Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/0ed33a-1f1d-4281-ab39-40890130dd18/1/4-Z25td_Fv6yW5tEaSRirhv1dww.roa
File:                     4-Z25td_Fv6yW5tEaSRirhv1dww.roa (raw, json)
Hash identifier:          Vb/Rwxa7BW6yPp13Su0prOrRyJFJ1IJNKWIlsIEz+A4=
Subject key identifier:   E3:E6:76:E6:D7:7F:16:FE:B2:5B:9B:44:69:24:62:AE:1B:F5:77:0C
Certificate issuer:       /CN=ae645acb0217c74a0fd34e17a53dbdee56f011e5
Certificate serial:       018CC5DC2CB6456DA5017BC125CF8608364B
Authority key identifier: AE:64:5A:CB:02:17:C7:4A:0F:D3:4E:17:A5:3D:BD:EE:56:F0:11:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rmRaywIXx0oP004XpT297lbwEeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/0ed33a-1f1d-4281-ab39-40890130dd18/1/4-Z25td_Fv6yW5tEaSRirhv1dww.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208887
IP address blocks:        185.242.192.0/22 maxlen: 22
                          185.242.192.0/23 maxlen: 23
                          185.242.194.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/0ed33a-1f1d-4281-ab39-40890130dd18/1/rmRaywIXx0oP004XpT297lbwEeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/0ed33a-1f1d-4281-ab39-40890130dd18/1/rmRaywIXx0oP004XpT297lbwEeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rmRaywIXx0oP004XpT297lbwEeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2c:b6:45:6d:a5:01:7b:c1:25:cf:86:08:36:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae645acb0217c74a0fd34e17a53dbdee56f011e5
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3e676e6d77f16feb25b9b44692462ae1bf5770c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:86:f7:12:9f:15:05:07:ec:2f:91:0f:ad:d2:
                    ac:e4:c5:3c:8a:ff:94:45:2a:7f:6a:d3:dd:93:e9:
                    e0:80:9b:61:75:bc:3a:82:18:f5:7c:1e:ce:bd:cf:
                    8b:18:d7:f4:1c:4e:b6:04:7e:ff:a0:a3:ad:92:a8:
                    a5:23:ae:b3:43:93:e8:46:82:da:5a:ec:de:6b:05:
                    74:47:6b:3c:86:63:7b:88:96:77:0c:ea:91:91:f7:
                    aa:d7:1d:02:ec:d0:bd:d7:1b:56:92:60:50:46:ff:
                    da:14:2b:15:14:a3:b2:e7:8b:3e:1a:21:08:84:85:
                    51:c4:a5:91:ab:a8:f8:cf:ea:d2:52:78:aa:06:c4:
                    e8:97:99:88:c6:d3:bb:15:de:40:26:d1:01:fd:f6:
                    1f:3d:da:8f:c4:ac:e3:7d:d0:54:87:a4:05:54:48:
                    62:aa:ec:e8:bf:b5:19:90:2d:5e:15:74:12:d4:16:
                    ee:0b:3a:4c:8f:c2:5b:1b:05:e0:13:76:d4:b7:b8:
                    f1:0b:c2:53:49:ea:96:cc:98:92:11:24:0a:71:7f:
                    df:99:01:33:ab:65:a1:f1:3d:29:57:02:95:09:a8:
                    1a:76:16:f9:c5:34:b2:e9:5a:6f:9c:f0:1a:3a:06:
                    89:17:e2:07:21:6a:d9:ae:cf:a1:ef:13:9e:66:7a:
                    45:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E6:76:E6:D7:7F:16:FE:B2:5B:9B:44:69:24:62:AE:1B:F5:77:0C
            X509v3 Authority Key Identifier:
                keyid:AE:64:5A:CB:02:17:C7:4A:0F:D3:4E:17:A5:3D:BD:EE:56:F0:11:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmRaywIXx0oP004XpT297lbwEeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0ed33a-1f1d-4281-ab39-40890130dd18/1/4-Z25td_Fv6yW5tEaSRirhv1dww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0ed33a-1f1d-4281-ab39-40890130dd18/1/rmRaywIXx0oP004XpT297lbwEeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:c5:46:a6:d7:6b:b6:2b:5b:ed:3c:b7:92:ab:62:db:6f:8e:
         87:9b:05:99:43:6b:3a:47:b0:55:b8:70:87:17:87:fd:c0:9c:
         b0:e3:c4:f0:50:f5:8e:8d:da:c7:27:ee:1c:09:61:49:9d:36:
         5b:40:1f:06:05:f0:82:82:2d:6a:09:ff:e1:00:a9:b9:85:c3:
         47:98:a4:c8:f4:d3:7e:32:04:3f:ea:67:2f:5a:02:1b:74:54:
         20:86:6d:9a:50:d7:d4:99:5b:40:16:7f:db:a3:79:f7:c1:7d:
         7e:d9:ee:b1:06:6e:30:6b:bc:ef:04:95:28:9b:15:c7:97:bc:
         9b:5e:21:42:c0:94:f4:97:ae:2e:36:0c:5e:8c:c6:96:c2:ef:
         ef:c7:c8:4f:08:53:58:b4:79:1c:65:ae:3a:50:f1:1f:44:d3:
         23:35:94:8a:d7:8e:c3:d6:32:51:43:86:15:5e:63:81:fa:2f:
         da:d5:dc:98:30:78:a6:64:ac:bb:74:a4:25:b1:c5:0d:95:1e:
         a8:12:df:d6:86:4f:76:ff:b9:33:a7:3b:c2:fe:87:46:9b:c2:
         95:3a:aa:89:f3:48:85:d5:69:fb:a1:06:19:a8:94:11:2a:89:
         64:fb:6c:80:15:fa:77:c5:4a:83:0b:09:cc:fd:f5:fe:9b:91:
         36:03:3b:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Cy2RW2lAXvBJc+GCDZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNjQ1YWNiMDIxN2M3NGEwZmQzNGUxN2E1M2RiZGVlNTZm
MDExZTUwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2U2NzZlNmQ3N2YxNmZlYjI1YjliNDQ2OTI0NjJhZTFiZjU3NzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4b3Ep8VBQfsL5EPrdKs5MU8iv+U
RSp/atPdk+nggJthdbw6ghj1fB7Ovc+LGNf0HE62BH7/oKOtkqilI66zQ5PoRoLa
WuzeawV0R2s8hmN7iJZ3DOqRkfeq1x0C7NC91xtWkmBQRv/aFCsVFKOy54s+GiEI
hIVRxKWRq6j4z+rSUniqBsTol5mIxtO7Fd5AJtEB/fYfPdqPxKzjfdBUh6QFVEhi
quzov7UZkC1eFXQS1BbuCzpMj8JbGwXgE3bUt7jxC8JTSeqWzJiSESQKcX/fmQEz
q2Wh8T0pVwKVCagadhb5xTSy6VpvnPAaOgaJF+IHIWrZrs+h7xOeZnpFvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPmdubXfxb+slubRGkkYq4b9XcMMB8GA1UdIwQY
MBaAFK5kWssCF8dKD9NOF6U9ve5W8BHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1SYXl3SVh4MG9QMDA0WHBUMjk3bGJ3RWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wZWQzM2EtMWYxZC00MjgxLWFiMzkt
NDA4OTAxMzBkZDE4LzEvNC1aMjV0ZF9GdjZ5VzV0RWFTUmlyaHYxZHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wZWQzM2EtMWYxZC00MjgxLWFiMzktNDA4OTAxMzBkZDE4
LzEvcm1SYXl3SVh4MG9QMDA0WHBUMjk3bGJ3RWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufLAMA0G
CSqGSIb3DQEBCwUAA4IBAQBNxUam12u2K1vtPLeSq2Lbb46HmwWZQ2s6R7BVuHCH
F4f9wJyw48TwUPWOjdrHJ+4cCWFJnTZbQB8GBfCCgi1qCf/hAKm5hcNHmKTI9NN+
MgQ/6mcvWgIbdFQghm2aUNfUmVtAFn/bo3n3wX1+2e6xBm4wa7zvBJUomxXHl7yb
XiFCwJT0l64uNgxejMaWwu/vx8hPCFNYtHkcZa46UPEfRNMjNZSK147D1jJRQ4YV
XmOB+i/a1dyYMHimZKy7dKQlscUNlR6oEt/Whk92/7kzpzvC/odGm8KVOqqJ80iF
1Wn7oQYZqJQRKolk+2yAFfp3xUqDCwnM/fX+m5E2Aztz
-----END CERTIFICATE-----