Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/a83184-5fc5-4724-baec-e9d81e3d8b54/1/4sy4PK-0z-55q-uLaDBIbi7D4eg.roa
File:                     4sy4PK-0z-55q-uLaDBIbi7D4eg.roa (raw, json)
Hash identifier:          xjqpdV244UuAsbA8wvEBRVioPaAutgSTy2o0sp7LjJk=
Subject key identifier:   E2:CC:B8:3C:AF:B4:CF:EE:79:AB:EB:8B:68:30:48:6E:2E:C3:E1:E8
Certificate issuer:       /CN=ed8ddf821208a370e3a5b7ef8cd4797cfc577482
Certificate serial:       018CC49256C287B8BE70071C741B58916014
Authority key identifier: ED:8D:DF:82:12:08:A3:70:E3:A5:B7:EF:8C:D4:79:7C:FC:57:74:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Y3fghIIo3DjpbfvjNR5fPxXdII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/a83184-5fc5-4724-baec-e9d81e3d8b54/1/4sy4PK-0z-55q-uLaDBIbi7D4eg.roa
Signing time:             Mon 01 Jan 2024 10:29:33 +0000
ROA not before:           Mon 01 Jan 2024 10:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207216
IP address blocks:        185.162.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/a83184-5fc5-4724-baec-e9d81e3d8b54/1/7Y3fghIIo3DjpbfvjNR5fPxXdII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/a83184-5fc5-4724-baec-e9d81e3d8b54/1/7Y3fghIIo3DjpbfvjNR5fPxXdII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Y3fghIIo3DjpbfvjNR5fPxXdII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:56:c2:87:b8:be:70:07:1c:74:1b:58:91:60:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed8ddf821208a370e3a5b7ef8cd4797cfc577482
        Validity
            Not Before: Jan  1 10:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2ccb83cafb4cfee79abeb8b6830486e2ec3e1e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3c:1a:80:67:60:87:38:b7:2b:e7:21:b4:7c:
                    77:27:82:fe:e0:ff:78:5c:d8:08:91:d5:53:72:9b:
                    95:fd:89:74:01:e6:4d:2c:97:bd:0c:37:4d:02:cc:
                    ca:58:9e:9b:65:8a:a7:64:2c:4f:a9:d9:e7:89:db:
                    e6:49:4e:fb:43:6d:92:a3:85:27:bb:a2:02:d5:8e:
                    b4:aa:94:8d:b2:77:c7:27:ba:36:f7:09:2e:c2:e2:
                    c2:41:83:7c:8c:3e:17:07:b3:3d:fa:61:3e:c4:6b:
                    f6:bc:1b:aa:cb:e5:51:af:69:6f:07:0e:c5:f3:f6:
                    0e:b2:9c:76:e7:82:70:2b:a3:eb:dc:86:37:78:ae:
                    c9:da:dc:3a:5c:4e:68:c1:23:b0:5c:c9:32:1a:df:
                    44:76:06:c7:f8:ae:c8:44:2f:c2:24:7f:70:32:20:
                    06:72:d5:ef:2c:c6:3c:b7:bb:1b:54:de:3f:0a:7d:
                    78:ae:db:a2:b6:2f:e5:c6:7d:f4:cf:42:57:25:fd:
                    72:b4:fb:72:b5:37:4e:fe:c9:8a:fd:62:be:04:a3:
                    be:11:ae:cf:41:4a:51:26:81:28:bb:53:5e:c3:e0:
                    2c:e6:6e:aa:26:bf:04:2c:a4:53:e1:28:63:93:1a:
                    c2:6f:76:af:52:7b:d4:78:f6:52:da:cd:bc:be:4f:
                    cc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:CC:B8:3C:AF:B4:CF:EE:79:AB:EB:8B:68:30:48:6E:2E:C3:E1:E8
            X509v3 Authority Key Identifier:
                keyid:ED:8D:DF:82:12:08:A3:70:E3:A5:B7:EF:8C:D4:79:7C:FC:57:74:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Y3fghIIo3DjpbfvjNR5fPxXdII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a83184-5fc5-4724-baec-e9d81e3d8b54/1/4sy4PK-0z-55q-uLaDBIbi7D4eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a83184-5fc5-4724-baec-e9d81e3d8b54/1/7Y3fghIIo3DjpbfvjNR5fPxXdII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:fa:08:15:8c:ba:30:44:49:9c:f0:fb:eb:9e:eb:df:8e:9f:
         16:09:be:93:59:22:f1:59:47:6c:7b:fe:40:0f:4d:0d:d9:e0:
         ff:7b:19:1e:f0:af:1d:21:55:6f:82:9a:e4:4d:b2:cc:52:9c:
         c9:34:82:15:c9:94:ea:d3:e8:b3:cf:63:d9:12:9b:ff:ac:ac:
         58:5e:9c:fa:8d:c0:eb:af:b0:e9:59:c3:02:df:19:5b:08:7e:
         4a:19:a3:04:d7:62:8f:8d:f0:61:e1:44:af:69:d6:54:03:78:
         03:43:3c:ea:75:9b:18:63:6f:15:e6:50:74:b2:cc:0a:a9:94:
         08:4e:c5:90:f0:38:f9:ac:78:d3:45:bc:ce:14:9d:37:72:2f:
         61:e3:53:10:fd:7d:4b:ea:3d:c8:4e:f5:fb:42:d3:e3:20:71:
         44:46:aa:5c:d6:d0:ed:43:fb:f7:13:a6:fc:6d:18:5a:42:a1:
         03:53:cc:a6:10:f7:90:8f:c5:e0:92:91:91:31:1f:4a:9a:ca:
         31:75:ff:d8:16:a8:8c:d9:54:bf:42:72:96:7e:a4:ec:d1:da:
         91:7c:99:9e:0b:50:c4:7d:91:4a:46:f0:89:b6:33:5b:a0:44:
         db:af:f3:af:a3:ac:94:25:a6:96:e9:9b:1f:6b:05:b7:d2:f8:
         1a:3d:73:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEklbCh7i+cAccdBtYkWAUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkOGRkZjgyMTIwOGEzNzBlM2E1YjdlZjhjZDQ3OTdjZmM1
Nzc0ODIwHhcNMjQwMTAxMTAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmNjYjgzY2FmYjRjZmVlNzlhYmViOGI2ODMwNDg2ZTJlYzNlMWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjwagGdghzi3K+chtHx3J4L+4P94
XNgIkdVTcpuV/Yl0AeZNLJe9DDdNAszKWJ6bZYqnZCxPqdnnidvmSU77Q22So4Un
u6IC1Y60qpSNsnfHJ7o29wkuwuLCQYN8jD4XB7M9+mE+xGv2vBuqy+VRr2lvBw7F
8/YOspx254JwK6Pr3IY3eK7J2tw6XE5owSOwXMkyGt9EdgbH+K7IRC/CJH9wMiAG
ctXvLMY8t7sbVN4/Cn14rtuiti/lxn30z0JXJf1ytPtytTdO/smK/WK+BKO+Ea7P
QUpRJoEou1New+As5m6qJr8ELKRT4ShjkxrCb3avUnvUePZS2s28vk/MOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLMuDyvtM/ueavri2gwSG4uw+HoMB8GA1UdIwQY
MBaAFO2N34ISCKNw46W374zUeXz8V3SCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1kzZmdoSUlvM0RqcGJmdmpOUjVmUHhYZElJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9hODMxODQtNWZjNS00NzI0LWJhZWMt
ZTlkODFlM2Q4YjU0LzEvNHN5NFBLLTB6LTU1cS11TGFEQkliaTdENGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9hODMxODQtNWZjNS00NzI0LWJhZWMtZTlkODFlM2Q4YjU0
LzEvN1kzZmdoSUlvM0RqcGJmdmpOUjVmUHhYZElJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaKgMA0G
CSqGSIb3DQEBCwUAA4IBAQCN+ggVjLowREmc8Pvrnuvfjp8WCb6TWSLxWUdse/5A
D00N2eD/exke8K8dIVVvgprkTbLMUpzJNIIVyZTq0+izz2PZEpv/rKxYXpz6jcDr
r7DpWcMC3xlbCH5KGaME12KPjfBh4USvadZUA3gDQzzqdZsYY28V5lB0sswKqZQI
TsWQ8Dj5rHjTRbzOFJ03ci9h41MQ/X1L6j3ITvX7QtPjIHFERqpc1tDtQ/v3E6b8
bRhaQqEDU8ymEPeQj8XgkpGRMR9Kmsoxdf/YFqiM2VS/QnKWfqTs0dqRfJmeC1DE
fZFKRvCJtjNboETbr/Ovo6yUJaaW6ZsfawW30vgaPXOT
-----END CERTIFICATE-----