Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/pUMmybOYcO81prQN7U6cl0VzBJk.roa
File:                     pUMmybOYcO81prQN7U6cl0VzBJk.roa (raw, json)
Hash identifier:          obsnBPiSNa+9+H54Uv2AnlbZb9P4yWlmHceTCOipJ34=
Subject key identifier:   A5:43:26:C9:B3:98:70:EF:35:A6:B4:0D:ED:4E:9C:97:45:73:04:99
Certificate issuer:       /CN=4bd444c864e9e85d35376e0f68281799f6281f14
Certificate serial:       018CC7944C73B3A086444AE6441FFE22587F
Authority key identifier: 4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/pUMmybOYcO81prQN7U6cl0VzBJk.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49788
IP address blocks:        185.13.92.0/22 maxlen: 22
                          2a02:f480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4c:73:b3:a0:86:44:4a:e6:44:1f:fe:22:58:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd444c864e9e85d35376e0f68281799f6281f14
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a54326c9b39870ef35a6b40ded4e9c9745730499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f4:c6:a8:34:5c:4f:b9:6e:a5:f5:c2:88:d8:
                    e3:07:0c:6e:cb:75:10:9a:d9:51:3d:e4:b4:e5:3b:
                    30:92:c5:a3:80:c1:43:70:00:e1:68:55:87:14:a1:
                    f5:74:21:fa:df:35:a0:c2:88:c3:9d:85:d3:86:4a:
                    f7:72:39:8a:2b:71:37:69:73:51:f3:a3:56:c7:5e:
                    12:0d:4b:07:a8:52:1d:36:1e:66:1c:ed:d9:4d:a5:
                    7d:dd:86:1f:a0:1d:e5:92:a4:91:d6:71:8c:1a:e0:
                    98:5a:98:d8:87:51:40:8f:26:7c:b6:c8:af:fb:3e:
                    1b:bf:d2:7c:db:26:11:82:9d:41:4e:2e:a6:0a:4a:
                    e0:9a:bd:e2:0f:fe:b4:4e:67:dd:b3:8b:48:e4:c4:
                    5b:fb:24:20:ba:08:12:4d:4f:04:98:b5:67:a3:9e:
                    5e:51:0c:86:8a:42:64:c2:13:68:9c:26:ae:76:ec:
                    38:58:25:17:5d:64:b1:d2:1d:83:c6:ee:f4:26:21:
                    2b:0f:88:bb:07:66:c8:6e:a7:f2:39:71:b2:5f:31:
                    b0:34:2e:a9:49:91:87:1f:84:27:76:ae:33:c5:33:
                    15:05:a6:5b:52:97:cd:d4:b2:48:04:33:4b:37:ef:
                    9c:63:f8:ee:99:17:da:9e:ed:f9:e9:c8:da:05:fa:
                    18:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:43:26:C9:B3:98:70:EF:35:A6:B4:0D:ED:4E:9C:97:45:73:04:99
            X509v3 Authority Key Identifier:
                keyid:4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/pUMmybOYcO81prQN7U6cl0VzBJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.92.0/22
                IPv6:
                  2a02:f480::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:d2:5a:c6:4f:97:9c:55:83:fd:07:5c:a8:93:09:72:ab:27:
         42:67:71:7a:db:06:ff:b9:07:04:a1:72:54:f9:29:a6:de:b2:
         81:a7:14:cb:66:b9:82:97:92:34:94:67:f2:06:3b:4a:f6:b7:
         ef:0a:15:52:de:c2:04:64:cb:48:43:a4:e1:2f:69:91:04:03:
         b3:f4:a1:78:c2:34:f6:5c:ee:4b:c7:bc:c0:f7:21:bc:55:5f:
         ea:3f:8a:4f:7b:10:3c:90:4e:06:67:4d:b1:5c:2a:cb:30:45:
         97:a0:1b:87:09:d1:34:d9:12:b6:bf:1c:2e:07:3d:3a:ea:42:
         e3:c7:61:e2:15:8a:1f:5f:bf:91:c1:a5:d9:fa:f9:e3:58:ee:
         b2:12:f4:ba:ce:7a:90:25:3e:ec:d3:1b:8e:14:02:a6:5f:03:
         b2:05:db:3a:0a:81:ae:b3:25:c3:2b:e1:24:5f:f8:65:26:76:
         60:45:72:a7:71:d6:79:2e:75:90:a4:2b:45:75:c4:0c:6e:02:
         bb:8e:e6:fa:50:ee:dd:25:c8:1d:66:55:7d:72:73:27:95:cd:
         8d:54:9b:7b:0a:ff:95:d4:85:de:6f:94:7d:f9:7f:c4:f5:d0:
         7d:38:fc:ac:9d:8b:3a:98:85:7e:ac:16:94:e3:16:1e:48:de:
         22:77:f9:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlExzs6CGRErmRB/+Ilh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDQ0NGM4NjRlOWU4NWQzNTM3NmUwZjY4MjgxNzk5ZjYy
ODFmMTQwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQzMjZjOWIzOTg3MGVmMzVhNmI0MGRlZDRlOWM5NzQ1NzMwNDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPTGqDRcT7lupfXCiNjjBwxuy3UQ
mtlRPeS05TswksWjgMFDcADhaFWHFKH1dCH63zWgwojDnYXThkr3cjmKK3E3aXNR
86NWx14SDUsHqFIdNh5mHO3ZTaV93YYfoB3lkqSR1nGMGuCYWpjYh1FAjyZ8tsiv
+z4bv9J82yYRgp1BTi6mCkrgmr3iD/60Tmfds4tI5MRb+yQguggSTU8EmLVno55e
UQyGikJkwhNonCauduw4WCUXXWSx0h2Dxu70JiErD4i7B2bIbqfyOXGyXzGwNC6p
SZGHH4Qndq4zxTMVBaZbUpfN1LJIBDNLN++cY/jumRfanu356cjaBfoYQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKVDJsmzmHDvNaa0De1OnJdFcwSZMB8GA1UdIwQY
MBaAFEvURMhk6ehdNTduD2goF5n2KB8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMt
MjkwOTVhZDFjY2VkLzEvcFVNbXliT1ljTzgxcHJRTjdVNmNsMFZ6QkprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMtMjkwOTVhZDFjY2Vk
LzEvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ1cMA0E
AgACMAcDBQMqAvSAMA0GCSqGSIb3DQEBCwUAA4IBAQBc0lrGT5ecVYP9B1yokwly
qydCZ3F62wb/uQcEoXJU+Smm3rKBpxTLZrmCl5I0lGfyBjtK9rfvChVS3sIEZMtI
Q6ThL2mRBAOz9KF4wjT2XO5Lx7zA9yG8VV/qP4pPexA8kE4GZ02xXCrLMEWXoBuH
CdE02RK2vxwuBz066kLjx2HiFYofX7+RwaXZ+vnjWO6yEvS6znqQJT7s0xuOFAKm
XwOyBds6CoGusyXDK+EkX/hlJnZgRXKncdZ5LnWQpCtFdcQMbgK7jub6UO7dJcgd
ZlV9cnMnlc2NVJt7Cv+V1IXeb5R9+X/E9dB9OPysnYs6mIV+rBaU4xYeSN4id/k0
-----END CERTIFICATE-----