Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/131a77-c8c8-4bb7-9aee-5a665655eb57/1/4wYF0nJtcOM-MDac4yNSNU2lwPk.roa
File:                     4wYF0nJtcOM-MDac4yNSNU2lwPk.roa (raw, json)
Hash identifier:          oZcHkfJY1isiF8xYx2BR54/M7ZCiyV9KhcltJsEhoZw=
Subject key identifier:   E3:06:05:D2:72:6D:70:E3:3E:30:36:9C:E3:23:52:35:4D:A5:C0:F9
Certificate issuer:       /CN=e8964e4e8ffe31f692f71318c2b7282028d0f3a4
Certificate serial:       018CC4247369365985371CD38F9A982FE083
Authority key identifier: E8:96:4E:4E:8F:FE:31:F6:92:F7:13:18:C2:B7:28:20:28:D0:F3:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6JZOTo_-MfaS9xMYwrcoICjQ86Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/131a77-c8c8-4bb7-9aee-5a665655eb57/1/4wYF0nJtcOM-MDac4yNSNU2lwPk.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211510
IP address blocks:        185.251.12.0/24 maxlen: 24
                          2a10:a740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/131a77-c8c8-4bb7-9aee-5a665655eb57/1/6JZOTo_-MfaS9xMYwrcoICjQ86Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/131a77-c8c8-4bb7-9aee-5a665655eb57/1/6JZOTo_-MfaS9xMYwrcoICjQ86Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6JZOTo_-MfaS9xMYwrcoICjQ86Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:73:69:36:59:85:37:1c:d3:8f:9a:98:2f:e0:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8964e4e8ffe31f692f71318c2b7282028d0f3a4
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e30605d2726d70e33e30369ce32352354da5c0f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:90:57:09:76:58:ff:aa:dd:ff:91:5b:5c:86:
                    d9:92:9e:9c:a6:16:a1:02:f6:3d:d1:8e:43:39:1f:
                    18:89:8f:80:b0:ad:61:bd:d9:cd:2a:6e:01:b9:a0:
                    3a:b0:48:36:3a:a9:99:b3:c7:c9:74:23:cf:0b:3a:
                    ca:02:d1:ea:bc:e9:46:88:13:e5:20:31:d9:e3:15:
                    d1:f2:29:1d:d4:40:ef:d1:fb:06:b5:14:b7:54:89:
                    03:a0:3d:73:2e:95:50:f2:3b:cb:9b:b5:a3:8e:6c:
                    1c:1e:30:89:8d:10:17:e8:73:7d:a4:a4:ec:75:e2:
                    ee:6e:5f:8b:ac:1f:cb:79:46:40:be:14:d5:94:4b:
                    22:77:f6:fb:ec:9c:e4:c7:b0:04:58:da:78:dc:9b:
                    bb:9a:54:da:5e:cf:ae:09:25:f0:12:02:00:b7:1e:
                    2c:a1:4f:8f:3e:ba:f0:65:c1:58:71:d3:0b:08:66:
                    be:ee:7c:08:80:1c:0a:f2:18:3e:70:97:f0:cd:f2:
                    84:9f:05:69:0a:20:be:c8:91:15:98:4b:36:2c:53:
                    d7:49:b9:d1:b2:a4:bc:e0:ca:4e:64:67:c3:b9:64:
                    df:2a:87:8e:ab:f6:5c:e0:f1:5d:d7:e4:0a:aa:ab:
                    2e:c6:74:db:0d:7f:d7:6b:18:38:61:54:fc:30:ae:
                    54:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:06:05:D2:72:6D:70:E3:3E:30:36:9C:E3:23:52:35:4D:A5:C0:F9
            X509v3 Authority Key Identifier:
                keyid:E8:96:4E:4E:8F:FE:31:F6:92:F7:13:18:C2:B7:28:20:28:D0:F3:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6JZOTo_-MfaS9xMYwrcoICjQ86Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/131a77-c8c8-4bb7-9aee-5a665655eb57/1/4wYF0nJtcOM-MDac4yNSNU2lwPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/131a77-c8c8-4bb7-9aee-5a665655eb57/1/6JZOTo_-MfaS9xMYwrcoICjQ86Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.12.0/24
                IPv6:
                  2a10:a740::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:b9:03:b5:13:aa:e3:16:7d:75:58:51:a2:57:7b:6d:79:01:
         fd:ad:03:26:f8:a9:0a:a5:db:3a:68:98:b1:29:ac:2e:9d:c3:
         6c:80:93:48:da:db:e7:47:24:fa:96:25:dc:4a:3a:b7:8b:83:
         07:f8:fb:c2:df:21:81:30:f7:65:84:ff:70:6a:b4:8b:f1:86:
         87:f6:a4:67:c9:e6:a7:21:2b:ce:81:4d:04:c9:85:d1:e3:82:
         55:c4:78:55:5c:0b:1f:56:3f:eb:87:89:fd:37:02:da:c3:f6:
         4f:90:fb:74:38:1b:22:08:49:4a:f8:a8:f5:45:08:34:d5:b0:
         2e:c4:0d:5e:8d:ea:f4:71:be:e7:ed:aa:5e:53:58:aa:ae:4d:
         25:85:2b:75:d2:d5:e5:84:14:1e:45:ef:03:41:f2:a8:cc:33:
         bd:38:e5:d0:53:02:64:7f:a2:15:a1:72:48:67:55:3b:0d:d3:
         56:7d:00:98:90:11:e6:f8:ec:5b:7d:95:f1:75:38:11:49:a2:
         c6:98:cc:11:98:52:e5:b3:91:08:c4:e7:7d:08:4b:66:c3:39:
         de:5f:55:17:6a:1b:a0:b8:11:a9:ed:77:71:bf:68:73:64:33:
         51:97:ca:82:81:2a:10:57:69:e0:ab:0c:5a:4a:92:97:85:dd:
         44:21:4a:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJHNpNlmFNxzTj5qYL+CDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4OTY0ZTRlOGZmZTMxZjY5MmY3MTMxOGMyYjcyODIwMjhk
MGYzYTQwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzA2MDVkMjcyNmQ3MGUzM2UzMDM2OWNlMzIzNTIzNTRkYTVjMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65BXCXZY/6rd/5FbXIbZkp6cphah
AvY90Y5DOR8YiY+AsK1hvdnNKm4BuaA6sEg2OqmZs8fJdCPPCzrKAtHqvOlGiBPl
IDHZ4xXR8ikd1EDv0fsGtRS3VIkDoD1zLpVQ8jvLm7WjjmwcHjCJjRAX6HN9pKTs
deLubl+LrB/LeUZAvhTVlEsid/b77Jzkx7AEWNp43Ju7mlTaXs+uCSXwEgIAtx4s
oU+PPrrwZcFYcdMLCGa+7nwIgBwK8hg+cJfwzfKEnwVpCiC+yJEVmEs2LFPXSbnR
sqS84MpOZGfDuWTfKoeOq/Zc4PFd1+QKqqsuxnTbDX/Xaxg4YVT8MK5UEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOMGBdJybXDjPjA2nOMjUjVNpcD5MB8GA1UdIwQY
MBaAFOiWTk6P/jH2kvcTGMK3KCAo0POkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkpaT1RvXy1NZmFTOXhNWXdyY29JQ2pRODZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8xMzFhNzctYzhjOC00YmI3LTlhZWUt
NWE2NjU2NTVlYjU3LzEvNHdZRjBuSnRjT00tTURhYzR5TlNOVTJsd1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8xMzFhNzctYzhjOC00YmI3LTlhZWUtNWE2NjU2NTVlYjU3
LzEvNkpaT1RvXy1NZmFTOXhNWXdyY29JQ2pRODZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufsMMA0E
AgACMAcDBQMqEKdAMA0GCSqGSIb3DQEBCwUAA4IBAQANuQO1E6rjFn11WFGiV3tt
eQH9rQMm+KkKpds6aJixKawuncNsgJNI2tvnRyT6liXcSjq3i4MH+PvC3yGBMPdl
hP9warSL8YaH9qRnyeanISvOgU0EyYXR44JVxHhVXAsfVj/rh4n9NwLaw/ZPkPt0
OBsiCElK+Kj1RQg01bAuxA1ejer0cb7n7apeU1iqrk0lhSt10tXlhBQeRe8DQfKo
zDO9OOXQUwJkf6IVoXJIZ1U7DdNWfQCYkBHm+OxbfZXxdTgRSaLGmMwRmFLls5EI
xOd9CEtmwzneX1UXahuguBGp7Xdxv2hzZDNRl8qCgSoQV2ngqwxaSpKXhd1EIUqW
-----END CERTIFICATE-----