Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/M4DdSHiOP6OMxH3GW2FACDVyPf8.roa
File:                     M4DdSHiOP6OMxH3GW2FACDVyPf8.roa (raw, json)
Hash identifier:          IlPJn0dzlmwJqnqyCRY0JCRnNfi/eBmvdJ5LsquOJF0=
Subject key identifier:   33:80:DD:48:78:8E:3F:A3:8C:C4:7D:C6:5B:61:40:08:35:72:3D:FF
Certificate issuer:       /CN=c491456eda59fb0fd2d173f95412be35f6cfbfaf
Certificate serial:       018CC6B8D471C686E82E89B5B25D88902516
Authority key identifier: C4:91:45:6E:DA:59:FB:0F:D2:D1:73:F9:54:12:BE:35:F6:CF:BF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/M4DdSHiOP6OMxH3GW2FACDVyPf8.roa
Signing time:             Mon 01 Jan 2024 20:30:50 +0000
ROA not before:           Mon 01 Jan 2024 20:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201324
IP address blocks:        185.78.140.0/22 maxlen: 22
                          2a03:5960::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d4:71:c6:86:e8:2e:89:b5:b2:5d:88:90:25:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c491456eda59fb0fd2d173f95412be35f6cfbfaf
        Validity
            Not Before: Jan  1 20:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3380dd48788e3fa38cc47dc65b61400835723dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f7:14:ae:55:29:c5:ee:83:0b:da:60:c7:7f:
                    1d:6a:8d:29:4c:3f:46:fa:ee:f0:d5:22:f2:4c:04:
                    67:81:ff:df:05:f0:ef:93:47:f2:6c:89:f4:9c:c1:
                    fa:6d:62:e4:30:83:b3:2b:18:e2:fd:cd:96:1d:33:
                    90:94:5e:cc:6c:e4:0a:42:44:38:46:e9:96:05:9f:
                    cd:10:26:3a:34:72:fc:65:37:be:1e:66:36:49:a5:
                    b6:a3:e8:8b:c5:3c:df:e8:a6:dc:6d:0f:ab:af:dc:
                    ef:4a:b8:4d:c2:92:bb:f7:2b:34:31:a2:03:de:cc:
                    c0:f0:15:99:00:21:5d:b2:1b:67:02:33:ee:6d:71:
                    ec:a2:99:11:53:99:26:42:92:fe:21:46:07:48:f2:
                    61:6f:97:98:bb:ce:71:4a:60:3e:86:df:d0:07:a8:
                    49:ad:72:93:81:ce:7a:4f:9c:cd:a8:1b:6e:d5:b4:
                    99:a7:29:52:85:3a:ac:19:bf:b0:3b:48:82:7d:f4:
                    41:d5:e9:e2:7b:67:1c:05:02:95:4c:ac:14:c1:b3:
                    58:48:1a:16:28:a2:84:d2:87:70:a6:03:19:3d:4d:
                    b0:1a:a6:36:19:07:ec:02:04:be:f5:47:4b:52:8c:
                    2a:53:3b:7e:34:2e:1c:60:7c:12:60:6d:4c:92:d9:
                    1b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:80:DD:48:78:8E:3F:A3:8C:C4:7D:C6:5B:61:40:08:35:72:3D:FF
            X509v3 Authority Key Identifier:
                keyid:C4:91:45:6E:DA:59:FB:0F:D2:D1:73:F9:54:12:BE:35:F6:CF:BF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/M4DdSHiOP6OMxH3GW2FACDVyPf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.140.0/22
                IPv6:
                  2a03:5960::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:18:8b:0f:66:4a:67:a0:9a:93:cb:18:51:70:5b:03:10:3d:
         fa:97:a1:48:7a:54:15:9a:b7:d9:09:6a:b3:d1:15:d8:b2:29:
         c4:17:a7:ac:14:e5:4e:d2:95:44:27:96:82:dd:24:30:62:06:
         99:de:81:d2:95:e3:8e:9b:95:4c:e5:0e:a6:e2:a2:2e:b6:35:
         66:57:fe:d0:00:ac:6d:4f:1c:6a:56:b1:18:26:b0:d3:bb:66:
         45:e5:89:fe:c1:f0:46:75:ee:4e:96:60:a6:37:13:5a:d0:1a:
         a9:ba:7b:d2:3f:1d:91:f5:28:0d:cf:17:c5:46:31:65:ac:59:
         f2:50:5a:94:d2:51:92:75:e5:7c:8e:4b:1a:da:e2:79:33:1a:
         03:f9:15:c0:54:73:1f:68:40:54:66:ea:76:5f:ce:06:e3:07:
         65:13:b2:22:6e:b1:4b:ae:70:5a:cf:18:2a:24:ac:e8:5c:7c:
         f7:4b:dc:34:5f:06:0c:57:f2:04:a2:28:0f:3c:e4:91:7f:15:
         40:72:fe:2c:98:aa:41:d6:7f:65:53:d7:0e:7a:e1:ae:ae:e5:
         6c:b7:40:cc:d0:78:bc:d8:80:20:df:91:e1:af:01:50:a7:ac:
         de:71:01:10:80:2a:91:41:01:bb:9d:66:f5:90:67:aa:39:df:
         20:01:0e:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuNRxxoboLom1sl2IkCUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OTE0NTZlZGE1OWZiMGZkMmQxNzNmOTU0MTJiZTM1ZjZj
ZmJmYWYwHhcNMjQwMTAxMjAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzgwZGQ0ODc4OGUzZmEzOGNjNDdkYzY1YjYxNDAwODM1NzIzZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfcUrlUpxe6DC9pgx38dao0pTD9G
+u7w1SLyTARngf/fBfDvk0fybIn0nMH6bWLkMIOzKxji/c2WHTOQlF7MbOQKQkQ4
RumWBZ/NECY6NHL8ZTe+HmY2SaW2o+iLxTzf6KbcbQ+rr9zvSrhNwpK79ys0MaID
3szA8BWZACFdshtnAjPubXHsopkRU5kmQpL+IUYHSPJhb5eYu85xSmA+ht/QB6hJ
rXKTgc56T5zNqBtu1bSZpylShTqsGb+wO0iCffRB1enie2ccBQKVTKwUwbNYSBoW
KKKE0odwpgMZPU2wGqY2GQfsAgS+9UdLUowqUzt+NC4cYHwSYG1MktkbbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDOA3Uh4jj+jjMR9xlthQAg1cj3/MB8GA1UdIwQY
MBaAFMSRRW7aWfsP0tFz+VQSvjX2z7+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEpGRmJ0cFotd19TMFhQNVZCSy1OZmJQdjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80ZjQwOGQtYmRhNS00YTk0LWI4M2Et
YTczMGNjZmRhZGM1LzEvTTREZFNIaU9QNk9NeEgzR1cyRkFDRFZ5UGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80ZjQwOGQtYmRhNS00YTk0LWI4M2EtYTczMGNjZmRhZGM1
LzEveEpGRmJ0cFotd19TMFhQNVZCSy1OZmJQdjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU6MMA0E
AgACMAcDBQAqA1lgMA0GCSqGSIb3DQEBCwUAA4IBAQA9GIsPZkpnoJqTyxhRcFsD
ED36l6FIelQVmrfZCWqz0RXYsinEF6esFOVO0pVEJ5aC3SQwYgaZ3oHSleOOm5VM
5Q6m4qIutjVmV/7QAKxtTxxqVrEYJrDTu2ZF5Yn+wfBGde5OlmCmNxNa0BqpunvS
Px2R9SgNzxfFRjFlrFnyUFqU0lGSdeV8jksa2uJ5MxoD+RXAVHMfaEBUZup2X84G
4wdlE7IibrFLrnBazxgqJKzoXHz3S9w0XwYMV/IEoigPPOSRfxVAcv4smKpB1n9l
U9cOeuGuruVst0DM0Hi82IAg35HhrwFQp6zecQEQgCqRQQG7nWb1kGeqOd8gAQ63
-----END CERTIFICATE-----