Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/94558a-2803-44c2-a772-f94adc1bbd90/1/4-3kj-D14e3EK4sJ-up5ng2XrhI.roa
File:                     4-3kj-D14e3EK4sJ-up5ng2XrhI.roa (raw, json)
Hash identifier:          heHDVmqt3D7pwz3N+6R11nATahu4prWnElQnPRhGA9s=
Subject key identifier:   E3:ED:E4:8F:E0:F5:E1:ED:C4:2B:8B:09:FA:EA:79:9E:0D:97:AE:12
Certificate issuer:       /CN=d5a085eb95ad55fb3a6b247e9678112a14d81926
Certificate serial:       018CC8DF40B0A0EB3CE47D55FD76734E6B1E
Authority key identifier: D5:A0:85:EB:95:AD:55:FB:3A:6B:24:7E:96:78:11:2A:14:D8:19:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aCF65WtVfs6ayR-lngRKhTYGSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/94558a-2803-44c2-a772-f94adc1bbd90/1/4-3kj-D14e3EK4sJ-up5ng2XrhI.roa
Signing time:             Tue 02 Jan 2024 06:32:03 +0000
ROA not before:           Tue 02 Jan 2024 06:32:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212876
IP address blocks:        185.166.108.0/22 maxlen: 22
                          2a0c:f880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/94558a-2803-44c2-a772-f94adc1bbd90/1/1aCF65WtVfs6ayR-lngRKhTYGSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/94558a-2803-44c2-a772-f94adc1bbd90/1/1aCF65WtVfs6ayR-lngRKhTYGSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aCF65WtVfs6ayR-lngRKhTYGSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:40:b0:a0:eb:3c:e4:7d:55:fd:76:73:4e:6b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5a085eb95ad55fb3a6b247e9678112a14d81926
        Validity
            Not Before: Jan  2 06:32:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3ede48fe0f5e1edc42b8b09faea799e0d97ae12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1a:72:80:99:44:91:31:ec:fb:9e:64:46:6b:
                    84:48:e9:b3:b6:c2:3a:c3:90:b9:ce:80:62:48:1a:
                    61:02:36:49:9d:bb:5b:9a:4d:a9:d9:5e:4a:02:e0:
                    78:52:c9:e5:9b:7d:d3:d4:6b:75:39:21:29:3d:50:
                    85:8e:35:7e:c9:86:c8:11:40:ff:3b:c3:0b:3b:6c:
                    15:19:c0:36:9d:b1:3d:ea:24:e9:50:e1:6b:13:06:
                    2f:2f:49:b9:e2:ae:33:cd:41:33:98:9c:85:a8:d8:
                    e6:8c:47:59:40:b5:38:c2:ea:a6:3c:f1:4d:4c:07:
                    a1:1a:fd:e8:d9:0a:68:cf:fc:c4:4d:62:f3:34:e9:
                    7f:92:92:c2:d5:e8:13:49:c8:e1:30:e8:f7:c9:94:
                    c5:28:28:00:64:d8:30:ff:f2:88:3e:69:ea:60:45:
                    9e:d2:2c:0e:88:cb:7e:ef:c5:30:40:cc:a2:88:ac:
                    15:e4:3f:94:3d:da:d9:38:d6:d2:73:c9:cf:22:61:
                    eb:ec:c2:f1:2c:a4:53:f0:fd:40:18:04:3c:53:4c:
                    56:ca:58:11:12:65:a3:b8:03:72:3c:2b:95:00:c5:
                    41:bc:c4:e1:70:58:d6:6f:2b:35:7a:90:8b:b5:41:
                    49:45:47:d2:e4:23:6b:ed:f3:14:61:27:61:ab:c9:
                    66:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:ED:E4:8F:E0:F5:E1:ED:C4:2B:8B:09:FA:EA:79:9E:0D:97:AE:12
            X509v3 Authority Key Identifier:
                keyid:D5:A0:85:EB:95:AD:55:FB:3A:6B:24:7E:96:78:11:2A:14:D8:19:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aCF65WtVfs6ayR-lngRKhTYGSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/94558a-2803-44c2-a772-f94adc1bbd90/1/4-3kj-D14e3EK4sJ-up5ng2XrhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/94558a-2803-44c2-a772-f94adc1bbd90/1/1aCF65WtVfs6ayR-lngRKhTYGSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.108.0/22
                IPv6:
                  2a0c:f880::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:f1:7a:71:7a:6f:d5:00:f5:2a:62:ba:7c:bf:1e:1b:ee:07:
         36:2b:c2:7f:2c:4f:94:8d:1b:ac:b3:3b:7b:2d:43:2b:cf:10:
         31:b5:76:da:a8:5c:72:06:c9:be:cd:69:b1:da:19:11:f0:41:
         50:3d:42:45:b7:8d:75:97:2b:33:2b:21:2e:1f:b8:51:80:ba:
         26:cf:c8:e0:f7:30:01:63:2d:e4:5e:19:ae:33:8e:58:ed:da:
         6c:5a:99:93:29:8b:a4:45:03:b0:ba:31:a3:43:d2:fb:cd:6c:
         09:ba:04:69:3d:6b:12:f5:72:18:49:3d:9e:30:2f:35:b9:e5:
         59:8c:b4:f0:eb:ba:6b:d9:87:f0:3a:f7:6e:df:7c:9a:02:ad:
         08:0b:b3:06:f1:f5:a7:a6:51:39:96:e1:bf:a7:cc:51:8b:6d:
         81:7e:ba:cd:78:9f:83:ac:6c:15:ed:03:d1:1a:40:09:b9:13:
         11:91:98:8b:6f:b9:72:65:4d:54:3b:4f:f9:06:73:85:ba:28:
         df:d0:07:03:ca:cb:62:2e:94:42:1e:77:15:35:ef:44:12:f6:
         44:0e:14:9a:ab:e5:f0:56:e2:f3:1f:1a:68:19:52:16:8b:0a:
         6e:9b:08:d9:6c:cb:40:28:1f:d1:e0:f8:8a:d3:35:52:83:5b:
         7c:9f:95:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI30CwoOs85H1V/XZzTmseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YTA4NWViOTVhZDU1ZmIzYTZiMjQ3ZTk2NzgxMTJhMTRk
ODE5MjYwHhcNMjQwMTAyMDYzMjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2VkZTQ4ZmUwZjVlMWVkYzQyYjhiMDlmYWVhNzk5ZTBkOTdhZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohpygJlEkTHs+55kRmuESOmztsI6
w5C5zoBiSBphAjZJnbtbmk2p2V5KAuB4Usnlm33T1Gt1OSEpPVCFjjV+yYbIEUD/
O8MLO2wVGcA2nbE96iTpUOFrEwYvL0m54q4zzUEzmJyFqNjmjEdZQLU4wuqmPPFN
TAehGv3o2Qpoz/zETWLzNOl/kpLC1egTScjhMOj3yZTFKCgAZNgw//KIPmnqYEWe
0iwOiMt+78UwQMyiiKwV5D+UPdrZONbSc8nPImHr7MLxLKRT8P1AGAQ8U0xWylgR
EmWjuANyPCuVAMVBvMThcFjWbys1epCLtUFJRUfS5CNr7fMUYSdhq8lmeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOPt5I/g9eHtxCuLCfrqeZ4Nl64SMB8GA1UdIwQY
MBaAFNWgheuVrVX7OmskfpZ4ESoU2BkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFDRjY1V3RWZnM2YXlSLWxuZ1JLaFRZR1NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi85NDU1OGEtMjgwMy00NGMyLWE3NzIt
Zjk0YWRjMWJiZDkwLzEvNC0za2otRDE0ZTNFSzRzSi11cDVuZzJYcmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi85NDU1OGEtMjgwMy00NGMyLWE3NzItZjk0YWRjMWJiZDkw
LzEvMWFDRjY1V3RWZnM2YXlSLWxuZ1JLaFRZR1NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaZsMA0E
AgACMAcDBQMqDPiAMA0GCSqGSIb3DQEBCwUAA4IBAQBm8Xpxem/VAPUqYrp8vx4b
7gc2K8J/LE+UjRusszt7LUMrzxAxtXbaqFxyBsm+zWmx2hkR8EFQPUJFt411lysz
KyEuH7hRgLomz8jg9zABYy3kXhmuM45Y7dpsWpmTKYukRQOwujGjQ9L7zWwJugRp
PWsS9XIYST2eMC81ueVZjLTw67pr2YfwOvdu33yaAq0IC7MG8fWnplE5luG/p8xR
i22BfrrNeJ+DrGwV7QPRGkAJuRMRkZiLb7lyZU1UO0/5BnOFuijf0AcDystiLpRC
HncVNe9EEvZEDhSaq+XwVuLzHxpoGVIWiwpumwjZbMtAKB/R4PiK0zVSg1t8n5Uv
-----END CERTIFICATE-----