Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/1b5301-e807-4795-b98c-c1594f60968e/1/4FckcTTEYGutVsY6vJzSvWea_Ww.roa
File:                     4FckcTTEYGutVsY6vJzSvWea_Ww.roa (raw, json)
Hash identifier:          s6yB5XnI0obLAqUHFCL444PLW3YSvL2sVLQsLSlbrZU=
Subject key identifier:   E0:57:24:71:34:C4:60:6B:AD:56:C6:3A:BC:9C:D2:BD:67:9A:FD:6C
Certificate issuer:       /CN=e4673e6d6e1cf6f60115e30508be15bbbfe5eaad
Certificate serial:       018CC6B943A530FF8B75AE31A6DDD2BC5D63
Authority key identifier: E4:67:3E:6D:6E:1C:F6:F6:01:15:E3:05:08:BE:15:BB:BF:E5:EA:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Gc-bW4c9vYBFeMFCL4Vu7_l6q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/1b5301-e807-4795-b98c-c1594f60968e/1/4FckcTTEYGutVsY6vJzSvWea_Ww.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12445
IP address blocks:        82.115.160.0/19 maxlen: 19
                          82.115.176.0/23 maxlen: 23
                          82.115.176.0/24 maxlen: 24
                          82.115.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/1b5301-e807-4795-b98c-c1594f60968e/1/5Gc-bW4c9vYBFeMFCL4Vu7_l6q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/1b5301-e807-4795-b98c-c1594f60968e/1/5Gc-bW4c9vYBFeMFCL4Vu7_l6q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Gc-bW4c9vYBFeMFCL4Vu7_l6q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:43:a5:30:ff:8b:75:ae:31:a6:dd:d2:bc:5d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4673e6d6e1cf6f60115e30508be15bbbfe5eaad
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e057247134c4606bad56c63abc9cd2bd679afd6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:98:d6:c4:62:f3:3e:5e:ae:a6:2c:5d:93:4e:
                    b9:41:ed:47:52:d9:ad:a5:3a:32:fd:f8:51:58:d3:
                    3b:62:11:f7:34:76:e0:e9:4f:5a:81:c6:9d:e6:24:
                    ab:a5:bb:cd:c4:5a:92:22:33:ad:ae:92:e6:30:21:
                    01:e0:e7:c0:6a:82:8f:f8:78:aa:57:22:4c:64:1e:
                    cf:c4:5b:a5:3b:6b:29:f2:57:4a:fe:a6:bd:6a:da:
                    03:9b:38:04:b8:03:3e:f7:55:66:aa:11:9e:c6:85:
                    cd:1f:2a:ae:37:0e:28:ae:13:60:bd:24:39:82:32:
                    65:ff:45:be:00:f0:3e:67:e3:2a:65:2c:46:75:b5:
                    0d:52:5c:d1:ab:1c:60:be:7c:17:a8:7c:4a:f9:ce:
                    8a:2a:f4:23:ab:f6:a2:b5:a1:e5:b0:fe:a1:3f:b2:
                    d6:cb:7f:b2:68:6f:35:08:39:6b:7a:39:46:08:ff:
                    5b:53:14:d9:a9:2a:4b:d9:c0:14:5a:c1:cf:83:a6:
                    9e:63:d6:ad:9d:24:0c:dd:44:e2:cb:15:1b:6e:ea:
                    2d:df:e9:64:f4:47:ca:72:45:bc:ac:32:ec:a5:91:
                    e0:f2:4d:c3:7b:1c:ca:35:a7:79:7d:95:14:b5:ec:
                    fa:c4:30:06:fe:17:22:15:1a:01:f3:c5:80:39:0b:
                    61:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:57:24:71:34:C4:60:6B:AD:56:C6:3A:BC:9C:D2:BD:67:9A:FD:6C
            X509v3 Authority Key Identifier:
                keyid:E4:67:3E:6D:6E:1C:F6:F6:01:15:E3:05:08:BE:15:BB:BF:E5:EA:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Gc-bW4c9vYBFeMFCL4Vu7_l6q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/1b5301-e807-4795-b98c-c1594f60968e/1/4FckcTTEYGutVsY6vJzSvWea_Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/1b5301-e807-4795-b98c-c1594f60968e/1/5Gc-bW4c9vYBFeMFCL4Vu7_l6q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         09:22:5d:df:77:e4:ce:03:c3:6f:fc:55:77:4f:78:88:f2:39:
         bb:de:ed:62:df:72:cd:72:32:aa:59:b1:4e:c9:4f:37:51:19:
         61:ac:82:a3:80:2e:d9:6f:e1:b3:cf:c1:cf:83:8a:9a:53:4c:
         a4:2b:47:0b:f3:d4:fe:f8:22:ff:5e:78:0b:95:bb:26:ec:47:
         ec:4b:bd:cb:0d:e3:ff:15:7a:21:d7:fa:78:09:77:d1:21:8d:
         47:f5:cc:0d:31:df:9f:d7:74:29:59:81:42:a9:ff:65:73:58:
         11:f7:78:2d:3f:d0:60:e8:c6:4e:31:55:71:43:50:d0:18:51:
         b6:56:0d:85:55:f1:2e:bd:af:81:ce:ac:02:17:bd:5f:07:93:
         25:c4:4b:3a:62:37:9b:87:f7:5e:64:ab:3e:83:6d:7b:22:6e:
         6a:98:a9:f6:0f:49:b1:e4:cf:ae:a6:b9:2a:d5:ac:1e:17:36:
         2e:54:9a:ac:12:90:41:b7:28:f8:2c:1f:6d:59:fd:f6:95:60:
         03:e4:50:e2:2c:8a:17:23:e2:65:b5:5a:29:91:3a:49:1d:e7:
         da:ad:a0:c8:63:5b:49:9e:aa:63:43:35:28:9a:1f:d9:0b:db:
         a3:c8:1f:a9:87:23:4f:b1:e9:e7:2a:7b:50:0e:00:9e:e5:c2:
         8c:73:44:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUOlMP+Lda4xpt3SvF1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NjczZTZkNmUxY2Y2ZjYwMTE1ZTMwNTA4YmUxNWJiYmZl
NWVhYWQwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDU3MjQ3MTM0YzQ2MDZiYWQ1NmM2M2FiYzljZDJiZDY3OWFmZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5jWxGLzPl6upixdk065Qe1HUtmt
pToy/fhRWNM7YhH3NHbg6U9agcad5iSrpbvNxFqSIjOtrpLmMCEB4OfAaoKP+Hiq
VyJMZB7PxFulO2sp8ldK/qa9atoDmzgEuAM+91VmqhGexoXNHyquNw4orhNgvSQ5
gjJl/0W+APA+Z+MqZSxGdbUNUlzRqxxgvnwXqHxK+c6KKvQjq/aitaHlsP6hP7LW
y3+yaG81CDlrejlGCP9bUxTZqSpL2cAUWsHPg6aeY9atnSQM3UTiyxUbbuot3+lk
9EfKckW8rDLspZHg8k3DexzKNad5fZUUtez6xDAG/hciFRoB88WAOQthpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBXJHE0xGBrrVbGOryc0r1nmv1sMB8GA1UdIwQY
MBaAFORnPm1uHPb2ARXjBQi+Fbu/5eqtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUdjLWJXNGM5dllCRmVNRkNMNFZ1N19sNnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xYjUzMDEtZTgwNy00Nzk1LWI5OGMt
YzE1OTRmNjA5NjhlLzEvNEZja2NUVEVZR3V0VnNZNnZKelN2V2VhX1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xYjUzMDEtZTgwNy00Nzk1LWI5OGMtYzE1OTRmNjA5Njhl
LzEvNUdjLWJXNGM5dllCRmVNRkNMNFZ1N19sNnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFUnOgMA0G
CSqGSIb3DQEBCwUAA4IBAQAJIl3fd+TOA8Nv/FV3T3iI8jm73u1i33LNcjKqWbFO
yU83URlhrIKjgC7Zb+Gzz8HPg4qaU0ykK0cL89T++CL/XngLlbsm7EfsS73LDeP/
FXoh1/p4CXfRIY1H9cwNMd+f13QpWYFCqf9lc1gR93gtP9Bg6MZOMVVxQ1DQGFG2
Vg2FVfEuva+BzqwCF71fB5MlxEs6Yjebh/deZKs+g217Im5qmKn2D0mx5M+uprkq
1aweFzYuVJqsEpBBtyj4LB9tWf32lWAD5FDiLIoXI+JltVopkTpJHefaraDIY1tJ
nqpjQzUomh/ZC9ujyB+phyNPsennKntQDgCe5cKMc0Rd
-----END CERTIFICATE-----