Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/4CYkE3SajqGr8rT34zuCYkeBPkk.roa
File:                     4CYkE3SajqGr8rT34zuCYkeBPkk.roa (raw, json)
Hash identifier:          nhLvbHX+w1+6oxLynILIwjx9tgj4UQtJ/Idjtezahlw=
Subject key identifier:   E0:26:24:13:74:9A:8E:A1:AB:F2:B4:F7:E3:3B:82:62:47:81:3E:49
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018FA144F7966FCE62DF42C2FB5FF6EE4D28
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/4CYkE3SajqGr8rT34zuCYkeBPkk.roa
Signing time:             Wed 22 May 2024 17:06:42 +0000
ROA not before:           Wed 22 May 2024 17:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206873
IP address blocks:        185.230.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a1:44:f7:96:6f:ce:62:df:42:c2:fb:5f:f6:ee:4d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: May 22 17:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0262413749a8ea1abf2b4f7e33b826247813e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:54:b2:15:83:6f:88:e1:99:e0:39:2c:11:2a:
                    2e:f5:5b:6a:9d:e9:97:18:32:2b:6f:da:00:38:90:
                    95:6e:62:d7:8c:3a:ad:d1:00:65:a3:e0:7a:9c:2f:
                    05:94:a4:93:4e:f8:21:f0:8a:d8:a1:24:98:20:3f:
                    e6:6b:b3:89:e7:74:a1:4c:aa:c6:d7:45:42:ca:f9:
                    86:e3:4d:fd:52:f0:a0:a5:44:76:96:79:16:88:8f:
                    e4:80:5f:06:cc:ad:3d:d9:c1:db:e6:97:8a:46:0b:
                    ef:b1:a3:24:24:01:26:c3:09:4b:be:8b:fa:67:c2:
                    17:a0:ba:b6:15:c4:67:6f:ad:e9:fb:7f:96:a8:cd:
                    c7:52:a3:e2:ec:9c:75:43:fe:ca:d3:f4:13:54:23:
                    d7:cc:90:d5:48:0b:be:1a:11:26:75:c6:e9:f9:b8:
                    c5:c0:0f:bd:6d:c4:eb:91:0d:ed:4e:0c:94:51:50:
                    df:69:6a:c7:00:61:bd:66:df:c4:12:7c:8f:1a:f9:
                    15:07:07:92:2c:ef:0d:a9:e3:60:76:81:66:7c:76:
                    16:90:72:0e:31:70:39:bd:7a:b7:dd:e5:fd:c0:74:
                    62:e0:6d:b8:c6:46:2b:5b:cd:e3:fa:c1:7d:dd:8f:
                    ea:34:7e:39:8c:60:e7:a3:f4:de:59:af:f6:3b:27:
                    01:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:26:24:13:74:9A:8E:A1:AB:F2:B4:F7:E3:3B:82:62:47:81:3E:49
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/4CYkE3SajqGr8rT34zuCYkeBPkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:41:c4:e9:53:f3:c1:38:0d:0c:38:d7:11:61:f2:f3:e8:3e:
         50:46:7a:73:f6:30:e0:31:4c:33:1a:be:9a:f4:d9:ef:fb:fa:
         5b:c3:fe:c5:5e:2f:b0:a7:53:90:07:3d:52:12:82:32:b4:bc:
         ad:07:d5:ff:85:ce:5c:4d:23:fc:60:57:f1:8b:f5:d3:09:56:
         8f:d0:a8:6d:da:62:f2:43:64:5d:87:e6:93:2e:30:2a:aa:3d:
         ed:ad:48:54:74:ba:fb:3e:ad:7c:8e:ba:af:c6:ff:18:cd:d7:
         e1:31:9c:89:69:9e:39:85:96:5c:cf:14:0b:be:b2:ea:cf:39:
         b7:1c:d7:f3:16:ab:2a:6b:5e:68:8a:37:97:6e:2c:ac:bb:06:
         df:1e:73:c7:8f:30:a3:e8:39:93:39:80:33:79:d0:ba:67:69:
         b0:18:fb:63:85:4e:6a:13:f0:16:c5:54:f0:83:3b:59:14:13:
         8d:f9:16:c5:4e:3a:ea:20:eb:9d:bb:08:ed:5d:51:08:c5:78:
         9e:77:d9:f8:54:35:ee:16:4b:db:49:cb:db:b9:1c:df:b4:19:
         32:43:a6:8c:0b:01:c6:bd:ae:99:30:55:c6:a2:90:38:bc:d9:
         f2:01:d0:04:6c:ba:ed:4e:c2:ee:73:7d:82:04:8f:f1:d3:ee:
         ed:4a:20:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+hRPeWb85i30LC+1/27k0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwNTIyMTcwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDI2MjQxMzc0OWE4ZWExYWJmMmI0ZjdlMzNiODI2MjQ3ODEzZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9FSyFYNviOGZ4DksESou9VtqnemX
GDIrb9oAOJCVbmLXjDqt0QBlo+B6nC8FlKSTTvgh8IrYoSSYID/ma7OJ53ShTKrG
10VCyvmG4039UvCgpUR2lnkWiI/kgF8GzK092cHb5peKRgvvsaMkJAEmwwlLvov6
Z8IXoLq2FcRnb63p+3+WqM3HUqPi7Jx1Q/7K0/QTVCPXzJDVSAu+GhEmdcbp+bjF
wA+9bcTrkQ3tTgyUUVDfaWrHAGG9Zt/EEnyPGvkVBweSLO8NqeNgdoFmfHYWkHIO
MXA5vXq33eX9wHRi4G24xkYrW83j+sF93Y/qNH45jGDno/TeWa/2OycBRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAmJBN0mo6hq/K09+M7gmJHgT5JMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvNENZa0UzU2FqcUdyOHJUMzR6dUNZa2VCUGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueYNMA0G
CSqGSIb3DQEBCwUAA4IBAQChQcTpU/PBOA0MONcRYfLz6D5QRnpz9jDgMUwzGr6a
9Nnv+/pbw/7FXi+wp1OQBz1SEoIytLytB9X/hc5cTSP8YFfxi/XTCVaP0Kht2mLy
Q2Rdh+aTLjAqqj3trUhUdLr7Pq18jrqvxv8YzdfhMZyJaZ45hZZczxQLvrLqzzm3
HNfzFqsqa15oijeXbiysuwbfHnPHjzCj6DmTOYAzedC6Z2mwGPtjhU5qE/AWxVTw
gztZFBON+RbFTjrqIOuduwjtXVEIxXied9n4VDXuFkvbScvbuRzftBkyQ6aMCwHG
va6ZMFXGopA4vNnyAdAEbLrtTsLuc32CBI/x0+7tSiAR
-----END CERTIFICATE-----