Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/K4qF24pkNcLkbvisRslO16-EKpA.roa
File:                     K4qF24pkNcLkbvisRslO16-EKpA.roa (raw, json)
Hash identifier:          Kf4LzUHZULR/LKII6Q0BgHnDR+VeZHAUlVx9whulzZs=
Subject key identifier:   2B:8A:85:DB:8A:64:35:C2:E4:6E:F8:AC:46:C9:4E:D7:AF:84:2A:90
Certificate issuer:       /CN=dead4c89f7aed8681d0202d22479d86e1462f889
Certificate serial:       018CC6B87177B8D462B4F4C3BBE2DABA6D4E
Authority key identifier: DE:AD:4C:89:F7:AE:D8:68:1D:02:02:D2:24:79:D8:6E:14:62:F8:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/K4qF24pkNcLkbvisRslO16-EKpA.roa
Signing time:             Mon 01 Jan 2024 20:30:25 +0000
ROA not before:           Mon 01 Jan 2024 20:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25459
IP address blocks:        185.44.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:71:77:b8:d4:62:b4:f4:c3:bb:e2:da:ba:6d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dead4c89f7aed8681d0202d22479d86e1462f889
        Validity
            Not Before: Jan  1 20:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b8a85db8a6435c2e46ef8ac46c94ed7af842a90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e9:66:83:80:22:eb:22:05:b9:c7:7a:ff:1b:
                    de:9f:1b:af:a1:c6:3e:cb:09:c1:21:99:45:bf:6b:
                    fc:b9:0a:ce:33:8b:b8:c2:e9:10:30:6e:84:e7:58:
                    b3:4f:20:6e:19:e3:5a:e6:be:67:c1:e0:c4:54:35:
                    38:47:c8:e1:ec:63:82:08:8a:a9:35:6f:2c:ef:ad:
                    d3:cb:f7:b4:8f:9c:0c:55:50:f4:d4:42:46:b6:03:
                    1b:d6:20:c9:44:7d:82:f4:9e:7f:82:c9:83:c2:81:
                    75:83:1c:0b:5f:a1:8e:79:9d:7b:f4:6e:c4:22:24:
                    81:c9:22:d5:dc:12:ad:fb:25:c9:b2:93:82:8e:e6:
                    94:37:de:d7:af:0c:00:43:e4:f6:49:a6:d6:84:58:
                    b1:3e:0c:59:7b:1f:4f:af:cc:8a:f1:a3:e9:94:c1:
                    72:80:cf:c1:31:64:47:dc:86:0e:70:ed:af:8a:92:
                    f2:10:6e:11:9b:5e:1a:e6:7e:cf:8a:70:f4:3d:92:
                    2e:2c:73:ea:a1:5b:0f:09:32:6d:2a:c6:a0:93:20:
                    dd:ec:2c:1c:dc:cb:97:bd:c2:9f:c0:ad:82:e2:95:
                    bc:23:d1:1c:da:38:16:f1:f4:b3:8d:1e:6d:08:ba:
                    9d:c4:ae:5d:b5:7d:ad:db:27:4f:62:61:16:96:c5:
                    b5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:8A:85:DB:8A:64:35:C2:E4:6E:F8:AC:46:C9:4E:D7:AF:84:2A:90
            X509v3 Authority Key Identifier:
                keyid:DE:AD:4C:89:F7:AE:D8:68:1D:02:02:D2:24:79:D8:6E:14:62:F8:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/K4qF24pkNcLkbvisRslO16-EKpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:09:02:7c:8b:7d:45:06:4e:ad:42:14:54:97:ac:e7:d4:c3:
         ff:ef:eb:80:98:cc:0d:69:3a:15:c3:ee:f6:55:0e:34:a8:11:
         82:05:58:18:6f:dd:d4:29:20:a9:96:5b:1f:ab:12:de:24:88:
         3d:b6:25:b0:da:28:21:e5:35:76:bf:e3:79:11:4e:c1:d4:94:
         43:82:77:07:a1:af:d3:07:e6:78:44:0e:80:81:c3:74:f1:74:
         5e:1b:80:6a:ef:24:f7:11:b9:45:c5:82:fe:4f:6e:dd:be:1c:
         b4:7d:06:1f:03:95:50:6f:30:8a:2d:23:7f:52:90:f8:2c:e0:
         24:a0:c0:69:77:25:75:1a:34:79:a2:b0:d8:2a:21:77:f1:ec:
         ed:1f:6a:df:ba:a2:2c:30:6f:df:0e:42:fe:b6:44:d3:d4:41:
         09:68:fa:22:69:ae:0b:b7:96:0b:38:6c:bd:33:d9:18:49:b7:
         d9:70:52:94:ca:be:2a:78:67:55:cb:a9:40:12:a8:81:47:f1:
         3c:fe:37:3e:c8:83:83:b1:b5:10:4a:7a:96:4a:fa:fc:55:65:
         e9:1c:94:5d:d6:93:78:a5:2c:66:26:4e:e5:d8:a2:88:d7:2e:
         f7:af:a8:8b:80:cc:4b:2d:2a:a6:4b:83:92:bd:7c:06:62:81:
         12:b5:05:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuHF3uNRitPTDu+Laum1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYWQ0Yzg5ZjdhZWQ4NjgxZDAyMDJkMjI0NzlkODZlMTQ2
MmY4ODkwHhcNMjQwMTAxMjAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjhhODVkYjhhNjQzNWMyZTQ2ZWY4YWM0NmM5NGVkN2FmODQyYTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOlmg4Ai6yIFucd6/xvenxuvocY+
ywnBIZlFv2v8uQrOM4u4wukQMG6E51izTyBuGeNa5r5nweDEVDU4R8jh7GOCCIqp
NW8s763Ty/e0j5wMVVD01EJGtgMb1iDJRH2C9J5/gsmDwoF1gxwLX6GOeZ179G7E
IiSBySLV3BKt+yXJspOCjuaUN97XrwwAQ+T2SabWhFixPgxZex9Pr8yK8aPplMFy
gM/BMWRH3IYOcO2vipLyEG4Rm14a5n7PinD0PZIuLHPqoVsPCTJtKsagkyDd7Cwc
3MuXvcKfwK2C4pW8I9Ec2jgW8fSzjR5tCLqdxK5dtX2t2ydPYmEWlsW1rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuKhduKZDXC5G74rEbJTtevhCqQMB8GA1UdIwQY
MBaAFN6tTIn3rthoHQIC0iR52G4UYviJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3ExTWlmZXUyR2dkQWdMU0pIblliaFJpLUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9jZWE2NWYtZWNhMS00ZjgwLTg3NGUt
NWJjZmNlNWNhMmM3LzEvSzRxRjI0cGtOY0xrYnZpc1JzbE8xNi1FS3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9jZWE2NWYtZWNhMS00ZjgwLTg3NGUtNWJjZmNlNWNhMmM3
LzEvM3ExTWlmZXUyR2dkQWdMU0pIblliaFJpLUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSyoMA0G
CSqGSIb3DQEBCwUAA4IBAQBKCQJ8i31FBk6tQhRUl6zn1MP/7+uAmMwNaToVw+72
VQ40qBGCBVgYb93UKSCpllsfqxLeJIg9tiWw2igh5TV2v+N5EU7B1JRDgncHoa/T
B+Z4RA6AgcN08XReG4Bq7yT3EblFxYL+T27dvhy0fQYfA5VQbzCKLSN/UpD4LOAk
oMBpdyV1GjR5orDYKiF38eztH2rfuqIsMG/fDkL+tkTT1EEJaPoiaa4Lt5YLOGy9
M9kYSbfZcFKUyr4qeGdVy6lAEqiBR/E8/jc+yIODsbUQSnqWSvr8VWXpHJRd1pN4
pSxmJk7l2KKI1y73r6iLgMxLLSqmS4OSvXwGYoEStQX2
-----END CERTIFICATE-----