Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1374c0-4bd4-4156-a77f-653a70bf0925/1/exhAkPOKDWc-mVVXHnG_LQfwQtc.roa
File:                     exhAkPOKDWc-mVVXHnG_LQfwQtc.roa (raw, json)
Hash identifier:          Ea5DIIMjk1h8P2ZT6bBZd1XAlZn8aGX/D+VLAbOZOlU=
Subject key identifier:   7B:18:40:90:F3:8A:0D:67:3E:99:55:57:1E:71:BF:2D:07:F0:42:D7
Certificate issuer:       /CN=3ad77fe68fa9dab644fd0a3dfb3a02566a809590
Certificate serial:       018CCA99BC6760A9FD17BEF07C250F1456C9
Authority key identifier: 3A:D7:7F:E6:8F:A9:DA:B6:44:FD:0A:3D:FB:3A:02:56:6A:80:95:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otd_5o-p2rZE_Qo9-zoCVmqAlZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/1374c0-4bd4-4156-a77f-653a70bf0925/1/exhAkPOKDWc-mVVXHnG_LQfwQtc.roa
Signing time:             Tue 02 Jan 2024 14:35:21 +0000
ROA not before:           Tue 02 Jan 2024 14:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208678
IP address blocks:        185.141.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/1374c0-4bd4-4156-a77f-653a70bf0925/1/Otd_5o-p2rZE_Qo9-zoCVmqAlZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/1374c0-4bd4-4156-a77f-653a70bf0925/1/Otd_5o-p2rZE_Qo9-zoCVmqAlZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otd_5o-p2rZE_Qo9-zoCVmqAlZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:bc:67:60:a9:fd:17:be:f0:7c:25:0f:14:56:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad77fe68fa9dab644fd0a3dfb3a02566a809590
        Validity
            Not Before: Jan  2 14:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b184090f38a0d673e9955571e71bf2d07f042d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e8:50:8e:83:f9:f5:bd:7b:c9:66:6c:81:23:
                    83:86:09:8e:43:5a:90:aa:8a:62:aa:5d:70:f2:82:
                    a7:5e:23:57:36:c5:97:c4:02:a5:95:b5:ac:83:74:
                    ca:f8:a9:96:c9:12:07:b3:01:22:39:a4:22:d0:c5:
                    d5:53:c2:bf:f7:77:c4:f1:d3:a8:b7:c8:a0:66:3f:
                    a8:3d:89:94:58:8b:fc:ef:02:a1:35:8c:83:64:db:
                    98:3a:a7:e7:d5:cd:3c:f6:6e:6a:30:4f:6d:9c:52:
                    d5:52:df:7e:38:97:e3:65:3e:e1:b8:af:e6:62:d7:
                    69:20:3a:15:64:47:bf:95:0c:02:e1:69:ab:e0:5d:
                    e3:9b:05:08:45:2f:22:a5:0c:54:c5:69:fb:3a:c2:
                    85:e5:b8:1a:c2:6d:1c:03:53:4c:bd:46:6f:31:45:
                    44:67:4b:e8:ad:86:a4:74:08:bc:53:1a:9e:1b:37:
                    16:c5:c5:b1:4b:4e:dc:0f:80:1f:1d:b2:5a:05:c7:
                    ef:bb:b5:5d:82:7e:1b:82:d8:f5:64:fb:37:97:09:
                    5b:da:0c:0f:8e:27:59:73:c8:82:6a:58:f4:3f:fc:
                    e7:23:aa:93:0f:a3:4e:ad:9d:fa:cb:a6:29:5a:09:
                    ed:03:6e:05:e0:6a:e7:ef:27:c1:b8:9d:9e:34:ca:
                    a8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:18:40:90:F3:8A:0D:67:3E:99:55:57:1E:71:BF:2D:07:F0:42:D7
            X509v3 Authority Key Identifier:
                keyid:3A:D7:7F:E6:8F:A9:DA:B6:44:FD:0A:3D:FB:3A:02:56:6A:80:95:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otd_5o-p2rZE_Qo9-zoCVmqAlZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1374c0-4bd4-4156-a77f-653a70bf0925/1/exhAkPOKDWc-mVVXHnG_LQfwQtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1374c0-4bd4-4156-a77f-653a70bf0925/1/Otd_5o-p2rZE_Qo9-zoCVmqAlZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:96:7e:74:4d:f1:b1:99:42:9f:87:f7:12:dc:57:a4:95:ec:
         02:93:90:c0:45:f3:81:a3:3b:47:80:a7:5d:ae:76:38:d6:c3:
         05:7b:5e:d5:0f:1e:f9:7e:46:dc:07:4c:69:18:96:36:93:0e:
         9e:8e:ca:db:7b:e4:f0:1b:4c:bd:fb:e8:36:28:73:64:3b:e2:
         0e:c8:b1:94:b5:66:9a:78:6e:f9:89:b4:56:be:dd:30:d7:57:
         de:23:8f:a2:80:9f:9e:e3:02:8b:7f:d0:a9:01:68:fb:3e:51:
         aa:09:59:21:ea:40:c0:e2:7c:24:2b:1c:a8:23:87:1e:a9:c8:
         da:b4:b9:03:3a:43:5e:fe:62:c5:b6:92:14:0f:3b:1b:bc:b7:
         fc:5e:b6:27:cd:80:c6:3f:0e:9b:54:6e:61:bd:a6:1c:db:8e:
         78:b0:9c:a5:a9:3a:69:15:bd:b9:d2:80:81:59:16:be:d1:fe:
         30:c4:b5:3a:82:53:d5:59:4d:92:56:29:94:36:c6:13:56:ca:
         49:98:20:7f:ec:ec:7d:11:4f:00:8a:84:d9:85:e8:29:d9:0c:
         f2:e3:c2:06:69:ee:70:6f:ff:f4:ca:fb:3b:fb:53:82:06:10:
         c2:a2:e2:5c:30:90:2b:e0:05:51:fa:94:58:88:5c:ff:ea:1c:
         2d:80:47:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmbxnYKn9F77wfCUPFFbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDc3ZmU2OGZhOWRhYjY0NGZkMGEzZGZiM2EwMjU2NmE4
MDk1OTAwHhcNMjQwMTAyMTQzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE4NDA5MGYzOGEwZDY3M2U5OTU1NTcxZTcxYmYyZDA3ZjA0MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOhQjoP59b17yWZsgSODhgmOQ1qQ
qopiql1w8oKnXiNXNsWXxAKllbWsg3TK+KmWyRIHswEiOaQi0MXVU8K/93fE8dOo
t8igZj+oPYmUWIv87wKhNYyDZNuYOqfn1c089m5qME9tnFLVUt9+OJfjZT7huK/m
YtdpIDoVZEe/lQwC4Wmr4F3jmwUIRS8ipQxUxWn7OsKF5bgawm0cA1NMvUZvMUVE
Z0vorYakdAi8UxqeGzcWxcWxS07cD4AfHbJaBcfvu7Vdgn4bgtj1ZPs3lwlb2gwP
jidZc8iCalj0P/znI6qTD6NOrZ36y6YpWgntA24F4Grn7yfBuJ2eNMqo8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsYQJDzig1nPplVVx5xvy0H8ELXMB8GA1UdIwQY
MBaAFDrXf+aPqdq2RP0KPfs6AlZqgJWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RkXzVvLXAyclpFX1FvOS16b0NWbXFBbFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xMzc0YzAtNGJkNC00MTU2LWE3N2Yt
NjUzYTcwYmYwOTI1LzEvZXhoQWtQT0tEV2MtbVZWWEhuR19MUWZ3UXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xMzc0YzAtNGJkNC00MTU2LWE3N2YtNjUzYTcwYmYwOTI1
LzEvT3RkXzVvLXAyclpFX1FvOS16b0NWbXFBbFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY0EMA0G
CSqGSIb3DQEBCwUAA4IBAQA/ln50TfGxmUKfh/cS3FeklewCk5DARfOBoztHgKdd
rnY41sMFe17VDx75fkbcB0xpGJY2kw6ejsrbe+TwG0y9++g2KHNkO+IOyLGUtWaa
eG75ibRWvt0w11feI4+igJ+e4wKLf9CpAWj7PlGqCVkh6kDA4nwkKxyoI4ceqcja
tLkDOkNe/mLFtpIUDzsbvLf8XrYnzYDGPw6bVG5hvaYc2454sJylqTppFb250oCB
WRa+0f4wxLU6glPVWU2SVimUNsYTVspJmCB/7Ox9EU8AioTZhegp2Qzy48IGae5w
b//0yvs7+1OCBhDCouJcMJAr4AVR+pRYiFz/6hwtgEfm
-----END CERTIFICATE-----