Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/Rv_8IwWZ7B7W2BieBRO86HpCHoo.roa
File:                     Rv_8IwWZ7B7W2BieBRO86HpCHoo.roa (raw, json)
Hash identifier:          qcMqZjU1x0xsTUD/QVqOAeZJTu7cdeay/Junj1QSoaY=
Subject key identifier:   46:FF:FC:23:05:99:EC:1E:D6:D8:18:9E:05:13:BC:E8:7A:42:1E:8A
Certificate issuer:       /CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
Certificate serial:       018CC6B92C1E99ACE326902F5A70DBC9FA6F
Authority key identifier: 4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/Rv_8IwWZ7B7W2BieBRO86HpCHoo.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1241
IP address blocks:        185.117.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2c:1e:99:ac:e3:26:90:2f:5a:70:db:c9:fa:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46fffc230599ec1ed6d8189e0513bce87a421e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:62:a1:b2:95:26:89:a5:df:53:1e:cf:7d:4b:
                    5e:9f:12:20:6b:87:b2:e8:39:82:c6:f3:29:8f:6a:
                    d3:60:ea:e4:e6:44:65:aa:07:66:ce:28:8b:95:01:
                    a7:8a:8e:22:d1:60:05:27:e6:3e:d0:dc:3f:88:5f:
                    85:e4:fc:60:46:fe:2f:9a:a7:94:3d:28:b8:c8:ee:
                    a5:1a:28:f9:dd:fc:9f:69:a1:99:2b:d1:fa:5a:f4:
                    a4:15:f1:76:de:b5:1d:c7:0d:e9:53:30:5b:52:0c:
                    28:60:5f:34:10:ba:38:c5:84:f2:76:d6:a6:c9:02:
                    d6:4c:17:d0:ca:f8:7c:df:75:d3:88:5a:ac:36:c4:
                    3f:dc:d8:9b:93:34:a9:46:d7:6c:8c:02:0c:cd:69:
                    55:7a:0a:52:ef:47:c4:bb:2d:ad:d6:6b:d8:44:3d:
                    e8:f6:44:dc:5a:dc:da:b4:29:82:78:5c:7b:3d:c3:
                    2d:28:24:f0:45:9c:4f:be:ba:8a:ba:d9:9c:cf:93:
                    83:ef:c9:11:6e:fb:03:e6:2d:15:4e:fd:1e:5f:0d:
                    08:29:9c:3f:16:d1:2f:3c:d5:ce:44:40:e9:ca:3e:
                    9a:79:49:ca:09:50:e5:fd:7f:e0:f3:4a:70:15:63:
                    a3:c5:84:aa:da:90:87:97:11:42:2e:4a:60:07:c7:
                    52:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FF:FC:23:05:99:EC:1E:D6:D8:18:9E:05:13:BC:E8:7A:42:1E:8A
            X509v3 Authority Key Identifier:
                keyid:4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/Rv_8IwWZ7B7W2BieBRO86HpCHoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:e0:d0:cd:28:67:42:89:e1:0f:08:0c:2c:37:54:ce:d2:9a:
         e5:09:8e:c2:f3:a7:2b:f3:dc:48:a9:78:3f:a3:66:a5:ff:86:
         bf:48:dd:a8:fc:51:d5:cb:14:46:89:ae:30:23:28:6d:bb:74:
         b1:7c:b2:f2:85:c2:5d:76:98:9a:fa:fe:a7:32:a5:f8:94:96:
         b2:d2:c9:ed:4b:09:d2:cc:bc:86:10:9f:d0:9c:d3:ca:c4:4f:
         6b:f2:27:d7:01:58:be:bf:66:f0:6d:cb:37:8d:7e:93:31:71:
         a4:eb:2d:d9:24:e3:63:34:f7:5d:e7:e3:ba:73:45:ca:19:08:
         54:b9:a3:8b:4d:d7:66:56:bb:c2:bb:21:4e:02:0f:df:ab:c7:
         81:2b:9d:87:4d:08:00:65:1b:ca:88:8b:ee:1e:4b:1f:1a:73:
         b4:6b:1e:10:eb:09:bb:69:a2:0a:1d:1b:41:17:48:43:07:1f:
         da:2d:90:31:a9:33:1f:ab:3d:65:83:0c:2e:a8:99:e9:38:4a:
         03:96:05:ab:82:ee:d1:89:17:1c:a2:43:ec:5e:3e:67:7b:14:
         e0:ad:f3:a7:6f:62:21:c5:cf:ea:6d:a8:fa:67:47:f3:e7:7e:
         b0:74:9a:8c:cf:00:b3:3a:14:92:e3:42:e7:f7:03:d5:eb:e7:
         32:d2:83:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSwemazjJpAvWnDbyfpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzM5MWRjNjE1ZmQ0YTNhZDEwYzBmMmFiOGIwYTUwNmQw
MzllZDgwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZmZmMyMzA1OTllYzFlZDZkODE4OWUwNTEzYmNlODdhNDIxZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2KhspUmiaXfUx7PfUtenxIga4ey
6DmCxvMpj2rTYOrk5kRlqgdmziiLlQGnio4i0WAFJ+Y+0Nw/iF+F5PxgRv4vmqeU
PSi4yO6lGij53fyfaaGZK9H6WvSkFfF23rUdxw3pUzBbUgwoYF80ELo4xYTydtam
yQLWTBfQyvh833XTiFqsNsQ/3NibkzSpRtdsjAIMzWlVegpS70fEuy2t1mvYRD3o
9kTcWtzatCmCeFx7PcMtKCTwRZxPvrqKutmcz5OD78kRbvsD5i0VTv0eXw0IKZw/
FtEvPNXOREDpyj6aeUnKCVDl/X/g80pwFWOjxYSq2pCHlxFCLkpgB8dSAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb//CMFmewe1tgYngUTvOh6Qh6KMB8GA1UdIwQY
MBaAFE3DkdxhX9SjrRDA8quLClBtA57YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEt
ZmQyOTE1ZDRjZDVhLzEvUnZfOEl3V1o3QjdXMkJpZUJSTzg2SHBDSG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEtZmQyOTE1ZDRjZDVh
LzEvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXlMA0G
CSqGSIb3DQEBCwUAA4IBAQBE4NDNKGdCieEPCAwsN1TO0prlCY7C86cr89xIqXg/
o2al/4a/SN2o/FHVyxRGia4wIyhtu3SxfLLyhcJddpia+v6nMqX4lJay0sntSwnS
zLyGEJ/QnNPKxE9r8ifXAVi+v2bwbcs3jX6TMXGk6y3ZJONjNPdd5+O6c0XKGQhU
uaOLTddmVrvCuyFOAg/fq8eBK52HTQgAZRvKiIvuHksfGnO0ax4Q6wm7aaIKHRtB
F0hDBx/aLZAxqTMfqz1lgwwuqJnpOEoDlgWrgu7RiRccokPsXj5nexTgrfOnb2Ih
xc/qbaj6Z0fz536wdJqMzwCzOhSS40Ln9wPV6+cy0oPN
-----END CERTIFICATE-----