Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/d827c0-d6d5-48f6-8f45-f1a5ddd7798b/1/4qZGRJSVRXND833nU7WevC_7Uf0.roa
File:                     4qZGRJSVRXND833nU7WevC_7Uf0.roa (raw, json)
Hash identifier:          JmLQWqUA7IUXvKubySMIsJBpgmK2/mlcHYkms3Hqgqc=
Subject key identifier:   E2:A6:46:44:94:95:45:73:43:F3:7D:E7:53:B5:9E:BC:2F:FB:51:FD
Certificate issuer:       /CN=486c2d8af4ce50ce6f43e7df44e0b503700a86c0
Certificate serial:       018CC2DADED314E9F44F1F43192EF3AC8B4E
Authority key identifier: 48:6C:2D:8A:F4:CE:50:CE:6F:43:E7:DF:44:E0:B5:03:70:0A:86:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SGwtivTOUM5vQ-ffROC1A3AKhsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/d827c0-d6d5-48f6-8f45-f1a5ddd7798b/1/4qZGRJSVRXND833nU7WevC_7Uf0.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201295
IP address blocks:        185.252.28.0/24 maxlen: 24
                          185.252.31.0/24 maxlen: 24
                          185.252.30.0/24 maxlen: 24
                          185.252.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/d827c0-d6d5-48f6-8f45-f1a5ddd7798b/1/SGwtivTOUM5vQ-ffROC1A3AKhsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/d827c0-d6d5-48f6-8f45-f1a5ddd7798b/1/SGwtivTOUM5vQ-ffROC1A3AKhsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SGwtivTOUM5vQ-ffROC1A3AKhsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:de:d3:14:e9:f4:4f:1f:43:19:2e:f3:ac:8b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=486c2d8af4ce50ce6f43e7df44e0b503700a86c0
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2a646449495457343f37de753b59ebc2ffb51fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:79:8a:0d:ec:6f:bf:63:7e:61:48:72:ec:31:
                    de:94:2f:a8:07:a2:f9:06:a2:9a:64:55:70:4b:51:
                    6b:d3:a2:39:3e:08:b4:02:2d:39:bd:47:28:34:bc:
                    cc:71:71:09:29:0c:a2:09:e8:f8:04:2f:7d:65:a8:
                    13:56:26:d7:35:97:99:58:80:51:fd:a5:ac:9e:9b:
                    64:a3:e4:e4:7c:02:68:ec:4a:7d:c3:63:e8:28:6a:
                    b4:c5:b1:a5:5f:4e:19:4f:42:17:5f:c5:3f:d9:60:
                    1d:3e:a9:ce:57:ff:e7:37:54:b9:3a:8c:56:af:b8:
                    0b:4e:0e:07:87:bd:ae:2b:7a:4d:33:a7:d5:68:0e:
                    f7:4e:cd:21:7a:d2:ff:5c:6e:b8:2a:6a:51:ba:2c:
                    4d:04:9a:41:d1:f4:d2:d3:a6:43:fa:2f:01:b2:84:
                    bd:a4:51:c6:18:94:2b:78:63:0f:49:fe:fb:69:e4:
                    ff:46:ab:15:7a:38:30:ab:fd:64:e5:f9:8f:4a:da:
                    ca:c9:71:cb:95:97:e6:28:f0:25:d2:9b:48:53:44:
                    d1:27:5d:1c:c3:82:ea:a1:4d:bf:23:36:02:9f:8d:
                    a2:7a:3a:5a:3b:fe:9d:01:88:5a:8c:1d:ab:c8:3e:
                    35:c7:77:06:94:22:fe:1b:cf:6c:2f:d3:d5:a4:91:
                    19:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A6:46:44:94:95:45:73:43:F3:7D:E7:53:B5:9E:BC:2F:FB:51:FD
            X509v3 Authority Key Identifier:
                keyid:48:6C:2D:8A:F4:CE:50:CE:6F:43:E7:DF:44:E0:B5:03:70:0A:86:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGwtivTOUM5vQ-ffROC1A3AKhsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d827c0-d6d5-48f6-8f45-f1a5ddd7798b/1/4qZGRJSVRXND833nU7WevC_7Uf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d827c0-d6d5-48f6-8f45-f1a5ddd7798b/1/SGwtivTOUM5vQ-ffROC1A3AKhsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:73:f9:d1:9c:99:c5:f4:9f:38:66:06:3e:b6:a8:0e:2c:36:
         45:28:96:c8:4b:37:69:0a:0a:b3:f4:6d:f2:53:96:18:04:72:
         c7:1b:4c:3e:69:74:9d:0e:c2:84:d2:05:28:60:4b:16:93:55:
         e1:dd:b0:71:e0:a5:93:6a:31:d5:e1:6c:05:7f:b8:4e:fc:1c:
         e0:f6:70:8b:53:22:75:00:18:30:39:b2:11:e0:b7:f7:0a:9f:
         0f:d7:44:08:a3:04:fb:ce:d3:e8:e8:70:25:f0:48:4c:e3:57:
         6a:b4:3f:78:21:ba:7e:4b:49:64:08:7c:20:30:91:36:f9:e1:
         98:2a:1e:e9:9b:89:16:d9:0e:a6:9e:47:e2:c2:9d:4e:d3:89:
         4e:e6:bd:29:52:95:bf:30:23:64:f9:2a:09:ee:6d:f2:95:20:
         3d:e5:39:e7:b4:0e:20:90:ce:2b:eb:ef:e4:f8:ca:81:9a:70:
         e1:7f:4e:9d:09:ea:70:15:7c:82:b6:59:d9:33:5b:9c:ea:c8:
         a0:69:0a:2c:32:5a:9f:f2:69:95:28:48:14:dd:13:91:3b:33:
         85:ef:1b:18:25:44:6c:94:4b:b8:d5:5e:83:a0:b9:01:d7:3b:
         66:a5:d7:fc:57:e5:06:5d:92:35:b1:fd:75:fa:21:9b:36:8e:
         f1:1f:0a:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2t7TFOn0Tx9DGS7zrItOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NmMyZDhhZjRjZTUwY2U2ZjQzZTdkZjQ0ZTBiNTAzNzAw
YTg2YzAwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE2NDY0NDk0OTU0NTczNDNmMzdkZTc1M2I1OWViYzJmZmI1MWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnmKDexvv2N+YUhy7DHelC+oB6L5
BqKaZFVwS1Fr06I5Pgi0Ai05vUcoNLzMcXEJKQyiCej4BC99ZagTVibXNZeZWIBR
/aWsnptko+TkfAJo7Ep9w2PoKGq0xbGlX04ZT0IXX8U/2WAdPqnOV//nN1S5OoxW
r7gLTg4Hh72uK3pNM6fVaA73Ts0hetL/XG64KmpRuixNBJpB0fTS06ZD+i8BsoS9
pFHGGJQreGMPSf77aeT/RqsVejgwq/1k5fmPStrKyXHLlZfmKPAl0ptIU0TRJ10c
w4LqoU2/IzYCn42iejpaO/6dAYhajB2ryD41x3cGlCL+G89sL9PVpJEZeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKmRkSUlUVzQ/N951O1nrwv+1H9MB8GA1UdIwQY
MBaAFEhsLYr0zlDOb0Pn30TgtQNwCobAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0d3dGl2VE9VTTV2US1mZlJPQzFBM0FLaHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9kODI3YzAtZDZkNS00OGY2LThmNDUt
ZjFhNWRkZDc3OThiLzEvNHFaR1JKU1ZSWE5EODMzblU3V2V2Q183VWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9kODI3YzAtZDZkNS00OGY2LThmNDUtZjFhNWRkZDc3OThi
LzEvU0d3dGl2VE9VTTV2US1mZlJPQzFBM0FLaHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufwcMA0G
CSqGSIb3DQEBCwUAA4IBAQCec/nRnJnF9J84ZgY+tqgOLDZFKJbISzdpCgqz9G3y
U5YYBHLHG0w+aXSdDsKE0gUoYEsWk1Xh3bBx4KWTajHV4WwFf7hO/Bzg9nCLUyJ1
ABgwObIR4Lf3Cp8P10QIowT7ztPo6HAl8EhM41dqtD94Ibp+S0lkCHwgMJE2+eGY
Kh7pm4kW2Q6mnkfiwp1O04lO5r0pUpW/MCNk+SoJ7m3ylSA95TnntA4gkM4r6+/k
+MqBmnDhf06dCepwFXyCtlnZM1uc6sigaQosMlqf8mmVKEgU3ROROzOF7xsYJURs
lEu41V6DoLkB1ztmpdf8V+UGXZI1sf11+iGbNo7xHwpV
-----END CERTIFICATE-----