Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/4iv-PaiiQcJLXRZVpy0pWakZ2fU.roa
File:                     4iv-PaiiQcJLXRZVpy0pWakZ2fU.roa (raw, json)
Hash identifier:          dA2Vh/mPFyMl5cou/kGgNTDIF3LSZLGIbwIzvv15Dg4=
Subject key identifier:   E2:2B:FE:3D:A8:A2:41:C2:4B:5D:16:55:A7:2D:29:59:A9:19:D9:F5
Certificate issuer:       /CN=c1aaf043fe209c0345362205f8cc7cd61951c27e
Certificate serial:       018CC5DC075FDA4AD1806D58D8AEB63AD352
Authority key identifier: C1:AA:F0:43:FE:20:9C:03:45:36:22:05:F8:CC:7C:D6:19:51:C2:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/warwQ_4gnANFNiIF-Mx81hlRwn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/4iv-PaiiQcJLXRZVpy0pWakZ2fU.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210664
IP address blocks:        185.150.88.0/22 maxlen: 22
                          2a05:4b40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/warwQ_4gnANFNiIF-Mx81hlRwn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/warwQ_4gnANFNiIF-Mx81hlRwn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/warwQ_4gnANFNiIF-Mx81hlRwn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:07:5f:da:4a:d1:80:6d:58:d8:ae:b6:3a:d3:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1aaf043fe209c0345362205f8cc7cd61951c27e
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e22bfe3da8a241c24b5d1655a72d2959a919d9f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f4:6c:98:13:7b:88:68:4b:16:4d:9a:f1:d1:
                    8e:8d:07:ad:5a:ae:44:37:d5:55:0c:4b:29:d1:45:
                    e8:1a:39:18:23:85:b5:18:16:e1:54:e8:ed:69:df:
                    fa:14:35:84:26:e3:92:dd:c6:c3:c5:bb:be:ad:80:
                    06:17:7b:0b:63:15:dc:68:9e:d2:98:b0:fc:ab:c6:
                    b4:ce:58:2a:29:9e:d9:41:64:f1:70:47:b1:a5:d5:
                    7b:a8:00:5f:b2:09:70:d3:c0:66:e1:d8:54:eb:a6:
                    94:09:ed:1d:7c:f1:35:96:45:a1:64:99:cb:39:46:
                    3c:d0:9e:8d:c7:ce:fa:73:2d:9b:77:14:1b:e9:c5:
                    c0:78:76:8d:1b:bb:b9:95:b8:66:02:38:6e:cc:8f:
                    b1:04:b8:7e:9b:ab:07:3f:dd:f4:53:43:f4:e3:a6:
                    6b:7f:e9:53:ef:17:64:c0:9b:eb:8b:5d:b6:3e:ce:
                    a1:05:c1:89:ae:96:f9:43:8b:e9:7b:01:c7:6e:d7:
                    ce:5e:a2:44:61:0f:44:5f:7f:4d:e5:66:59:11:8f:
                    c9:9f:bf:8b:b4:fd:bb:5d:8c:75:6e:92:ba:60:d3:
                    0d:0e:b0:c8:27:e5:2e:7c:bc:62:b6:bb:44:74:70:
                    48:16:da:92:95:d3:35:5a:92:02:b0:08:35:a5:4e:
                    a4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2B:FE:3D:A8:A2:41:C2:4B:5D:16:55:A7:2D:29:59:A9:19:D9:F5
            X509v3 Authority Key Identifier:
                keyid:C1:AA:F0:43:FE:20:9C:03:45:36:22:05:F8:CC:7C:D6:19:51:C2:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/warwQ_4gnANFNiIF-Mx81hlRwn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/4iv-PaiiQcJLXRZVpy0pWakZ2fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/warwQ_4gnANFNiIF-Mx81hlRwn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.88.0/22
                IPv6:
                  2a05:4b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:9f:f6:42:65:02:0e:38:39:ef:26:9d:bf:09:cb:c7:ef:d6:
         74:ed:de:76:31:f3:37:a5:cb:84:19:ae:87:98:7d:24:60:cf:
         68:7f:eb:06:4f:51:af:bd:72:17:d4:0d:91:d2:94:0b:36:83:
         99:a0:fa:c8:fd:77:f9:7f:62:7b:bb:c2:5d:96:69:d9:fb:1e:
         7f:d1:d8:08:d2:3c:f7:35:87:6e:c8:6d:de:df:e9:9e:db:2a:
         bb:5e:da:a1:c2:e0:a5:29:ff:f9:f5:98:6a:c3:4d:75:fc:32:
         0c:11:37:d7:f3:35:88:db:1b:8e:2a:66:4c:d7:9c:81:d6:a5:
         84:53:2d:2c:68:bf:13:02:d4:a4:be:06:f2:5b:46:fb:40:85:
         a6:06:54:c5:19:92:ba:bd:1d:a4:5a:8f:ab:52:dd:3e:39:18:
         a9:95:e9:50:3d:cd:1d:62:c3:ff:40:e0:30:f5:95:57:c6:71:
         65:eb:88:b5:9d:a8:de:a8:42:df:29:ad:c5:53:d2:ac:40:ce:
         eb:1c:b9:d0:e2:32:e4:6b:b2:51:44:a2:16:4e:9d:8f:4f:1e:
         77:6d:98:ea:b3:39:53:d6:79:d5:9c:c1:2c:44:00:4f:93:90:
         6d:99:9d:fe:42:a7:0f:7f:f5:95:02:38:3a:6a:af:27:9e:62:
         e8:74:4c:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Adf2krRgG1Y2K62OtNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWFmMDQzZmUyMDljMDM0NTM2MjIwNWY4Y2M3Y2Q2MTk1
MWMyN2UwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJiZmUzZGE4YTI0MWMyNGI1ZDE2NTVhNzJkMjk1OWE5MTlkOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPRsmBN7iGhLFk2a8dGOjQetWq5E
N9VVDEsp0UXoGjkYI4W1GBbhVOjtad/6FDWEJuOS3cbDxbu+rYAGF3sLYxXcaJ7S
mLD8q8a0zlgqKZ7ZQWTxcEexpdV7qABfsglw08Bm4dhU66aUCe0dfPE1lkWhZJnL
OUY80J6Nx876cy2bdxQb6cXAeHaNG7u5lbhmAjhuzI+xBLh+m6sHP930U0P046Zr
f+lT7xdkwJvri122Ps6hBcGJrpb5Q4vpewHHbtfOXqJEYQ9EX39N5WZZEY/Jn7+L
tP27XYx1bpK6YNMNDrDIJ+UufLxitrtEdHBIFtqSldM1WpICsAg1pU6keQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOIr/j2ookHCS10WVactKVmpGdn1MB8GA1UdIwQY
MBaAFMGq8EP+IJwDRTYiBfjMfNYZUcJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Fyd1FfNGduQU5GTmlJRi1NeDgxaGxSd240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC82YzI3ZjAtMTM3ZC00NzFiLTlkMWQt
Yjc1NzhiMTBiYTdlLzEvNGl2LVBhaWlRY0pMWFJaVnB5MHBXYWtaMmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC82YzI3ZjAtMTM3ZC00NzFiLTlkMWQtYjc1NzhiMTBiYTdl
LzEvd2Fyd1FfNGduQU5GTmlJRi1NeDgxaGxSd240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZZYMA0E
AgACMAcDBQAqBUtAMA0GCSqGSIb3DQEBCwUAA4IBAQCon/ZCZQIOODnvJp2/CcvH
79Z07d52MfM3pcuEGa6HmH0kYM9of+sGT1GvvXIX1A2R0pQLNoOZoPrI/Xf5f2J7
u8JdlmnZ+x5/0dgI0jz3NYduyG3e3+me2yq7XtqhwuClKf/59Zhqw011/DIMETfX
8zWI2xuOKmZM15yB1qWEUy0saL8TAtSkvgbyW0b7QIWmBlTFGZK6vR2kWo+rUt0+
ORiplelQPc0dYsP/QOAw9ZVXxnFl64i1najeqELfKa3FU9KsQM7rHLnQ4jLka7JR
RKIWTp2PTx53bZjqszlT1nnVnMEsRABPk5BtmZ3+QqcPf/WVAjg6aq8nnmLodEw0
-----END CERTIFICATE-----