Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/4FRPSgQT8ctjAsmpfq-s2wVw8ds.roa
File:                     4FRPSgQT8ctjAsmpfq-s2wVw8ds.roa (raw, json)
Hash identifier:          nuMvCWWDJBzvaT54eYuq1v+QT+uU5Qoyizy7MUnpYHk=
Subject key identifier:   E0:54:4F:4A:04:13:F1:CB:63:02:C9:A9:7E:AF:AC:DB:05:70:F1:DB
Certificate issuer:       /CN=261b941dbe59651fafbba9724a12775e07edb635
Certificate serial:       018CCAABAEFBBACD15EE49F3DA71FA16927D
Authority key identifier: 26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/4FRPSgQT8ctjAsmpfq-s2wVw8ds.roa
Signing time:             Tue 02 Jan 2024 14:54:58 +0000
ROA not before:           Tue 02 Jan 2024 14:54:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        185.172.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:ab:ae:fb:ba:cd:15:ee:49:f3:da:71:fa:16:92:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261b941dbe59651fafbba9724a12775e07edb635
        Validity
            Not Before: Jan  2 14:54:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0544f4a0413f1cb6302c9a97eafacdb0570f1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a4:28:3a:26:29:5e:04:df:ef:52:8e:3c:98:
                    42:8a:57:8a:dd:2e:b8:9b:15:79:b8:6a:f1:90:7c:
                    97:d1:ef:10:81:dd:f6:71:7f:54:25:7a:23:c5:59:
                    9b:31:97:32:f0:d4:7c:b8:15:e7:d6:d3:6e:6f:1f:
                    cd:20:ba:aa:97:d7:ab:dd:b0:97:d9:ca:88:5a:ad:
                    e5:80:38:ff:c1:0d:6b:c7:54:48:0e:fd:17:ad:b5:
                    f6:d8:05:42:de:94:4c:e7:ff:18:b6:e1:99:b5:18:
                    c5:13:19:45:87:1e:1e:97:9b:0e:7c:f0:eb:76:da:
                    65:a4:fa:3d:5b:d4:ab:19:d0:88:c1:9a:07:a4:48:
                    e7:a1:4b:b7:fd:89:12:46:b8:ba:64:9a:b5:b2:3a:
                    20:4d:52:43:05:cf:99:ab:7c:6e:0d:57:94:49:a8:
                    4b:e6:05:c6:02:55:d2:63:85:d5:e3:dc:5e:4c:e6:
                    91:b2:ea:95:2b:30:2f:2d:99:34:fd:34:6c:2c:b8:
                    23:8b:90:26:9c:a5:7f:86:50:02:f2:80:43:d1:98:
                    d0:d3:bb:33:da:15:b5:68:4e:91:93:24:a7:1e:f1:
                    e3:5d:4f:0d:2c:d9:2f:b2:e9:9f:e2:6d:8a:53:1b:
                    3f:79:23:af:c5:5d:0a:34:95:b3:3e:d7:6a:6d:61:
                    40:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:54:4F:4A:04:13:F1:CB:63:02:C9:A9:7E:AF:AC:DB:05:70:F1:DB
            X509v3 Authority Key Identifier:
                keyid:26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/4FRPSgQT8ctjAsmpfq-s2wVw8ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c3:c8:83:61:e4:20:94:c5:75:e0:65:f4:3c:d9:d3:62:d2:68:
         d5:f8:1c:2f:3a:1d:99:24:1e:7a:0f:95:3d:71:05:5f:b5:ba:
         b1:e1:9e:25:20:34:fb:7a:e5:4c:1c:9b:2c:7e:cf:b1:f8:9f:
         71:b2:99:de:6b:a6:6a:e0:e2:f9:a5:9d:a5:e6:85:04:7a:7d:
         6d:36:c4:78:b3:fe:fc:58:40:f3:cb:7d:62:c5:ae:10:bb:36:
         4c:4d:fd:c7:5f:4e:7b:d6:f5:4e:2a:eb:0d:2f:f1:1d:27:9d:
         98:db:fa:a1:21:82:b0:10:22:38:10:26:ea:4d:8d:29:1c:1d:
         60:c9:73:17:e3:fd:e2:37:ed:0c:35:67:2e:b0:08:92:7a:69:
         ea:b7:5c:60:22:39:e5:bb:e2:06:a4:dd:d1:19:2d:39:dd:70:
         6e:79:8e:58:43:3d:29:de:01:c1:95:76:c5:a7:50:96:c7:12:
         df:2e:e4:86:c0:a9:d2:18:00:e4:c1:02:77:8b:04:a2:a8:0f:
         4b:50:76:9d:0c:93:e1:a9:fd:5b:73:97:d9:72:89:d5:f5:67:
         5e:41:64:6a:0f:ee:d9:9c:71:da:0f:3d:47:78:67:78:bf:64:
         db:ef:7a:d2:a1:39:03:5b:23:dc:21:53:11:6b:86:d3:2e:94:
         25:e8:40:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKq677us0V7knz2nH6FpJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MWI5NDFkYmU1OTY1MWZhZmJiYTk3MjRhMTI3NzVlMDdl
ZGI2MzUwHhcNMjQwMTAyMTQ1NDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDU0NGY0YTA0MTNmMWNiNjMwMmM5YTk3ZWFmYWNkYjA1NzBmMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaQoOiYpXgTf71KOPJhCileK3S64
mxV5uGrxkHyX0e8Qgd32cX9UJXojxVmbMZcy8NR8uBXn1tNubx/NILqql9er3bCX
2cqIWq3lgDj/wQ1rx1RIDv0XrbX22AVC3pRM5/8YtuGZtRjFExlFhx4el5sOfPDr
dtplpPo9W9SrGdCIwZoHpEjnoUu3/YkSRri6ZJq1sjogTVJDBc+Zq3xuDVeUSahL
5gXGAlXSY4XV49xeTOaRsuqVKzAvLZk0/TRsLLgji5AmnKV/hlAC8oBD0ZjQ07sz
2hW1aE6RkySnHvHjXU8NLNkvsumf4m2KUxs/eSOvxV0KNJWzPtdqbWFAuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBUT0oEE/HLYwLJqX6vrNsFcPHbMB8GA1UdIwQY
MBaAFCYblB2+WWUfr7upckoSd14H7bY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAt
Yjk4ZGY1NDRiYzIwLzEvNEZSUFNnUVQ4Y3RqQXNtcGZxLXMyd1Z3OGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAtYjk4ZGY1NDRiYzIw
LzEvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuayYMA0G
CSqGSIb3DQEBCwUAA4IBAQDDyINh5CCUxXXgZfQ82dNi0mjV+BwvOh2ZJB56D5U9
cQVftbqx4Z4lIDT7euVMHJssfs+x+J9xspnea6Zq4OL5pZ2l5oUEen1tNsR4s/78
WEDzy31ixa4QuzZMTf3HX0571vVOKusNL/EdJ52Y2/qhIYKwECI4ECbqTY0pHB1g
yXMX4/3iN+0MNWcusAiSemnqt1xgIjnlu+IGpN3RGS053XBueY5YQz0p3gHBlXbF
p1CWxxLfLuSGwKnSGADkwQJ3iwSiqA9LUHadDJPhqf1bc5fZconV9WdeQWRqD+7Z
nHHaDz1HeGd4v2Tb73rSoTkDWyPcIVMRa4bTLpQl6EBM
-----END CERTIFICATE-----