Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/D4Hoa0tzGdGRNG6sAYU6A4IwDZI.roa
File:                     D4Hoa0tzGdGRNG6sAYU6A4IwDZI.roa (raw, json)
Hash identifier:          PATt2oq8B7kj3fe9D8wNxdrcGSD3hLlml5nT8wH99r4=
Subject key identifier:   0F:81:E8:6B:4B:73:19:D1:91:34:6E:AC:01:85:3A:03:82:30:0D:92
Certificate issuer:       /CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
Certificate serial:       018CC2DAC6FBE7CAA8333B706CE44FDB30C6
Authority key identifier: 20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/D4Hoa0tzGdGRNG6sAYU6A4IwDZI.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61233
IP address blocks:        185.14.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c6:fb:e7:ca:a8:33:3b:70:6c:e4:4f:db:30:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f81e86b4b7319d191346eac01853a0382300d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:a7:36:16:c5:7e:bc:3d:e4:c8:01:b6:30:
                    18:f9:34:82:a3:a2:14:6b:8b:53:92:c5:7a:12:69:
                    90:90:09:11:fe:72:86:d8:e2:11:54:fb:40:01:16:
                    18:a5:73:8d:05:fc:36:0e:cc:b2:50:32:34:34:3a:
                    b5:dd:51:8c:04:6a:dd:a1:31:66:da:4c:9f:7a:60:
                    0a:41:c0:38:4b:ab:f2:2a:51:35:69:91:cb:d0:11:
                    03:14:7d:29:8f:61:ed:25:c1:8f:a1:ec:11:d8:ba:
                    50:50:25:12:5c:25:a4:77:27:99:7b:79:b1:04:6b:
                    6f:df:f5:58:1b:56:fd:bb:01:2a:73:49:d8:01:bd:
                    1c:fe:e6:0f:2f:67:74:e1:de:5d:e9:e2:11:aa:78:
                    74:fe:8a:cb:ef:a2:ee:35:ce:8a:ba:ed:e4:bf:54:
                    e1:14:f5:9b:5c:68:b8:69:b3:69:a0:d5:45:e6:5e:
                    54:cb:32:f5:ab:59:14:67:66:02:ab:62:ef:9d:c3:
                    95:09:47:12:64:b5:81:48:97:61:50:e9:8f:6d:69:
                    08:80:65:5b:be:10:09:b3:fb:81:16:fe:8a:60:aa:
                    0f:26:75:24:db:a6:9b:6b:d4:b0:72:43:fc:e8:72:
                    d7:ac:eb:0b:d1:e4:83:d1:de:b8:aa:a4:7e:fb:31:
                    1f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:81:E8:6B:4B:73:19:D1:91:34:6E:AC:01:85:3A:03:82:30:0D:92
            X509v3 Authority Key Identifier:
                keyid:20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/D4Hoa0tzGdGRNG6sAYU6A4IwDZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:f5:61:da:b0:75:27:d0:6b:38:a6:0b:a4:81:df:73:9f:3f:
         b1:4f:a4:38:50:97:62:f1:8c:e8:c8:b3:55:07:67:d0:c1:67:
         03:f3:2d:b4:3c:b0:df:d5:e4:62:e5:0f:f9:73:78:2c:8d:78:
         02:a4:2f:8a:36:21:55:f6:a0:83:73:d8:e6:17:cb:b5:5e:95:
         08:14:96:aa:7f:da:eb:28:91:3e:9c:7b:35:3d:88:a4:be:3d:
         4b:47:21:ad:e3:dd:0d:bf:2a:fd:86:32:05:aa:85:c8:4f:e0:
         fa:87:d3:fb:b6:63:5c:bf:4e:6d:ec:61:cb:f1:7c:b8:68:49:
         26:85:33:85:2b:56:cf:42:9c:ea:4f:80:70:72:10:2a:93:51:
         19:4e:d0:4d:ce:4d:04:1d:49:52:1d:e8:58:a1:6a:95:92:7f:
         d7:7f:b0:d1:d7:45:1e:16:ea:36:4f:30:43:d0:b6:44:77:0c:
         8d:9d:82:a2:fd:90:7d:0d:cf:8b:cf:24:dd:f2:4c:6b:78:0e:
         6e:b2:0e:dc:97:d3:70:93:ad:ba:e6:6f:1d:74:f7:cf:1d:1e:
         85:e4:14:59:0f:25:26:6b:5a:58:9a:ab:50:22:2c:28:d9:c2:
         86:90:d7:29:26:1c:5d:86:f4:dd:1b:64:a2:16:48:34:d5:9a:
         e8:28:fd:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sb758qoMztwbORP2zDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjYzODEwN2FiYjg0YWU2ZmIwM2NjMWRiMmNmZDFiYzQ0
ODdmOGQwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjgxZTg2YjRiNzMxOWQxOTEzNDZlYWMwMTg1M2EwMzgyMzAwZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiunNhbFfrw95MgBtjAY+TSCo6IU
a4tTksV6EmmQkAkR/nKG2OIRVPtAARYYpXONBfw2DsyyUDI0NDq13VGMBGrdoTFm
2kyfemAKQcA4S6vyKlE1aZHL0BEDFH0pj2HtJcGPoewR2LpQUCUSXCWkdyeZe3mx
BGtv3/VYG1b9uwEqc0nYAb0c/uYPL2d04d5d6eIRqnh0/orL76LuNc6Kuu3kv1Th
FPWbXGi4abNpoNVF5l5UyzL1q1kUZ2YCq2LvncOVCUcSZLWBSJdhUOmPbWkIgGVb
vhAJs/uBFv6KYKoPJnUk26aba9SwckP86HLXrOsL0eSD0d64qqR++zEfrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+B6GtLcxnRkTRurAGFOgOCMA2SMB8GA1UdIwQY
MBaAFCD2OBB6u4Sub7A8wdss/RvESH+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQt
YTgyODM2ZGUwNWZjLzEvRDRIb2EwdHpHZEdSTkc2c0FZVTZBNEl3RFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQtYTgyODM2ZGUwNWZj
LzEvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ6UMA0G
CSqGSIb3DQEBCwUAA4IBAQAx9WHasHUn0Gs4pgukgd9znz+xT6Q4UJdi8YzoyLNV
B2fQwWcD8y20PLDf1eRi5Q/5c3gsjXgCpC+KNiFV9qCDc9jmF8u1XpUIFJaqf9rr
KJE+nHs1PYikvj1LRyGt490Nvyr9hjIFqoXIT+D6h9P7tmNcv05t7GHL8Xy4aEkm
hTOFK1bPQpzqT4BwchAqk1EZTtBNzk0EHUlSHehYoWqVkn/Xf7DR10UeFuo2TzBD
0LZEdwyNnYKi/ZB9Dc+LzyTd8kxreA5usg7cl9Nwk6265m8ddPfPHR6F5BRZDyUm
a1pYmqtQIiwo2cKGkNcpJhxdhvTdG2SiFkg01ZroKP1z
-----END CERTIFICATE-----