Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/7b7c36-698e-483a-b941-ee586d375a58/1/4JL4RkQvPXqlbhhDSS8D0XpnQyc.roa
File:                     4JL4RkQvPXqlbhhDSS8D0XpnQyc.roa (raw, json)
Hash identifier:          gR31JPohmUXqckTqU1v1zUuicWJPQCkGcc99UKJvG5I=
Subject key identifier:   E0:92:F8:46:44:2F:3D:7A:A5:6E:18:43:49:2F:03:D1:7A:67:43:27
Certificate issuer:       /CN=41826ee90270fdd1423af8090726006718dfc6cf
Certificate serial:       018CC50104A1B9AA6CD3EFDF5C45AF63D052
Authority key identifier: 41:82:6E:E9:02:70:FD:D1:42:3A:F8:09:07:26:00:67:18:DF:C6:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QYJu6QJw_dFCOvgJByYAZxjfxs8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/7b7c36-698e-483a-b941-ee586d375a58/1/4JL4RkQvPXqlbhhDSS8D0XpnQyc.roa
Signing time:             Mon 01 Jan 2024 12:30:27 +0000
ROA not before:           Mon 01 Jan 2024 12:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9063
IP address blocks:        194.180.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/7b7c36-698e-483a-b941-ee586d375a58/1/QYJu6QJw_dFCOvgJByYAZxjfxs8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/7b7c36-698e-483a-b941-ee586d375a58/1/QYJu6QJw_dFCOvgJByYAZxjfxs8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QYJu6QJw_dFCOvgJByYAZxjfxs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:04:a1:b9:aa:6c:d3:ef:df:5c:45:af:63:d0:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41826ee90270fdd1423af8090726006718dfc6cf
        Validity
            Not Before: Jan  1 12:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e092f846442f3d7aa56e1843492f03d17a674327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:a8:53:81:36:ee:8e:56:f2:cd:9e:e5:93:
                    e7:65:1b:e1:49:a2:79:ad:37:6f:d9:7a:fb:1b:63:
                    8b:07:89:31:91:ce:de:50:4e:b0:a0:3d:4c:80:0e:
                    5c:a4:29:b5:48:eb:19:37:e4:d5:99:93:2e:7e:7e:
                    b4:76:0a:10:ec:ec:dd:9e:ac:e7:b2:93:bc:ab:c7:
                    10:44:76:7f:63:2b:6a:99:ee:e3:c4:bd:00:e8:a2:
                    c3:64:89:c4:08:d8:58:05:e7:40:c9:ed:ee:ed:90:
                    ee:c2:a1:b9:78:d8:b7:a5:d5:61:85:6a:c0:62:5c:
                    84:b0:be:b0:da:8f:34:5c:20:b6:04:e4:56:26:83:
                    3b:da:5f:b5:c3:17:f5:bb:33:12:34:dc:26:f7:a4:
                    c4:d3:6d:79:3b:30:b3:52:09:9d:4e:dc:18:49:49:
                    fa:32:0e:7f:8b:1d:8d:9a:c3:6b:a5:8d:ee:7b:73:
                    97:f5:bc:49:7d:50:b5:4f:7f:dd:95:15:03:f6:51:
                    73:f3:31:16:6c:4c:b0:21:6e:98:8d:d8:5e:04:cc:
                    42:9e:98:c8:ae:3b:55:2f:52:97:4c:dd:c6:0b:cc:
                    0a:b7:96:63:e6:9e:67:d2:f5:4c:72:d1:15:f9:2c:
                    8e:4f:af:0e:0a:cd:f7:0a:ac:76:4e:dc:54:7c:c0:
                    0e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:92:F8:46:44:2F:3D:7A:A5:6E:18:43:49:2F:03:D1:7A:67:43:27
            X509v3 Authority Key Identifier:
                keyid:41:82:6E:E9:02:70:FD:D1:42:3A:F8:09:07:26:00:67:18:DF:C6:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QYJu6QJw_dFCOvgJByYAZxjfxs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/7b7c36-698e-483a-b941-ee586d375a58/1/4JL4RkQvPXqlbhhDSS8D0XpnQyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/7b7c36-698e-483a-b941-ee586d375a58/1/QYJu6QJw_dFCOvgJByYAZxjfxs8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:4a:a2:0a:a0:0a:cb:67:b1:ad:d7:67:ca:9b:5f:87:a2:d4:
         7f:9f:31:1a:dc:e2:31:c4:60:6c:81:c1:b3:cf:d9:fe:ed:86:
         4a:f0:a0:32:1f:90:b2:d5:99:69:a6:f4:5e:3a:02:58:61:e0:
         28:46:44:f9:56:18:7b:ea:74:a2:91:8b:42:55:6e:a3:14:fa:
         6f:1f:39:27:78:15:f3:9e:46:2d:19:a0:71:80:37:31:ad:1b:
         31:70:3a:65:2d:8e:12:dc:4a:c4:a6:81:f7:f4:52:1b:ea:00:
         9b:3f:fa:14:8d:2a:63:20:e2:96:c2:2f:7e:d1:fe:83:d5:21:
         92:19:00:8b:6a:8a:b4:01:af:a6:bb:cf:7b:7a:d8:54:da:3b:
         47:85:6e:be:10:09:94:60:b4:60:26:3e:e0:98:c3:ff:b3:56:
         c7:08:14:e8:f6:71:db:1c:30:61:14:26:0a:59:e1:75:db:51:
         2e:5d:a8:9b:07:68:8d:8b:29:b6:a3:38:bb:2a:7c:e7:e1:71:
         6a:f3:0c:4a:5f:9b:10:bf:ec:80:83:fb:ca:19:6c:d5:6a:e0:
         73:87:8c:11:29:c1:95:59:8c:48:fb:58:48:f2:31:4a:5a:7d:
         e0:99:09:40:be:0b:b0:6e:79:63:01:53:79:62:b7:85:09:6c:
         8d:89:28:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQShuaps0+/fXEWvY9BSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxODI2ZWU5MDI3MGZkZDE0MjNhZjgwOTA3MjYwMDY3MThk
ZmM2Y2YwHhcNMjQwMTAxMTIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDkyZjg0NjQ0MmYzZDdhYTU2ZTE4NDM0OTJmMDNkMTdhNjc0MzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxmoU4E27o5W8s2e5ZPnZRvhSaJ5
rTdv2Xr7G2OLB4kxkc7eUE6woD1MgA5cpCm1SOsZN+TVmZMufn60dgoQ7Ozdnqzn
spO8q8cQRHZ/Yytqme7jxL0A6KLDZInECNhYBedAye3u7ZDuwqG5eNi3pdVhhWrA
YlyEsL6w2o80XCC2BORWJoM72l+1wxf1uzMSNNwm96TE0215OzCzUgmdTtwYSUn6
Mg5/ix2NmsNrpY3ue3OX9bxJfVC1T3/dlRUD9lFz8zEWbEywIW6YjdheBMxCnpjI
rjtVL1KXTN3GC8wKt5Zj5p5n0vVMctEV+SyOT68OCs33Cqx2TtxUfMAOiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCS+EZELz16pW4YQ0kvA9F6Z0MnMB8GA1UdIwQY
MBaAFEGCbukCcP3RQjr4CQcmAGcY38bPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVlKdTZRSndfZEZDT3ZnSkJ5WUFaeGpmeHM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi83YjdjMzYtNjk4ZS00ODNhLWI5NDEt
ZWU1ODZkMzc1YTU4LzEvNEpMNFJrUXZQWHFsYmhoRFNTOEQwWHBuUXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi83YjdjMzYtNjk4ZS00ODNhLWI5NDEtZWU1ODZkMzc1YTU4
LzEvUVlKdTZRSndfZEZDT3ZnSkJ5WUFaeGpmeHM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwrSgMA0G
CSqGSIb3DQEBCwUAA4IBAQAZSqIKoArLZ7Gt12fKm1+HotR/nzEa3OIxxGBsgcGz
z9n+7YZK8KAyH5Cy1ZlppvReOgJYYeAoRkT5Vhh76nSikYtCVW6jFPpvHzkneBXz
nkYtGaBxgDcxrRsxcDplLY4S3ErEpoH39FIb6gCbP/oUjSpjIOKWwi9+0f6D1SGS
GQCLaoq0Aa+mu897ethU2jtHhW6+EAmUYLRgJj7gmMP/s1bHCBTo9nHbHDBhFCYK
WeF121EuXaibB2iNiym2ozi7Knzn4XFq8wxKX5sQv+yAg/vKGWzVauBzh4wRKcGV
WYxI+1hI8jFKWn3gmQlAvguwbnljAVN5YreFCWyNiSjx
-----END CERTIFICATE-----