Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/IpyjPjITWlseeUupUFrw00pXGhc.roa
File:                     IpyjPjITWlseeUupUFrw00pXGhc.roa (raw, json)
Hash identifier:          wfhq+7WtDiw/cWKUNH69txt79cgDz20sL+t4c9WWyaM=
Subject key identifier:   22:9C:A3:3E:32:13:5A:5B:1E:79:4B:A9:50:5A:F0:D3:4A:57:1A:17
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       018CC86F2D7FB7DA7D32E1BFFDA060E80615
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/IpyjPjITWlseeUupUFrw00pXGhc.roa
Signing time:             Tue 02 Jan 2024 04:29:38 +0000
ROA not before:           Tue 02 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48881
IP address blocks:        185.104.180.0/22 maxlen: 22
                          185.104.48.0/21 maxlen: 21
                          2a06:1fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2d:7f:b7:da:7d:32:e1:bf:fd:a0:60:e8:06:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Jan  2 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=229ca33e32135a5b1e794ba9505af0d34a571a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e7:93:f6:e5:67:8f:30:2c:ce:83:37:47:2f:
                    25:82:68:77:32:14:4e:34:6c:a3:cf:3e:70:55:a6:
                    73:f5:5b:aa:79:a2:63:33:3e:86:5f:71:b8:d5:83:
                    d1:8d:38:e0:d5:b7:2b:f0:b3:49:17:e9:9b:3b:f6:
                    8e:85:fd:ec:10:c9:09:f8:0c:5f:41:e2:51:4d:48:
                    8e:d2:7e:7d:f5:7a:e1:0a:7e:4c:7c:b9:13:cf:12:
                    a1:34:12:33:b1:a0:8b:d2:be:1e:a1:ca:90:cf:94:
                    b5:7f:55:09:51:b3:6c:19:4e:ba:d1:7f:02:3d:07:
                    b9:65:05:e2:3b:c9:63:6c:14:bc:51:58:8c:bd:93:
                    42:48:0a:65:ba:ef:33:b6:46:fd:db:0c:c0:1b:0a:
                    a5:b0:27:6d:3e:ba:18:c6:00:64:75:af:97:1b:13:
                    09:16:45:68:55:e7:32:d0:d3:3c:1f:86:0f:e2:3a:
                    81:e6:85:c5:71:bb:b0:f0:aa:22:8b:d8:b6:27:e1:
                    94:e6:76:22:80:76:63:22:ac:40:11:3a:fb:bc:40:
                    da:86:67:b8:86:3c:9e:f4:f0:42:05:79:e2:40:a9:
                    c2:b6:d9:44:16:f9:3c:8c:0f:ae:3e:aa:2d:a8:0e:
                    03:d3:60:3e:65:cb:3d:0e:93:2e:15:f3:43:12:8c:
                    c7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9C:A3:3E:32:13:5A:5B:1E:79:4B:A9:50:5A:F0:D3:4A:57:1A:17
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/IpyjPjITWlseeUupUFrw00pXGhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.48.0/21
                  185.104.180.0/22
                IPv6:
                  2a06:1fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:f5:6a:97:95:1e:4d:8b:ac:7b:c6:22:bc:68:67:51:19:88:
         c0:ea:f4:f7:e8:65:12:79:68:2e:35:d6:fd:bf:1e:4e:aa:5f:
         d3:3e:a9:95:65:1b:62:d1:2b:a7:c6:1b:fd:56:7d:21:9e:68:
         3e:b1:ce:8c:76:1c:de:71:53:34:23:a5:ca:07:3f:3c:03:f4:
         dd:45:f5:c1:9f:48:f2:92:5b:9e:fc:9b:eb:9a:68:36:31:21:
         ad:30:85:41:66:3a:a1:18:e5:5a:10:06:f5:cb:87:23:4f:cd:
         bf:65:c2:ef:64:04:a6:93:6f:d7:1e:ef:2e:20:97:23:bf:d7:
         fc:ed:4f:68:f7:83:11:17:70:dc:21:23:c2:19:8d:e2:f6:d6:
         9d:67:7c:f9:cf:2f:f6:92:e2:43:72:f0:f6:34:9f:99:7e:90:
         55:a2:5a:cb:39:76:19:fa:c7:10:77:38:41:66:85:b1:db:8b:
         e7:f9:c5:df:f7:78:cd:cc:55:bb:1f:48:2a:45:20:10:53:cf:
         23:00:b4:e4:c6:36:bf:a4:68:43:d6:bd:5e:3c:4f:05:68:ba:
         d8:80:19:97:7c:57:6e:a9:b3:0b:fa:91:fd:00:6d:ef:f1:31:
         60:30:27:23:f2:92:65:19:24:3b:97:f6:93:8b:be:94:2f:78:
         35:2e:a7:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIby1/t9p9MuG//aBg6AYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjQwMTAyMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjljYTMzZTMyMTM1YTViMWU3OTRiYTk1MDVhZjBkMzRhNTcxYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhueT9uVnjzAszoM3Ry8lgmh3MhRO
NGyjzz5wVaZz9VuqeaJjMz6GX3G41YPRjTjg1bcr8LNJF+mbO/aOhf3sEMkJ+Axf
QeJRTUiO0n599XrhCn5MfLkTzxKhNBIzsaCL0r4eocqQz5S1f1UJUbNsGU660X8C
PQe5ZQXiO8ljbBS8UViMvZNCSApluu8ztkb92wzAGwqlsCdtProYxgBkda+XGxMJ
FkVoVecy0NM8H4YP4jqB5oXFcbuw8Koii9i2J+GU5nYigHZjIqxAETr7vEDahme4
hjye9PBCBXniQKnCttlEFvk8jA+uPqotqA4D02A+Zcs9DpMuFfNDEozHWwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCKcoz4yE1pbHnlLqVBa8NNKVxoXMB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvSXB5alBqSVRXbHNlZVV1cFVGcncwMHBYR2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDuWgwAwQC
uWi0MA0EAgACMAcDBQMqBh/AMA0GCSqGSIb3DQEBCwUAA4IBAQCm9WqXlR5Ni6x7
xiK8aGdRGYjA6vT36GUSeWguNdb9vx5Oql/TPqmVZRti0Sunxhv9Vn0hnmg+sc6M
dhzecVM0I6XKBz88A/TdRfXBn0jyklue/Jvrmmg2MSGtMIVBZjqhGOVaEAb1y4cj
T82/ZcLvZASmk2/XHu8uIJcjv9f87U9o94MRF3DcISPCGY3i9tadZ3z5zy/2kuJD
cvD2NJ+ZfpBVolrLOXYZ+scQdzhBZoWx24vn+cXf93jNzFW7H0gqRSAQU88jALTk
xja/pGhD1r1ePE8FaLrYgBmXfFduqbML+pH9AG3v8TFgMCcj8pJlGSQ7l/aTi76U
L3g1Lqe/
-----END CERTIFICATE-----