Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Jz4_3LJfhjGJ8A28OdtsyTTqAI4.roa
File:                     Jz4_3LJfhjGJ8A28OdtsyTTqAI4.roa (raw, json)
Hash identifier:          sNE6CLALbMwmz56DpzavC9QThbouUFpmKO/uM07gX90=
Subject key identifier:   27:3E:3F:DC:B2:5F:86:31:89:F0:0D:BC:39:DB:6C:C9:34:EA:00:8E
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       018EE1A762201D4DF950E67E1C26A0AFE37D
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Jz4_3LJfhjGJ8A28OdtsyTTqAI4.roa
Signing time:             Mon 15 Apr 2024 12:07:06 +0000
ROA not before:           Mon 15 Apr 2024 12:07:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200973
IP address blocks:        185.90.0.0/22 maxlen: 22
                          185.90.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:a7:62:20:1d:4d:f9:50:e6:7e:1c:26:a0:af:e3:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Apr 15 12:07:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=273e3fdcb25f863189f00dbc39db6cc934ea008e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c7:49:20:e1:7e:d0:d5:83:17:09:3f:3a:6f:
                    d0:57:53:a0:be:2f:b8:9b:d5:99:b3:ee:67:a0:40:
                    87:8f:fc:e3:db:ab:7c:5d:71:bf:8e:ce:07:1a:bc:
                    5d:f1:1a:c6:9f:54:a5:9c:2e:9f:c2:01:3d:39:a1:
                    82:88:41:99:f4:a6:07:ed:f9:d8:f3:49:31:ad:b9:
                    4e:76:41:b1:2e:98:54:2c:a1:18:13:fe:ea:05:ae:
                    96:44:f8:dd:0f:dc:e6:c9:5c:ae:db:0e:9c:9b:92:
                    5e:91:c9:18:11:20:f0:b2:7d:3c:89:ec:35:3d:7d:
                    68:44:50:ea:c1:b1:ae:63:ee:be:5a:8a:c8:3d:a3:
                    f4:72:08:f7:44:96:48:6a:a8:78:83:0f:4b:62:f8:
                    f7:40:33:4e:06:a2:b9:5b:2a:6b:f8:61:8f:b8:3d:
                    ff:e8:a1:57:00:8f:8d:1b:b0:cf:a5:a5:c4:87:70:
                    7f:9f:46:7e:e6:71:57:9c:a5:c9:0f:85:5b:67:6b:
                    fb:aa:50:54:db:40:f1:a2:7d:28:2c:18:e6:3a:ab:
                    9d:da:e6:dd:2f:f2:4a:2a:b0:e3:ff:61:cb:d7:2c:
                    b6:b9:e8:e6:03:9f:31:84:f4:46:eb:a9:73:98:01:
                    2a:6c:0b:06:fc:63:2b:e4:d0:2f:91:6a:34:7b:85:
                    4b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:3E:3F:DC:B2:5F:86:31:89:F0:0D:BC:39:DB:6C:C9:34:EA:00:8E
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Jz4_3LJfhjGJ8A28OdtsyTTqAI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:9e:4d:0a:4b:65:fb:b8:b1:5e:7d:f0:86:7a:a2:69:77:c5:
         2a:e1:c9:7b:fc:a7:57:ec:ab:cc:b7:8a:46:0a:d3:88:a1:e1:
         6f:ad:e2:c8:21:e2:1d:bf:05:79:44:5e:99:9c:7a:30:94:9b:
         8b:d1:c8:91:db:c0:1a:5c:60:d9:16:ae:18:49:89:46:1f:da:
         db:a9:99:f1:98:09:bc:0e:bd:cd:5b:dc:0a:7e:c5:da:9e:7c:
         0c:4f:62:92:fb:bd:3f:1f:8f:76:00:6a:ec:6e:fe:b1:28:03:
         9a:13:80:79:e6:8b:c9:df:32:87:27:dd:c9:6b:52:1f:51:1a:
         7d:7d:db:ce:54:e3:1f:51:80:51:e2:16:70:88:e6:54:8e:bd:
         dd:7c:b6:65:05:ab:9b:41:91:1a:1a:9d:77:e2:84:5e:c6:62:
         33:54:d4:11:12:0e:5d:de:36:e0:d9:1c:5e:37:f6:c1:c5:dd:
         66:5a:5a:b5:89:81:54:a3:b7:35:42:9e:8c:1e:0f:1a:80:dc:
         50:71:98:15:56:9d:50:2e:c5:5f:67:4e:2b:51:bd:99:e2:13:
         53:96:60:32:f1:d4:02:2f:4d:00:5f:7f:3d:2b:bf:e6:b9:15:
         3d:21:65:f1:48:fc:cc:ae:43:af:0d:b1:1c:15:f0:f7:57:0c:
         ab:23:fa:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hp2IgHU35UOZ+HCagr+N9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwNDE1MTIwNzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzNlM2ZkY2IyNWY4NjMxODlmMDBkYmMzOWRiNmNjOTM0ZWEwMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8dJIOF+0NWDFwk/Om/QV1Ogvi+4
m9WZs+5noECHj/zj26t8XXG/js4HGrxd8RrGn1SlnC6fwgE9OaGCiEGZ9KYH7fnY
80kxrblOdkGxLphULKEYE/7qBa6WRPjdD9zmyVyu2w6cm5JekckYESDwsn08iew1
PX1oRFDqwbGuY+6+WorIPaP0cgj3RJZIaqh4gw9LYvj3QDNOBqK5Wypr+GGPuD3/
6KFXAI+NG7DPpaXEh3B/n0Z+5nFXnKXJD4VbZ2v7qlBU20Dxon0oLBjmOqud2ubd
L/JKKrDj/2HL1yy2uejmA58xhPRG66lzmAEqbAsG/GMr5NAvkWo0e4VLWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCc+P9yyX4YxifANvDnbbMk06gCOMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvSno0XzNMSmZoakdKOEEyOE9kdHN5VFRxQUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVoAMA0G
CSqGSIb3DQEBCwUAA4IBAQBVnk0KS2X7uLFeffCGeqJpd8Uq4cl7/KdX7KvMt4pG
CtOIoeFvreLIIeIdvwV5RF6ZnHowlJuL0ciR28AaXGDZFq4YSYlGH9rbqZnxmAm8
Dr3NW9wKfsXannwMT2KS+70/H492AGrsbv6xKAOaE4B55ovJ3zKHJ93Ja1IfURp9
fdvOVOMfUYBR4hZwiOZUjr3dfLZlBaubQZEaGp134oRexmIzVNQREg5d3jbg2Rxe
N/bBxd1mWlq1iYFUo7c1Qp6MHg8agNxQcZgVVp1QLsVfZ04rUb2Z4hNTlmAy8dQC
L00AX389K7/muRU9IWXxSPzMrkOvDbEcFfD3VwyrI/pl
-----END CERTIFICATE-----