Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/4V4pwOFVpCZPK4X7-gj5Qk2GiPE.roa
File:                     4V4pwOFVpCZPK4X7-gj5Qk2GiPE.roa (raw, json)
Hash identifier:          YrXfcsCk19Tz7fiUeDs5nO4TXwfhKvUcSEFIZradqvM=
Subject key identifier:   E1:5E:29:C0:E1:55:A4:26:4F:2B:85:FB:FA:08:F9:42:4D:86:88:F1
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       018CC727594EDE1498C31B35B95E40B6EC5F
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/4V4pwOFVpCZPK4X7-gj5Qk2GiPE.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6707
IP address blocks:        185.92.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:59:4e:de:14:98:c3:1b:35:b9:5e:40:b6:ec:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e15e29c0e155a4264f2b85fbfa08f9424d8688f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:3a:64:a3:31:90:0f:78:1e:15:1d:6f:28:06:
                    cf:8d:22:c6:29:3a:f1:66:ed:31:c6:2a:a7:43:1a:
                    74:45:c9:10:8a:97:c7:c9:bc:b2:69:9a:fc:e2:57:
                    11:08:b1:de:72:68:f1:3c:60:02:58:92:0e:64:d6:
                    fe:65:49:47:d8:45:f4:0b:c9:1e:7c:9e:91:b3:40:
                    e2:56:28:28:87:0d:23:a1:75:8d:e4:a2:f9:8b:be:
                    50:80:d6:1f:f7:fd:81:53:0c:ed:47:d6:98:82:54:
                    cf:86:bd:37:e5:06:32:05:b0:d9:e8:52:15:bf:48:
                    ed:01:de:53:d1:56:c0:15:2c:4c:a0:05:b2:bb:06:
                    1f:db:87:3e:4f:ef:b8:28:94:48:8f:5c:6d:58:5c:
                    75:5e:65:2f:09:74:ed:a6:c2:c0:71:47:c7:0c:01:
                    e8:d9:74:a3:78:ee:f3:cf:e6:38:62:74:fe:ed:6b:
                    70:04:09:eb:39:ac:73:6f:a7:01:72:74:2e:54:e3:
                    b6:51:3f:e5:b2:31:d9:49:69:0a:38:c0:e0:ea:16:
                    9a:16:35:70:23:64:31:d4:7c:25:74:2c:d5:96:a7:
                    1b:7b:35:df:55:fc:25:f7:8e:7f:f9:c0:5e:68:0f:
                    b3:6b:71:d5:80:ec:07:27:59:60:cd:59:fd:d4:15:
                    02:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:5E:29:C0:E1:55:A4:26:4F:2B:85:FB:FA:08:F9:42:4D:86:88:F1
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/4V4pwOFVpCZPK4X7-gj5Qk2GiPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:ac:f9:69:2f:ae:7f:82:55:e7:a9:ec:d3:55:f6:79:03:ad:
         dc:bb:a1:ff:15:b4:53:be:91:35:2c:25:f5:8f:80:45:ed:d4:
         5e:7b:92:6e:19:dd:78:22:57:ad:90:70:c7:4a:25:0e:ef:40:
         5b:3e:15:16:28:bc:17:77:21:c5:0b:01:6a:d8:a9:d5:64:14:
         d4:d1:a4:0a:ca:f0:04:ec:70:51:20:6a:f6:a5:eb:b1:5b:a8:
         52:7e:18:49:11:53:42:74:e9:99:cc:4c:ed:36:b4:1f:1c:07:
         bd:00:f4:1a:3f:1d:76:0b:58:93:cd:dc:05:7a:da:f1:1e:a3:
         7a:f7:16:7d:91:39:33:c9:e2:9a:10:c6:13:d4:6d:0a:cc:a6:
         1f:f8:d2:f8:3e:84:68:f8:52:e9:f8:df:6c:9e:5c:fe:59:54:
         f6:d6:74:51:7f:e7:b2:52:3a:4d:57:4c:4a:13:33:72:88:98:
         34:95:21:3f:ca:18:b3:aa:f7:ee:19:76:5d:f7:2d:e6:75:5b:
         a3:58:c0:ce:98:66:c2:b2:5e:3c:f9:28:f1:d6:4f:ca:66:61:
         0f:3a:ce:30:d8:1c:c6:78:22:5a:fc:0a:07:06:0b:b3:47:cc:
         90:8b:85:e2:d1:24:c4:66:24:f6:7f:e7:51:6d:e8:94:61:1b:
         3a:b1:73:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1lO3hSYwxs1uV5AtuxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTVlMjljMGUxNTVhNDI2NGYyYjg1ZmJmYTA4Zjk0MjRkODY4OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzpkozGQD3geFR1vKAbPjSLGKTrx
Zu0xxiqnQxp0RckQipfHybyyaZr84lcRCLHecmjxPGACWJIOZNb+ZUlH2EX0C8ke
fJ6Rs0DiVigohw0joXWN5KL5i75QgNYf9/2BUwztR9aYglTPhr035QYyBbDZ6FIV
v0jtAd5T0VbAFSxMoAWyuwYf24c+T++4KJRIj1xtWFx1XmUvCXTtpsLAcUfHDAHo
2XSjeO7zz+Y4YnT+7WtwBAnrOaxzb6cBcnQuVOO2UT/lsjHZSWkKOMDg6haaFjVw
I2Qx1HwldCzVlqcbezXfVfwl945/+cBeaA+za3HVgOwHJ1lgzVn91BUCRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFeKcDhVaQmTyuF+/oI+UJNhojxMB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvNFY0cHdPRlZwQ1pQSzRYNy1najVRazJHaVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzVMA0G
CSqGSIb3DQEBCwUAA4IBAQA8rPlpL65/glXnqezTVfZ5A63cu6H/FbRTvpE1LCX1
j4BF7dRee5JuGd14IletkHDHSiUO70BbPhUWKLwXdyHFCwFq2KnVZBTU0aQKyvAE
7HBRIGr2peuxW6hSfhhJEVNCdOmZzEztNrQfHAe9APQaPx12C1iTzdwFetrxHqN6
9xZ9kTkzyeKaEMYT1G0KzKYf+NL4PoRo+FLp+N9snlz+WVT21nRRf+eyUjpNV0xK
EzNyiJg0lSE/yhizqvfuGXZd9y3mdVujWMDOmGbCsl48+Sjx1k/KZmEPOs4w2BzG
eCJa/AoHBguzR8yQi4Xi0STEZiT2f+dRbeiUYRs6sXP/
-----END CERTIFICATE-----