Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/spGJRuWYPz3fOT-EivFH0mMG6oI.roa
File:                     spGJRuWYPz3fOT-EivFH0mMG6oI.roa (raw, json)
Hash identifier:          crD3ATpbJvLSv9Ow9XzfWphpa7HQaGKzvUuEc1Cl+nI=
Subject key identifier:   B2:91:89:46:E5:98:3F:3D:DF:39:3F:84:8A:F1:47:D2:63:06:EA:82
Certificate issuer:       /CN=918ef823bb041ea3ac7c8936c750b6018137e2cd
Certificate serial:       018CCA2BC6D0743F391B1A7E7F2C3C6DF038
Authority key identifier: 91:8E:F8:23:BB:04:1E:A3:AC:7C:89:36:C7:50:B6:01:81:37:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/spGJRuWYPz3fOT-EivFH0mMG6oI.roa
Signing time:             Tue 02 Jan 2024 12:35:15 +0000
ROA not before:           Tue 02 Jan 2024 12:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47264
IP address blocks:        185.4.116.0/24 maxlen: 24
                          185.4.116.0/22 maxlen: 22
                          185.4.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c6:d0:74:3f:39:1b:1a:7e:7f:2c:3c:6d:f0:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918ef823bb041ea3ac7c8936c750b6018137e2cd
        Validity
            Not Before: Jan  2 12:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2918946e5983f3ddf393f848af147d26306ea82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:bd:10:3e:51:a1:23:f5:82:cd:31:d7:ba:
                    c9:8a:02:ab:b8:a1:97:ee:e5:df:68:8d:65:d6:db:
                    08:4b:17:ab:ae:23:64:4e:fe:0e:c2:d8:dc:b0:36:
                    03:71:fa:49:0d:e6:48:e3:fd:57:e5:f2:41:e4:30:
                    77:e9:3b:58:44:ff:d7:21:84:34:ea:98:d9:dd:cb:
                    62:c8:dd:14:cd:01:29:d7:4e:37:4e:2e:19:47:6f:
                    a6:fe:31:62:55:9b:dd:69:72:36:37:c1:46:34:63:
                    e9:61:24:d1:cd:df:bd:69:15:d4:bb:30:fd:44:fa:
                    8a:55:74:ec:9a:be:d2:8a:a5:2b:b7:ee:67:34:79:
                    92:08:57:c4:1b:37:63:ac:2a:75:1b:d6:32:7b:f9:
                    c6:d4:71:b8:a7:38:9c:6b:84:37:3f:25:b6:2f:1b:
                    22:2b:e2:a7:9f:6c:e6:cc:2f:c7:08:80:c7:9f:bf:
                    b2:0d:3f:0e:34:22:fa:80:ed:ad:36:df:2f:ae:93:
                    b7:6a:43:60:79:66:57:41:ff:6d:e2:6f:1b:b1:e1:
                    80:0b:e2:ef:42:a6:24:a3:57:08:07:9f:b8:7a:7c:
                    ba:7b:a8:69:cb:2c:de:4b:e2:a7:14:9b:a0:bc:47:
                    84:ea:dd:0b:e3:52:24:83:bf:56:6f:68:cf:cc:d8:
                    58:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:91:89:46:E5:98:3F:3D:DF:39:3F:84:8A:F1:47:D2:63:06:EA:82
            X509v3 Authority Key Identifier:
                keyid:91:8E:F8:23:BB:04:1E:A3:AC:7C:89:36:C7:50:B6:01:81:37:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/spGJRuWYPz3fOT-EivFH0mMG6oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:71:e2:6d:d2:c3:a3:c5:f4:60:02:a5:03:7b:29:12:b6:13:
         2b:44:f6:a3:30:d2:23:ae:ac:da:2b:c7:b1:6c:da:78:36:76:
         21:d0:8e:88:31:ad:bb:74:99:b1:ef:b4:fc:6a:c2:53:b0:77:
         82:aa:a5:ec:ea:90:18:93:8a:c4:16:66:7d:a5:be:73:23:cd:
         e5:51:8b:fd:d4:92:7c:18:38:a9:dc:8a:c0:ea:de:4f:2c:14:
         51:a5:b8:3d:8e:39:ec:88:ac:78:c8:67:f2:72:f6:5e:5d:cf:
         dc:f7:11:66:da:f8:3d:4c:12:b1:e2:8d:47:7e:ea:1f:69:34:
         b2:3b:c7:7d:e6:f8:b6:a5:c0:22:61:00:5d:96:b8:cc:60:e0:
         c8:cb:1c:b7:3a:7a:8f:83:cb:2f:7c:b9:be:99:9b:5b:d2:94:
         07:09:e2:d0:27:f3:e7:49:8d:e7:7b:6b:c8:29:97:4b:49:72:
         8b:da:97:6b:ae:3f:7c:af:1e:d9:9c:70:24:fd:0c:88:4f:2f:
         e5:27:1c:9b:df:ed:08:30:e1:5e:9c:a9:f8:d7:b3:d2:45:7d:
         6a:b5:f3:77:f0:57:23:d3:21:3c:4e:0e:47:3a:64:53:dd:f8:
         56:3d:53:c6:df:30:fa:a4:3f:98:8e:cd:0f:83:1e:0a:d3:c8:
         d1:ae:eb:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8bQdD85Gxp+fyw8bfA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOGVmODIzYmIwNDFlYTNhYzdjODkzNmM3NTBiNjAxODEz
N2UyY2QwHhcNMjQwMTAyMTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjkxODk0NmU1OTgzZjNkZGYzOTNmODQ4YWYxNDdkMjYzMDZlYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKa9ED5RoSP1gs0x17rJigKruKGX
7uXfaI1l1tsISxerriNkTv4OwtjcsDYDcfpJDeZI4/1X5fJB5DB36TtYRP/XIYQ0
6pjZ3ctiyN0UzQEp1043Ti4ZR2+m/jFiVZvdaXI2N8FGNGPpYSTRzd+9aRXUuzD9
RPqKVXTsmr7SiqUrt+5nNHmSCFfEGzdjrCp1G9Yye/nG1HG4pzica4Q3PyW2Lxsi
K+Knn2zmzC/HCIDHn7+yDT8ONCL6gO2tNt8vrpO3akNgeWZXQf9t4m8bseGAC+Lv
QqYko1cIB5+4eny6e6hpyyzeS+KnFJugvEeE6t0L41Ikg79Wb2jPzNhYbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKRiUblmD893zk/hIrxR9JjBuqCMB8GA1UdIwQY
MBaAFJGO+CO7BB6jrHyJNsdQtgGBN+LNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1k3NEk3c0VIcU9zZklrMngxQzJBWUUzNHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS82NTQyMGMtZjVlMi00ZDI5LWI1MDMt
NjUyOTc1MWIyYjAxLzEvc3BHSlJ1V1lQejNmT1QtRWl2RkgwbU1HNm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS82NTQyMGMtZjVlMi00ZDI5LWI1MDMtNjUyOTc1MWIyYjAx
LzEva1k3NEk3c0VIcU9zZklrMngxQzJBWUUzNHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQR0MA0G
CSqGSIb3DQEBCwUAA4IBAQBWceJt0sOjxfRgAqUDeykSthMrRPajMNIjrqzaK8ex
bNp4NnYh0I6IMa27dJmx77T8asJTsHeCqqXs6pAYk4rEFmZ9pb5zI83lUYv91JJ8
GDip3IrA6t5PLBRRpbg9jjnsiKx4yGfycvZeXc/c9xFm2vg9TBKx4o1HfuofaTSy
O8d95vi2pcAiYQBdlrjMYODIyxy3OnqPg8svfLm+mZtb0pQHCeLQJ/PnSY3ne2vI
KZdLSXKL2pdrrj98rx7ZnHAk/QyITy/lJxyb3+0IMOFenKn417PSRX1qtfN38Fcj
0yE8Tg5HOmRT3fhWPVPG3zD6pD+Yjs0Pgx4K08jRrut2
-----END CERTIFICATE-----