Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/286a48-8684-40f9-b662-97044c1d8299/1/I7oVPtSiIaRBTG-AiF7QSiXpBAQ.roa
File:                     I7oVPtSiIaRBTG-AiF7QSiXpBAQ.roa (raw, json)
Hash identifier:          CuKsdCiAg23KdxhxzmnfWo8Xu7IB3WzfTwBYE+UR7BQ=
Subject key identifier:   23:BA:15:3E:D4:A2:21:A4:41:4C:6F:80:88:5E:D0:4A:25:E9:04:04
Certificate issuer:       /CN=57d4f554d9762fe01b88550b4e637f7da6dad6e0
Certificate serial:       018CC3B690F49EEC414AFAD6D49AECD6E8EE
Authority key identifier: 57:D4:F5:54:D9:76:2F:E0:1B:88:55:0B:4E:63:7F:7D:A6:DA:D6:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V9T1VNl2L-AbiFULTmN_faba1uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/286a48-8684-40f9-b662-97044c1d8299/1/I7oVPtSiIaRBTG-AiF7QSiXpBAQ.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211830
IP address blocks:        185.219.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/286a48-8684-40f9-b662-97044c1d8299/1/V9T1VNl2L-AbiFULTmN_faba1uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/286a48-8684-40f9-b662-97044c1d8299/1/V9T1VNl2L-AbiFULTmN_faba1uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V9T1VNl2L-AbiFULTmN_faba1uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:90:f4:9e:ec:41:4a:fa:d6:d4:9a:ec:d6:e8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57d4f554d9762fe01b88550b4e637f7da6dad6e0
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23ba153ed4a221a4414c6f80885ed04a25e90404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:55:a2:30:cd:bb:b3:37:10:c8:f4:85:cf:a7:
                    f8:6e:18:31:74:78:47:46:ec:1d:24:56:d2:ab:a6:
                    fc:17:f1:a7:4a:e6:4b:64:b4:73:5d:9a:19:aa:73:
                    c6:9f:c3:d5:f1:7c:ed:fd:b7:e3:bc:a7:24:43:23:
                    e3:c9:59:cb:5f:83:d9:22:04:12:1a:d4:3b:30:1f:
                    1e:85:4c:ef:15:74:d0:61:7e:72:3e:98:38:66:6b:
                    6c:44:14:5b:ae:04:c1:fe:bf:41:32:b6:98:cf:2c:
                    ae:47:86:23:7d:db:b3:1a:3f:21:54:6a:41:f6:70:
                    d6:88:95:d6:a5:97:c0:3b:8b:f1:45:ad:d1:d8:1d:
                    62:0f:0d:f6:3d:fc:52:a6:40:f9:b5:99:35:89:e0:
                    20:29:c9:d4:d2:a4:75:6c:f4:39:5a:1f:58:4c:3d:
                    cc:8f:13:e6:0e:0d:b3:0d:02:19:5c:d4:f0:30:60:
                    54:8f:b3:da:0b:c0:3e:06:55:bb:88:a4:83:fd:88:
                    67:f3:55:35:7a:95:6f:70:a3:1a:17:c7:61:dd:73:
                    92:27:d4:08:c2:6b:63:ef:38:e2:27:5d:8b:1d:db:
                    ca:8f:9b:a9:2a:a8:74:80:01:db:5c:e1:d2:99:b3:
                    d7:19:6a:78:52:e5:95:b4:dc:da:38:e1:0c:92:f2:
                    56:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:BA:15:3E:D4:A2:21:A4:41:4C:6F:80:88:5E:D0:4A:25:E9:04:04
            X509v3 Authority Key Identifier:
                keyid:57:D4:F5:54:D9:76:2F:E0:1B:88:55:0B:4E:63:7F:7D:A6:DA:D6:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V9T1VNl2L-AbiFULTmN_faba1uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/286a48-8684-40f9-b662-97044c1d8299/1/I7oVPtSiIaRBTG-AiF7QSiXpBAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/286a48-8684-40f9-b662-97044c1d8299/1/V9T1VNl2L-AbiFULTmN_faba1uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:03:95:e6:95:12:38:71:cc:0c:c1:dd:07:42:97:7f:2f:16:
         46:da:38:5a:58:60:96:60:2e:ea:50:95:26:df:6f:5c:f4:10:
         83:93:59:30:f5:3d:32:4c:80:81:41:1c:9f:bd:77:3f:4c:d0:
         2f:2a:83:de:46:33:da:95:f2:e3:0f:44:6a:59:a0:b8:10:05:
         e4:67:74:98:33:02:7a:61:a2:77:33:ac:9d:9a:c2:50:98:b8:
         f4:6c:95:80:a7:7e:16:42:c0:f0:b5:4c:4f:a1:98:1a:68:67:
         14:ac:34:cf:7e:d0:c5:3a:de:b2:c8:d7:25:cc:e6:f1:45:56:
         b4:bf:99:c7:fd:20:b9:b6:52:f8:03:2c:f9:29:f2:a9:c2:a4:
         a7:db:77:a1:ef:3a:7c:38:6b:bf:3c:e8:6f:10:77:0c:56:bb:
         8f:7b:9c:e0:37:d9:b8:5d:56:12:0f:58:f2:06:6e:15:31:ec:
         2a:fc:60:05:ea:e3:55:ee:c8:f4:f4:90:7e:2d:3a:34:ad:8f:
         79:bb:4c:ab:85:75:a1:0d:f8:51:8e:82:84:b5:c3:10:55:fe:
         c4:99:60:e7:53:e6:87:f7:1d:47:25:80:4f:7e:f4:ea:cd:4a:
         39:2f:96:a6:df:11:ec:b2:e0:ee:48:5e:21:61:04:ba:5a:49:
         bc:05:5a:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpD0nuxBSvrW1Jrs1ujuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ZDRmNTU0ZDk3NjJmZTAxYjg4NTUwYjRlNjM3ZjdkYTZk
YWQ2ZTAwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2JhMTUzZWQ0YTIyMWE0NDE0YzZmODA4ODVlZDA0YTI1ZTkwNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVWiMM27szcQyPSFz6f4bhgxdHhH
RuwdJFbSq6b8F/GnSuZLZLRzXZoZqnPGn8PV8Xzt/bfjvKckQyPjyVnLX4PZIgQS
GtQ7MB8ehUzvFXTQYX5yPpg4ZmtsRBRbrgTB/r9BMraYzyyuR4YjfduzGj8hVGpB
9nDWiJXWpZfAO4vxRa3R2B1iDw32PfxSpkD5tZk1ieAgKcnU0qR1bPQ5Wh9YTD3M
jxPmDg2zDQIZXNTwMGBUj7PaC8A+BlW7iKSD/Yhn81U1epVvcKMaF8dh3XOSJ9QI
wmtj7zjiJ12LHdvKj5upKqh0gAHbXOHSmbPXGWp4UuWVtNzaOOEMkvJWhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCO6FT7UoiGkQUxvgIhe0Eol6QQEMB8GA1UdIwQY
MBaAFFfU9VTZdi/gG4hVC05jf32m2tbgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjlUMVZObDJMLUFiaUZVTFRtTl9mYWJhMXVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yODZhNDgtODY4NC00MGY5LWI2NjIt
OTcwNDRjMWQ4Mjk5LzEvSTdvVlB0U2lJYVJCVEctQWlGN1FTaVhwQkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yODZhNDgtODY4NC00MGY5LWI2NjItOTcwNDRjMWQ4Mjk5
LzEvVjlUMVZObDJMLUFiaUZVTFRtTl9mYWJhMXVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudsEMA0G
CSqGSIb3DQEBCwUAA4IBAQCvA5XmlRI4ccwMwd0HQpd/LxZG2jhaWGCWYC7qUJUm
329c9BCDk1kw9T0yTICBQRyfvXc/TNAvKoPeRjPalfLjD0RqWaC4EAXkZ3SYMwJ6
YaJ3M6ydmsJQmLj0bJWAp34WQsDwtUxPoZgaaGcUrDTPftDFOt6yyNclzObxRVa0
v5nH/SC5tlL4Ayz5KfKpwqSn23eh7zp8OGu/POhvEHcMVruPe5zgN9m4XVYSD1jy
Bm4VMewq/GAF6uNV7sj09JB+LTo0rY95u0yrhXWhDfhRjoKEtcMQVf7EmWDnU+aH
9x1HJYBPfvTqzUo5L5am3xHssuDuSF4hYQS6Wkm8BVqm
-----END CERTIFICATE-----