Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/J4rvv-6m9geybGQl5r22Gqg6HnA.roa
File:                     J4rvv-6m9geybGQl5r22Gqg6HnA.roa (raw, json)
Hash identifier:          //KDBXM5QJhpiAFlbgI3J9VeJf8UkqaHpyfo5HlFjn4=
Subject key identifier:   27:8A:EF:BF:EE:A6:F6:07:B2:6C:64:25:E6:BD:B6:1A:A8:3A:1E:70
Certificate issuer:       /CN=fc983137042fc8c4921707d4eb6da5f6c4a79a5b
Certificate serial:       018CC64B3138E8E94667C6923EB3CEE3896D
Authority key identifier: FC:98:31:37:04:2F:C8:C4:92:17:07:D4:EB:6D:A5:F6:C4:A7:9A:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JgxNwQvyMSSFwfU622l9sSnmls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/J4rvv-6m9geybGQl5r22Gqg6HnA.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47576
IP address blocks:        185.126.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/_JgxNwQvyMSSFwfU622l9sSnmls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/_JgxNwQvyMSSFwfU622l9sSnmls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_JgxNwQvyMSSFwfU622l9sSnmls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:31:38:e8:e9:46:67:c6:92:3e:b3:ce:e3:89:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc983137042fc8c4921707d4eb6da5f6c4a79a5b
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=278aefbfeea6f607b26c6425e6bdb61aa83a1e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:16:d8:11:bf:dd:26:e3:93:0e:92:fc:a7:26:
                    51:6d:a8:b8:24:bb:0d:d0:74:32:95:57:51:6d:02:
                    58:e2:e6:11:14:e3:7d:fb:0d:37:4a:f0:07:ae:41:
                    c0:ff:1f:f8:4f:e2:bc:cf:17:e1:ab:ea:31:9e:ba:
                    43:7b:fe:55:1b:ce:3d:65:cd:c4:a8:27:dc:12:9e:
                    8b:ef:0f:33:f8:28:f9:f2:31:63:0a:22:92:15:78:
                    af:ec:6a:9e:8d:97:40:21:9f:e9:0b:9d:79:ea:38:
                    50:2b:a5:e8:a8:09:9d:67:eb:ee:cc:de:51:08:2c:
                    a5:80:a8:cf:b7:6b:77:4a:62:48:6a:44:80:88:92:
                    09:45:84:d0:a7:00:01:e1:df:f4:dd:bf:27:ac:0c:
                    d2:42:e1:d4:32:2d:8c:20:20:71:3c:35:2d:7b:9b:
                    e1:01:4d:26:ff:3b:b4:2c:13:0d:21:63:c8:c6:14:
                    b1:7e:9f:4f:82:b4:18:d0:e8:5b:a8:ed:33:eb:4f:
                    d8:db:8b:19:b9:26:8a:e6:fd:a5:65:bb:3a:44:a3:
                    ec:92:80:db:7d:4c:e7:5d:41:50:3f:98:78:7b:d2:
                    b7:58:c5:d5:cb:17:14:aa:54:56:74:1c:81:bc:08:
                    2c:29:d3:ed:bc:57:f0:af:78:c9:74:c2:76:5b:7f:
                    4e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8A:EF:BF:EE:A6:F6:07:B2:6C:64:25:E6:BD:B6:1A:A8:3A:1E:70
            X509v3 Authority Key Identifier:
                keyid:FC:98:31:37:04:2F:C8:C4:92:17:07:D4:EB:6D:A5:F6:C4:A7:9A:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JgxNwQvyMSSFwfU622l9sSnmls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/J4rvv-6m9geybGQl5r22Gqg6HnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/_JgxNwQvyMSSFwfU622l9sSnmls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:bb:a9:8f:0e:d5:84:bb:63:be:b8:8f:a3:ff:30:a9:4a:0c:
         c9:e5:88:71:87:7e:14:31:92:cc:62:24:71:53:e3:5d:5c:7a:
         ed:ae:7a:59:ee:28:9d:1d:7a:c6:b9:33:35:b3:38:bf:47:ab:
         c5:06:b7:84:1b:49:d0:31:ab:ca:32:af:67:79:30:a2:a4:37:
         f3:78:6d:88:70:14:43:10:1c:3c:73:ff:c0:5f:98:8a:cd:d9:
         a3:60:49:96:91:f3:53:61:71:0c:a1:58:c5:46:31:a4:67:37:
         de:4d:7c:13:78:70:76:9a:3c:ab:c4:47:38:d6:70:10:bc:7a:
         14:21:e6:6d:77:62:2a:ec:d4:db:86:40:ee:dc:e9:73:fc:fd:
         3c:dd:6c:58:95:70:6e:64:d4:83:a6:b1:f7:c1:b4:5a:8f:f4:
         15:02:f8:a7:91:d9:ca:54:99:c7:a8:e3:d3:6f:9d:48:b9:a8:
         b7:08:80:8c:54:0e:6a:ae:52:05:22:93:08:d9:46:e8:cf:f0:
         8e:28:9b:15:ca:ea:2a:6b:be:33:fa:92:d4:3f:cd:f8:8e:a7:
         a4:1e:61:47:32:ee:f4:ad:c0:d2:95:1f:eb:0f:e0:5f:39:97:
         09:61:af:0d:04:48:a3:be:11:d7:92:fc:53:8d:75:eb:55:2c:
         22:30:3b:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzE46OlGZ8aSPrPO44ltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTgzMTM3MDQyZmM4YzQ5MjE3MDdkNGViNmRhNWY2YzRh
NzlhNWIwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhhZWZiZmVlYTZmNjA3YjI2YzY0MjVlNmJkYjYxYWE4M2ExZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxbYEb/dJuOTDpL8pyZRbai4JLsN
0HQylVdRbQJY4uYRFON9+w03SvAHrkHA/x/4T+K8zxfhq+oxnrpDe/5VG849Zc3E
qCfcEp6L7w8z+Cj58jFjCiKSFXiv7GqejZdAIZ/pC5156jhQK6XoqAmdZ+vuzN5R
CCylgKjPt2t3SmJIakSAiJIJRYTQpwAB4d/03b8nrAzSQuHUMi2MICBxPDUte5vh
AU0m/zu0LBMNIWPIxhSxfp9PgrQY0OhbqO0z60/Y24sZuSaK5v2lZbs6RKPskoDb
fUznXUFQP5h4e9K3WMXVyxcUqlRWdByBvAgsKdPtvFfwr3jJdMJ2W39OjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeK77/upvYHsmxkJea9thqoOh5wMB8GA1UdIwQY
MBaAFPyYMTcEL8jEkhcH1OttpfbEp5pbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pneE53UXZ5TVNTRndmVTYyMmw5c1NubWxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MjFjODAtZWQzYS00N2ZkLThkMmMt
MjI0ZjEwYTk4MWZlLzEvSjRydnYtNm05Z2V5YkdRbDVyMjJHcWc2SG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MjFjODAtZWQzYS00N2ZkLThkMmMtMjI0ZjEwYTk4MWZl
LzEvX0pneE53UXZ5TVNTRndmVTYyMmw5c1NubWxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAmu6mPDtWEu2O+uI+j/zCpSgzJ5Yhxh34UMZLMYiRx
U+NdXHrtrnpZ7iidHXrGuTM1szi/R6vFBreEG0nQMavKMq9neTCipDfzeG2IcBRD
EBw8c//AX5iKzdmjYEmWkfNTYXEMoVjFRjGkZzfeTXwTeHB2mjyrxEc41nAQvHoU
IeZtd2Iq7NTbhkDu3Olz/P083WxYlXBuZNSDprH3wbRaj/QVAvinkdnKVJnHqOPT
b51Iuai3CICMVA5qrlIFIpMI2Uboz/COKJsVyuoqa74z+pLUP834jqekHmFHMu70
rcDSlR/rD+BfOZcJYa8NBEijvhHXkvxTjXXrVSwiMDvf
-----END CERTIFICATE-----