    d2:0e:4f:2d:0e:16:d6:cd:7b:c7:c7:35:37:ec:be:
                    a1:37:dc:18:fb:78:d1:02:16:64:6b:c8:68:57:d1:
                    b4:ab:37:b9:56:d8:4c:70:b7:63:83:50:e2:a2:13:
                    5c:8d:b9:07:9d:3a:d8:5e:da:48:7a:82:cb:00:c4:
                    4c:f4:43:66:e6:e1:8c:db:89:b8:42:2d:39:9c:94:
                    ca:b6:a8:d4:73:eb:47:f8:68:d5:29:4b:fd:cc:a4:
                    46:18:7f:16:09:49:f6:44:73:46:d6:8f:75:5d:6b:
                    8f:6e:06:80:cb:91:62:87:4e:2a:56:88:68:b4:8c:
                    ed:5f:d1:97:7e:f6:87:4b:9b:aa:cc:88:b6:87:cc:
                    0c:26:87:f2:cc:f6:c2:8e:37:76:54:f2:92:11:51:
                    2e:d7:8c:62:ae:85:bc:d0:96:ac:8b:d1:f8:fb:42:
                    14:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F3:D5:DE:08:66:36:D2:25:EA:81:F8:1A:90:57:C5:18:28:5F:BA
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/4fPV3ghmNtIl6oH4GpBXxRgoX7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:2e:a1:15:cf:1f:15:46:f6:68:b9:c2:1b:4e:eb:26:c6:35:
         e8:82:2e:63:75:d7:fd:8f:2b:83:b9:9f:9d:51:8a:66:0e:15:
         c4:ee:fe:b0:1e:1c:bc:0f:c5:22:c8:d5:dc:61:8e:91:b1:f8:
         dd:69:6d:b0:5d:fd:f1:bf:26:77:6c:96:39:b2:59:63:62:4d:
         1b:0b:79:02:ac:85:4a:15:3e:0a:53:09:45:82:be:27:2a:eb:
         bb:c0:d1:51:cc:58:2e:55:07:90:ec:59:6d:dc:ac:f1:58:6a:
         b6:a5:bd:40:df:26:03:d2:4e:7d:90:85:03:dc:8a:5a:79:7a:
         b9:67:c9:49:76:e5:37:52:41:0a:ae:4a:93:09:0d:a5:77:d7:
         50:3d:2e:1b:31:76:98:4b:d2:97:c6:dc:4e:d6:6b:0d:6b:e5:
         ff:74:b8:79:bf:78:1b:c8:b1:bc:bc:bd:dc:cd:9e:1d:a0:2f:
         a3:7a:af:a6:be:e2:4c:73:be:b1:15:2e:46:06:46:d6:59:fc:
         22:5b:76:36:02:28:11:20:15:e0:0a:7c:a9:98:ea:08:2f:3e:
         e4:ab:4c:77:49:c2:26:a5:d6:4f:1d:a1:44:a1:da:fb:69:f2:
         3a:97:a7:2d:53:08:7f:ca:d9:a0:f8:87:69:09:86:c7:cc:85:
         e0:fc:1a:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD9nynV9xOyqGw7s1/uvWHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwNzI5MDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWYzZDVkZTA4NjYzNmQyMjVlYTgxZjgxYTkwNTdjNTE4Mjg1ZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA91ZcH+r7xFRGO9yrq0s4eravhwlK
9edkbJ4JYSLmJp6rxxSP1SmXD+fYeLhmzWt72C1WyipJdNA4+qCVdFbBM7ARthLJ
9/lm2zmegF8R0JXWUMXvYy4j8WvSDk8tDhbWzXvHxzU37L6hN9wY+3jRAhZka8ho
V9G0qze5VthMcLdjg1DiohNcjbkHnTrYXtpIeoLLAMRM9ENm5uGM24m4Qi05nJTK
tqjUc+tH+GjVKUv9zKRGGH8WCUn2RHNG1o91XWuPbgaAy5Fih04qVohotIztX9GX
fvaHS5uqzIi2h8wMJofyzPbCjjd2VPKSEVEu14xiroW80Jasi9H4+0IUjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHz1d4IZjbSJeqB+BqQV8UYKF+6MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvNGZQVjNnaG1OdElsNm9INEdwQlh4UmdvWDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXizMA0G
CSqGSIb3DQEBCwUAA4IBAQAbLqEVzx8VRvZoucIbTusmxjXogi5jddf9jyuDuZ+d
UYpmDhXE7v6wHhy8D8UiyNXcYY6RsfjdaW2wXf3xvyZ3bJY5slljYk0bC3kCrIVK
FT4KUwlFgr4nKuu7wNFRzFguVQeQ7Flt3KzxWGq2pb1A3yYD0k59kIUD3IpaeXq5
Z8lJduU3UkEKrkqTCQ2ld9dQPS4bMXaYS9KXxtxO1msNa+X/dLh5v3gbyLG8vL3c
zZ4doC+jeq+mvuJMc76xFS5GBkbWWfwiW3Y2AigRIBXgCnypmOoILz7kq0x3ScIm
pdZPHaFEodr7afI6l6ctUwh/ytmg+IdpCYbHzIXg/BpU
-----END CERTIFICATE-----