Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/355efb-26b0-4112-b4b5-93c29640bbfe/1/KN2DE5zx30wA3HZ6GhtUp5tJOHU.roa
File:                     KN2DE5zx30wA3HZ6GhtUp5tJOHU.roa (raw, json)
Hash identifier:          ztrrRwWnXKdR+vV8MaRAJcvwyk+CPYfarokcbFZsD8U=
Subject key identifier:   28:DD:83:13:9C:F1:DF:4C:00:DC:76:7A:1A:1B:54:A7:9B:49:38:75
Certificate issuer:       /CN=4dc871b5ddf0740b317d1e34e36b26810bb98026
Certificate serial:       018CC8DF359198780F5565F5F3575F7D2AA4
Authority key identifier: 4D:C8:71:B5:DD:F0:74:0B:31:7D:1E:34:E3:6B:26:81:0B:B9:80:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tchxtd3wdAsxfR4042smgQu5gCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/355efb-26b0-4112-b4b5-93c29640bbfe/1/KN2DE5zx30wA3HZ6GhtUp5tJOHU.roa
Signing time:             Tue 02 Jan 2024 06:32:00 +0000
ROA not before:           Tue 02 Jan 2024 06:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204368
IP address blocks:        185.250.89.0/24 maxlen: 24
                          185.250.88.0/24 maxlen: 24
                          185.250.91.0/24 maxlen: 24
                          185.250.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/355efb-26b0-4112-b4b5-93c29640bbfe/1/Tchxtd3wdAsxfR4042smgQu5gCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/355efb-26b0-4112-b4b5-93c29640bbfe/1/Tchxtd3wdAsxfR4042smgQu5gCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tchxtd3wdAsxfR4042smgQu5gCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:35:91:98:78:0f:55:65:f5:f3:57:5f:7d:2a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc871b5ddf0740b317d1e34e36b26810bb98026
        Validity
            Not Before: Jan  2 06:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28dd83139cf1df4c00dc767a1a1b54a79b493875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2b:c6:ca:f8:8e:04:8d:fd:5b:a6:a6:4f:bd:
                    57:db:b8:35:f2:2e:73:ec:b3:f0:13:7d:7c:e9:d8:
                    a7:3d:25:b1:5e:49:c5:46:61:99:08:58:23:ee:61:
                    61:2d:ac:0d:5a:5c:b9:ea:f6:73:7b:ac:38:9e:45:
                    c3:5f:9b:72:4a:8b:94:c4:d4:a0:cb:c6:d5:f9:0b:
                    89:76:ed:ff:c4:96:04:5f:a8:19:2f:02:50:58:6b:
                    19:27:71:dc:46:c1:fb:b0:45:ff:6f:b8:68:c8:01:
                    2a:24:78:4c:f3:c5:2b:c5:de:89:39:9f:ae:65:fe:
                    ae:24:de:c3:78:87:0a:b1:72:64:64:42:c1:bc:2c:
                    d2:dd:0d:7b:97:f3:b6:69:26:91:80:85:02:b9:2e:
                    ef:b4:b8:a6:6c:de:1c:91:c9:1a:66:64:c8:e9:23:
                    fa:bb:1a:0f:80:9e:d5:3d:06:10:ef:23:0a:fb:e7:
                    de:5f:10:26:d7:92:11:21:a6:2a:33:47:e4:75:81:
                    4c:f5:38:a8:a7:e6:4d:f0:75:bc:c7:dc:0e:28:92:
                    2d:3c:9b:ab:ba:cc:a4:67:21:ec:e7:b3:99:ad:3e:
                    37:29:89:59:78:82:0e:eb:dc:e9:51:44:35:6e:61:
                    c2:a1:f7:e7:3d:53:75:ba:5d:a9:06:f8:99:3a:da:
                    b8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:DD:83:13:9C:F1:DF:4C:00:DC:76:7A:1A:1B:54:A7:9B:49:38:75
            X509v3 Authority Key Identifier:
                keyid:4D:C8:71:B5:DD:F0:74:0B:31:7D:1E:34:E3:6B:26:81:0B:B9:80:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tchxtd3wdAsxfR4042smgQu5gCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/355efb-26b0-4112-b4b5-93c29640bbfe/1/KN2DE5zx30wA3HZ6GhtUp5tJOHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/355efb-26b0-4112-b4b5-93c29640bbfe/1/Tchxtd3wdAsxfR4042smgQu5gCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:95:c5:71:b3:32:75:5a:cc:f0:8d:2e:bd:ac:df:11:04:5d:
         b8:b8:c4:43:e3:b2:f9:a5:8c:d7:27:a4:fe:5c:69:48:d5:02:
         58:06:b4:33:9b:b0:08:d7:ed:36:25:37:16:4b:8c:03:98:0c:
         65:d1:40:0a:ff:22:34:bb:96:7b:0c:e9:7f:46:20:a7:4d:fc:
         c7:de:7f:a7:32:83:f5:64:7a:76:ae:fd:af:ec:5e:01:bb:b2:
         c9:1d:f0:03:6a:f9:67:8f:44:2f:a9:c2:3d:fd:c9:36:e3:9a:
         f2:5e:fb:25:c0:62:2d:30:5c:f6:bf:14:7f:de:65:bc:ba:69:
         ae:d1:26:d6:a1:4b:7b:64:50:0d:32:e3:7e:60:30:f4:c9:37:
         91:1c:e0:11:57:0d:c6:e3:f7:05:a7:a5:17:7f:d2:47:50:7e:
         b5:b6:14:d7:1f:97:0e:d8:23:21:4a:ec:a7:9c:f0:b5:ab:56:
         c0:ab:52:b9:3e:49:b2:59:9f:57:97:18:b2:e5:82:d4:fd:60:
         56:de:cc:64:ec:dd:74:a6:24:b5:7e:89:ef:9d:f0:7a:62:99:
         7e:30:a4:8c:ff:41:9c:bf:67:00:ba:82:76:fc:94:a5:dc:44:
         d9:09:29:33:ad:cc:b2:16:9e:31:41:fd:65:2e:33:e7:1e:09:
         7e:7c:71:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zWRmHgPVWX181dffSqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzg3MWI1ZGRmMDc0MGIzMTdkMWUzNGUzNmIyNjgxMGJi
OTgwMjYwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGRkODMxMzljZjFkZjRjMDBkYzc2N2ExYTFiNTRhNzliNDkzODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSvGyviOBI39W6amT71X27g18i5z
7LPwE3186dinPSWxXknFRmGZCFgj7mFhLawNWly56vZze6w4nkXDX5tySouUxNSg
y8bV+QuJdu3/xJYEX6gZLwJQWGsZJ3HcRsH7sEX/b7hoyAEqJHhM88Urxd6JOZ+u
Zf6uJN7DeIcKsXJkZELBvCzS3Q17l/O2aSaRgIUCuS7vtLimbN4ckckaZmTI6SP6
uxoPgJ7VPQYQ7yMK++feXxAm15IRIaYqM0fkdYFM9Tiop+ZN8HW8x9wOKJItPJur
usykZyHs57OZrT43KYlZeIIO69zpUUQ1bmHCoffnPVN1ul2pBviZOtq4mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjdgxOc8d9MANx2ehobVKebSTh1MB8GA1UdIwQY
MBaAFE3IcbXd8HQLMX0eNONrJoELuYAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNoeHRkM3dkQXN4ZlI0MDQyc21nUXU1Z0NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8zNTVlZmItMjZiMC00MTEyLWI0YjUt
OTNjMjk2NDBiYmZlLzEvS04yREU1engzMHdBM0haNkdodFVwNXRKT0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8zNTVlZmItMjZiMC00MTEyLWI0YjUtOTNjMjk2NDBiYmZl
LzEvVGNoeHRkM3dkQXN4ZlI0MDQyc21nUXU1Z0NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufpYMA0G
CSqGSIb3DQEBCwUAA4IBAQAJlcVxszJ1WszwjS69rN8RBF24uMRD47L5pYzXJ6T+
XGlI1QJYBrQzm7AI1+02JTcWS4wDmAxl0UAK/yI0u5Z7DOl/RiCnTfzH3n+nMoP1
ZHp2rv2v7F4Bu7LJHfADavlnj0QvqcI9/ck245ryXvslwGItMFz2vxR/3mW8ummu
0SbWoUt7ZFANMuN+YDD0yTeRHOARVw3G4/cFp6UXf9JHUH61thTXH5cO2CMhSuyn
nPC1q1bAq1K5PkmyWZ9Xlxiy5YLU/WBW3sxk7N10piS1fonvnfB6Ypl+MKSM/0Gc
v2cAuoJ2/JSl3ETZCSkzrcyyFp4xQf1lLjPnHgl+fHF0
-----END CERTIFICATE-----