Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ebd0c9-7a36-4036-8658-1de00bd8912c/1/t4jnOQdYy98wRe_kbij1S9ctR3E.roa
File:                     t4jnOQdYy98wRe_kbij1S9ctR3E.roa (raw, json)
Hash identifier:          E8CDGxT7LEPIs6E9OlQs7hsjk6Tvt4G7w58+BQbWU3A=
Subject key identifier:   B7:88:E7:39:07:58:CB:DF:30:45:EF:E4:6E:28:F5:4B:D7:2D:47:71
Certificate issuer:       /CN=ac58eb7c61750cce333cd0026c77c93cbe465d98
Certificate serial:       018CC79331003D41A1F12A307EA0069CDCAF
Authority key identifier: AC:58:EB:7C:61:75:0C:CE:33:3C:D0:02:6C:77:C9:3C:BE:46:5D:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rFjrfGF1DM4zPNACbHfJPL5GXZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ebd0c9-7a36-4036-8658-1de00bd8912c/1/t4jnOQdYy98wRe_kbij1S9ctR3E.roa
Signing time:             Tue 02 Jan 2024 00:29:21 +0000
ROA not before:           Tue 02 Jan 2024 00:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205449
IP address blocks:        185.218.88.0/22 maxlen: 22
                          2a0c:f400:53::/48 maxlen: 48
                          2a0c:f400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ebd0c9-7a36-4036-8658-1de00bd8912c/1/rFjrfGF1DM4zPNACbHfJPL5GXZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ebd0c9-7a36-4036-8658-1de00bd8912c/1/rFjrfGF1DM4zPNACbHfJPL5GXZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rFjrfGF1DM4zPNACbHfJPL5GXZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:31:00:3d:41:a1:f1:2a:30:7e:a0:06:9c:dc:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac58eb7c61750cce333cd0026c77c93cbe465d98
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b788e7390758cbdf3045efe46e28f54bd72d4771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:15:8e:7e:af:1b:b6:84:7f:5c:26:42:22:08:
                    a0:5c:99:73:b7:5f:26:78:99:8f:65:52:ff:a0:af:
                    33:e4:38:8d:4e:97:d5:db:e1:cd:24:b6:f9:f7:7a:
                    8c:f1:05:b9:74:fe:cd:db:01:7c:94:f7:30:72:3f:
                    bc:9b:6f:94:a7:dd:19:83:6c:c5:03:17:4d:c6:b6:
                    a6:4b:d3:d6:db:e1:32:0c:b0:72:3d:f2:d0:66:48:
                    82:e9:0c:f3:5d:12:11:c3:26:b0:81:0a:62:85:74:
                    23:1a:68:e0:23:79:10:52:35:e6:80:ad:3a:e6:f1:
                    d5:27:3a:09:d9:92:35:67:23:9a:43:11:97:7f:60:
                    15:b9:a6:44:73:bb:ad:06:16:05:15:bb:7d:e4:ce:
                    82:cf:63:50:04:65:72:2b:cf:0f:2a:0d:d8:35:cf:
                    f1:79:3d:96:ee:12:6a:c6:f8:49:86:99:34:66:eb:
                    24:7b:43:8e:68:57:06:d1:28:f1:a1:87:d1:a1:0a:
                    bb:53:6e:bc:c4:53:73:62:10:08:0f:01:c5:e5:9f:
                    65:0a:20:de:19:90:47:4e:82:3e:a0:f5:7a:10:ae:
                    05:ef:df:94:ee:bd:18:e4:9a:0d:d1:e3:09:1c:17:
                    48:3a:dc:bd:42:3f:8a:91:04:7a:25:a4:6e:2d:f4:
                    95:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:88:E7:39:07:58:CB:DF:30:45:EF:E4:6E:28:F5:4B:D7:2D:47:71
            X509v3 Authority Key Identifier:
                keyid:AC:58:EB:7C:61:75:0C:CE:33:3C:D0:02:6C:77:C9:3C:BE:46:5D:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rFjrfGF1DM4zPNACbHfJPL5GXZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ebd0c9-7a36-4036-8658-1de00bd8912c/1/t4jnOQdYy98wRe_kbij1S9ctR3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ebd0c9-7a36-4036-8658-1de00bd8912c/1/rFjrfGF1DM4zPNACbHfJPL5GXZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.88.0/22
                IPv6:
                  2a0c:f400::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:83:4b:02:7b:4a:47:8b:cf:9b:d3:ed:25:bf:de:cf:6a:76:
         5e:58:a3:10:42:7b:66:27:2b:83:a4:a6:3c:f1:be:35:96:a0:
         93:1f:ec:25:7c:ee:61:33:73:41:33:d3:91:67:35:27:89:89:
         2c:ff:43:20:3b:ba:38:8a:60:64:8f:0f:cd:82:05:ac:30:f5:
         60:7e:ea:61:4a:52:2f:22:2b:ef:23:85:52:c7:f5:f3:8f:6c:
         a1:8e:99:77:90:cf:8c:5f:a4:2a:aa:f4:04:49:7f:b2:55:07:
         6d:64:62:9d:ca:65:40:19:ea:a5:c7:fe:af:c8:3b:9b:4d:c2:
         28:50:ab:bc:fc:cf:be:b6:c6:3b:2e:9c:7d:fe:e6:a3:35:3c:
         26:48:27:4c:2f:39:9f:38:a4:12:8f:c0:d8:d0:b6:54:f4:b9:
         2b:de:e9:17:9f:ac:f3:20:86:c7:44:5a:27:b1:4d:66:18:f5:
         d9:f2:40:7a:2a:2f:43:dc:f3:45:8c:c9:e1:dd:f6:33:5e:80:
         38:98:c1:74:be:63:77:7e:16:37:f1:fc:c1:6e:5a:6b:a9:45:
         e7:2e:a1:43:71:03:ae:25:82:1c:4d:cc:d6:4f:d0:ea:b9:8b:
         aa:18:0a:c0:78:69:f0:ed:61:54:4d:5c:2b:4b:b4:7c:17:a7:
         88:96:a3:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHkzEAPUGh8SowfqAGnNyvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNThlYjdjNjE3NTBjY2UzMzNjZDAwMjZjNzdjOTNjYmU0
NjVkOTgwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg4ZTczOTA3NThjYmRmMzA0NWVmZTQ2ZTI4ZjU0YmQ3MmQ0NzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRWOfq8btoR/XCZCIgigXJlzt18m
eJmPZVL/oK8z5DiNTpfV2+HNJLb593qM8QW5dP7N2wF8lPcwcj+8m2+Up90Zg2zF
AxdNxramS9PW2+EyDLByPfLQZkiC6QzzXRIRwyawgQpihXQjGmjgI3kQUjXmgK06
5vHVJzoJ2ZI1ZyOaQxGXf2AVuaZEc7utBhYFFbt95M6Cz2NQBGVyK88PKg3YNc/x
eT2W7hJqxvhJhpk0Zuske0OOaFcG0SjxoYfRoQq7U268xFNzYhAIDwHF5Z9lCiDe
GZBHToI+oPV6EK4F79+U7r0Y5JoN0eMJHBdIOty9Qj+KkQR6JaRuLfSVBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLeI5zkHWMvfMEXv5G4o9UvXLUdxMB8GA1UdIwQY
MBaAFKxY63xhdQzOMzzQAmx3yTy+Rl2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckZqcmZHRjFETTR6UE5BQ2JIZkpQTDVHWFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lYmQwYzktN2EzNi00MDM2LTg2NTgt
MWRlMDBiZDg5MTJjLzEvdDRqbk9RZFl5OTh3UmVfa2JpajFTOWN0UjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lYmQwYzktN2EzNi00MDM2LTg2NTgtMWRlMDBiZDg5MTJj
LzEvckZqcmZHRjFETTR6UE5BQ2JIZkpQTDVHWFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudpYMA0E
AgACMAcDBQMqDPQAMA0GCSqGSIb3DQEBCwUAA4IBAQBYg0sCe0pHi8+b0+0lv97P
anZeWKMQQntmJyuDpKY88b41lqCTH+wlfO5hM3NBM9ORZzUniYks/0MgO7o4imBk
jw/NggWsMPVgfuphSlIvIivvI4VSx/Xzj2yhjpl3kM+MX6QqqvQESX+yVQdtZGKd
ymVAGeqlx/6vyDubTcIoUKu8/M++tsY7Lpx9/uajNTwmSCdMLzmfOKQSj8DY0LZU
9Lkr3ukXn6zzIIbHRFonsU1mGPXZ8kB6Ki9D3PNFjMnh3fYzXoA4mMF0vmN3fhY3
8fzBblprqUXnLqFDcQOuJYIcTczWT9DquYuqGArAeGnw7WFUTVwrS7R8F6eIlqPf
-----END CERTIFICATE-----