Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4LVNVRzcwhdMGESczqF8_H1bki8.roa
File:                     4LVNVRzcwhdMGESczqF8_H1bki8.roa (raw, json)
Hash identifier:          lpT+VYE59btkWy7KJJw/AVkBVFC+Ds4+PMCdvVqPCCc=
Subject key identifier:   E0:B5:4D:55:1C:DC:C2:17:4C:18:44:9C:CE:A1:7C:FC:7D:5B:92:2F
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018D53FDD2874E4DB6C7C972F097DA4C2B3C
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4LVNVRzcwhdMGESczqF8_H1bki8.roa
Signing time:             Mon 29 Jan 2024 06:52:39 +0000
ROA not before:           Mon 29 Jan 2024 06:52:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396856
IP address blocks:        188.64.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:30:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:53:fd:d2:87:4e:4d:b6:c7:c9:72:f0:97:da:4c:2b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan 29 06:52:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0b54d551cdcc2174c18449ccea17cfc7d5b922f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:28:a5:8d:36:94:15:92:59:4a:83:7d:15:9a:
                    18:18:cc:a3:c1:76:88:fe:d9:10:7d:ae:c4:bf:47:
                    59:5f:ba:19:08:0f:ef:4c:8a:c6:ec:85:03:b5:b9:
                    0c:8e:47:c7:78:76:d7:d1:96:32:63:3d:8c:31:2b:
                    67:30:a7:6e:f1:4f:74:cb:8a:f5:ab:d3:bd:ec:fc:
                    aa:33:bb:15:aa:4f:5c:50:4f:61:e0:d3:2b:58:e7:
                    89:5d:b2:86:4c:b8:25:52:84:f7:ca:0d:8a:06:a9:
                    46:bd:16:fe:71:c2:5b:ea:f1:b5:75:5d:b4:67:4a:
                    bd:2b:ae:67:20:34:94:fa:eb:7c:94:8c:8f:87:70:
                    52:98:03:63:ff:b1:17:0c:d9:5b:ec:a2:85:c0:11:
                    d3:2a:2e:26:7f:6b:5c:34:27:7a:92:43:f1:eb:db:
                    f1:c2:00:fe:53:4e:ca:68:12:e6:78:5c:86:89:3c:
                    8d:6b:ec:2b:d1:27:88:84:12:a9:10:af:b9:2e:93:
                    97:9d:73:2b:a5:a2:33:52:70:89:35:12:61:61:13:
                    b7:1a:b9:fc:8f:f3:d3:d7:35:e9:66:0a:57:57:ce:
                    5e:00:70:3c:f5:63:41:c8:1e:3b:e9:d5:38:c0:25:
                    1a:df:6d:66:45:05:d9:76:2a:f5:7d:1e:7e:46:dd:
                    ce:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B5:4D:55:1C:DC:C2:17:4C:18:44:9C:CE:A1:7C:FC:7D:5B:92:2F
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/4LVNVRzcwhdMGESczqF8_H1bki8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:03:9c:a4:b0:2a:45:6a:c8:c5:89:b8:70:43:a5:8e:aa:6f:
         98:95:f0:e1:4e:7e:cf:aa:9f:ea:16:d3:47:bb:52:ac:e1:5b:
         a1:21:5d:4f:bb:cd:23:a5:4d:9c:88:20:01:c8:0d:b2:f9:da:
         ef:bf:cb:a9:7a:45:fa:bf:da:9a:f9:b3:bb:52:1a:13:d5:39:
         e4:c7:7a:b9:01:d2:45:bd:b0:a6:fe:73:0b:20:bd:56:c2:aa:
         ac:c6:04:d1:38:60:4f:36:c0:c3:16:e0:03:1c:64:02:ad:39:
         ef:19:9e:3d:c6:f7:16:cd:fb:fd:67:13:04:88:a9:af:83:e8:
         af:0d:ae:ab:a0:4c:23:b8:c3:55:ac:fa:54:86:98:5d:c8:42:
         e9:dd:12:e1:9c:73:6c:9e:0d:c9:6d:e0:e9:b4:59:22:4c:6f:
         1f:45:2f:c0:00:c6:28:f1:5c:76:c1:44:4a:20:bf:c9:88:20:
         34:53:c6:aa:c1:68:99:b7:bb:34:90:31:d6:eb:96:d9:42:71:
         7a:99:b0:49:b8:7c:0f:2c:e9:68:11:f7:2f:22:7f:a0:30:58:
         b1:ca:10:94:34:22:91:91:68:9f:55:b1:91:e7:96:b2:d6:43:
         5f:9e:6b:44:76:15:7e:55:1e:b1:89:98:a9:d8:fa:a4:cc:7e:
         3f:e4:92:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1T/dKHTk22x8ly8JfaTCs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwMTI5MDY1MjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI1NGQ1NTFjZGNjMjE3NGMxODQ0OWNjZWExN2NmYzdkNWI5MjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriiljTaUFZJZSoN9FZoYGMyjwXaI
/tkQfa7Ev0dZX7oZCA/vTIrG7IUDtbkMjkfHeHbX0ZYyYz2MMStnMKdu8U90y4r1
q9O97PyqM7sVqk9cUE9h4NMrWOeJXbKGTLglUoT3yg2KBqlGvRb+ccJb6vG1dV20
Z0q9K65nIDSU+ut8lIyPh3BSmANj/7EXDNlb7KKFwBHTKi4mf2tcNCd6kkPx69vx
wgD+U07KaBLmeFyGiTyNa+wr0SeIhBKpEK+5LpOXnXMrpaIzUnCJNRJhYRO3Grn8
j/PT1zXpZgpXV85eAHA89WNByB476dU4wCUa321mRQXZdir1fR5+Rt3OUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC1TVUc3MIXTBhEnM6hfPx9W5IvMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvNExWTlZSemN3aGRNR0VTY3pxRjhfSDFia2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEBsMA0G
CSqGSIb3DQEBCwUAA4IBAQASA5yksCpFasjFibhwQ6WOqm+YlfDhTn7Pqp/qFtNH
u1Ks4VuhIV1Pu80jpU2ciCAByA2y+drvv8upekX6v9qa+bO7UhoT1Tnkx3q5AdJF
vbCm/nMLIL1WwqqsxgTROGBPNsDDFuADHGQCrTnvGZ49xvcWzfv9ZxMEiKmvg+iv
Da6roEwjuMNVrPpUhphdyELp3RLhnHNsng3JbeDptFkiTG8fRS/AAMYo8Vx2wURK
IL/JiCA0U8aqwWiZt7s0kDHW65bZQnF6mbBJuHwPLOloEfcvIn+gMFixyhCUNCKR
kWifVbGR55ay1kNfnmtEdhV+VR6xiZip2PqkzH4/5JKM
-----END CERTIFICATE-----