Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/xEWLiet9yv2ev05JBs5FXDnP4lg.roa
File:                     xEWLiet9yv2ev05JBs5FXDnP4lg.roa (raw, json)
Hash identifier:          ZFyAFicN4vsh9btxL9P54zeABzIOSNkKBrdMpvIfk4U=
Subject key identifier:   C4:45:8B:89:EB:7D:CA:FD:9E:BF:4E:49:06:CE:45:5C:39:CF:E2:58
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB36FB13928C2FCD3B2091B70C4327
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/xEWLiet9yv2ev05JBs5FXDnP4lg.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206340
IP address blocks:        185.195.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:36:fb:13:92:8c:2f:cd:3b:20:91:b7:0c:43:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4458b89eb7dcafd9ebf4e4906ce455c39cfe258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a5:1a:fc:ce:65:6d:e5:79:76:91:4b:41:fa:
                    fb:62:4d:25:23:4a:1b:fb:7c:b1:68:24:df:45:3c:
                    a7:f1:54:ff:c8:44:a6:6d:6f:9a:c0:e4:a1:d7:36:
                    32:6c:51:02:f8:b2:d4:26:50:c9:ee:b0:3e:7a:61:
                    4e:36:03:36:54:e7:53:17:36:86:62:ca:2d:62:e9:
                    9a:4f:9c:11:59:ed:5c:20:27:2c:d1:13:fb:ce:6f:
                    c5:d3:4f:e6:11:99:db:af:c7:80:a0:f8:9d:42:9f:
                    51:83:5f:7e:78:d4:19:bd:26:12:7e:ff:d4:10:09:
                    7f:a0:ed:e3:53:d0:f1:39:42:1b:99:02:02:e5:3a:
                    9e:49:37:c0:bf:27:db:20:13:ee:90:90:65:bc:e7:
                    4e:ef:c5:ea:d4:94:39:8d:ea:b1:bc:a0:9e:42:6f:
                    b4:78:f4:3e:78:a8:f6:8a:02:8f:68:62:b2:04:66:
                    98:90:c2:fd:08:06:96:08:b7:63:d6:20:83:df:2d:
                    73:e4:4e:66:32:e2:a4:b8:e0:7d:c6:dc:1b:77:4a:
                    d9:2f:ac:06:b3:f0:bd:15:83:d2:b6:4a:fa:78:78:
                    74:70:4a:2c:52:e5:12:99:2c:17:27:75:71:8d:d6:
                    ba:b5:6c:be:e1:f2:52:04:4a:89:b6:93:55:87:ae:
                    37:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:45:8B:89:EB:7D:CA:FD:9E:BF:4E:49:06:CE:45:5C:39:CF:E2:58
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/xEWLiet9yv2ev05JBs5FXDnP4lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:76:37:75:33:f5:39:6f:08:b9:a2:04:27:35:be:3a:e2:f9:
         62:51:ec:05:f0:d2:f2:92:66:27:72:6c:51:3b:e9:79:5d:91:
         dd:a5:d4:cf:4d:fe:a6:4f:ed:d2:8e:82:6a:ff:7b:ff:c3:0f:
         1f:f4:80:e8:00:be:f0:c5:87:93:4d:1a:a2:b3:d4:f3:d9:a4:
         f4:b3:b8:4b:3c:d6:51:1a:0b:fc:dd:64:30:25:c5:52:49:d0:
         0b:5f:72:91:33:71:85:d8:e7:c1:2e:19:ff:c0:35:37:9a:b0:
         c5:de:c8:e6:b9:cc:5f:ba:36:0c:29:fd:44:de:f5:26:e7:b1:
         6f:b3:ec:4e:20:da:fa:17:6f:0b:cd:7e:0b:25:89:e1:6b:ef:
         84:b2:7a:e4:6a:f8:88:fc:6b:14:7f:1f:dd:87:79:e3:72:40:
         f8:1d:74:c0:14:98:e7:cb:a6:1a:aa:a4:fe:f1:bf:e4:b8:2c:
         22:10:5e:e2:ce:05:de:c0:ec:97:8a:b8:0f:c9:06:31:94:95:
         61:f2:f3:81:24:4f:86:6c:e4:26:e2:08:53:93:87:c7:03:52:
         0c:1c:de:60:1e:05:76:d6:b9:c2:db:d9:b5:1a:0f:6e:96:64:
         96:d3:ab:f8:ca:3d:ef:ae:cc:b6:e0:97:7e:3a:22:d6:84:5e:
         0b:53:ea:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zb7E5KML807IJG3DEMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQ1OGI4OWViN2RjYWZkOWViZjRlNDkwNmNlNDU1YzM5Y2ZlMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaUa/M5lbeV5dpFLQfr7Yk0lI0ob
+3yxaCTfRTyn8VT/yESmbW+awOSh1zYybFEC+LLUJlDJ7rA+emFONgM2VOdTFzaG
YsotYumaT5wRWe1cICcs0RP7zm/F00/mEZnbr8eAoPidQp9Rg19+eNQZvSYSfv/U
EAl/oO3jU9DxOUIbmQIC5TqeSTfAvyfbIBPukJBlvOdO78Xq1JQ5jeqxvKCeQm+0
ePQ+eKj2igKPaGKyBGaYkML9CAaWCLdj1iCD3y1z5E5mMuKkuOB9xtwbd0rZL6wG
s/C9FYPStkr6eHh0cEosUuUSmSwXJ3Vxjda6tWy+4fJSBEqJtpNVh643YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRFi4nrfcr9nr9OSQbORVw5z+JYMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEveEVXTGlldDl5djJldjA1SkJzNUZYRG5QNGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucMEMA0G
CSqGSIb3DQEBCwUAA4IBAQAxdjd1M/U5bwi5ogQnNb464vliUewF8NLykmYncmxR
O+l5XZHdpdTPTf6mT+3SjoJq/3v/ww8f9IDoAL7wxYeTTRqis9Tz2aT0s7hLPNZR
Ggv83WQwJcVSSdALX3KRM3GF2OfBLhn/wDU3mrDF3sjmucxfujYMKf1E3vUm57Fv
s+xOINr6F28LzX4LJYnha++EsnrkaviI/GsUfx/dh3njckD4HXTAFJjny6YaqqT+
8b/kuCwiEF7izgXewOyXirgPyQYxlJVh8vOBJE+GbOQm4ghTk4fHA1IMHN5gHgV2
1rnC29m1Gg9ulmSW06v4yj3vrsy24Jd+OiLWhF4LU+rQ
-----END CERTIFICATE-----