Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/4gxgACqclZuUFHbUdVD24UYxqxc.roa
File:                     4gxgACqclZuUFHbUdVD24UYxqxc.roa (raw, json)
Hash identifier:          R8/eIA99SQCHlr6jRMCBdYs8Rpb0NXbbXc80B0uAXvo=
Subject key identifier:   E2:0C:60:00:2A:9C:95:9B:94:14:76:D4:75:50:F6:E1:46:31:AB:17
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018F5D0F53BD8A26EEDE1813DCA77ADA3A21
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/4gxgACqclZuUFHbUdVD24UYxqxc.roa
Signing time:             Thu 09 May 2024 11:13:56 +0000
ROA not before:           Thu 09 May 2024 11:13:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214995
IP address blocks:        185.169.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5d:0f:53:bd:8a:26:ee:de:18:13:dc:a7:7a:da:3a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: May  9 11:13:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e20c60002a9c959b941476d47550f6e14631ab17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:54:9a:36:4f:df:88:81:47:6c:63:a4:8d:00:
                    dd:3e:fd:87:e1:fe:ae:54:d2:2c:9a:02:5a:8a:95:
                    12:d0:15:2c:d0:b8:93:be:d0:04:38:a9:87:52:e2:
                    ec:f8:60:bb:46:59:53:68:78:ea:a5:ef:f0:c9:44:
                    9f:b0:0c:95:4e:01:3d:14:f0:d3:9b:98:7e:52:2f:
                    13:82:1d:ea:42:34:a2:34:b9:a3:1a:38:69:bd:18:
                    54:f2:6d:c5:31:18:a7:df:86:fa:ed:3e:91:dd:05:
                    0f:7f:f6:46:fe:4d:8e:9f:55:80:f4:2d:6f:b0:58:
                    e8:86:bf:14:43:69:6b:20:83:e4:1d:a5:35:e7:ae:
                    c2:60:69:6a:09:32:4c:ce:87:03:08:08:aa:b0:f5:
                    4d:f6:55:49:99:ca:d4:0f:31:1c:dd:85:ab:00:26:
                    57:8f:a6:d9:d5:18:4a:50:10:e3:c1:15:5d:74:c0:
                    3f:76:19:a7:40:8c:47:a4:94:2a:32:dd:3e:a1:65:
                    20:35:0b:c6:39:98:c0:46:36:30:25:41:f4:21:ce:
                    48:77:41:02:65:d6:83:ee:4a:a7:00:4c:a1:f7:fd:
                    03:f6:f8:03:6d:9e:b5:e5:72:0c:07:4b:60:62:f2:
                    b9:d6:a0:07:78:e5:ef:30:34:86:05:4f:03:e7:93:
                    ff:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0C:60:00:2A:9C:95:9B:94:14:76:D4:75:50:F6:E1:46:31:AB:17
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/4gxgACqclZuUFHbUdVD24UYxqxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ad:0e:81:5a:d8:ad:21:04:80:e6:96:ef:74:a7:88:63:d2:
         01:fd:b3:a1:cf:f6:6b:32:93:72:9e:30:5d:90:1f:ab:60:8a:
         0e:47:cf:b2:d7:40:ae:c9:1c:4c:f6:43:ac:b4:4f:b6:a7:25:
         48:10:8f:4b:e6:a7:24:ef:1a:19:30:1c:4e:36:73:89:0f:e1:
         35:73:54:03:4b:28:03:e8:5a:44:1f:aa:a8:48:22:02:8c:5a:
         98:41:6f:04:ea:70:0c:6a:ad:9b:de:d2:67:de:8e:15:be:84:
         74:e9:f7:e8:de:a7:76:26:79:45:33:2d:2b:99:32:4a:ce:eb:
         6b:74:b4:1a:35:4e:3d:29:06:3d:a6:a6:76:43:43:1b:fd:70:
         69:2a:14:bd:55:0b:da:8a:0f:b5:2d:29:8a:ff:23:56:31:6b:
         6f:a5:91:8f:b0:84:8a:b9:f2:50:44:1e:97:15:a1:05:c4:4e:
         21:cf:37:65:a5:ed:ac:33:34:e1:3d:3c:ca:a7:77:6c:18:f4:
         bd:32:f3:c6:ea:bc:70:25:e9:51:fc:65:59:a5:15:35:02:1e:
         66:1b:be:d4:0b:38:64:b2:82:f1:07:e1:c7:b2:6d:2e:f7:fd:
         69:f3:bf:6e:e0:d9:19:a8:70:b4:d1:c1:d5:37:e5:9b:65:e5:
         e1:ee:60:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9dD1O9iibu3hgT3Kd62johMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwNTA5MTExMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjBjNjAwMDJhOWM5NTliOTQxNDc2ZDQ3NTUwZjZlMTQ2MzFhYjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolSaNk/fiIFHbGOkjQDdPv2H4f6u
VNIsmgJaipUS0BUs0LiTvtAEOKmHUuLs+GC7RllTaHjqpe/wyUSfsAyVTgE9FPDT
m5h+Ui8Tgh3qQjSiNLmjGjhpvRhU8m3FMRin34b67T6R3QUPf/ZG/k2On1WA9C1v
sFjohr8UQ2lrIIPkHaU1567CYGlqCTJMzocDCAiqsPVN9lVJmcrUDzEc3YWrACZX
j6bZ1RhKUBDjwRVddMA/dhmnQIxHpJQqMt0+oWUgNQvGOZjARjYwJUH0Ic5Id0EC
ZdaD7kqnAEyh9/0D9vgDbZ615XIMB0tgYvK51qAHeOXvMDSGBU8D55P/WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIMYAAqnJWblBR21HVQ9uFGMasXMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvNGd4Z0FDcWNsWnVVRkhiVWRWRDI0VVl4cXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuancMA0G
CSqGSIb3DQEBCwUAA4IBAQAarQ6BWtitIQSA5pbvdKeIY9IB/bOhz/ZrMpNynjBd
kB+rYIoOR8+y10CuyRxM9kOstE+2pyVIEI9L5qck7xoZMBxONnOJD+E1c1QDSygD
6FpEH6qoSCICjFqYQW8E6nAMaq2b3tJn3o4VvoR06ffo3qd2JnlFMy0rmTJKzutr
dLQaNU49KQY9pqZ2Q0Mb/XBpKhS9VQvaig+1LSmK/yNWMWtvpZGPsISKufJQRB6X
FaEFxE4hzzdlpe2sMzThPTzKp3dsGPS9MvPG6rxwJelR/GVZpRU1Ah5mG77UCzhk
soLxB+HHsm0u9/1p879u4NkZqHC00cHVN+WbZeXh7mDE
-----END CERTIFICATE-----