Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/7gAnW5gv7M2UOFz3lHFY5UWSKq0.roa
File:                     7gAnW5gv7M2UOFz3lHFY5UWSKq0.roa (raw, json)
Hash identifier:          RU7nQGs2L4u2+3yY8EIVjlhH142WmDVeEVreb67QvjI=
Subject key identifier:   EE:00:27:5B:98:2F:EC:CD:94:38:5C:F7:94:71:58:E5:45:92:2A:AD
Certificate issuer:       /CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
Certificate serial:       018CC6B92C8DBCFC5822423B48D0C09862B2
Authority key identifier: 4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/7gAnW5gv7M2UOFz3lHFY5UWSKq0.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198477
IP address blocks:        185.117.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2c:8d:bc:fc:58:22:42:3b:48:d0:c0:98:62:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee00275b982feccd94385cf7947158e545922aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:47:45:d8:5a:41:30:b3:7c:87:31:9a:2b:
                    51:8a:02:f8:28:aa:03:8a:7d:97:f1:6a:d1:12:4a:
                    fd:b7:00:06:14:99:2e:01:10:60:0e:c0:3f:7b:bb:
                    19:b9:bb:cb:da:48:e4:50:5c:38:96:64:aa:ea:f3:
                    6c:af:f4:6e:b6:fa:9f:3b:bb:02:05:6f:5c:0d:8c:
                    f2:3d:84:15:69:f8:7d:d8:cd:ec:cf:33:ef:79:e3:
                    c5:aa:47:20:76:98:ac:55:51:36:dc:4f:9d:27:ae:
                    92:c5:a4:46:2f:ac:1b:55:59:c1:4a:69:b9:16:68:
                    a9:36:75:8f:2c:7f:6b:df:8e:9e:8c:40:91:8a:24:
                    cc:e4:c2:db:ba:a6:30:00:f9:85:da:c9:7b:aa:7e:
                    29:40:fe:bc:28:24:3a:2a:15:a8:da:aa:69:25:35:
                    6b:b9:9f:e6:1d:02:2a:d9:90:65:62:83:24:9b:80:
                    7a:cb:da:a7:18:a2:6e:29:4a:72:ad:6a:af:7b:c6:
                    7a:9a:cf:98:c8:a6:e8:6c:c9:42:a5:33:70:f6:39:
                    ee:2e:02:9c:67:84:79:4d:d8:47:7e:f7:ca:8d:16:
                    f1:83:7e:e5:41:6b:2d:17:bb:e2:4b:18:f4:d5:fa:
                    02:36:90:0c:a0:21:cc:b6:5b:58:89:8e:40:4c:5c:
                    b3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:00:27:5B:98:2F:EC:CD:94:38:5C:F7:94:71:58:E5:45:92:2A:AD
            X509v3 Authority Key Identifier:
                keyid:4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/7gAnW5gv7M2UOFz3lHFY5UWSKq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:5a:f7:62:a0:c3:b7:3f:9b:6c:ce:1c:5a:77:33:7b:bf:a0:
         19:4d:1f:2e:bc:44:9d:26:51:bc:a6:b1:a6:e4:be:5f:d9:19:
         44:cc:f3:d9:fa:40:8f:6d:8c:88:dc:ef:1b:b9:52:53:b1:83:
         bb:40:62:53:45:5f:fa:4c:ec:18:fc:df:dc:6f:15:fc:ff:10:
         e8:cd:7a:ad:5c:2b:a2:1c:65:6a:8e:31:14:d2:01:1a:49:90:
         d8:34:0c:9c:56:ff:1d:d8:0e:fd:3a:6e:e8:e5:c1:ab:9f:78:
         9d:40:4a:23:a1:a5:0b:09:f4:2d:69:13:91:e9:f0:c1:9f:ef:
         99:cf:26:47:37:87:ea:43:63:c8:3c:cd:cd:95:57:18:c2:0c:
         1e:90:0a:e9:ef:ad:0a:04:22:34:a5:6b:02:39:45:a4:a6:e1:
         69:86:ef:2b:f7:dc:43:b6:14:04:28:27:a9:ca:a8:e0:67:57:
         31:cc:86:01:3d:e3:da:85:ce:00:55:b9:6f:fd:bc:5d:94:7c:
         a4:96:c6:bc:71:05:13:23:8f:60:fc:8a:15:cc:73:9e:64:bd:
         e4:0c:14:ab:fd:45:67:dd:58:25:b0:e4:be:cd:84:e0:40:bd:
         62:5e:00:6c:83:33:4b:8f:2d:58:27:30:58:68:9b:fe:90:7e:
         31:b9:1c:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSyNvPxYIkI7SNDAmGKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzM5MWRjNjE1ZmQ0YTNhZDEwYzBmMmFiOGIwYTUwNmQw
MzllZDgwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTAwMjc1Yjk4MmZlY2NkOTQzODVjZjc5NDcxNThlNTQ1OTIyYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO9HRdhaQTCzfIcxmitRigL4KKoD
in2X8WrREkr9twAGFJkuARBgDsA/e7sZubvL2kjkUFw4lmSq6vNsr/RutvqfO7sC
BW9cDYzyPYQVafh92M3szzPveePFqkcgdpisVVE23E+dJ66SxaRGL6wbVVnBSmm5
FmipNnWPLH9r346ejECRiiTM5MLbuqYwAPmF2sl7qn4pQP68KCQ6KhWo2qppJTVr
uZ/mHQIq2ZBlYoMkm4B6y9qnGKJuKUpyrWqve8Z6ms+YyKbobMlCpTNw9jnuLgKc
Z4R5TdhHfvfKjRbxg37lQWstF7viSxj01foCNpAMoCHMtltYiY5ATFyzsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4AJ1uYL+zNlDhc95RxWOVFkiqtMB8GA1UdIwQY
MBaAFE3DkdxhX9SjrRDA8quLClBtA57YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEt
ZmQyOTE1ZDRjZDVhLzEvN2dBblc1Z3Y3TTJVT0Z6M2xIRlk1VVdTS3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEtZmQyOTE1ZDRjZDVh
LzEvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXkMA0G
CSqGSIb3DQEBCwUAA4IBAQAZWvdioMO3P5tszhxadzN7v6AZTR8uvESdJlG8prGm
5L5f2RlEzPPZ+kCPbYyI3O8buVJTsYO7QGJTRV/6TOwY/N/cbxX8/xDozXqtXCui
HGVqjjEU0gEaSZDYNAycVv8d2A79Om7o5cGrn3idQEojoaULCfQtaROR6fDBn++Z
zyZHN4fqQ2PIPM3NlVcYwgwekArp760KBCI0pWsCOUWkpuFphu8r99xDthQEKCep
yqjgZ1cxzIYBPePahc4AVblv/bxdlHyklsa8cQUTI49g/IoVzHOeZL3kDBSr/UVn
3VglsOS+zYTgQL1iXgBsgzNLjy1YJzBYaJv+kH4xuRyP
-----END CERTIFICATE-----