Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/xNgbMOLdkCNzKu8W-1YdbUytDd4.roa
File:                     xNgbMOLdkCNzKu8W-1YdbUytDd4.roa (raw, json)
Hash identifier:          k4aFJA2UG8+DpzhU5Hrle/MKeNC6vO5+bG7Bxo8Kvgk=
Subject key identifier:   C4:D8:1B:30:E2:DD:90:23:73:2A:EF:16:FB:56:1D:6D:4C:AD:0D:DE
Certificate issuer:       /CN=e6688ae96323c1fcfab54b294557397b49b03bc7
Certificate serial:       018CC3B6973308AB78CF5D554727B99D9C09
Authority key identifier: E6:68:8A:E9:63:23:C1:FC:FA:B5:4B:29:45:57:39:7B:49:B0:3B:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/xNgbMOLdkCNzKu8W-1YdbUytDd4.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57468
IP address blocks:        185.146.40.0/24 maxlen: 24
                          185.146.43.0/24 maxlen: 24
                          185.146.40.0/22 maxlen: 22
                          2a07:4d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:97:33:08:ab:78:cf:5d:55:47:27:b9:9d:9c:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6688ae96323c1fcfab54b294557397b49b03bc7
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4d81b30e2dd9023732aef16fb561d6d4cad0dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2b:fc:a8:0c:5c:0f:74:7c:fc:fd:b4:15:28:
                    bb:e8:d6:08:fa:22:97:9a:74:7f:ac:80:a5:b6:9c:
                    67:fa:12:97:bc:50:17:4f:07:12:33:bc:69:3c:ed:
                    b3:64:10:95:5c:92:f4:c6:b8:62:f9:d9:d3:e1:27:
                    c8:a0:73:08:8a:12:b9:c4:15:4b:e3:06:f1:15:31:
                    34:36:13:28:d7:9e:8f:91:51:08:b4:5f:65:02:c2:
                    1d:91:52:ff:cf:98:62:0b:2a:dd:f2:96:03:11:97:
                    3b:29:ff:fc:aa:83:9f:c7:d8:54:af:58:43:24:65:
                    24:35:ed:5f:8d:e3:4d:ca:7b:49:09:5f:b6:ab:3b:
                    29:1b:1e:9b:e6:eb:90:b0:45:26:78:da:3e:c7:2f:
                    e2:e6:fd:68:41:5f:01:32:02:f7:cc:ba:2f:af:f4:
                    91:d5:e7:45:a0:6b:1f:d2:6b:d5:85:4d:be:86:a7:
                    e3:17:45:e2:92:b8:59:36:4e:f0:4f:3a:66:a2:21:
                    28:5e:6b:f2:b4:4e:54:37:ea:33:b8:30:b2:06:0f:
                    62:b3:8f:19:80:b2:0b:73:68:ae:bc:03:fa:71:92:
                    9d:60:74:ad:21:3a:a7:2b:eb:ea:c5:1f:ac:0c:b1:
                    e7:35:61:0a:d3:45:94:e8:f1:53:5b:d3:76:86:f6:
                    71:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D8:1B:30:E2:DD:90:23:73:2A:EF:16:FB:56:1D:6D:4C:AD:0D:DE
            X509v3 Authority Key Identifier:
                keyid:E6:68:8A:E9:63:23:C1:FC:FA:B5:4B:29:45:57:39:7B:49:B0:3B:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/xNgbMOLdkCNzKu8W-1YdbUytDd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.40.0/22
                IPv6:
                  2a07:4d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:98:e7:01:65:74:5d:82:22:fe:d3:5c:e1:d4:a6:01:e9:fd:
         a0:57:a7:da:9f:b4:9f:e2:c1:e3:9d:69:ad:99:3b:e4:ab:37:
         44:d8:ef:e5:74:86:75:0a:c3:96:23:4b:65:ef:9a:66:12:f2:
         c4:53:7d:8c:43:d0:5b:be:2e:1a:a1:54:72:ad:7b:53:50:97:
         5a:c2:d1:b3:6c:63:0b:02:2e:e9:2e:c8:ac:d9:dc:32:8e:b1:
         fe:bd:cf:87:1e:b5:81:41:b4:c7:14:21:dc:a8:61:e3:f8:67:
         7f:11:de:fa:c0:b3:b6:71:22:ec:50:6a:b8:2a:fd:ed:05:76:
         a6:a9:82:98:f1:66:0f:f8:5e:51:b9:20:5f:9a:05:9d:7f:eb:
         95:15:10:5c:30:14:d4:3a:b0:2b:24:b4:be:96:3c:a9:fc:f0:
         80:ea:de:ee:c3:8d:46:ed:2b:b7:11:5c:64:9e:ed:db:0b:34:
         ac:a0:da:7f:e0:61:51:2a:f0:2d:26:1d:88:bc:3c:ef:03:4c:
         7e:f7:65:38:fa:b7:59:9c:92:9f:1f:5d:dd:44:b9:48:e5:ea:
         56:c8:71:74:7c:58:1b:19:bb:8b:82:00:05:58:25:cd:e6:c6:
         59:68:11:26:fd:57:15:c7:4b:ff:58:d7:65:0d:92:8f:e9:91:
         89:55:f8:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtpczCKt4z11VRye5nZwJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2Njg4YWU5NjMyM2MxZmNmYWI1NGIyOTQ1NTczOTdiNDli
MDNiYzcwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ4MWIzMGUyZGQ5MDIzNzMyYWVmMTZmYjU2MWQ2ZDRjYWQwZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSv8qAxcD3R8/P20FSi76NYI+iKX
mnR/rICltpxn+hKXvFAXTwcSM7xpPO2zZBCVXJL0xrhi+dnT4SfIoHMIihK5xBVL
4wbxFTE0NhMo156PkVEItF9lAsIdkVL/z5hiCyrd8pYDEZc7Kf/8qoOfx9hUr1hD
JGUkNe1fjeNNyntJCV+2qzspGx6b5uuQsEUmeNo+xy/i5v1oQV8BMgL3zLovr/SR
1edFoGsf0mvVhU2+hqfjF0XikrhZNk7wTzpmoiEoXmvytE5UN+ozuDCyBg9is48Z
gLILc2iuvAP6cZKdYHStITqnK+vqxR+sDLHnNWEK00WU6PFTW9N2hvZxiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMTYGzDi3ZAjcyrvFvtWHW1MrQ3eMB8GA1UdIwQY
MBaAFOZoiuljI8H8+rVLKUVXOXtJsDvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW1pSzZXTWp3Zno2dFVzcFJWYzVlMG13TzhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9jZTVjYTYtZjkzOS00ZmQ3LWI5Zjgt
MGExZWYwZWMwNTc4LzEveE5nYk1PTGRrQ056S3U4Vy0xWWRiVXl0RGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9jZTVjYTYtZjkzOS00ZmQ3LWI5ZjgtMGExZWYwZWMwNTc4
LzEvNW1pSzZXTWp3Zno2dFVzcFJWYzVlMG13TzhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZIoMA0E
AgACMAcDBQMqB01AMA0GCSqGSIb3DQEBCwUAA4IBAQChmOcBZXRdgiL+01zh1KYB
6f2gV6fan7Sf4sHjnWmtmTvkqzdE2O/ldIZ1CsOWI0tl75pmEvLEU32MQ9Bbvi4a
oVRyrXtTUJdawtGzbGMLAi7pLsis2dwyjrH+vc+HHrWBQbTHFCHcqGHj+Gd/Ed76
wLO2cSLsUGq4Kv3tBXamqYKY8WYP+F5RuSBfmgWdf+uVFRBcMBTUOrArJLS+ljyp
/PCA6t7uw41G7Su3EVxknu3bCzSsoNp/4GFRKvAtJh2IvDzvA0x+92U4+rdZnJKf
H13dRLlI5epWyHF0fFgbGbuLggAFWCXN5sZZaBEm/VcVx0v/WNdlDZKP6ZGJVfhz
-----END CERTIFICATE-----