Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/fkFd-k21sV-doNFEY7gsOpnewok.roa
File:                     fkFd-k21sV-doNFEY7gsOpnewok.roa (raw, json)
Hash identifier:          QpTWwpq9bExJbRFbypQjyvGhUYCsck/kmiWo08Bs9mw=
Subject key identifier:   7E:41:5D:FA:4D:B5:B1:5F:9D:A0:D1:44:63:B8:2C:3A:99:DE:C2:89
Certificate issuer:       /CN=4adcf19672965f51b16d87afab1b149082e6c3ee
Certificate serial:       018CC500282580027C90BBFBA348E9B5F383
Authority key identifier: 4A:DC:F1:96:72:96:5F:51:B1:6D:87:AF:AB:1B:14:90:82:E6:C3:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/StzxlnKWX1GxbYevqxsUkILmw-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/fkFd-k21sV-doNFEY7gsOpnewok.roa
Signing time:             Mon 01 Jan 2024 12:29:30 +0000
ROA not before:           Mon 01 Jan 2024 12:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205174
IP address blocks:        185.217.222.0/24 maxlen: 24
                          185.217.220.0/22 maxlen: 22
                          2a0c:e200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/StzxlnKWX1GxbYevqxsUkILmw-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/StzxlnKWX1GxbYevqxsUkILmw-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/StzxlnKWX1GxbYevqxsUkILmw-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:28:25:80:02:7c:90:bb:fb:a3:48:e9:b5:f3:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4adcf19672965f51b16d87afab1b149082e6c3ee
        Validity
            Not Before: Jan  1 12:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e415dfa4db5b15f9da0d14463b82c3a99dec289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:77:c9:6e:5e:6d:3f:d4:45:e3:43:60:b4:52:
                    a5:5e:46:a3:af:3d:9b:73:87:69:b0:a5:82:3b:23:
                    7c:b7:01:1f:97:b4:03:7e:28:0d:b1:6d:1c:f7:88:
                    57:ca:a9:04:8e:10:59:09:94:b4:c8:02:9d:1f:46:
                    41:34:f5:30:fd:71:0d:ce:9a:5f:cf:bc:d2:e3:51:
                    77:c6:e9:49:19:44:45:8f:5d:c2:01:24:3e:b6:d0:
                    c6:79:ba:c5:49:a3:f3:5b:ef:92:e3:44:0f:f6:42:
                    e6:4b:8e:1b:d6:a2:3b:c0:54:15:32:b2:bd:10:4f:
                    d2:dd:26:6e:07:f4:d6:7e:8a:15:2d:ef:4a:62:35:
                    2e:20:00:14:ad:a6:cf:ee:96:44:cd:9e:19:12:5e:
                    bd:70:5a:fc:55:d6:40:54:05:94:b0:47:4e:61:e5:
                    c7:79:99:70:47:c6:3f:dd:8f:73:8a:aa:68:d4:5f:
                    a9:e5:78:cc:b8:3c:e7:21:20:cb:da:3f:21:d9:37:
                    cc:53:90:70:ef:2d:26:ad:62:d7:af:4f:47:c7:76:
                    6f:27:bc:fe:c5:9e:27:fd:6c:79:55:84:68:a2:2f:
                    5a:bd:64:ad:47:d4:4b:47:74:52:24:6a:06:22:c2:
                    df:8d:cd:33:e2:ef:21:e6:c5:14:ef:18:21:08:26:
                    27:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:41:5D:FA:4D:B5:B1:5F:9D:A0:D1:44:63:B8:2C:3A:99:DE:C2:89
            X509v3 Authority Key Identifier:
                keyid:4A:DC:F1:96:72:96:5F:51:B1:6D:87:AF:AB:1B:14:90:82:E6:C3:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/StzxlnKWX1GxbYevqxsUkILmw-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/fkFd-k21sV-doNFEY7gsOpnewok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/StzxlnKWX1GxbYevqxsUkILmw-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.220.0/22
                IPv6:
                  2a0c:e200::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:0f:f1:67:1c:3a:2b:28:48:25:fc:28:3a:da:6e:d7:cc:8c:
         6a:3d:fb:a7:0a:09:8f:f2:95:19:95:1a:53:e8:15:7f:86:b1:
         22:c2:db:68:ff:59:46:46:b8:d5:6e:a6:96:b5:01:58:8e:40:
         bd:9c:b9:46:ee:d1:eb:4c:68:df:1c:0c:c2:42:fb:1e:e0:25:
         ac:6b:eb:2b:87:1b:98:2c:01:47:33:10:b7:e3:20:53:e9:e0:
         94:78:f0:33:5f:c6:11:d5:35:af:83:1b:e7:0f:89:eb:52:1b:
         f5:fc:13:2c:4e:71:50:8c:9b:72:91:65:6e:18:28:82:91:81:
         15:bc:1e:0e:1c:33:c6:40:1d:5b:08:e2:28:26:7a:eb:b6:cc:
         dd:87:58:cf:09:f3:85:dc:20:57:d5:fc:21:87:8a:4d:4e:a6:
         ce:b8:8e:9d:41:d4:d8:84:3d:8f:f6:92:cc:7c:62:59:c3:c0:
         8a:79:6c:63:ec:3b:85:62:48:57:e8:88:b9:d1:23:69:f6:17:
         14:35:e6:fe:2f:80:17:59:9b:d8:f8:8e:73:24:9f:9f:fb:09:
         b5:0a:36:13:79:ae:31:47:a5:81:4f:ca:e8:7c:8c:21:d5:1f:
         e1:0f:92:b8:a9:60:c3:8a:3c:0c:7e:e4:17:58:8b:46:a5:1c:
         c4:95:fe:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFACglgAJ8kLv7o0jptfODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZGNmMTk2NzI5NjVmNTFiMTZkODdhZmFiMWIxNDkwODJl
NmMzZWUwHhcNMjQwMTAxMTIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQxNWRmYTRkYjViMTVmOWRhMGQxNDQ2M2I4MmMzYTk5ZGVjMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3fJbl5tP9RF40NgtFKlXkajrz2b
c4dpsKWCOyN8twEfl7QDfigNsW0c94hXyqkEjhBZCZS0yAKdH0ZBNPUw/XENzppf
z7zS41F3xulJGURFj13CASQ+ttDGebrFSaPzW++S40QP9kLmS44b1qI7wFQVMrK9
EE/S3SZuB/TWfooVLe9KYjUuIAAUrabP7pZEzZ4ZEl69cFr8VdZAVAWUsEdOYeXH
eZlwR8Y/3Y9ziqpo1F+p5XjMuDznISDL2j8h2TfMU5Bw7y0mrWLXr09Hx3ZvJ7z+
xZ4n/Wx5VYRooi9avWStR9RLR3RSJGoGIsLfjc0z4u8h5sUU7xghCCYnTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH5BXfpNtbFfnaDRRGO4LDqZ3sKJMB8GA1UdIwQY
MBaAFErc8ZZyll9RsW2Hr6sbFJCC5sPuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3R6eGxuS1dYMUd4YllldnF4c1VrSUxtdy00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8yZDJlYjYtMDVkNS00N2EwLThmZWQt
ZWJmMzJhMDQ2OWM3LzEvZmtGZC1rMjFzVi1kb05GRVk3Z3NPcG5ld29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8yZDJlYjYtMDVkNS00N2EwLThmZWQtZWJmMzJhMDQ2OWM3
LzEvU3R6eGxuS1dYMUd4YllldnF4c1VrSUxtdy00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudncMA0E
AgACMAcDBQMqDOIAMA0GCSqGSIb3DQEBCwUAA4IBAQA4D/FnHDorKEgl/Cg62m7X
zIxqPfunCgmP8pUZlRpT6BV/hrEiwtto/1lGRrjVbqaWtQFYjkC9nLlG7tHrTGjf
HAzCQvse4CWsa+srhxuYLAFHMxC34yBT6eCUePAzX8YR1TWvgxvnD4nrUhv1/BMs
TnFQjJtykWVuGCiCkYEVvB4OHDPGQB1bCOIoJnrrtszdh1jPCfOF3CBX1fwhh4pN
TqbOuI6dQdTYhD2P9pLMfGJZw8CKeWxj7DuFYkhX6Ii50SNp9hcUNeb+L4AXWZvY
+I5zJJ+f+wm1CjYTea4xR6WBT8rofIwh1R/hD5K4qWDDijwMfuQXWItGpRzElf7B
-----END CERTIFICATE-----