Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/r0T-4BiZF4UmnQK759STVAGFrH4.roa
File:                     r0T-4BiZF4UmnQK759STVAGFrH4.roa (raw, json)
Hash identifier:          +RH4H6g75jmuFmVcYAEFMPLKtp7SmhTTr4iKxA/Bvrg=
Subject key identifier:   AF:44:FE:E0:18:99:17:85:26:9D:02:BB:E7:D4:93:54:01:85:AC:7E
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018D7ED48D91F77273EE84E1B5D63F0F0E76
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/r0T-4BiZF4UmnQK759STVAGFrH4.roa
Signing time:             Tue 06 Feb 2024 14:31:15 +0000
ROA not before:           Tue 06 Feb 2024 14:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        185.164.175.0/24 maxlen: 24
                          188.191.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:d4:8d:91:f7:72:73:ee:84:e1:b5:d6:3f:0f:0e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Feb  6 14:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af44fee018991785269d02bbe7d493540185ac7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f6:c1:7b:cd:35:83:f6:25:e3:45:a5:d2:5f:
                    7e:87:84:94:ff:65:17:4b:72:56:1f:8e:af:6a:95:
                    56:25:70:71:4d:34:74:22:be:3a:ae:21:31:24:57:
                    35:9f:1b:eb:cc:3a:76:41:ca:52:05:bd:c3:cf:88:
                    c6:46:25:bf:6d:50:85:38:01:3b:38:cd:0b:02:b1:
                    b4:b0:f5:f7:c8:4f:6a:83:e2:2f:36:b1:0c:b2:b2:
                    e3:ea:c7:ee:00:b9:32:8b:32:1c:30:76:9b:1e:6b:
                    23:7c:77:1a:d4:8e:12:ab:4e:fa:73:ac:56:3a:19:
                    76:a7:f5:44:b1:6e:be:41:9b:10:c4:d6:ae:f3:1c:
                    a9:d6:d9:45:99:0a:d2:44:c3:b5:f0:0f:47:7c:9a:
                    7f:70:b0:6e:c8:62:49:7f:8a:bd:6c:a9:b4:82:89:
                    00:c7:de:04:d9:cc:ee:12:a2:ef:56:b3:61:1b:d0:
                    d4:11:37:df:76:13:ec:96:60:0d:e0:86:71:39:4c:
                    fe:a2:9f:56:4f:a4:47:18:78:7e:bc:6c:01:04:92:
                    9d:e9:63:7e:70:ee:95:a9:d7:1a:8a:83:97:97:9a:
                    af:2f:b0:81:84:f9:0e:77:84:b7:7b:e0:50:7f:df:
                    22:5d:83:67:06:15:44:bb:c1:a0:d6:f6:6e:e1:11:
                    a9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:44:FE:E0:18:99:17:85:26:9D:02:BB:E7:D4:93:54:01:85:AC:7E
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/r0T-4BiZF4UmnQK759STVAGFrH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.175.0/24
                  188.191.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f3:d4:04:f7:06:1a:63:96:3b:44:29:41:32:ad:75:40:31:
         90:f7:f7:45:ee:cb:ff:4b:33:ed:b7:c2:ae:13:47:37:15:f5:
         8c:98:da:56:b4:ae:32:a0:af:43:00:99:c5:83:a1:94:a0:de:
         b0:ac:56:78:16:05:dc:d8:d4:6c:21:ef:b3:e3:35:bb:bf:80:
         c3:b7:55:eb:44:33:c8:0a:53:91:b6:f4:4d:35:7b:b5:d8:5c:
         0e:82:28:3b:12:c6:34:92:73:c0:58:6c:27:cf:fa:8e:7b:ed:
         af:4c:b4:e4:d5:94:4f:64:e1:18:24:67:a6:0d:b1:a0:4d:9c:
         07:52:09:a3:5f:80:c4:63:4e:c8:d2:71:59:f9:9c:ca:25:fb:
         51:ec:f9:e3:d7:9e:6c:b8:07:aa:c7:10:92:a7:25:e4:ac:f7:
         01:fb:3e:2c:21:17:5e:7a:0e:f2:ed:bd:c2:31:80:75:24:26:
         47:ce:d2:be:7b:33:0d:dd:56:ca:1a:2a:63:b6:33:20:0e:53:
         4d:7a:86:68:77:08:5f:7a:58:62:28:b7:ed:09:d5:0d:cb:40:
         7c:20:5a:f5:c8:a2:c8:6b:5f:c1:37:55:04:e9:ee:16:75:e8:
         17:3e:ed:eb:59:db:64:cb:ac:a0:d5:00:79:32:c8:cb:34:af:
         2f:61:9a:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1+1I2R93Jz7oThtdY/Dw52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMjA2MTQzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQ0ZmVlMDE4OTkxNzg1MjY5ZDAyYmJlN2Q0OTM1NDAxODVhYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vbBe801g/Yl40Wl0l9+h4SU/2UX
S3JWH46vapVWJXBxTTR0Ir46riExJFc1nxvrzDp2QcpSBb3Dz4jGRiW/bVCFOAE7
OM0LArG0sPX3yE9qg+IvNrEMsrLj6sfuALkyizIcMHabHmsjfHca1I4Sq076c6xW
Ohl2p/VEsW6+QZsQxNau8xyp1tlFmQrSRMO18A9HfJp/cLBuyGJJf4q9bKm0gokA
x94E2czuEqLvVrNhG9DUETffdhPslmAN4IZxOUz+op9WT6RHGHh+vGwBBJKd6WN+
cO6VqdcaioOXl5qvL7CBhPkOd4S3e+BQf98iXYNnBhVEu8Gg1vZu4RGp1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK9E/uAYmReFJp0Cu+fUk1QBhax+MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvcjBULTRCaVpGNFVtblFLNzU5U1RWQUdGckg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaSvAwQA
vL9sMA0GCSqGSIb3DQEBCwUAA4IBAQBb89QE9wYaY5Y7RClBMq11QDGQ9/dF7sv/
SzPtt8KuE0c3FfWMmNpWtK4yoK9DAJnFg6GUoN6wrFZ4FgXc2NRsIe+z4zW7v4DD
t1XrRDPIClORtvRNNXu12FwOgig7EsY0knPAWGwnz/qOe+2vTLTk1ZRPZOEYJGem
DbGgTZwHUgmjX4DEY07I0nFZ+ZzKJftR7Pnj155suAeqxxCSpyXkrPcB+z4sIRde
eg7y7b3CMYB1JCZHztK+ezMN3VbKGipjtjMgDlNNeoZodwhfelhiKLftCdUNy0B8
IFr1yKLIa1/BN1UE6e4WdegXPu3rWdtky6yg1QB5MsjLNK8vYZqJ
-----END CERTIFICATE-----