Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/4Sut2m2Uc5pdXQPVKzUb8yG0xPU.roa
File:                     4Sut2m2Uc5pdXQPVKzUb8yG0xPU.roa (raw, json)
Hash identifier:          dMQcSQzIkXrY28QGHeSEA4US44m3hOc1nBsKzdZKpS4=
Subject key identifier:   E1:2B:AD:DA:6D:94:73:9A:5D:5D:03:D5:2B:35:1B:F3:21:B4:C4:F5
Certificate issuer:       /CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
Certificate serial:       018CC2DAE3BD570690C3BA8E5ACB8A471642
Authority key identifier: 66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/4Sut2m2Uc5pdXQPVKzUb8yG0xPU.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41354
IP address blocks:        185.208.88.0/22 maxlen: 24
                          2a0b:32c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:bd:57:06:90:c3:ba:8e:5a:cb:8a:47:16:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e12badda6d94739a5d5d03d52b351bf321b4c4f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:1f:8b:71:4f:94:53:88:d5:15:a4:29:eb:
                    7b:0a:f6:0c:0c:2e:94:05:2e:6b:15:fb:87:87:05:
                    b2:86:7d:19:60:7c:ee:35:06:69:0a:cc:75:15:1e:
                    ae:71:cf:22:8c:ce:e7:e0:6c:88:16:6f:9e:4f:cb:
                    fa:17:00:a6:d6:74:2d:a3:ec:74:81:aa:e3:7c:08:
                    37:9f:77:49:d7:69:1d:34:85:60:15:81:ff:c3:61:
                    b2:e3:a7:ef:b5:5b:e3:7e:29:04:5a:14:2b:49:71:
                    ef:ab:4e:17:01:4d:e7:cf:5d:dc:77:08:0c:a6:af:
                    58:bc:92:b5:23:98:ff:59:a9:38:d5:cf:c5:2f:7d:
                    f1:81:ea:23:87:f9:f0:53:8a:ad:ab:37:49:86:f5:
                    fa:30:aa:1a:ad:b4:f0:46:7e:74:f5:70:25:2f:01:
                    ed:44:65:e2:e8:2c:0a:83:3e:db:80:2f:34:ba:fb:
                    e9:98:63:e7:93:c0:58:89:4b:2c:97:07:21:00:df:
                    6d:b3:ef:73:16:8e:47:87:af:00:66:a7:2a:45:f4:
                    d8:7c:67:6b:ae:8c:64:79:d1:72:70:fc:04:9d:c5:
                    22:98:d5:7a:44:06:ca:c3:33:45:3d:ac:19:af:06:
                    68:61:80:e6:3d:e1:eb:89:6c:67:bf:89:83:40:89:
                    75:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2B:AD:DA:6D:94:73:9A:5D:5D:03:D5:2B:35:1B:F3:21:B4:C4:F5
            X509v3 Authority Key Identifier:
                keyid:66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/4Sut2m2Uc5pdXQPVKzUb8yG0xPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.88.0/22
                IPv6:
                  2a0b:32c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:1b:f6:8c:8c:de:32:13:b4:34:54:09:72:8d:68:3a:8c:2c:
         46:21:60:2c:2b:ed:c8:cb:54:94:e6:ce:cf:e8:9c:3d:70:10:
         b5:35:91:fa:e2:2d:53:da:3b:f5:bb:34:64:d4:99:4a:91:16:
         1e:4a:91:7c:d6:0f:f3:ed:0f:f9:f6:86:30:7d:b6:17:59:f9:
         fb:49:e1:58:b8:f4:d8:ab:c5:fa:fc:f3:28:e9:be:66:fa:6f:
         17:e1:e2:65:42:48:80:9d:e0:07:c8:f6:54:46:92:3d:1f:22:
         0e:89:a1:5d:22:d1:f3:9e:e4:af:d0:10:36:5d:6d:1a:dc:af:
         7b:20:c6:12:ff:57:74:24:26:ea:ea:60:10:f8:ee:f6:25:f0:
         55:c7:f8:d4:01:e3:85:4c:18:e6:37:17:59:4c:2c:44:de:89:
         db:a3:70:15:df:ec:b2:3d:56:ee:b9:c1:eb:82:98:82:e4:5a:
         2e:a7:f7:c6:2c:e5:aa:ad:7d:0c:2d:0e:b9:f3:87:d4:bb:18:
         bb:8f:d7:bb:2a:94:88:92:b7:7f:b5:a4:7d:89:2d:a9:7d:fb:
         2d:40:b1:0a:e7:a3:08:78:8b:aa:36:83:7c:f0:d5:d0:fb:d6:
         b4:05:52:33:0b:fa:e4:27:fe:15:74:f7:6a:27:32:31:4a:0e:
         2b:26:56:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2uO9VwaQw7qOWsuKRxZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjM0ZjE0NTg2ZTM5OWNkMzgwMmQ5Yzg4YjFlNjdkOGRk
YjAzYTgwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTJiYWRkYTZkOTQ3MzlhNWQ1ZDAzZDUyYjM1MWJmMzIxYjRjNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2wfi3FPlFOI1RWkKet7CvYMDC6U
BS5rFfuHhwWyhn0ZYHzuNQZpCsx1FR6ucc8ijM7n4GyIFm+eT8v6FwCm1nQto+x0
garjfAg3n3dJ12kdNIVgFYH/w2Gy46fvtVvjfikEWhQrSXHvq04XAU3nz13cdwgM
pq9YvJK1I5j/Wak41c/FL33xgeojh/nwU4qtqzdJhvX6MKoarbTwRn509XAlLwHt
RGXi6CwKgz7bgC80uvvpmGPnk8BYiUsslwchAN9ts+9zFo5Hh68AZqcqRfTYfGdr
roxkedFycPwEncUimNV6RAbKwzNFPawZrwZoYYDmPeHriWxnv4mDQIl1LQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOErrdptlHOaXV0D1Ss1G/MhtMT1MB8GA1UdIwQY
MBaAFGZjTxRYbjmc04AtnIix5n2N2wOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDct
MTcxZGI0NjkwYzBhLzEvNFN1dDJtMlVjNXBkWFFQVkt6VWI4eUcweFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDctMTcxZGI0NjkwYzBh
LzEvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudBYMA0E
AgACMAcDBQMqCzLAMA0GCSqGSIb3DQEBCwUAA4IBAQCEG/aMjN4yE7Q0VAlyjWg6
jCxGIWAsK+3Iy1SU5s7P6Jw9cBC1NZH64i1T2jv1uzRk1JlKkRYeSpF81g/z7Q/5
9oYwfbYXWfn7SeFYuPTYq8X6/PMo6b5m+m8X4eJlQkiAneAHyPZURpI9HyIOiaFd
ItHznuSv0BA2XW0a3K97IMYS/1d0JCbq6mAQ+O72JfBVx/jUAeOFTBjmNxdZTCxE
3onbo3AV3+yyPVbuucHrgpiC5Foup/fGLOWqrX0MLQ6584fUuxi7j9e7KpSIkrd/
taR9iS2pffstQLEK56MIeIuqNoN88NXQ+9a0BVIzC/rkJ/4VdPdqJzIxSg4rJlZN
-----END CERTIFICATE-----