Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/4NkcVL_v6Z1KXW3pvadait0Wb5M.roa
File:                     4NkcVL_v6Z1KXW3pvadait0Wb5M.roa (raw, json)
Hash identifier:          tcdLqUXAqVzZ53NWK8OHGXEH82kStFpr+2CPuFxY+pI=
Subject key identifier:   E0:D9:1C:54:BF:EF:E9:9D:4A:5D:6D:E9:BD:A7:5A:8A:DD:16:6F:93
Certificate issuer:       /CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
Certificate serial:       018CC348FEA0042163719DAC719405A39F40
Authority key identifier: 47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/4NkcVL_v6Z1KXW3pvadait0Wb5M.roa
Signing time:             Mon 01 Jan 2024 04:29:50 +0000
ROA not before:           Mon 01 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138968
IP address blocks:        85.208.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fe:a0:04:21:63:71:9d:ac:71:94:05:a3:9f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0d91c54bfefe99d4a5d6de9bda75a8add166f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b9:b2:49:5c:0f:5a:ff:d6:3c:d2:e8:70:5b:
                    05:23:2f:8c:77:b2:f7:49:e2:04:7c:62:7e:69:e3:
                    39:10:1b:61:34:56:25:f2:ea:68:75:78:cc:f3:17:
                    54:a4:7b:ed:c8:61:91:3e:b0:f5:c8:7b:1e:61:64:
                    93:8b:0c:89:f6:64:4e:2f:f0:ae:8c:9e:f4:77:b3:
                    02:14:eb:72:5d:90:6a:8c:4e:52:46:17:ed:00:ec:
                    d2:18:92:8c:68:bf:8a:80:d6:bb:71:6a:c7:e0:ae:
                    0e:81:cc:56:af:28:34:1f:e4:43:45:93:27:8d:63:
                    b8:41:9e:70:ed:5d:24:b0:9d:69:15:6d:0a:fa:11:
                    c6:a5:ea:23:51:32:31:df:d4:fc:67:17:96:43:d8:
                    38:d1:95:21:7c:6a:d4:9f:ef:18:41:d1:2b:3f:73:
                    9b:eb:f1:5e:45:44:d8:d7:c0:0b:c5:89:12:e3:b6:
                    39:6b:62:5b:f9:4a:55:0b:91:4c:f2:6d:2c:d4:89:
                    5c:29:e0:f3:24:db:c7:9b:d1:77:c8:6b:ee:d7:fb:
                    d7:2f:71:c7:b9:f1:01:d0:4c:82:27:63:81:02:c1:
                    c2:3e:5a:b1:ed:0e:4e:a8:a1:c8:c2:7a:55:30:60:
                    d7:e6:31:a2:74:e4:5b:03:37:b8:88:4b:be:f4:86:
                    e7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D9:1C:54:BF:EF:E9:9D:4A:5D:6D:E9:BD:A7:5A:8A:DD:16:6F:93
            X509v3 Authority Key Identifier:
                keyid:47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/4NkcVL_v6Z1KXW3pvadait0Wb5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:90:17:5f:08:c9:a8:e0:84:62:83:74:4a:8b:fb:a1:90:3b:
         34:b3:2d:e3:04:25:9d:65:37:00:47:2f:c0:a8:39:ae:26:41:
         23:93:ef:cb:7d:bb:b2:44:5e:13:46:8a:9e:b2:9f:20:a6:5a:
         08:0f:b8:42:c3:66:af:27:6c:88:5c:d4:50:b4:10:98:65:0b:
         ed:ac:19:ea:70:00:d6:75:17:2b:c1:aa:31:17:f4:41:a8:fb:
         74:2a:33:0c:3f:14:4b:ff:a5:8b:58:96:9b:60:6f:a6:5b:22:
         a4:f8:34:0f:cd:af:5b:07:0e:50:d0:89:ce:bf:b3:36:a1:36:
         b1:e1:9e:fb:35:f6:4a:5e:cd:34:80:57:b5:8f:05:cd:a5:27:
         e6:c3:31:03:d9:66:23:eb:5c:55:8e:95:13:72:45:03:41:c0:
         04:db:89:f2:ae:be:a8:aa:66:23:4a:e4:ad:c9:70:e0:74:14:
         f7:66:92:2f:09:79:24:02:91:d4:78:fa:d7:2d:94:0e:ca:5a:
         61:c5:e6:de:96:5b:65:bd:51:ae:83:ab:25:f6:0d:5c:1b:09:
         33:b6:b8:76:33:38:1c:bc:8a:ba:f8:4e:c4:3a:4b:db:36:f3:
         9d:7c:78:7b:7e:86:2e:87:c3:43:2a:20:ae:85:11:ad:ec:3f:
         5c:b0:db:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSP6gBCFjcZ2scZQFo59AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MDVkM2M2YTViMDUxMjY4MmNkZmRmMzYzYjE5YTljNTY3
ZjFmNmMwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQ5MWM1NGJmZWZlOTlkNGE1ZDZkZTliZGE3NWE4YWRkMTY2ZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrmySVwPWv/WPNLocFsFIy+Md7L3
SeIEfGJ+aeM5EBthNFYl8upodXjM8xdUpHvtyGGRPrD1yHseYWSTiwyJ9mROL/Cu
jJ70d7MCFOtyXZBqjE5SRhftAOzSGJKMaL+KgNa7cWrH4K4OgcxWryg0H+RDRZMn
jWO4QZ5w7V0ksJ1pFW0K+hHGpeojUTIx39T8ZxeWQ9g40ZUhfGrUn+8YQdErP3Ob
6/FeRUTY18ALxYkS47Y5a2Jb+UpVC5FM8m0s1IlcKeDzJNvHm9F3yGvu1/vXL3HH
ufEB0EyCJ2OBAsHCPlqx7Q5OqKHIwnpVMGDX5jGidORbAze4iEu+9IbnNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODZHFS/7+mdSl1t6b2nWordFm+TMB8GA1UdIwQY
MBaAFEcF08alsFEmgs3982OxmpxWfx9sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAt
MGRmYTZiMjJlZmYyLzEvNE5rY1ZMX3Y2WjFLWFczcHZhZGFpdDBXYjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAtMGRmYTZiMjJlZmYy
LzEvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdDUMA0G
CSqGSIb3DQEBCwUAA4IBAQBGkBdfCMmo4IRig3RKi/uhkDs0sy3jBCWdZTcARy/A
qDmuJkEjk+/LfbuyRF4TRoqesp8gploID7hCw2avJ2yIXNRQtBCYZQvtrBnqcADW
dRcrwaoxF/RBqPt0KjMMPxRL/6WLWJabYG+mWyKk+DQPza9bBw5Q0InOv7M2oTax
4Z77NfZKXs00gFe1jwXNpSfmwzED2WYj61xVjpUTckUDQcAE24nyrr6oqmYjSuSt
yXDgdBT3ZpIvCXkkApHUePrXLZQOylphxebelltlvVGug6sl9g1cGwkztrh2Mzgc
vIq6+E7EOkvbNvOdfHh7foYuh8NDKiCuhRGt7D9csNus
-----END CERTIFICATE-----