Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d22140-d961-4377-b8c6-3ef594e6c696/1/4t-DJXjmTbG8rzWBzlVgl3ev2mI.roa
File:                     4t-DJXjmTbG8rzWBzlVgl3ev2mI.roa (raw, json)
Hash identifier:          VjZvWiFc3ruxZJcb3q6M4N1w8Xk/kQMIaO+XQnSjF1Y=
Subject key identifier:   E2:DF:83:25:78:E6:4D:B1:BC:AF:35:81:CE:55:60:97:77:AF:DA:62
Certificate issuer:       /CN=0e9e0afebf54a4d218afbaed5430771bbf7777a9
Certificate serial:       018CC8DE691BDDDFC68B851B3EE960EA5B32
Authority key identifier: 0E:9E:0A:FE:BF:54:A4:D2:18:AF:BA:ED:54:30:77:1B:BF:77:77:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dp4K_r9UpNIYr7rtVDB3G793d6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d22140-d961-4377-b8c6-3ef594e6c696/1/4t-DJXjmTbG8rzWBzlVgl3ev2mI.roa
Signing time:             Tue 02 Jan 2024 06:31:08 +0000
ROA not before:           Tue 02 Jan 2024 06:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208154
IP address blocks:        185.75.192.0/22 maxlen: 22
                          2a03:4ca0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d22140-d961-4377-b8c6-3ef594e6c696/1/Dp4K_r9UpNIYr7rtVDB3G793d6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d22140-d961-4377-b8c6-3ef594e6c696/1/Dp4K_r9UpNIYr7rtVDB3G793d6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dp4K_r9UpNIYr7rtVDB3G793d6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:69:1b:dd:df:c6:8b:85:1b:3e:e9:60:ea:5b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e9e0afebf54a4d218afbaed5430771bbf7777a9
        Validity
            Not Before: Jan  2 06:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2df832578e64db1bcaf3581ce55609777afda62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:65:ca:3f:b5:f2:d8:29:bb:1a:33:cc:af:91:
                    6c:88:43:c1:94:c1:6f:db:47:53:9c:3e:45:08:99:
                    4c:b4:d2:a7:5e:c7:08:91:7e:13:31:93:21:4a:f3:
                    b6:b4:70:8a:2a:29:a2:f0:1a:83:24:be:cb:b6:75:
                    49:bc:6c:3c:09:f4:16:f3:37:cf:d3:c4:94:74:4e:
                    5e:e1:bf:cd:e1:7c:97:2f:32:f5:ec:d4:1e:49:83:
                    06:f6:40:50:af:26:b0:e3:77:b3:a9:29:03:d7:41:
                    cb:35:54:f2:2e:3e:6a:d2:0a:cf:87:1c:fc:8b:50:
                    ac:c2:7a:72:3b:9e:b0:ee:3b:25:33:14:67:ea:35:
                    56:ba:65:0b:33:4e:54:8b:59:4e:f0:ed:7f:35:0d:
                    ac:04:11:ce:32:07:10:7a:85:3f:9a:c8:f9:76:07:
                    62:68:57:d5:d7:76:64:e5:1e:8a:7a:83:51:13:a6:
                    73:4c:9a:7f:a4:b1:f7:b4:d7:6e:cb:3f:0f:10:4d:
                    b3:42:da:6b:e6:0a:3b:63:1e:12:94:bf:d8:71:8d:
                    44:98:79:63:d4:29:37:84:4e:4b:e3:94:2b:17:f8:
                    fc:b9:fc:22:68:79:b4:b9:6b:3d:2c:17:96:67:e7:
                    53:cc:1e:50:ca:37:d1:ee:80:59:87:70:fa:cd:e1:
                    11:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DF:83:25:78:E6:4D:B1:BC:AF:35:81:CE:55:60:97:77:AF:DA:62
            X509v3 Authority Key Identifier:
                keyid:0E:9E:0A:FE:BF:54:A4:D2:18:AF:BA:ED:54:30:77:1B:BF:77:77:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dp4K_r9UpNIYr7rtVDB3G793d6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d22140-d961-4377-b8c6-3ef594e6c696/1/4t-DJXjmTbG8rzWBzlVgl3ev2mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d22140-d961-4377-b8c6-3ef594e6c696/1/Dp4K_r9UpNIYr7rtVDB3G793d6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.192.0/22
                IPv6:
                  2a03:4ca0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:c9:e6:eb:14:50:4c:25:03:c4:33:ba:05:29:6c:94:5f:98:
         55:fe:ce:25:64:a0:e6:21:6c:f6:ab:5e:3e:51:70:be:be:21:
         8a:9f:82:7f:a2:79:56:78:ac:9e:a4:03:c9:8a:43:0d:dd:a3:
         a4:b9:2e:86:2f:4f:05:e1:27:ad:58:d7:3f:dd:86:6c:cc:0f:
         71:06:29:5f:7a:a4:77:af:69:6d:47:55:e5:d3:55:42:4f:12:
         be:74:96:f8:af:4b:6a:d7:cf:b3:1b:08:e3:dc:71:3a:4b:bb:
         d0:f6:d7:b8:fe:f9:1d:ed:f5:b1:dd:da:11:b5:c4:10:5b:ff:
         45:46:81:14:20:5d:10:38:24:16:eb:e1:64:5f:a7:06:63:3b:
         9f:cd:34:5a:c8:41:e2:29:44:1d:27:36:4a:2d:9e:ae:69:63:
         3a:82:ff:95:0e:4a:3a:ab:e9:89:66:d6:26:f4:b8:64:40:ec:
         a7:83:fa:b9:37:d1:6c:ec:f8:f9:9e:a9:4e:56:97:de:da:2f:
         b8:e3:0f:59:e1:df:96:2f:e0:61:e7:00:22:49:a3:76:70:34:
         1b:f0:46:7b:9f:87:f1:c9:24:41:95:34:49:e0:11:21:3f:f0:
         e7:e9:5f:c5:bb:2e:4e:d1:37:fc:03:a3:a3:16:9a:b5:d0:eb:
         37:cc:d8:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3mkb3d/Gi4UbPulg6lsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOWUwYWZlYmY1NGE0ZDIxOGFmYmFlZDU0MzA3NzFiYmY3
Nzc3YTkwHhcNMjQwMTAyMDYzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRmODMyNTc4ZTY0ZGIxYmNhZjM1ODFjZTU1NjA5Nzc3YWZkYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GXKP7Xy2Cm7GjPMr5FsiEPBlMFv
20dTnD5FCJlMtNKnXscIkX4TMZMhSvO2tHCKKimi8BqDJL7LtnVJvGw8CfQW8zfP
08SUdE5e4b/N4XyXLzL17NQeSYMG9kBQryaw43ezqSkD10HLNVTyLj5q0grPhxz8
i1CswnpyO56w7jslMxRn6jVWumULM05Ui1lO8O1/NQ2sBBHOMgcQeoU/msj5dgdi
aFfV13Zk5R6KeoNRE6ZzTJp/pLH3tNduyz8PEE2zQtpr5go7Yx4SlL/YcY1EmHlj
1Ck3hE5L45QrF/j8ufwiaHm0uWs9LBeWZ+dTzB5QyjfR7oBZh3D6zeER4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLfgyV45k2xvK81gc5VYJd3r9piMB8GA1UdIwQY
MBaAFA6eCv6/VKTSGK+67VQwdxu/d3epMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHA0S19yOVVwTklZcjdydFZEQjNHNzkzZDZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kMjIxNDAtZDk2MS00Mzc3LWI4YzYt
M2VmNTk0ZTZjNjk2LzEvNHQtREpYam1UYkc4cnpXQnpsVmdsM2V2Mm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kMjIxNDAtZDk2MS00Mzc3LWI4YzYtM2VmNTk0ZTZjNjk2
LzEvRHA0S19yOVVwTklZcjdydFZEQjNHNzkzZDZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUvAMA0E
AgACMAcDBQAqA0ygMA0GCSqGSIb3DQEBCwUAA4IBAQApyebrFFBMJQPEM7oFKWyU
X5hV/s4lZKDmIWz2q14+UXC+viGKn4J/onlWeKyepAPJikMN3aOkuS6GL08F4Set
WNc/3YZszA9xBilfeqR3r2ltR1Xl01VCTxK+dJb4r0tq18+zGwjj3HE6S7vQ9te4
/vkd7fWx3doRtcQQW/9FRoEUIF0QOCQW6+FkX6cGYzufzTRayEHiKUQdJzZKLZ6u
aWM6gv+VDko6q+mJZtYm9LhkQOyng/q5N9Fs7Pj5nqlOVpfe2i+44w9Z4d+WL+Bh
5wAiSaN2cDQb8EZ7n4fxySRBlTRJ4BEhP/Dn6V/Fuy5O0Tf8A6OjFpq10Os3zNhi
-----END CERTIFICATE-----