Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/4gXzF_5uX1EfseenU80qNDbDfD8.roa
File:                     4gXzF_5uX1EfseenU80qNDbDfD8.roa (raw, json)
Hash identifier:          p4quHGKiOMqPTjWzfh/bieNICpEQt6BcE78QlGhxH9I=
Subject key identifier:   E2:05:F3:17:FE:6E:5F:51:1F:B1:E7:A7:53:CD:2A:34:36:C3:7C:3F
Certificate issuer:       /CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
Certificate serial:       018F70F1AAA40E74343E1EA5E0D8C4CA2AA7
Authority key identifier: 8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/4gXzF_5uX1EfseenU80qNDbDfD8.roa
Signing time:             Mon 13 May 2024 07:53:57 +0000
ROA not before:           Mon 13 May 2024 07:53:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205959
IP address blocks:        185.151.164.0/22 maxlen: 22
                          2a07:7980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:70:f1:aa:a4:0e:74:34:3e:1e:a5:e0:d8:c4:ca:2a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
        Validity
            Not Before: May 13 07:53:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e205f317fe6e5f511fb1e7a753cd2a3436c37c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3c:e8:fc:61:19:d8:d9:5e:32:0f:c5:21:70:
                    ec:5d:c9:dc:90:83:87:42:68:9f:7d:d2:7e:67:28:
                    76:db:4f:6e:55:ad:e5:cf:da:46:48:7b:0b:51:7d:
                    cd:df:05:f5:93:98:b8:a7:ec:4f:bd:07:4e:15:dc:
                    eb:88:ef:b7:0c:e1:34:b4:eb:3c:de:c4:cd:b8:ec:
                    ca:7d:a2:65:48:ec:c4:76:2e:5e:af:96:2f:b2:1d:
                    65:01:6e:f5:2c:37:0d:22:a1:6c:4a:13:64:d8:ec:
                    e6:f7:42:66:0b:95:81:e4:67:c9:a9:c0:d6:ed:ac:
                    51:75:60:7e:45:3c:42:dc:13:ba:8f:3a:93:3d:91:
                    8e:d7:53:f9:11:dd:8e:80:e6:54:3c:ad:f5:ba:fb:
                    d2:7d:f9:97:a6:f4:08:55:f3:30:cd:05:a5:ec:5d:
                    4b:c9:d2:60:06:17:61:a4:f5:e7:9d:20:9e:de:e2:
                    cc:4c:2c:ae:f3:73:0d:fb:32:9e:d0:c6:57:d7:16:
                    dc:ba:e7:08:27:5f:60:63:41:0e:b4:33:7e:cd:f3:
                    cd:46:22:ae:b3:d0:3c:05:76:e5:8d:1a:c1:33:57:
                    32:05:0f:74:aa:1e:ee:46:9d:b3:db:68:67:f7:7a:
                    cc:30:2b:23:1e:44:b3:c0:60:ec:e5:5f:6d:cd:37:
                    d9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:05:F3:17:FE:6E:5F:51:1F:B1:E7:A7:53:CD:2A:34:36:C3:7C:3F
            X509v3 Authority Key Identifier:
                keyid:8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/4gXzF_5uX1EfseenU80qNDbDfD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.164.0/22
                IPv6:
                  2a07:7980::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:27:9b:d1:6d:9e:fe:d7:ae:73:43:7c:f2:59:c4:e7:79:ae:
         71:04:17:b2:24:7b:a1:cc:ab:26:2f:cb:48:48:8a:51:d6:14:
         82:5e:92:0a:4b:3f:85:fd:71:e9:c8:d9:64:54:bd:f1:dc:95:
         46:0c:7b:03:f2:1d:95:4e:71:05:6e:46:42:07:59:5a:c8:f8:
         27:e6:10:1f:d9:a6:13:df:f8:64:c1:3d:33:6c:76:da:84:df:
         33:98:25:ae:7c:a9:26:49:65:25:be:da:26:82:f6:11:d0:67:
         48:2f:2a:4a:7a:a9:23:b6:e2:a6:3c:d3:cc:86:70:6c:92:0b:
         8c:7c:e4:8e:58:a1:59:06:97:59:d7:dd:9d:41:68:70:44:fa:
         c8:b4:e2:8d:9e:c2:28:c8:9f:b5:d1:26:23:05:81:2e:3e:18:
         2e:74:41:fd:fd:c9:8c:39:4a:a8:a4:54:99:e7:44:c3:d9:33:
         d2:a6:56:42:a2:78:7e:bf:1b:4f:ec:85:54:e9:ed:14:32:b0:
         4c:11:9f:1c:3a:56:a9:28:13:2b:2f:f5:97:5a:f7:b1:19:19:
         1d:91:22:04:a4:45:57:6b:b9:49:72:dd:8c:01:98:bf:a9:69:
         81:a1:0d:2c:6e:79:a0:5e:dc:bf:3b:14:02:19:e3:bb:f5:65:
         80:f3:71:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY9w8aqkDnQ0Ph6l4NjEyiqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGFjMThhN2FkNTAxYmE3ZWExMzU2NzkwOWYxN2U0Zjcz
Mjc0MTMwHhcNMjQwNTEzMDc1MzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjA1ZjMxN2ZlNmU1ZjUxMWZiMWU3YTc1M2NkMmEzNDM2YzM3YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDzo/GEZ2NleMg/FIXDsXcnckIOH
QmiffdJ+Zyh2209uVa3lz9pGSHsLUX3N3wX1k5i4p+xPvQdOFdzriO+3DOE0tOs8
3sTNuOzKfaJlSOzEdi5er5Yvsh1lAW71LDcNIqFsShNk2Ozm90JmC5WB5GfJqcDW
7axRdWB+RTxC3BO6jzqTPZGO11P5Ed2OgOZUPK31uvvSffmXpvQIVfMwzQWl7F1L
ydJgBhdhpPXnnSCe3uLMTCyu83MN+zKe0MZX1xbcuucIJ19gY0EOtDN+zfPNRiKu
s9A8BXbljRrBM1cyBQ90qh7uRp2z22hn93rMMCsjHkSzwGDs5V9tzTfZRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOIF8xf+bl9RH7Hnp1PNKjQ2w3w/MB8GA1UdIwQY
MBaAFIvawYp61QG6fqE1Z5CfF+T3MnQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzkt
YzNjYzVkZTFlY2U5LzEvNGdYekZfNXVYMUVmc2VlblU4MHFORGJEZkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzktYzNjYzVkZTFlY2U5
LzEvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZekMA0E
AgACMAcDBQMqB3mAMA0GCSqGSIb3DQEBCwUAA4IBAQDOJ5vRbZ7+165zQ3zyWcTn
ea5xBBeyJHuhzKsmL8tISIpR1hSCXpIKSz+F/XHpyNlkVL3x3JVGDHsD8h2VTnEF
bkZCB1layPgn5hAf2aYT3/hkwT0zbHbahN8zmCWufKkmSWUlvtomgvYR0GdILypK
eqkjtuKmPNPMhnBskguMfOSOWKFZBpdZ192dQWhwRPrItOKNnsIoyJ+10SYjBYEu
PhgudEH9/cmMOUqopFSZ50TD2TPSplZConh+vxtP7IVU6e0UMrBMEZ8cOlapKBMr
L/WXWvexGRkdkSIEpEVXa7lJct2MAZi/qWmBoQ0sbnmgXty/OxQCGeO79WWA83F+
-----END CERTIFICATE-----