Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/4cCd564-DUkGJP3zFXXXfgW9BMk.roa
File:                     4cCd564-DUkGJP3zFXXXfgW9BMk.roa (raw, json)
Hash identifier:          +324/l2HUarg+liNurHVv+SwTQ0mrDyrplKStHA10tg=
Subject key identifier:   E1:C0:9D:E7:AE:3E:0D:49:06:24:FD:F3:15:75:D7:7E:05:BD:04:C9
Certificate issuer:       /CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Certificate serial:       018CC4931D693B0435E23F57DCEC8961EF0C
Authority key identifier: 91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/4cCd564-DUkGJP3zFXXXfgW9BMk.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28819
IP address blocks:        82.112.170.0/24 maxlen: 24
                          82.112.172.0/24 maxlen: 24
                          82.112.168.0/24 maxlen: 24
                          82.112.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1d:69:3b:04:35:e2:3f:57:dc:ec:89:61:ef:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1c09de7ae3e0d490624fdf31575d77e05bd04c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c3:5c:6b:ea:f9:3f:38:86:05:ed:09:1b:1f:
                    b8:7f:f9:a9:3a:61:61:2f:d5:61:58:9c:b3:70:78:
                    fd:fe:2d:f2:dc:5a:05:78:ba:80:b0:9b:aa:ed:00:
                    ec:23:55:e0:24:ed:b2:1e:ed:40:37:e3:74:80:ec:
                    46:03:01:41:39:85:02:49:fb:4f:09:7e:87:dc:e8:
                    6c:31:c2:71:e0:9d:20:77:0c:06:0f:b3:45:94:89:
                    dc:54:e5:1d:95:62:93:be:df:6b:a1:50:45:5d:fa:
                    0d:0c:45:91:cf:c0:3c:df:23:7c:d3:d5:8f:fe:e4:
                    ba:35:9a:a8:99:4a:b6:d5:36:b2:e3:70:68:0f:a2:
                    b9:67:7c:c7:41:93:ec:4d:9c:21:e0:96:e0:a7:56:
                    49:b4:7d:f0:18:3d:f3:25:6c:8c:35:cc:4b:eb:36:
                    81:bc:e4:43:f4:2b:d8:fd:31:86:8b:00:09:d5:74:
                    4c:63:45:36:c8:8a:c6:6f:12:45:13:07:a7:be:62:
                    e5:97:97:ad:59:d5:d1:2f:63:7a:58:01:87:53:29:
                    c7:75:5f:e4:67:88:39:04:75:24:5e:d9:fb:77:ff:
                    c4:aa:2c:9d:13:3d:de:7e:f4:c3:4e:c9:fc:f5:47:
                    9f:66:9d:cd:98:46:0e:6c:b8:14:31:bc:b2:ef:68:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:C0:9D:E7:AE:3E:0D:49:06:24:FD:F3:15:75:D7:7E:05:BD:04:C9
            X509v3 Authority Key Identifier:
                keyid:91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/4cCd564-DUkGJP3zFXXXfgW9BMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.168.0-82.112.170.255
                  82.112.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:59:22:de:7d:c1:0b:25:a3:26:32:41:86:9b:1e:ee:a4:bd:
         ef:7a:a0:d8:26:dc:af:f6:c3:01:12:7a:64:2d:07:a9:86:07:
         80:f2:df:cf:61:9b:02:fd:8a:d0:fd:55:16:ec:e5:f8:20:cc:
         bf:21:c4:b7:cd:14:dd:88:a9:85:f6:5d:62:a6:a8:6d:84:bf:
         7b:24:67:16:21:ff:c9:59:a6:86:90:93:e8:cc:38:33:2a:fc:
         eb:0d:73:79:8a:f3:45:e8:aa:73:18:09:f4:49:31:b1:76:d8:
         e3:f9:76:12:89:60:1e:68:2b:26:b9:66:f1:5f:01:c4:50:52:
         31:ab:f2:7b:27:ab:82:b9:22:2e:f7:23:21:ac:32:93:35:d2:
         1f:ff:fe:81:2f:66:ec:e8:3f:0c:81:0d:83:90:78:aa:ee:5d:
         62:92:2f:6a:88:1e:c9:f5:05:ec:bf:7c:7b:16:3a:ea:14:7b:
         08:4c:06:c7:61:8e:6d:4b:0b:a4:28:cd:e9:8b:db:42:01:82:
         22:c3:0a:65:4c:c6:73:19:f4:2e:fc:be:e1:66:0e:2a:fc:98:
         10:1b:33:7b:8b:56:a4:9c:0f:ba:cc:c7:f2:60:ba:67:a5:ad:
         46:78:8c:54:bb:8c:26:97:d3:f3:fa:6a:c2:a1:04:44:da:44:
         92:e9:42:93
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEkx1pOwQ14j9X3OyJYe8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzgxYmM5NjlkZTZhZGMzZDFkZGMwZWI4OWJkZWVhY2U5
ODA1Y2QwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWMwOWRlN2FlM2UwZDQ5MDYyNGZkZjMxNTc1ZDc3ZTA1YmQwNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksNca+r5PziGBe0JGx+4f/mpOmFh
L9VhWJyzcHj9/i3y3FoFeLqAsJuq7QDsI1XgJO2yHu1AN+N0gOxGAwFBOYUCSftP
CX6H3OhsMcJx4J0gdwwGD7NFlIncVOUdlWKTvt9roVBFXfoNDEWRz8A83yN809WP
/uS6NZqomUq21Tay43BoD6K5Z3zHQZPsTZwh4Jbgp1ZJtH3wGD3zJWyMNcxL6zaB
vORD9CvY/TGGiwAJ1XRMY0U2yIrGbxJFEwenvmLll5etWdXRL2N6WAGHUynHdV/k
Z4g5BHUkXtn7d//EqiydEz3efvTDTsn89UefZp3NmEYObLgUMbyy72iG9wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOHAneeuPg1JBiT98xV1134FvQTJMB8GA1UdIwQY
MBaAFJE4G8lp3mrcPR3cDrib3urOmAXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMt
MjU2ZGE5NWQxMzQ1LzEvNGNDZDU2NC1EVWtHSlAzekZYWFhmZ1c5Qk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMtMjU2ZGE5NWQxMzQ1
LzEva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANScKgD
BABScKoDBABScKwwDQYJKoZIhvcNAQELBQADggEBAGZZIt59wQsloyYyQYabHu6k
ve96oNgm3K/2wwESemQtB6mGB4Dy389hmwL9itD9VRbs5fggzL8hxLfNFN2IqYX2
XWKmqG2Ev3skZxYh/8lZpoaQk+jMODMq/OsNc3mK80XoqnMYCfRJMbF22OP5dhKJ
YB5oKya5ZvFfAcRQUjGr8nsnq4K5Ii73IyGsMpM10h///oEvZuzoPwyBDYOQeKru
XWKSL2qIHsn1Bey/fHsWOuoUewhMBsdhjm1LC6QozemL20IBgiLDCmVMxnMZ9C78
vuFmDir8mBAbM3uLVqScD7rMx/JgumelrUZ4jFS7jCaX0/P6asKhBETaRJLpQpM=
-----END CERTIFICATE-----