Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/ck4kWYzF08V03G_mvJ4cjfKIx4E.roa
File:                     ck4kWYzF08V03G_mvJ4cjfKIx4E.roa (raw, json)
Hash identifier:          EQmZ+HDKtEqkPTVSDQRNmL0TD9UyEo+pf2x9YyRHHX8=
Subject key identifier:   72:4E:24:59:8C:C5:D3:C5:74:DC:6F:E6:BC:9E:1C:8D:F2:88:C7:81
Certificate issuer:       /CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Certificate serial:       018CC5DBE6B8DB98C609E9224AB15BC4B2EA
Authority key identifier: D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/ck4kWYzF08V03G_mvJ4cjfKIx4E.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3352
IP address blocks:        185.193.172.0/23 maxlen: 23
                          185.193.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e6:b8:db:98:c6:09:e9:22:4a:b1:5b:c4:b2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=724e24598cc5d3c574dc6fe6bc9e1c8df288c781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:19:58:07:40:1d:5e:ab:60:9b:bd:85:c2:1f:
                    5d:37:da:71:96:0b:21:bd:49:26:7a:8a:56:ac:ca:
                    40:1d:1c:a2:9b:b8:68:9d:d7:52:97:f8:70:1b:b8:
                    9a:4f:94:6c:8a:13:a3:eb:8d:3c:58:38:de:c4:17:
                    76:1c:51:9e:41:89:36:c7:5d:d9:9e:50:85:47:47:
                    e0:8a:bd:6b:4d:9a:4b:20:e3:0d:72:e7:d8:e9:8c:
                    30:07:39:15:d0:81:9d:d3:ad:f6:13:10:56:33:cd:
                    c7:fb:8d:bb:6e:58:69:4f:60:2e:37:6e:61:f0:8c:
                    25:ed:cb:84:3f:76:b3:f3:4f:01:86:c3:b2:b1:ad:
                    8c:32:36:03:7b:47:0e:02:5d:d2:22:68:9e:69:33:
                    2e:70:4f:d6:29:e3:17:14:e0:f7:68:ff:f7:d5:be:
                    5b:61:f3:5e:dd:a6:9c:10:20:1b:d3:e5:63:77:36:
                    6d:26:fd:7e:55:72:41:90:0c:33:a5:61:6d:33:d7:
                    9a:27:5c:d9:50:a8:52:8a:f2:31:40:73:bd:ce:c3:
                    bc:b2:2f:9a:8c:3a:39:da:45:8b:14:a4:52:0d:3f:
                    56:4a:0a:15:27:ad:53:81:8b:47:c9:15:2a:0f:bf:
                    48:2d:52:85:7c:e4:48:1b:57:8c:c1:38:2a:52:de:
                    01:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:4E:24:59:8C:C5:D3:C5:74:DC:6F:E6:BC:9E:1C:8D:F2:88:C7:81
            X509v3 Authority Key Identifier:
                keyid:D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/ck4kWYzF08V03G_mvJ4cjfKIx4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:8f:dc:3a:45:d8:c9:00:13:e7:9d:85:13:b2:b2:1b:99:77:
         3a:7d:a2:70:4e:54:f5:66:38:ce:97:78:b4:da:68:72:ee:1b:
         34:11:39:04:c1:30:85:5c:09:c8:0e:a5:8c:a8:ba:23:0c:9a:
         78:89:da:d6:18:2a:aa:bf:06:95:27:a6:b4:01:3d:8b:c6:5e:
         32:36:5b:5e:8a:f1:48:39:68:2c:38:33:a4:22:28:3e:d6:2d:
         7c:d4:48:f1:9d:e3:52:72:93:0b:f4:10:3c:b3:2e:2d:3a:5d:
         b3:9f:3a:ad:78:03:8e:27:0f:3c:00:ea:24:42:7a:71:4e:df:
         1d:b0:26:b4:7a:36:6f:ab:cf:48:b3:c1:d7:af:14:40:29:79:
         29:cd:29:2e:dd:c6:62:67:fe:05:68:14:bc:66:7a:0b:9e:7e:
         9d:59:c1:6a:01:cf:e7:81:d9:36:a9:f5:15:a3:c1:ca:bf:10:
         03:43:b2:06:15:38:25:bf:7a:3b:4b:01:e4:2b:70:35:a6:84:
         ef:5a:38:0d:b3:e9:a0:96:49:29:c2:11:e6:a8:74:54:79:3b:
         0e:a3:e3:47:51:28:c0:38:26:f9:45:64:a4:ff:a6:4c:61:d6:
         25:42:f5:ac:4d:9e:48:93:91:3e:52:57:23:82:5e:c1:0a:0e:
         50:39:dc:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+a425jGCekiSrFbxLLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2JmNGZiZWE4OTRmNDNlZWIzZGIxYjIxNmU1Nzc2NmUw
MWFiODEwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjRlMjQ1OThjYzVkM2M1NzRkYzZmZTZiYzllMWM4ZGYyODhjNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihlYB0AdXqtgm72Fwh9dN9pxlgsh
vUkmeopWrMpAHRyim7honddSl/hwG7iaT5RsihOj6408WDjexBd2HFGeQYk2x13Z
nlCFR0fgir1rTZpLIOMNcufY6YwwBzkV0IGd0632ExBWM83H+427blhpT2AuN25h
8Iwl7cuEP3az808BhsOysa2MMjYDe0cOAl3SImieaTMucE/WKeMXFOD3aP/31b5b
YfNe3aacECAb0+VjdzZtJv1+VXJBkAwzpWFtM9eaJ1zZUKhSivIxQHO9zsO8si+a
jDo52kWLFKRSDT9WSgoVJ61TgYtHyRUqD79ILVKFfORIG1eMwTgqUt4BhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJOJFmMxdPFdNxv5ryeHI3yiMeBMB8GA1UdIwQY
MBaAFNF79PvqiU9D7rPbGyFuV3ZuAauBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDIt
MmMyMDFkMzBhZTA1LzEvY2s0a1dZekYwOFYwM0dfbXZKNGNqZktJeDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDItMmMyMDFkMzBhZTA1
LzEvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucGsMA0G
CSqGSIb3DQEBCwUAA4IBAQAbj9w6RdjJABPnnYUTsrIbmXc6faJwTlT1ZjjOl3i0
2mhy7hs0ETkEwTCFXAnIDqWMqLojDJp4idrWGCqqvwaVJ6a0AT2Lxl4yNlteivFI
OWgsODOkIig+1i181EjxneNScpML9BA8sy4tOl2znzqteAOOJw88AOokQnpxTt8d
sCa0ejZvq89Is8HXrxRAKXkpzSku3cZiZ/4FaBS8ZnoLnn6dWcFqAc/ngdk2qfUV
o8HKvxADQ7IGFTglv3o7SwHkK3A1poTvWjgNs+mglkkpwhHmqHRUeTsOo+NHUSjA
OCb5RWSk/6ZMYdYlQvWsTZ5Ik5E+Ulcjgl7BCg5QOdyA
-----END CERTIFICATE-----