Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/H4EPGPKuP8GFqdn5DxZNsdFmxEo.roa
File:                     H4EPGPKuP8GFqdn5DxZNsdFmxEo.roa (raw, json)
Hash identifier:          JJGVUF9DQJNl8GhSmdWa7xLwiC1l12mXjb4McOO13es=
Subject key identifier:   1F:81:0F:18:F2:AE:3F:C1:85:A9:D9:F9:0F:16:4D:B1:D1:66:C4:4A
Certificate issuer:       /CN=b1740c4c079f2d1dee85439f82781b9bae756a95
Certificate serial:       018CC26D52704EA4E38BE5DCBCBFF392CDD7
Authority key identifier: B1:74:0C:4C:07:9F:2D:1D:EE:85:43:9F:82:78:1B:9B:AE:75:6A:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXQMTAefLR3uhUOfgngbm651apU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/H4EPGPKuP8GFqdn5DxZNsdFmxEo.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208331
IP address blocks:        185.136.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/sXQMTAefLR3uhUOfgngbm651apU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/sXQMTAefLR3uhUOfgngbm651apU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXQMTAefLR3uhUOfgngbm651apU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:52:70:4e:a4:e3:8b:e5:dc:bc:bf:f3:92:cd:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1740c4c079f2d1dee85439f82781b9bae756a95
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f810f18f2ae3fc185a9d9f90f164db1d166c44a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:26:9a:6a:f5:2a:c1:fc:06:04:83:0b:e6:c0:
                    b2:20:b0:42:2a:1b:65:3d:ac:86:1a:85:af:a0:06:
                    1a:22:c4:3e:10:18:c0:02:a9:c4:c4:12:85:d1:a9:
                    61:51:b0:2e:65:e5:d8:b2:ac:4e:ae:63:36:9c:dd:
                    b6:e3:ff:d7:a6:29:e3:06:a4:c4:7b:65:45:fd:46:
                    01:96:df:92:8c:b4:68:1e:46:b5:a2:0a:e0:3e:02:
                    fc:da:6f:d7:bf:6c:0a:33:59:fb:e4:6f:34:3b:60:
                    b4:9a:34:f8:f0:99:b9:cc:e4:06:d3:34:73:dc:6f:
                    d4:f7:6d:be:21:13:14:57:48:6e:a3:d8:73:88:a4:
                    e1:b8:eb:b5:5f:92:ae:6f:fc:62:a9:1f:57:c5:0e:
                    bc:63:93:4c:8d:87:63:81:60:fe:f8:08:ef:f1:6d:
                    e6:49:79:0d:48:09:b6:e2:18:47:03:f1:89:6f:9d:
                    1c:0a:2b:71:aa:08:99:7b:39:60:ac:4a:df:e2:42:
                    23:c3:9f:be:bf:ab:04:31:6e:22:7f:9e:91:78:10:
                    b8:d6:3a:c6:f2:30:92:23:49:5b:c3:6a:45:40:e6:
                    f1:bd:b6:1c:9f:be:02:2e:93:88:84:e9:fb:08:b7:
                    39:58:e1:d1:d6:1f:e1:8f:b0:01:21:5c:5b:b8:f5:
                    96:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:81:0F:18:F2:AE:3F:C1:85:A9:D9:F9:0F:16:4D:B1:D1:66:C4:4A
            X509v3 Authority Key Identifier:
                keyid:B1:74:0C:4C:07:9F:2D:1D:EE:85:43:9F:82:78:1B:9B:AE:75:6A:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXQMTAefLR3uhUOfgngbm651apU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/H4EPGPKuP8GFqdn5DxZNsdFmxEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/72a495-2b5d-4a23-99c4-ef0671c7c0df/1/sXQMTAefLR3uhUOfgngbm651apU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:3a:b5:e9:1c:33:3f:fc:7a:e2:16:1d:96:cc:a5:55:41:b2:
         22:62:02:18:b4:d7:59:a1:12:26:43:60:3d:e9:2e:4f:1f:55:
         f8:8e:4c:89:8c:60:34:fb:5f:24:60:ad:0c:1e:3c:d4:0e:11:
         15:f3:d8:43:ae:44:4a:e2:73:7c:54:ed:cd:17:b2:33:eb:64:
         8a:c8:4d:eb:b4:60:0d:9e:f4:b1:d5:3b:3b:48:85:9d:8a:14:
         1d:14:73:92:85:9e:c4:f4:3b:d9:ef:91:02:de:a6:18:cf:c4:
         48:48:65:15:65:ee:95:d8:22:cc:5f:45:b4:c7:3a:2a:64:50:
         64:6a:61:fa:59:3a:80:ed:80:7f:48:00:9a:fc:5c:e7:d1:fc:
         34:61:cb:59:df:1d:bf:b0:1c:04:c3:b6:35:26:b9:88:b9:63:
         db:c9:9b:a1:09:2d:92:88:de:7e:27:15:72:d6:a1:f4:60:37:
         01:70:99:af:2c:ed:20:9b:9c:6a:96:b7:bd:f7:4e:fd:52:c9:
         40:86:c0:2f:83:47:4b:2f:b5:78:68:bb:8f:13:63:64:f2:cf:
         37:1a:a6:de:9d:fb:f4:90:df:b0:71:48:ef:51:8c:f6:fd:5c:
         2c:17:fd:e3:ac:52:66:01:2f:37:60:f6:f3:0c:46:fa:ba:2b:
         09:1b:83:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVJwTqTji+XcvL/zks3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzQwYzRjMDc5ZjJkMWRlZTg1NDM5ZjgyNzgxYjliYWU3
NTZhOTUwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgxMGYxOGYyYWUzZmMxODVhOWQ5ZjkwZjE2NGRiMWQxNjZjNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyaaavUqwfwGBIML5sCyILBCKhtl
PayGGoWvoAYaIsQ+EBjAAqnExBKF0alhUbAuZeXYsqxOrmM2nN224//XpinjBqTE
e2VF/UYBlt+SjLRoHka1ogrgPgL82m/Xv2wKM1n75G80O2C0mjT48Jm5zOQG0zRz
3G/U922+IRMUV0huo9hziKThuOu1X5Kub/xiqR9XxQ68Y5NMjYdjgWD++Ajv8W3m
SXkNSAm24hhHA/GJb50cCitxqgiZezlgrErf4kIjw5++v6sEMW4if56ReBC41jrG
8jCSI0lbw2pFQObxvbYcn74CLpOIhOn7CLc5WOHR1h/hj7ABIVxbuPWWLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+BDxjyrj/BhanZ+Q8WTbHRZsRKMB8GA1UdIwQY
MBaAFLF0DEwHny0d7oVDn4J4G5uudWqVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hRTVRBZWZMUjN1aFVPZmduZ2JtNjUxYXBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83MmE0OTUtMmI1ZC00YTIzLTk5YzQt
ZWYwNjcxYzdjMGRmLzEvSDRFUEdQS3VQOEdGcWRuNUR4Wk5zZEZteEVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83MmE0OTUtMmI1ZC00YTIzLTk5YzQtZWYwNjcxYzdjMGRm
LzEvc1hRTVRBZWZMUjN1aFVPZmduZ2JtNjUxYXBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYjjMA0G
CSqGSIb3DQEBCwUAA4IBAQACOrXpHDM//HriFh2WzKVVQbIiYgIYtNdZoRImQ2A9
6S5PH1X4jkyJjGA0+18kYK0MHjzUDhEV89hDrkRK4nN8VO3NF7Iz62SKyE3rtGAN
nvSx1Ts7SIWdihQdFHOShZ7E9DvZ75EC3qYYz8RISGUVZe6V2CLMX0W0xzoqZFBk
amH6WTqA7YB/SACa/Fzn0fw0YctZ3x2/sBwEw7Y1JrmIuWPbyZuhCS2SiN5+JxVy
1qH0YDcBcJmvLO0gm5xqlre99079UslAhsAvg0dLL7V4aLuPE2Nk8s83Gqbenfv0
kN+wcUjvUYz2/VwsF/3jrFJmAS83YPbzDEb6uisJG4P5
-----END CERTIFICATE-----