Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/s4dGZtQajXWj2RIQqHy7-jDiTCQ.roa
File:                     s4dGZtQajXWj2RIQqHy7-jDiTCQ.roa (raw, json)
Hash identifier:          SodGMyZ8IsqzGlPZk+D1nBWce/rFRvHlfSvDwh+JeCM=
Subject key identifier:   B3:87:46:66:D4:1A:8D:75:A3:D9:12:10:A8:7C:BB:FA:30:E2:4C:24
Certificate issuer:       /CN=66f983138969f8da674f7b5c0133e0c2d029b4c8
Certificate serial:       018CC424C384AC9C8AA18AB38782F56D67E0
Authority key identifier: 66:F9:83:13:89:69:F8:DA:67:4F:7B:5C:01:33:E0:C2:D0:29:B4:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvmDE4lp-NpnT3tcATPgwtAptMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/s4dGZtQajXWj2RIQqHy7-jDiTCQ.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197350
IP address blocks:        185.90.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/ZvmDE4lp-NpnT3tcATPgwtAptMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/ZvmDE4lp-NpnT3tcATPgwtAptMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvmDE4lp-NpnT3tcATPgwtAptMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c3:84:ac:9c:8a:a1:8a:b3:87:82:f5:6d:67:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f983138969f8da674f7b5c0133e0c2d029b4c8
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3874666d41a8d75a3d91210a87cbbfa30e24c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:79:d2:64:65:10:92:ce:b1:49:b3:8e:76:b9:
                    43:6e:d9:27:29:1d:41:56:9b:71:35:9e:4f:a0:8f:
                    12:56:70:ac:1d:55:00:68:d6:18:6f:7a:f2:23:29:
                    9e:cf:db:b9:e7:fd:f5:f0:fc:7a:96:f5:66:00:21:
                    d9:cb:37:74:43:44:11:29:2c:3c:4b:79:76:d9:83:
                    67:1d:5e:a2:0f:d6:61:6f:17:6d:bc:b7:e8:aa:6b:
                    9f:d3:04:18:aa:03:a4:9d:4c:b5:35:19:ef:19:d5:
                    36:2c:5c:1f:3d:a9:7d:d1:e1:a1:c5:81:ce:7f:c2:
                    59:d5:1a:e8:e0:1f:ea:2a:93:04:44:91:0f:bc:07:
                    20:bc:e1:f0:8c:9d:aa:b1:41:15:b8:e8:02:04:73:
                    0b:a1:e9:3b:7e:83:cf:ee:be:03:4d:44:9d:06:1b:
                    1c:54:55:de:9f:81:25:eb:04:94:c3:06:96:ae:9c:
                    38:b4:b7:33:ff:16:08:81:a8:56:a4:0a:e8:a7:67:
                    b3:38:3c:cf:41:e7:2e:18:82:67:a2:b6:0a:73:29:
                    7e:5f:dd:27:2b:e0:d6:a7:28:02:da:66:52:10:d1:
                    25:5e:ab:d6:76:6e:2a:00:43:95:62:98:77:82:aa:
                    a9:38:f7:c1:9d:4d:8d:5d:81:c3:4f:8e:7c:d7:66:
                    88:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:87:46:66:D4:1A:8D:75:A3:D9:12:10:A8:7C:BB:FA:30:E2:4C:24
            X509v3 Authority Key Identifier:
                keyid:66:F9:83:13:89:69:F8:DA:67:4F:7B:5C:01:33:E0:C2:D0:29:B4:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvmDE4lp-NpnT3tcATPgwtAptMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/s4dGZtQajXWj2RIQqHy7-jDiTCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b8169b-8bfd-40ff-b9ba-403043048118/1/ZvmDE4lp-NpnT3tcATPgwtAptMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:e3:c0:bb:18:61:73:a0:6a:e3:25:5b:99:61:f2:92:b2:ce:
         98:bf:2a:f6:d6:34:38:81:e6:69:fa:1c:04:93:39:9f:7c:05:
         31:53:be:5d:dd:9c:24:b9:be:29:1a:41:18:8f:0c:e4:8b:22:
         2e:c7:6f:59:a1:cd:21:6e:df:e5:b6:c2:1e:75:88:0e:20:dd:
         ce:9a:7a:62:80:46:7a:4f:fa:84:09:0b:eb:5e:49:42:6b:62:
         e4:4a:b1:aa:a0:d0:c5:8d:88:cf:10:f0:85:b0:c4:ea:90:97:
         98:ed:c5:3d:84:cf:c7:13:0b:76:fa:cc:02:e4:80:e7:61:21:
         fa:df:ec:27:dc:6d:d9:6c:89:0e:24:f7:b7:db:4c:bb:9f:1b:
         08:9e:86:dd:97:15:65:23:b0:17:e7:96:84:9a:da:f3:8b:f3:
         c4:21:81:fa:9c:e8:26:c1:ad:a4:6b:df:8e:e9:78:ad:46:b2:
         18:6f:19:f2:1b:73:25:66:7d:14:9d:87:4e:71:b1:f5:58:d3:
         5c:1b:0b:3d:de:60:a8:8b:a8:e2:4b:65:66:d1:f7:83:b6:4b:
         5c:9a:87:b7:77:c7:6f:f3:ea:72:e3:09:e8:0f:a7:40:39:cf:
         db:e4:ff:db:5d:19:7d:51:9e:25:f5:07:a8:07:57:57:a2:c4:
         f9:37:6b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJMOErJyKoYqzh4L1bWfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2Zjk4MzEzODk2OWY4ZGE2NzRmN2I1YzAxMzNlMGMyZDAy
OWI0YzgwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg3NDY2NmQ0MWE4ZDc1YTNkOTEyMTBhODdjYmJmYTMwZTI0YzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHnSZGUQks6xSbOOdrlDbtknKR1B
VptxNZ5PoI8SVnCsHVUAaNYYb3ryIymez9u55/318Px6lvVmACHZyzd0Q0QRKSw8
S3l22YNnHV6iD9ZhbxdtvLfoqmuf0wQYqgOknUy1NRnvGdU2LFwfPal90eGhxYHO
f8JZ1Rro4B/qKpMERJEPvAcgvOHwjJ2qsUEVuOgCBHMLoek7foPP7r4DTUSdBhsc
VFXen4El6wSUwwaWrpw4tLcz/xYIgahWpArop2ezODzPQecuGIJnorYKcyl+X90n
K+DWpygC2mZSENElXqvWdm4qAEOVYph3gqqpOPfBnU2NXYHDT45812aILQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOHRmbUGo11o9kSEKh8u/ow4kwkMB8GA1UdIwQY
MBaAFGb5gxOJafjaZ097XAEz4MLQKbTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZtREU0bHAtTnBuVDN0Y0FUUGd3dEFwdE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iODE2OWItOGJmZC00MGZmLWI5YmEt
NDAzMDQzMDQ4MTE4LzEvczRkR1p0UWFqWFdqMlJJUXFIeTctakRpVENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iODE2OWItOGJmZC00MGZmLWI5YmEtNDAzMDQzMDQ4MTE4
LzEvWnZtREU0bHAtTnBuVDN0Y0FUUGd3dEFwdE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVp8MA0G
CSqGSIb3DQEBCwUAA4IBAQBq48C7GGFzoGrjJVuZYfKSss6Yvyr21jQ4geZp+hwE
kzmffAUxU75d3Zwkub4pGkEYjwzkiyIux29Zoc0hbt/ltsIedYgOIN3OmnpigEZ6
T/qECQvrXklCa2LkSrGqoNDFjYjPEPCFsMTqkJeY7cU9hM/HEwt2+swC5IDnYSH6
3+wn3G3ZbIkOJPe320y7nxsInobdlxVlI7AX55aEmtrzi/PEIYH6nOgmwa2ka9+O
6XitRrIYbxnyG3MlZn0UnYdOcbH1WNNcGws93mCoi6jiS2Vm0feDtktcmoe3d8dv
8+py4wnoD6dAOc/b5P/bXRl9UZ4l9QeoB1dXosT5N2uO
-----END CERTIFICATE-----