Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/4MMhYOrdDIrNla7rzJBDMpkkbdI.roa
File:                     4MMhYOrdDIrNla7rzJBDMpkkbdI.roa (raw, json)
Hash identifier:          Uy8/bUMJcnX2EQtEYZ73WZW2UrRunrT7nyZl+rZkB3w=
Subject key identifier:   E0:C3:21:60:EA:DD:0C:8A:CD:95:AE:EB:CC:90:43:32:99:24:6D:D2
Certificate issuer:       /CN=d9486f7fe4eb6d949b8007b4e4198ce1c878302e
Certificate serial:       018CC9B9A183009120933A4FC4B48F9219D2
Authority key identifier: D9:48:6F:7F:E4:EB:6D:94:9B:80:07:B4:E4:19:8C:E1:C8:78:30:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/4MMhYOrdDIrNla7rzJBDMpkkbdI.roa
Signing time:             Tue 02 Jan 2024 10:30:35 +0000
ROA not before:           Tue 02 Jan 2024 10:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211592
IP address blocks:        185.254.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b9:a1:83:00:91:20:93:3a:4f:c4:b4:8f:92:19:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9486f7fe4eb6d949b8007b4e4198ce1c878302e
        Validity
            Not Before: Jan  2 10:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0c32160eadd0c8acd95aeebcc90433299246dd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f7:e4:03:6b:d1:11:bd:30:1e:a1:11:a8:66:
                    3d:73:63:57:1a:45:28:42:db:e6:22:2c:0d:1b:40:
                    74:41:09:5b:d5:d8:d2:5c:3e:1b:a1:7a:69:f9:e0:
                    e2:26:cc:17:c5:2a:87:25:86:33:29:7a:ae:bd:4f:
                    5b:9a:71:71:bc:3d:3b:5c:3d:3a:e9:0d:d7:18:4f:
                    55:33:25:51:d0:58:40:83:57:06:d6:d9:36:5d:37:
                    50:fa:a1:51:6a:60:bc:0f:03:e4:b3:57:12:ab:b4:
                    50:aa:be:e5:8e:2c:33:05:90:5e:72:4c:09:9e:2f:
                    81:5f:ab:8a:32:29:45:99:6d:cc:03:22:70:a6:67:
                    51:7c:13:07:32:c9:d6:89:ba:dc:2b:1d:58:12:c2:
                    99:f6:b3:dc:70:3b:83:0d:53:79:2a:27:2c:b7:98:
                    3a:95:d3:2d:95:c3:09:47:f2:2b:9a:c4:3c:d9:62:
                    93:ac:45:e5:f6:42:b3:71:19:e6:8e:30:b2:d3:61:
                    e4:5f:f9:66:36:ac:e6:bf:d7:eb:b3:04:e2:6c:98:
                    23:27:07:28:c0:70:c3:9a:62:98:cf:5a:27:b5:23:
                    7d:d4:5c:6b:2f:78:b5:9a:db:ed:c9:fd:b3:ec:2a:
                    d3:7a:38:a5:1f:25:9e:2a:fa:94:e2:d3:12:d7:d6:
                    35:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C3:21:60:EA:DD:0C:8A:CD:95:AE:EB:CC:90:43:32:99:24:6D:D2
            X509v3 Authority Key Identifier:
                keyid:D9:48:6F:7F:E4:EB:6D:94:9B:80:07:B4:E4:19:8C:E1:C8:78:30:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/4MMhYOrdDIrNla7rzJBDMpkkbdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:7f:2d:93:2a:8b:77:2e:7f:82:f6:16:44:44:a9:e0:88:ec:
         61:5b:e6:6c:5f:e6:eb:11:0d:8d:39:90:f3:13:ff:40:65:90:
         82:cf:62:a2:58:55:61:b2:6f:c7:e4:9b:dc:74:dd:43:a7:52:
         b1:64:a0:ff:3b:e7:65:2a:77:1a:5a:db:21:34:25:2a:21:60:
         25:4e:97:ef:68:0a:80:15:62:4a:66:f8:79:70:cb:b6:e2:f3:
         b0:81:c4:cd:fb:b4:54:11:2e:b8:18:54:06:0d:6c:0b:6b:18:
         24:b8:2d:12:76:9a:29:84:49:10:87:02:0c:ae:bd:e6:7f:f5:
         a7:c4:5f:42:f6:68:06:4b:67:ab:92:29:aa:71:1e:da:a3:08:
         84:f1:03:f2:36:13:fe:e7:d8:3a:b1:18:83:c8:33:90:18:ae:
         e9:8f:69:2a:ed:17:9c:29:77:e1:ce:45:0e:76:d9:29:0d:90:
         8f:4d:02:d3:56:81:22:b8:a0:9d:36:64:c1:1c:28:9a:41:ec:
         e3:a6:89:32:d0:a3:15:ab:f0:1f:fd:fa:d5:e0:c9:30:97:7e:
         f3:4a:7b:1d:a6:28:99:4f:c3:59:92:13:54:2e:35:de:3c:23:
         50:8e:5a:b8:47:08:41:cf:72:8e:5b:2f:f1:64:19:60:15:88:
         52:58:ea:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuaGDAJEgkzpPxLSPkhnSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDg2ZjdmZTRlYjZkOTQ5YjgwMDdiNGU0MTk4Y2UxYzg3
ODMwMmUwHhcNMjQwMTAyMTAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGMzMjE2MGVhZGQwYzhhY2Q5NWFlZWJjYzkwNDMzMjk5MjQ2ZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vfkA2vREb0wHqERqGY9c2NXGkUo
QtvmIiwNG0B0QQlb1djSXD4boXpp+eDiJswXxSqHJYYzKXquvU9bmnFxvD07XD06
6Q3XGE9VMyVR0FhAg1cG1tk2XTdQ+qFRamC8DwPks1cSq7RQqr7ljiwzBZBeckwJ
ni+BX6uKMilFmW3MAyJwpmdRfBMHMsnWibrcKx1YEsKZ9rPccDuDDVN5Kicst5g6
ldMtlcMJR/IrmsQ82WKTrEXl9kKzcRnmjjCy02HkX/lmNqzmv9frswTibJgjJwco
wHDDmmKYz1ontSN91FxrL3i1mtvtyf2z7CrTejilHyWeKvqU4tMS19Y13QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODDIWDq3QyKzZWu68yQQzKZJG3SMB8GA1UdIwQY
MBaAFNlIb3/k622Um4AHtOQZjOHIeDAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVodmYtVHJiWlNiZ0FlMDVCbU00Y2g0TUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMDQyZDItNjFkMi00MzRkLThlNWIt
ODg2YzQxNmI5MDUxLzEvNE1NaFlPcmRESXJObGE3cnpKQkRNcGtrYmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMDQyZDItNjFkMi00MzRkLThlNWItODg2YzQxNmI5MDUx
LzEvMlVodmYtVHJiWlNiZ0FlMDVCbU00Y2g0TUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf6mMA0G
CSqGSIb3DQEBCwUAA4IBAQBHfy2TKot3Ln+C9hZERKngiOxhW+ZsX+brEQ2NOZDz
E/9AZZCCz2KiWFVhsm/H5JvcdN1Dp1KxZKD/O+dlKncaWtshNCUqIWAlTpfvaAqA
FWJKZvh5cMu24vOwgcTN+7RUES64GFQGDWwLaxgkuC0SdpophEkQhwIMrr3mf/Wn
xF9C9mgGS2erkimqcR7aowiE8QPyNhP+59g6sRiDyDOQGK7pj2kq7RecKXfhzkUO
dtkpDZCPTQLTVoEiuKCdNmTBHCiaQezjpoky0KMVq/Af/frV4Mkwl37zSnsdpiiZ
T8NZkhNULjXePCNQjlq4RwhBz3KOWy/xZBlgFYhSWOpy
-----END CERTIFICATE-----