Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/i_EnjRtxYomvT1pOfkL--GpuT_E.roa
File:                     i_EnjRtxYomvT1pOfkL--GpuT_E.roa (raw, json)
Hash identifier:          hi8L6i2xmDTiLX83mOI0zwBQpesE0Vw34VwzbPJ6ePk=
Subject key identifier:   8B:F1:27:8D:1B:71:62:89:AF:4F:5A:4E:7E:42:FE:F8:6A:6E:4F:F1
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B7F8915AA1B8127E619690B38DEBA
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/i_EnjRtxYomvT1pOfkL--GpuT_E.roa
Signing time:             Tue 02 Jan 2024 12:34:57 +0000
ROA not before:           Tue 02 Jan 2024 12:34:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41620
IP address blocks:        194.225.224.0/20 maxlen: 24
                          2001:14e8:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 18:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:7f:89:15:aa:1b:81:27:e6:19:69:0b:38:de:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bf1278d1b716289af4f5a4e7e42fef86a6e4ff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:df:5e:96:7a:41:d9:bd:bf:5e:f8:ab:c6:98:
                    42:fd:82:1f:4f:ac:e2:a8:a8:f5:98:0f:38:07:88:
                    61:ec:88:c9:6e:e2:4c:24:a6:47:c5:83:9b:ca:8f:
                    18:4d:98:88:aa:c6:5d:22:83:0f:ca:b8:b4:8e:ca:
                    3a:9b:b5:ff:35:27:8a:b5:f4:e8:10:72:79:d0:4f:
                    22:d3:9c:88:4f:29:d7:fe:54:8b:c7:98:33:a0:a3:
                    12:38:8b:09:6d:58:e2:d1:cf:7f:61:48:6b:5e:ba:
                    b8:a8:2f:d3:ea:f8:1f:bf:9f:c1:e7:2f:39:7c:f8:
                    ba:53:f3:0a:e8:b4:16:90:05:f3:5d:89:f5:65:08:
                    ac:db:02:cc:45:a9:c2:7d:28:d2:69:17:b0:94:e3:
                    91:e4:7a:b9:f5:c4:2e:a4:36:b5:cf:b4:b7:b1:e5:
                    2a:a5:3e:e7:61:66:30:40:81:36:90:b9:07:62:39:
                    75:64:5e:c8:46:71:ea:60:30:8d:74:41:13:e3:54:
                    f6:d7:d2:f8:81:20:b4:6b:05:0d:b4:55:db:3e:52:
                    de:c0:0a:9f:34:9f:c2:e9:ef:91:bb:fd:d6:4c:93:
                    78:0e:d2:61:cf:b6:15:e5:9d:ca:3d:7b:dd:6d:bf:
                    7e:84:39:45:9c:e4:df:c6:a7:7c:ba:47:51:6b:59:
                    56:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F1:27:8D:1B:71:62:89:AF:4F:5A:4E:7E:42:FE:F8:6A:6E:4F:F1
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/i_EnjRtxYomvT1pOfkL--GpuT_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.224.0/20
                IPv6:
                  2001:14e8:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:9e:26:2f:c6:18:cd:5a:28:9c:e3:58:68:66:71:95:3f:66:
         06:a2:9e:99:62:c3:19:af:e9:dc:fb:dc:30:20:d0:f7:5c:bf:
         4d:89:f5:f6:23:6f:4b:62:25:57:ff:ae:c8:a9:f0:5e:53:82:
         ef:16:1d:9d:25:2e:4e:66:1c:3a:d5:27:71:18:95:80:da:dd:
         7a:e9:85:d2:7a:82:77:e6:ad:3a:02:20:18:f5:0e:d2:40:92:
         e3:fd:d8:cb:17:d2:94:d0:a7:e3:01:e1:9c:a0:56:4d:39:bb:
         be:66:30:1f:d9:52:d0:fd:91:1f:0f:d3:d9:39:a4:b3:dd:6b:
         6e:bd:e2:90:49:ea:55:56:4b:e4:78:52:df:5e:38:e7:54:91:
         75:3d:7c:fd:d9:1e:54:5e:eb:5a:1f:21:50:92:82:ef:fc:6b:
         e7:45:82:26:25:26:2f:a4:86:cb:8c:95:62:06:54:74:de:b2:
         dd:07:f9:96:ef:d7:62:58:f7:ed:36:9b:95:67:9e:a8:70:87:
         ec:95:24:c1:bb:8c:f2:8b:07:57:79:84:0a:a7:53:ec:7e:e1:
         89:76:28:28:d5:8e:34:1c:fe:f3:85:70:04:60:c0:c5:99:f2:
         d4:72:1d:93:c7:13:71:18:85:54:55:4a:9c:d0:a2:17:c8:04:
         17:6e:36:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK3+JFaobgSfmGWkLON66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmYxMjc4ZDFiNzE2Mjg5YWY0ZjVhNGU3ZTQyZmVmODZhNmU0ZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid9elnpB2b2/XvirxphC/YIfT6zi
qKj1mA84B4hh7IjJbuJMJKZHxYObyo8YTZiIqsZdIoMPyri0jso6m7X/NSeKtfTo
EHJ50E8i05yITynX/lSLx5gzoKMSOIsJbVji0c9/YUhrXrq4qC/T6vgfv5/B5y85
fPi6U/MK6LQWkAXzXYn1ZQis2wLMRanCfSjSaRewlOOR5Hq59cQupDa1z7S3seUq
pT7nYWYwQIE2kLkHYjl1ZF7IRnHqYDCNdEET41T219L4gSC0awUNtFXbPlLewAqf
NJ/C6e+Ru/3WTJN4DtJhz7YV5Z3KPXvdbb9+hDlFnOTfxqd8ukdRa1lWZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIvxJ40bcWKJr09aTn5C/vhqbk/xMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvaV9FbmpSdHhZb212VDFwT2ZrTC0tR3B1VF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEwuHgMA8E
AgACMAkDBwAgARToAAQwDQYJKoZIhvcNAQELBQADggEBAGqeJi/GGM1aKJzjWGhm
cZU/Zgainpliwxmv6dz73DAg0Pdcv02J9fYjb0tiJVf/rsip8F5Tgu8WHZ0lLk5m
HDrVJ3EYlYDa3XrphdJ6gnfmrToCIBj1DtJAkuP92MsX0pTQp+MB4ZygVk05u75m
MB/ZUtD9kR8P09k5pLPda2694pBJ6lVWS+R4Ut9eOOdUkXU9fP3ZHlRe61ofIVCS
gu/8a+dFgiYlJi+khsuMlWIGVHTest0H+Zbv12JY9+02m5Vnnqhwh+yVJMG7jPKL
B1d5hAqnU+x+4Yl2KCjVjjQc/vOFcARgwMWZ8tRyHZPHE3EYhVRVSpzQohfIBBdu
Nq4=
-----END CERTIFICATE-----