Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/be370e-6729-4df7-aabe-0a525b69db8f/1/4otLsfz6HR-Ht04WbHNRLZV1sRI.roa
File:                     4otLsfz6HR-Ht04WbHNRLZV1sRI.roa (raw, json)
Hash identifier:          SeLZ8bre6bUlUP9BpBDAjO013B7DmZAolCj8FsIPjbA=
Subject key identifier:   E2:8B:4B:B1:FC:FA:1D:1F:87:B7:4E:16:6C:73:51:2D:95:75:B1:12
Certificate issuer:       /CN=90c00137ee6dfaeb4ea4823bc173c3bc00031df9
Certificate serial:       018D78ADDB1AB4B87104F6518F89DD296905
Authority key identifier: 90:C0:01:37:EE:6D:FA:EB:4E:A4:82:3B:C1:73:C3:BC:00:03:1D:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kMABN-5t-utOpII7wXPDvAADHfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/be370e-6729-4df7-aabe-0a525b69db8f/1/4otLsfz6HR-Ht04WbHNRLZV1sRI.roa
Signing time:             Mon 05 Feb 2024 09:51:16 +0000
ROA not before:           Mon 05 Feb 2024 09:51:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12479
IP address blocks:        80.251.64.0/20 maxlen: 24
                          185.124.20.0/22 maxlen: 24
                          217.173.112.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/be370e-6729-4df7-aabe-0a525b69db8f/1/kMABN-5t-utOpII7wXPDvAADHfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/be370e-6729-4df7-aabe-0a525b69db8f/1/kMABN-5t-utOpII7wXPDvAADHfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kMABN-5t-utOpII7wXPDvAADHfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:ad:db:1a:b4:b8:71:04:f6:51:8f:89:dd:29:69:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90c00137ee6dfaeb4ea4823bc173c3bc00031df9
        Validity
            Not Before: Feb  5 09:51:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e28b4bb1fcfa1d1f87b74e166c73512d9575b112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2c:7d:62:02:c7:02:c7:cd:48:ef:b0:63:b4:
                    84:97:61:c2:54:86:62:84:36:f4:1b:6f:88:d9:bc:
                    e7:dc:3f:1b:57:1a:6a:b9:ad:6e:82:35:8f:c7:90:
                    16:24:fe:ea:7f:ad:30:8f:ab:94:ea:37:79:2c:3c:
                    d9:e6:52:4c:88:16:9f:ae:78:92:7a:ae:50:01:b7:
                    42:51:d4:5b:63:ad:d4:cf:9a:f2:95:a8:27:73:69:
                    0d:f3:1b:d4:bc:06:2d:01:58:a6:ef:8a:f4:c1:59:
                    8b:c5:ce:79:44:01:fd:d9:78:bf:fe:42:f4:83:d0:
                    9b:c5:e0:bb:a6:a0:18:2b:56:33:ce:7a:4f:32:8b:
                    e8:86:17:35:e4:e6:85:b7:8c:9a:06:b5:00:61:09:
                    69:12:b4:93:79:ca:97:ec:f3:47:e9:70:2b:f5:1d:
                    f8:57:4d:4e:c0:60:68:53:a4:f5:86:f5:96:6b:48:
                    d3:e7:7d:75:35:dd:04:70:7a:21:ef:96:29:5c:eb:
                    1b:d4:7c:14:3b:5a:0b:8a:54:98:b5:da:4f:2f:6d:
                    9b:0a:d4:76:ec:47:62:6e:90:2f:92:ba:32:d0:62:
                    ef:67:8b:b0:9a:19:ab:8c:18:f8:88:3b:3b:79:22:
                    b3:10:54:89:1d:1a:4d:16:3a:b1:a8:22:ce:6d:b8:
                    cc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:8B:4B:B1:FC:FA:1D:1F:87:B7:4E:16:6C:73:51:2D:95:75:B1:12
            X509v3 Authority Key Identifier:
                keyid:90:C0:01:37:EE:6D:FA:EB:4E:A4:82:3B:C1:73:C3:BC:00:03:1D:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kMABN-5t-utOpII7wXPDvAADHfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/be370e-6729-4df7-aabe-0a525b69db8f/1/4otLsfz6HR-Ht04WbHNRLZV1sRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/be370e-6729-4df7-aabe-0a525b69db8f/1/kMABN-5t-utOpII7wXPDvAADHfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.64.0/20
                  185.124.20.0/22
                  217.173.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:8e:ca:97:f5:b3:81:6a:d5:a0:16:b1:0b:90:e5:b1:dd:de:
         44:e2:b2:a9:f2:91:61:6f:3d:28:f0:1d:eb:20:a5:5b:97:5a:
         15:47:b0:7d:6d:75:e1:67:8b:53:4d:59:4e:c8:b2:a4:d7:bc:
         6e:9d:be:99:39:43:a3:6c:0c:90:56:b5:d2:45:93:f3:59:dd:
         49:07:ac:2b:a6:cf:73:12:b8:5b:d1:89:17:21:38:c7:a2:fd:
         4a:28:24:49:6f:75:79:6f:de:08:da:e5:c1:04:49:7e:16:2b:
         4b:1d:63:28:73:d6:6d:21:31:5d:36:3e:dc:89:58:40:71:41:
         93:c4:49:9e:cb:6f:58:16:18:36:5d:35:16:b2:6b:7a:f8:39:
         37:26:13:a5:30:18:67:47:44:0c:80:5e:e2:aa:9f:a4:c4:c5:
         f8:85:75:94:18:0e:84:7d:9e:f2:36:c5:7c:63:94:8c:09:41:
         65:ba:7f:0c:1e:db:97:de:6c:08:bf:28:b8:11:10:99:2a:b6:
         ee:ae:22:b4:cb:24:c2:5b:c2:a8:e1:bf:0b:74:5c:87:0f:3c:
         7f:c7:69:f5:8f:ee:76:5e:59:2b:b3:a9:0c:4f:b3:9d:af:2d:
         a7:26:f8:69:9d:30:79:98:27:12:93:83:e9:08:57:23:41:77:
         41:2b:e5:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY14rdsatLhxBPZRj4ndKWkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYzAwMTM3ZWU2ZGZhZWI0ZWE0ODIzYmMxNzNjM2JjMDAw
MzFkZjkwHhcNMjQwMjA1MDk1MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjhiNGJiMWZjZmExZDFmODdiNzRlMTY2YzczNTEyZDk1NzViMTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCx9YgLHAsfNSO+wY7SEl2HCVIZi
hDb0G2+I2bzn3D8bVxpqua1ugjWPx5AWJP7qf60wj6uU6jd5LDzZ5lJMiBafrniS
eq5QAbdCUdRbY63Uz5rylagnc2kN8xvUvAYtAVim74r0wVmLxc55RAH92Xi//kL0
g9CbxeC7pqAYK1YzznpPMovohhc15OaFt4yaBrUAYQlpErSTecqX7PNH6XAr9R34
V01OwGBoU6T1hvWWa0jT5311Nd0EcHoh75YpXOsb1HwUO1oLilSYtdpPL22bCtR2
7EdibpAvkroy0GLvZ4uwmhmrjBj4iDs7eSKzEFSJHRpNFjqxqCLObbjMpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOKLS7H8+h0fh7dOFmxzUS2VdbESMB8GA1UdIwQY
MBaAFJDAATfubfrrTqSCO8Fzw7wAAx35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva01BQk4tNXQtdXRPcElJN3dYUER2QUFESGZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iZTM3MGUtNjcyOS00ZGY3LWFhYmUt
MGE1MjViNjlkYjhmLzEvNG90THNmejZIUi1IdDA0V2JITlJMWlYxc1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iZTM3MGUtNjcyOS00ZGY3LWFhYmUtMGE1MjViNjlkYjhm
LzEva01BQk4tNXQtdXRPcElJN3dYUER2QUFESGZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEUPtAAwQC
uXwUAwQE2a1wMA0GCSqGSIb3DQEBCwUAA4IBAQA6jsqX9bOBatWgFrELkOWx3d5E
4rKp8pFhbz0o8B3rIKVbl1oVR7B9bXXhZ4tTTVlOyLKk17xunb6ZOUOjbAyQVrXS
RZPzWd1JB6wrps9zErhb0YkXITjHov1KKCRJb3V5b94I2uXBBEl+FitLHWMoc9Zt
ITFdNj7ciVhAcUGTxEmey29YFhg2XTUWsmt6+Dk3JhOlMBhnR0QMgF7iqp+kxMX4
hXWUGA6EfZ7yNsV8Y5SMCUFlun8MHtuX3mwIvyi4ERCZKrburiK0yyTCW8Ko4b8L
dFyHDzx/x2n1j+52Xlkrs6kMT7Odry2nJvhpnTB5mCcSk4PpCFcjQXdBK+XO
-----END CERTIFICATE-----