Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/96d022-ee02-447c-a349-9c933ccd16c7/1/fTmbseMYkchxVREmVg2fGl-AiO4.roa
File:                     fTmbseMYkchxVREmVg2fGl-AiO4.roa (raw, json)
Hash identifier:          AZ1PLvpIiTr9aCKfzDQHHR859zFgvEYcybcS0hR2IH4=
Subject key identifier:   7D:39:9B:B1:E3:18:91:C8:71:55:11:26:56:0D:9F:1A:5F:80:88:EE
Certificate issuer:       /CN=485e3ee1c3258175f4ff6d9b559da54c83ec0b4f
Certificate serial:       018EF07D47BECAC157140F446B177C9C5F10
Authority key identifier: 48:5E:3E:E1:C3:25:81:75:F4:FF:6D:9B:55:9D:A5:4C:83:EC:0B:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SF4-4cMlgXX0_22bVZ2lTIPsC08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/96d022-ee02-447c-a349-9c933ccd16c7/1/fTmbseMYkchxVREmVg2fGl-AiO4.roa
Signing time:             Thu 18 Apr 2024 09:15:25 +0000
ROA not before:           Thu 18 Apr 2024 09:15:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201111
IP address blocks:        91.223.186.0/24 maxlen: 24
                          185.253.204.0/22 maxlen: 24
                          193.16.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/96d022-ee02-447c-a349-9c933ccd16c7/1/SF4-4cMlgXX0_22bVZ2lTIPsC08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/96d022-ee02-447c-a349-9c933ccd16c7/1/SF4-4cMlgXX0_22bVZ2lTIPsC08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SF4-4cMlgXX0_22bVZ2lTIPsC08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:7d:47:be:ca:c1:57:14:0f:44:6b:17:7c:9c:5f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=485e3ee1c3258175f4ff6d9b559da54c83ec0b4f
        Validity
            Not Before: Apr 18 09:15:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d399bb1e31891c871551126560d9f1a5f8088ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bd:f8:2d:5d:71:e2:ff:4a:8c:79:31:08:96:
                    c6:f7:14:0d:cb:2e:9d:f8:0f:af:d1:21:17:59:9d:
                    3f:30:b5:53:aa:94:05:ae:0d:e6:39:e0:c5:bc:fb:
                    ee:61:c1:f4:24:52:f0:f0:ed:bc:f0:01:f8:14:64:
                    63:cc:62:e4:fa:87:ba:cd:7c:c4:65:02:61:41:db:
                    22:70:da:20:cf:10:4d:e6:9f:ee:08:c5:d3:a7:b0:
                    5c:b9:a9:63:c3:cb:c2:6c:a1:41:b8:00:39:c9:78:
                    11:16:12:35:f4:b8:5e:3d:7b:b7:42:99:8e:ea:fe:
                    e7:ff:ca:b1:30:1f:c2:c6:ef:1c:2f:e6:4e:51:0c:
                    89:4f:bf:32:30:08:b0:44:43:b3:ec:80:d2:2e:06:
                    3c:f6:fd:da:44:ea:bf:8a:35:77:0f:e5:24:6a:65:
                    4e:ba:8f:47:72:8e:dc:e8:16:2d:3c:d6:eb:b5:7f:
                    09:9b:4c:0d:88:68:d3:75:2d:72:ae:5a:20:1b:e8:
                    db:95:93:6f:b9:af:1d:17:e7:33:13:d6:01:d7:93:
                    09:36:29:8c:d9:59:3b:3a:2d:be:77:ad:c5:53:c2:
                    d7:ed:cf:b8:a7:89:8c:89:13:01:28:87:97:4b:09:
                    ca:e8:ae:f2:67:67:17:44:ef:8e:81:ee:b1:c6:b6:
                    15:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:39:9B:B1:E3:18:91:C8:71:55:11:26:56:0D:9F:1A:5F:80:88:EE
            X509v3 Authority Key Identifier:
                keyid:48:5E:3E:E1:C3:25:81:75:F4:FF:6D:9B:55:9D:A5:4C:83:EC:0B:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SF4-4cMlgXX0_22bVZ2lTIPsC08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/96d022-ee02-447c-a349-9c933ccd16c7/1/fTmbseMYkchxVREmVg2fGl-AiO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/96d022-ee02-447c-a349-9c933ccd16c7/1/SF4-4cMlgXX0_22bVZ2lTIPsC08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.186.0/24
                  185.253.204.0/22
                  193.16.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:32:29:ef:ec:3c:9d:f6:82:67:a6:ff:41:65:66:be:ec:f9:
         34:63:80:b4:97:85:36:7a:5d:e5:85:b2:39:1b:cb:72:41:72:
         68:b8:60:9b:0d:cf:28:8c:9a:ac:5f:7c:52:36:8e:7e:2c:54:
         ed:e4:d1:d2:88:c1:28:b7:5c:83:5d:9e:5b:47:9d:9f:5d:6f:
         f8:b8:31:45:13:0e:3d:eb:2f:60:92:15:fc:2e:75:8f:08:19:
         2a:75:e3:f4:bf:74:2a:74:43:2f:eb:60:40:c7:08:92:a3:4d:
         42:b3:fc:95:e9:96:c1:01:f9:51:66:b4:8d:b2:aa:45:aa:ff:
         09:e7:48:ab:dc:9e:11:2b:4a:ec:ad:7d:ab:d4:f1:75:96:8d:
         56:5b:c4:55:1b:ae:e6:d8:90:a4:66:cb:78:94:7d:08:aa:29:
         2c:67:51:68:d1:64:df:b4:ba:d9:a2:9a:5a:e0:63:0c:b0:ea:
         73:46:72:86:3e:11:80:2f:cb:71:2f:fd:8f:70:45:7b:ce:a8:
         fa:af:0a:f5:98:6f:f1:e4:2a:6e:dc:f9:95:d1:22:26:d7:85:
         02:37:5b:b6:cf:2b:28:bc:ab:60:1a:d0:74:58:7c:4f:b0:bd:
         e3:6d:74:45:84:50:8a:18:08:d2:0a:66:f4:2d:1c:35:d3:ca:
         b8:36:ea:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7wfUe+ysFXFA9Eaxd8nF8QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NWUzZWUxYzMyNTgxNzVmNGZmNmQ5YjU1OWRhNTRjODNl
YzBiNGYwHhcNMjQwNDE4MDkxNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDM5OWJiMWUzMTg5MWM4NzE1NTExMjY1NjBkOWYxYTVmODA4OGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb34LV1x4v9KjHkxCJbG9xQNyy6d
+A+v0SEXWZ0/MLVTqpQFrg3mOeDFvPvuYcH0JFLw8O288AH4FGRjzGLk+oe6zXzE
ZQJhQdsicNogzxBN5p/uCMXTp7Bcualjw8vCbKFBuAA5yXgRFhI19LhePXu3QpmO
6v7n/8qxMB/Cxu8cL+ZOUQyJT78yMAiwREOz7IDSLgY89v3aROq/ijV3D+UkamVO
uo9Hco7c6BYtPNbrtX8Jm0wNiGjTdS1yrlogG+jblZNvua8dF+czE9YB15MJNimM
2Vk7Oi2+d63FU8LX7c+4p4mMiRMBKIeXSwnK6K7yZ2cXRO+Oge6xxrYVkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH05m7HjGJHIcVURJlYNnxpfgIjuMB8GA1UdIwQY
MBaAFEhePuHDJYF19P9tm1WdpUyD7AtPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0Y0LTRjTWxnWFgwXzIyYlZaMmxUSVBzQzA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85NmQwMjItZWUwMi00NDdjLWEzNDkt
OWM5MzNjY2QxNmM3LzEvZlRtYnNlTVlrY2h4VlJFbVZnMmZHbC1BaU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85NmQwMjItZWUwMi00NDdjLWEzNDktOWM5MzNjY2QxNmM3
LzEvU0Y0LTRjTWxnWFgwXzIyYlZaMmxUSVBzQzA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9+6AwQC
uf3MAwQAwRDcMA0GCSqGSIb3DQEBCwUAA4IBAQAgMinv7Dyd9oJnpv9BZWa+7Pk0
Y4C0l4U2el3lhbI5G8tyQXJouGCbDc8ojJqsX3xSNo5+LFTt5NHSiMEot1yDXZ5b
R52fXW/4uDFFEw496y9gkhX8LnWPCBkqdeP0v3QqdEMv62BAxwiSo01Cs/yV6ZbB
AflRZrSNsqpFqv8J50ir3J4RK0rsrX2r1PF1lo1WW8RVG67m2JCkZst4lH0Iqiks
Z1Fo0WTftLrZoppa4GMMsOpzRnKGPhGAL8txL/2PcEV7zqj6rwr1mG/x5Cpu3PmV
0SIm14UCN1u2zysovKtgGtB0WHxPsL3jbXRFhFCKGAjSCmb0LRw108q4NuoI
-----END CERTIFICATE-----