Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/00816a-eedf-4190-bc33-3a02a242f444/1/PD4HFX0-TeKQamsCWJk04SAGL-A.roa
File:                     PD4HFX0-TeKQamsCWJk04SAGL-A.roa (raw, json)
Hash identifier:          St3m0QqGMRimi8UUxgclTR0t02r0sUdR6tzLczgw3YM=
Subject key identifier:   3C:3E:07:15:7D:3E:4D:E2:90:6A:6B:02:58:99:34:E1:20:06:2F:E0
Certificate issuer:       /CN=382528ab1cd1b6dc73c0b09b67d3e7e3584f363d
Certificate serial:       018CC8DF8BB654A831BC2D0C007A500C9416
Authority key identifier: 38:25:28:AB:1C:D1:B6:DC:73:C0:B0:9B:67:D3:E7:E3:58:4F:36:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCUoqxzRttxzwLCbZ9Pn41hPNj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/00816a-eedf-4190-bc33-3a02a242f444/1/PD4HFX0-TeKQamsCWJk04SAGL-A.roa
Signing time:             Tue 02 Jan 2024 06:32:22 +0000
ROA not before:           Tue 02 Jan 2024 06:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208484
IP address blocks:        185.116.248.0/22 maxlen: 22
                          5.145.184.0/21 maxlen: 21
                          2a04:64c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/00816a-eedf-4190-bc33-3a02a242f444/1/OCUoqxzRttxzwLCbZ9Pn41hPNj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/00816a-eedf-4190-bc33-3a02a242f444/1/OCUoqxzRttxzwLCbZ9Pn41hPNj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCUoqxzRttxzwLCbZ9Pn41hPNj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8b:b6:54:a8:31:bc:2d:0c:00:7a:50:0c:94:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=382528ab1cd1b6dc73c0b09b67d3e7e3584f363d
        Validity
            Not Before: Jan  2 06:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c3e07157d3e4de2906a6b02589934e120062fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:df:b5:4d:f7:4f:ff:42:f9:d7:94:0e:6b:c2:
                    d1:1e:79:ad:f6:6b:bf:80:1a:71:8d:2f:5d:fb:02:
                    67:5c:32:09:47:35:b8:f1:a7:02:b0:4e:9a:ee:42:
                    22:26:22:45:4d:bb:4b:b9:b9:cd:12:02:51:27:21:
                    4f:5f:61:8f:98:56:1d:a9:d1:2d:be:67:a4:60:65:
                    03:02:41:9d:4e:7f:44:f2:e0:b0:fb:29:f2:b0:13:
                    b9:0b:8d:80:54:8b:54:cb:54:86:1a:e8:c1:72:57:
                    6b:cc:9f:c9:a8:b6:38:ec:d2:69:14:0c:8e:8f:79:
                    9b:a1:68:49:65:74:08:c8:53:23:ec:1f:f3:96:aa:
                    e1:72:7a:0b:1f:22:e8:e9:59:15:2a:b0:4f:a2:79:
                    2b:8b:18:e0:ec:e1:00:68:aa:35:6e:56:1f:c6:99:
                    f2:1a:96:26:02:5c:59:a5:5b:8e:a8:28:42:0c:c4:
                    f9:48:75:31:a8:91:14:92:b0:5f:8d:84:4d:15:d5:
                    eb:f1:74:4e:9c:22:1e:2b:6d:46:f1:41:72:b0:21:
                    0a:f7:98:09:ba:12:9f:31:0f:4d:e0:c5:7b:33:4f:
                    a9:e6:1f:e1:05:49:9d:3a:01:03:1c:87:cf:62:eb:
                    35:7c:8b:9e:55:53:68:0c:22:c1:b1:f9:eb:ca:30:
                    53:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:3E:07:15:7D:3E:4D:E2:90:6A:6B:02:58:99:34:E1:20:06:2F:E0
            X509v3 Authority Key Identifier:
                keyid:38:25:28:AB:1C:D1:B6:DC:73:C0:B0:9B:67:D3:E7:E3:58:4F:36:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCUoqxzRttxzwLCbZ9Pn41hPNj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/00816a-eedf-4190-bc33-3a02a242f444/1/PD4HFX0-TeKQamsCWJk04SAGL-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/00816a-eedf-4190-bc33-3a02a242f444/1/OCUoqxzRttxzwLCbZ9Pn41hPNj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.184.0/21
                  185.116.248.0/22
                IPv6:
                  2a04:64c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:f7:a7:4a:21:35:cd:90:36:d7:1d:86:62:a8:8f:e5:9f:75:
         71:84:0d:6f:14:67:9d:b8:cc:be:dd:86:ae:04:6a:45:64:01:
         e3:41:64:a2:3a:13:1b:57:61:c9:e7:31:38:7b:da:8f:c3:d2:
         67:a5:cf:45:71:ca:fc:d6:f6:95:42:48:74:da:bb:e2:d7:2f:
         dd:27:f5:ea:bd:ca:3d:c4:73:69:29:c2:a8:64:4f:4c:4e:e6:
         20:b2:20:1f:7c:e8:66:b9:ae:28:a9:41:a0:2a:46:22:e0:53:
         ee:3b:b8:41:90:75:9c:74:71:85:0f:e6:8d:95:5c:22:9f:57:
         cf:9a:bb:e7:d2:29:c3:ad:f7:c9:c9:ad:4d:f9:ed:eb:b6:e1:
         d6:89:91:47:77:34:66:c2:26:98:2c:b3:df:8f:dc:50:6e:89:
         42:1f:22:1d:9c:5f:4c:68:68:cd:c0:70:3c:82:ca:57:7b:fb:
         79:04:d1:c5:d7:e3:99:08:08:bf:da:d5:94:b2:63:2b:1b:f3:
         90:84:97:30:11:ee:be:5b:92:4c:c9:67:cb:b6:32:b5:e9:17:
         d9:22:28:9a:ce:ad:77:d8:31:00:06:35:fc:a4:83:ff:b7:5f:
         fe:b0:54:38:bd:5f:b4:01:a3:e0:29:ec:1b:d4:4e:ea:3e:a7:
         de:17:ae:14
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI34u2VKgxvC0MAHpQDJQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjUyOGFiMWNkMWI2ZGM3M2MwYjA5YjY3ZDNlN2UzNTg0
ZjM2M2QwHhcNMjQwMTAyMDYzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzNlMDcxNTdkM2U0ZGUyOTA2YTZiMDI1ODk5MzRlMTIwMDYyZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9+1TfdP/0L515QOa8LRHnmt9mu/
gBpxjS9d+wJnXDIJRzW48acCsE6a7kIiJiJFTbtLubnNEgJRJyFPX2GPmFYdqdEt
vmekYGUDAkGdTn9E8uCw+ynysBO5C42AVItUy1SGGujBcldrzJ/JqLY47NJpFAyO
j3mboWhJZXQIyFMj7B/zlqrhcnoLHyLo6VkVKrBPonkrixjg7OEAaKo1blYfxpny
GpYmAlxZpVuOqChCDMT5SHUxqJEUkrBfjYRNFdXr8XROnCIeK21G8UFysCEK95gJ
uhKfMQ9N4MV7M0+p5h/hBUmdOgEDHIfPYus1fIueVVNoDCLBsfnryjBT0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDw+BxV9Pk3ikGprAliZNOEgBi/gMB8GA1UdIwQY
MBaAFDglKKsc0bbcc8Cwm2fT5+NYTzY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NVb3F4elJ0dHh6d0xDYlo5UG40MWhQTmowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMDgxNmEtZWVkZi00MTkwLWJjMzMt
M2EwMmEyNDJmNDQ0LzEvUEQ0SEZYMC1UZUtRYW1zQ1dKazA0U0FHTC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMDgxNmEtZWVkZi00MTkwLWJjMzMtM2EwMmEyNDJmNDQ0
LzEvT0NVb3F4elJ0dHh6d0xDYlo5UG40MWhQTmowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBZG4AwQC
uXT4MA0EAgACMAcDBQMqBGTAMA0GCSqGSIb3DQEBCwUAA4IBAQCL96dKITXNkDbX
HYZiqI/ln3VxhA1vFGeduMy+3YauBGpFZAHjQWSiOhMbV2HJ5zE4e9qPw9Jnpc9F
ccr81vaVQkh02rvi1y/dJ/Xqvco9xHNpKcKoZE9MTuYgsiAffOhmua4oqUGgKkYi
4FPuO7hBkHWcdHGFD+aNlVwin1fPmrvn0inDrffJya1N+e3rtuHWiZFHdzRmwiaY
LLPfj9xQbolCHyIdnF9MaGjNwHA8gspXe/t5BNHF1+OZCAi/2tWUsmMrG/OQhJcw
Ee6+W5JMyWfLtjK16RfZIiiazq132DEABjX8pIP/t1/+sFQ4vV+0AaPgKewb1E7q
PqfeF64U
-----END CERTIFICATE-----