Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/4Yiof5vXQMv8xsjCXvGMMrRpw_A.roa
File:                     4Yiof5vXQMv8xsjCXvGMMrRpw_A.roa (raw, json)
Hash identifier:          rkMBiYT/UHvW/98ZwAl4Pm/7UJfq1qoVDOx16RIE6Wk=
Subject key identifier:   E1:88:A8:7F:9B:D7:40:CB:FC:C6:C8:C2:5E:F1:8C:32:B4:69:C3:F0
Certificate issuer:       /CN=564013e3464c16cd8589b05202fb0f0c5910dca3
Certificate serial:       018CC4254A6C7238E30367E403E7FF3E1BFE
Authority key identifier: 56:40:13:E3:46:4C:16:CD:85:89:B0:52:02:FB:0F:0C:59:10:DC:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VkAT40ZMFs2FibBSAvsPDFkQ3KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/4Yiof5vXQMv8xsjCXvGMMrRpw_A.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.186.213.0/24 maxlen: 24
                          185.186.212.0/24 maxlen: 24
                          2a0b:8780::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/VkAT40ZMFs2FibBSAvsPDFkQ3KM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/VkAT40ZMFs2FibBSAvsPDFkQ3KM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VkAT40ZMFs2FibBSAvsPDFkQ3KM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4a:6c:72:38:e3:03:67:e4:03:e7:ff:3e:1b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=564013e3464c16cd8589b05202fb0f0c5910dca3
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e188a87f9bd740cbfcc6c8c25ef18c32b469c3f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3c:82:b9:ef:fd:49:41:6b:75:e2:cc:06:ca:
                    85:19:d6:1e:e9:ac:96:1b:82:1b:8f:23:57:83:c0:
                    d7:f9:8f:5f:36:5c:a9:ee:cd:01:3e:0a:0c:69:07:
                    93:24:ac:11:d1:89:e9:74:73:51:80:fd:a7:c8:4c:
                    74:a6:68:f4:f0:09:74:a6:15:08:29:36:3d:72:a0:
                    a6:5e:38:98:be:5a:99:3e:5f:6d:56:5e:40:e0:28:
                    65:cd:e2:62:fb:91:53:74:28:dd:48:03:f5:92:ad:
                    26:2c:e6:8e:da:e6:7c:76:2a:6e:b7:de:5b:b5:77:
                    fd:72:96:05:ea:c4:7d:ac:00:6a:6d:56:5f:75:9c:
                    7f:80:4d:aa:7a:6a:53:01:28:06:d6:38:3e:91:19:
                    46:12:eb:3f:50:a8:8c:20:92:e1:69:6f:e3:d2:5f:
                    fd:5f:be:d5:81:36:5d:82:3b:a4:68:fc:9d:d4:53:
                    60:8e:99:49:7b:7a:57:5c:f8:a8:13:21:03:1e:54:
                    68:03:af:9b:27:0e:30:65:c6:36:93:86:3c:8a:15:
                    5b:a9:ec:ff:23:a7:36:e6:c0:63:eb:ca:c7:23:27:
                    a6:5b:f2:68:15:6c:fd:5d:dd:0d:c5:78:20:c3:fe:
                    f8:7d:c5:fd:72:91:7d:cf:93:4e:25:87:9e:28:20:
                    4b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:88:A8:7F:9B:D7:40:CB:FC:C6:C8:C2:5E:F1:8C:32:B4:69:C3:F0
            X509v3 Authority Key Identifier:
                keyid:56:40:13:E3:46:4C:16:CD:85:89:B0:52:02:FB:0F:0C:59:10:DC:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VkAT40ZMFs2FibBSAvsPDFkQ3KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/4Yiof5vXQMv8xsjCXvGMMrRpw_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/VkAT40ZMFs2FibBSAvsPDFkQ3KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.212.0/23
                IPv6:
                  2a0b:8780::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:c3:79:22:32:3d:4e:f2:b0:82:61:45:c7:b4:e0:cb:fa:df:
         c5:77:1a:cb:be:25:8a:44:8b:4c:9f:c1:8d:73:7f:85:98:13:
         d3:7d:60:9d:1c:d6:2f:ad:5f:5a:d4:0c:ec:f4:0c:f1:c6:59:
         bb:1d:a6:3a:92:0a:5e:96:69:04:81:73:bd:f0:80:7d:81:b7:
         cb:5a:c2:54:4e:02:5f:23:8c:37:45:89:b6:11:de:5b:cc:0b:
         fc:ac:1d:82:df:1a:6a:30:04:08:98:90:e5:25:09:dd:74:88:
         f3:08:48:24:af:94:2e:b8:b7:bd:c5:9c:6f:b9:ea:40:91:20:
         7a:c9:d7:25:18:03:61:21:1c:cf:df:77:f6:93:e8:02:f2:f6:
         d4:77:08:20:e2:19:a2:88:2b:13:c1:c3:45:83:9c:a4:d0:1b:
         37:0e:34:95:34:f9:88:99:e5:f9:39:d8:6e:ad:d3:d3:4e:66:
         81:8e:92:75:14:f0:8e:9f:16:e2:ad:b8:12:fd:e3:1c:9c:a5:
         9f:ed:8a:b7:ba:c0:4f:a4:46:f7:85:10:85:61:f2:9f:eb:12:
         ad:a9:d6:17:e9:34:26:d5:ea:05:0c:52:d1:3c:f0:bf:2b:6a:
         bf:f2:ae:de:62:c6:cf:d1:86:cf:40:25:de:85:fe:6f:1f:f8:
         93:05:e0:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJUpscjjjA2fkA+f/Phv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NDAxM2UzNDY0YzE2Y2Q4NTg5YjA1MjAyZmIwZjBjNTkx
MGRjYTMwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTg4YTg3ZjliZDc0MGNiZmNjNmM4YzI1ZWYxOGMzMmI0NjljM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTyCue/9SUFrdeLMBsqFGdYe6ayW
G4IbjyNXg8DX+Y9fNlyp7s0BPgoMaQeTJKwR0YnpdHNRgP2nyEx0pmj08Al0phUI
KTY9cqCmXjiYvlqZPl9tVl5A4ChlzeJi+5FTdCjdSAP1kq0mLOaO2uZ8diput95b
tXf9cpYF6sR9rABqbVZfdZx/gE2qempTASgG1jg+kRlGEus/UKiMIJLhaW/j0l/9
X77VgTZdgjukaPyd1FNgjplJe3pXXPioEyEDHlRoA6+bJw4wZcY2k4Y8ihVbqez/
I6c25sBj68rHIyemW/JoFWz9Xd0NxXggw/74fcX9cpF9z5NOJYeeKCBLUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOGIqH+b10DL/MbIwl7xjDK0acPwMB8GA1UdIwQY
MBaAFFZAE+NGTBbNhYmwUgL7DwxZENyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmtBVDQwWk1GczJGaWJCU0F2c1BERmtRM0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85OGVlNzYtMGUwMi00ZmY1LTkxZWQt
ODY2N2ExMDEwMTQzLzEvNFlpb2Y1dlhRTXY4eHNqQ1h2R01NclJwd19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85OGVlNzYtMGUwMi00ZmY1LTkxZWQtODY2N2ExMDEwMTQz
LzEvVmtBVDQwWk1GczJGaWJCU0F2c1BERmtRM0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBubrUMA8E
AgACMAkDBwAqC4eAAAAwDQYJKoZIhvcNAQELBQADggEBAAPDeSIyPU7ysIJhRce0
4Mv638V3Gsu+JYpEi0yfwY1zf4WYE9N9YJ0c1i+tX1rUDOz0DPHGWbsdpjqSCl6W
aQSBc73wgH2Bt8tawlROAl8jjDdFibYR3lvMC/ysHYLfGmowBAiYkOUlCd10iPMI
SCSvlC64t73FnG+56kCRIHrJ1yUYA2EhHM/fd/aT6ALy9tR3CCDiGaKIKxPBw0WD
nKTQGzcONJU0+YiZ5fk52G6t09NOZoGOknUU8I6fFuKtuBL94xycpZ/tire6wE+k
RveFEIVh8p/rEq2p1hfpNCbV6gUMUtE88L8rar/yrt5ixs/Rhs9AJd6F/m8f+JMF
4H4=
-----END CERTIFICATE-----