Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/21dee2-29d7-4dad-beb9-2b226a23406a/1/rMgiOwnGv93V-howe6uoMMZB1sw.roa
File:                     rMgiOwnGv93V-howe6uoMMZB1sw.roa (raw, json)
Hash identifier:          djQ/qRsYLI1azNR1nePmskApEe85LPpXW01qTqUZ+hY=
Subject key identifier:   AC:C8:22:3B:09:C6:BF:DD:D5:FA:1A:30:7B:AB:A8:30:C6:41:D6:CC
Certificate issuer:       /CN=4f8122b0945ecccb1f2fb9912fbd86aa04a61987
Certificate serial:       018CC4936D958080B7A9B4AD9ECF6E6749C2
Authority key identifier: 4F:81:22:B0:94:5E:CC:CB:1F:2F:B9:91:2F:BD:86:AA:04:A6:19:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4EisJRezMsfL7mRL72GqgSmGYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/21dee2-29d7-4dad-beb9-2b226a23406a/1/rMgiOwnGv93V-howe6uoMMZB1sw.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197289
IP address blocks:        95.215.132.0/22 maxlen: 22
                          185.18.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/21dee2-29d7-4dad-beb9-2b226a23406a/1/T4EisJRezMsfL7mRL72GqgSmGYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/21dee2-29d7-4dad-beb9-2b226a23406a/1/T4EisJRezMsfL7mRL72GqgSmGYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4EisJRezMsfL7mRL72GqgSmGYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6d:95:80:80:b7:a9:b4:ad:9e:cf:6e:67:49:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8122b0945ecccb1f2fb9912fbd86aa04a61987
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acc8223b09c6bfddd5fa1a307baba830c641d6cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:44:42:cf:32:a2:e5:77:89:7f:9c:e9:8a:96:
                    fe:50:57:53:10:5c:3c:b2:e2:ad:79:0a:ef:1e:a7:
                    12:86:b4:a2:11:5e:ac:63:e5:46:42:c8:d4:e9:a3:
                    8e:bc:ce:8b:7b:45:9e:77:ec:31:17:5e:e5:2f:a2:
                    98:aa:58:55:8a:bf:d6:2f:1b:be:a5:9c:a5:8b:4b:
                    09:5c:1e:80:bb:49:5c:57:e7:b5:c5:68:6a:77:10:
                    8b:06:00:e3:36:94:01:dc:ab:98:20:3b:b0:e5:b7:
                    d6:50:0b:9e:72:66:12:d5:99:40:c0:db:2f:0d:8f:
                    8c:76:81:0f:ef:18:56:2e:7e:8e:0f:b0:8b:9d:04:
                    c6:6b:93:f6:86:5d:af:ce:3d:0c:7f:07:a7:4c:3b:
                    c1:64:b6:21:4d:03:f9:01:09:7b:ed:e0:0b:07:05:
                    45:21:48:20:fa:e4:d2:02:8a:6e:7c:f4:68:75:21:
                    63:f0:82:22:e2:9d:dc:a2:82:4c:98:17:a1:1c:04:
                    45:7c:42:38:b2:26:1f:8f:27:0f:f5:12:1d:28:66:
                    68:78:5d:b8:8a:3f:e5:b1:19:c0:f4:da:e9:a5:93:
                    af:eb:8c:30:b0:96:fc:f9:3f:17:af:0a:5b:9b:ea:
                    d1:f6:83:d3:9a:18:f0:0b:5f:d9:1f:e2:ff:dc:6e:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C8:22:3B:09:C6:BF:DD:D5:FA:1A:30:7B:AB:A8:30:C6:41:D6:CC
            X509v3 Authority Key Identifier:
                keyid:4F:81:22:B0:94:5E:CC:CB:1F:2F:B9:91:2F:BD:86:AA:04:A6:19:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4EisJRezMsfL7mRL72GqgSmGYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/21dee2-29d7-4dad-beb9-2b226a23406a/1/rMgiOwnGv93V-howe6uoMMZB1sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/21dee2-29d7-4dad-beb9-2b226a23406a/1/T4EisJRezMsfL7mRL72GqgSmGYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.132.0/22
                  185.18.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:52:d6:69:ab:56:3d:35:86:8f:c2:ce:a7:df:84:c2:5e:1b:
         72:00:51:a8:35:59:0c:67:95:53:78:b6:ed:c0:64:a5:54:46:
         a0:65:e8:27:95:0b:00:90:4b:72:42:2c:f0:bd:fe:e2:2d:d4:
         77:f9:32:7f:17:27:76:ee:44:6e:2d:e3:00:88:45:9c:85:f9:
         68:ad:67:45:44:be:17:06:f9:45:cb:65:52:7f:2f:1e:f5:9c:
         07:7b:72:c9:2d:eb:b6:57:b3:a6:a7:48:89:b8:31:59:53:ff:
         7e:1d:f3:1f:aa:16:a6:1b:14:3c:49:50:a1:65:88:9b:6a:37:
         d3:21:f3:f6:59:62:1b:63:8a:82:dd:10:70:56:99:c3:56:89:
         f8:ca:22:98:f5:88:9d:3b:e8:a0:7f:2c:c5:12:df:9e:0c:ed:
         a7:45:11:88:c0:fe:62:66:54:d6:11:c2:6a:a7:08:ed:02:4f:
         cf:25:ce:de:a5:45:ff:b2:a9:63:55:09:d4:6b:8b:14:50:67:
         eb:82:5c:37:40:f0:09:3f:38:f5:b9:48:91:3a:45:4b:86:f4:
         af:15:dd:15:d4:b3:b1:ef:f9:94:a7:7c:5b:49:eb:50:ae:85:
         51:50:e0:49:30:65:72:f2:44:e5:59:3c:28:67:37:d0:5a:df:
         54:28:82:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk22VgIC3qbStns9uZ0nCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmODEyMmIwOTQ1ZWNjY2IxZjJmYjk5MTJmYmQ4NmFhMDRh
NjE5ODcwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M4MjIzYjA5YzZiZmRkZDVmYTFhMzA3YmFiYTgzMGM2NDFkNmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkRCzzKi5XeJf5zpipb+UFdTEFw8
suKteQrvHqcShrSiEV6sY+VGQsjU6aOOvM6Le0Wed+wxF17lL6KYqlhVir/WLxu+
pZyli0sJXB6Au0lcV+e1xWhqdxCLBgDjNpQB3KuYIDuw5bfWUAuecmYS1ZlAwNsv
DY+MdoEP7xhWLn6OD7CLnQTGa5P2hl2vzj0MfwenTDvBZLYhTQP5AQl77eALBwVF
IUgg+uTSAopufPRodSFj8IIi4p3cooJMmBehHARFfEI4siYfjycP9RIdKGZoeF24
ij/lsRnA9NrppZOv64wwsJb8+T8Xrwpbm+rR9oPTmhjwC1/ZH+L/3G7TPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKzIIjsJxr/d1foaMHurqDDGQdbMMB8GA1UdIwQY
MBaAFE+BIrCUXszLHy+5kS+9hqoEphmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRFaXNKUmV6TXNmTDdtUkw3MkdxZ1NtR1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yMWRlZTItMjlkNy00ZGFkLWJlYjkt
MmIyMjZhMjM0MDZhLzEvck1naU93bkd2OTNWLWhvd2U2dW9NTVpCMXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yMWRlZTItMjlkNy00ZGFkLWJlYjktMmIyMjZhMjM0MDZh
LzEvVDRFaXNKUmV6TXNmTDdtUkw3MkdxZ1NtR1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCX9eEAwQC
uRKgMA0GCSqGSIb3DQEBCwUAA4IBAQACUtZpq1Y9NYaPws6n34TCXhtyAFGoNVkM
Z5VTeLbtwGSlVEagZegnlQsAkEtyQizwvf7iLdR3+TJ/Fyd27kRuLeMAiEWchflo
rWdFRL4XBvlFy2VSfy8e9ZwHe3LJLeu2V7Omp0iJuDFZU/9+HfMfqhamGxQ8SVCh
ZYibajfTIfP2WWIbY4qC3RBwVpnDVon4yiKY9YidO+igfyzFEt+eDO2nRRGIwP5i
ZlTWEcJqpwjtAk/PJc7epUX/sqljVQnUa4sUUGfrglw3QPAJPzj1uUiROkVLhvSv
Fd0V1LOx7/mUp3xbSetQroVRUOBJMGVy8kTlWTwoZzfQWt9UKILR
-----END CERTIFICATE-----