Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3e6762-0989-48ef-a8d2-db484cce7293/1/sg4Dd2EGiQo5aaFf1IoxM4S3wWs.roa
File:                     sg4Dd2EGiQo5aaFf1IoxM4S3wWs.roa (raw, json)
Hash identifier:          661IlzTtFdknNrykJ/kjVnQsFr/7ujaDfgvH33xo6ss=
Subject key identifier:   B2:0E:03:77:61:06:89:0A:39:69:A1:5F:D4:8A:31:33:84:B7:C1:6B
Certificate issuer:       /CN=c8f9baab1a13df30eff0fcd780c4bbc54bc3e6d5
Certificate serial:       018CC5DC46D715F4D7DB2CDF0337462A52CB
Authority key identifier: C8:F9:BA:AB:1A:13:DF:30:EF:F0:FC:D7:80:C4:BB:C5:4B:C3:E6:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yPm6qxoT3zDv8PzXgMS7xUvD5tU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3e6762-0989-48ef-a8d2-db484cce7293/1/sg4Dd2EGiQo5aaFf1IoxM4S3wWs.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        185.189.4.0/22 maxlen: 22
                          2a0b:d780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3e6762-0989-48ef-a8d2-db484cce7293/1/yPm6qxoT3zDv8PzXgMS7xUvD5tU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3e6762-0989-48ef-a8d2-db484cce7293/1/yPm6qxoT3zDv8PzXgMS7xUvD5tU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yPm6qxoT3zDv8PzXgMS7xUvD5tU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:46:d7:15:f4:d7:db:2c:df:03:37:46:2a:52:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8f9baab1a13df30eff0fcd780c4bbc54bc3e6d5
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b20e03776106890a3969a15fd48a313384b7c16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d1:57:d7:d0:40:c8:ac:8c:f0:7e:d4:ac:f6:
                    4d:97:ca:b2:ce:f5:6d:32:b1:af:ac:b9:ef:81:a0:
                    cf:79:12:cc:e8:89:ca:ef:fe:5b:c9:ad:35:9d:4f:
                    94:51:bd:00:ef:ca:a9:6d:64:ab:d8:dc:34:6d:52:
                    66:dd:7f:13:e1:60:96:86:c6:c1:32:bf:90:09:d7:
                    7b:23:e0:ce:64:ff:d9:79:ae:45:94:e7:72:80:e3:
                    2e:ff:a4:55:32:1a:b9:d8:33:5e:a0:77:2a:f2:97:
                    fe:53:de:88:66:28:e4:fd:07:0c:4a:60:67:55:ea:
                    48:5f:3c:26:4e:14:cf:82:ba:22:eb:c9:6b:19:f8:
                    73:5a:e8:63:c2:bb:27:c3:27:26:99:ec:e5:08:93:
                    94:bd:4b:dd:fe:2a:e6:56:0c:2f:4a:27:6f:fa:35:
                    11:cd:cc:67:84:5a:e7:3f:ae:66:f0:c9:6e:ab:c6:
                    72:32:db:ef:96:eb:af:a2:cb:b4:23:22:ef:d8:4e:
                    f8:ed:eb:34:e7:93:a8:a0:c3:f8:79:38:4f:92:a4:
                    ce:08:8d:33:77:e5:c4:f4:d5:b8:a1:35:07:80:89:
                    ab:f1:5e:5f:a4:7f:36:b0:ad:1d:fc:49:b6:7d:fc:
                    c7:97:11:05:99:c0:45:97:01:85:c7:3f:1a:6b:eb:
                    8f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0E:03:77:61:06:89:0A:39:69:A1:5F:D4:8A:31:33:84:B7:C1:6B
            X509v3 Authority Key Identifier:
                keyid:C8:F9:BA:AB:1A:13:DF:30:EF:F0:FC:D7:80:C4:BB:C5:4B:C3:E6:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yPm6qxoT3zDv8PzXgMS7xUvD5tU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3e6762-0989-48ef-a8d2-db484cce7293/1/sg4Dd2EGiQo5aaFf1IoxM4S3wWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3e6762-0989-48ef-a8d2-db484cce7293/1/yPm6qxoT3zDv8PzXgMS7xUvD5tU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.4.0/22
                IPv6:
                  2a0b:d780::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:cd:d6:96:9a:1b:72:43:2a:43:e6:b8:4a:43:ac:40:1f:39:
         e7:d0:98:6b:36:40:0d:4b:30:08:51:17:98:02:9f:d1:c3:9a:
         d4:23:3b:72:59:e9:e5:c4:1c:37:ba:76:04:97:55:15:c0:4d:
         69:e5:2f:78:b2:2b:24:cc:84:67:65:18:95:a5:1f:ff:ab:ee:
         d6:00:6a:62:a6:b3:00:bb:34:e2:1f:15:fc:db:69:34:5c:5c:
         84:3e:0a:06:10:eb:30:a7:23:b0:95:32:1c:c4:e1:30:78:59:
         00:22:e6:7d:40:29:de:c5:07:19:89:ca:3e:ef:45:5d:1d:54:
         c7:3c:f2:07:63:24:77:97:4e:a0:57:2a:61:14:0c:c3:02:af:
         16:e8:dd:42:7e:5c:cc:60:4e:e9:bc:f6:6a:93:82:37:56:a6:
         45:87:68:2e:a6:72:37:e0:f1:c9:77:d8:11:8a:ef:da:cd:5a:
         af:6a:de:0f:b9:b6:cf:36:fd:24:e3:95:a5:51:35:b5:80:17:
         f5:c6:b6:64:a2:3b:63:41:15:ec:51:7b:b9:8e:86:32:af:b4:
         45:6e:b2:64:b1:ce:a4:7a:96:98:fd:e1:07:08:d5:33:49:64:
         b9:17:29:d5:28:5d:16:d8:ad:4f:50:10:bd:f9:05:5e:cb:5b:
         64:12:57:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3EbXFfTX2yzfAzdGKlLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZjliYWFiMWExM2RmMzBlZmYwZmNkNzgwYzRiYmM1NGJj
M2U2ZDUwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBlMDM3NzYxMDY4OTBhMzk2OWExNWZkNDhhMzEzMzg0YjdjMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNFX19BAyKyM8H7UrPZNl8qyzvVt
MrGvrLnvgaDPeRLM6InK7/5bya01nU+UUb0A78qpbWSr2Nw0bVJm3X8T4WCWhsbB
Mr+QCdd7I+DOZP/Zea5FlOdygOMu/6RVMhq52DNeoHcq8pf+U96IZijk/QcMSmBn
VepIXzwmThTPgroi68lrGfhzWuhjwrsnwycmmezlCJOUvUvd/irmVgwvSidv+jUR
zcxnhFrnP65m8Mluq8ZyMtvvluuvosu0IyLv2E747es055OooMP4eThPkqTOCI0z
d+XE9NW4oTUHgImr8V5fpH82sK0d/Em2ffzHlxEFmcBFlwGFxz8aa+uPBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLIOA3dhBokKOWmhX9SKMTOEt8FrMB8GA1UdIwQY
MBaAFMj5uqsaE98w7/D814DEu8VLw+bVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVBtNnF4b1QzekR2OFB6WGdNUzd4VXZENXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZTY3NjItMDk4OS00OGVmLWE4ZDIt
ZGI0ODRjY2U3MjkzLzEvc2c0RGQyRUdpUW81YWFGZjFJb3hNNFMzd1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZTY3NjItMDk4OS00OGVmLWE4ZDItZGI0ODRjY2U3Mjkz
LzEveVBtNnF4b1QzekR2OFB6WGdNUzd4VXZENXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub0EMA0E
AgACMAcDBQMqC9eAMA0GCSqGSIb3DQEBCwUAA4IBAQCBzdaWmhtyQypD5rhKQ6xA
Hznn0JhrNkANSzAIUReYAp/Rw5rUIztyWenlxBw3unYEl1UVwE1p5S94siskzIRn
ZRiVpR//q+7WAGpiprMAuzTiHxX822k0XFyEPgoGEOswpyOwlTIcxOEweFkAIuZ9
QCnexQcZico+70VdHVTHPPIHYyR3l06gVyphFAzDAq8W6N1CflzMYE7pvPZqk4I3
VqZFh2gupnI34PHJd9gRiu/azVqvat4PubbPNv0k45WlUTW1gBf1xrZkojtjQRXs
UXu5joYyr7RFbrJksc6kepaY/eEHCNUzSWS5FynVKF0W2K1PUBC9+QVey1tkElfR
-----END CERTIFICATE-----