Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/c75317-d5fd-4a24-8714-e7dee9a7cad5/1/4i1V55osIwjerc4Ci4M2UPpCaec.roa
File:                     4i1V55osIwjerc4Ci4M2UPpCaec.roa (raw, json)
Hash identifier:          BRBqlMg5goGVMzHwmwO4dVEfIaqrPx34524cSrnFBuY=
Subject key identifier:   E2:2D:55:E7:9A:2C:23:08:DE:AD:CE:02:8B:83:36:50:FA:42:69:E7
Certificate issuer:       /CN=8d3e594bb26e9c08e6fc4736caa5d3c200854dea
Certificate serial:       018CC8714B38433A154FA9368C74118442C3
Authority key identifier: 8D:3E:59:4B:B2:6E:9C:08:E6:FC:47:36:CA:A5:D3:C2:00:85:4D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jT5ZS7JunAjm_Ec2yqXTwgCFTeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/c75317-d5fd-4a24-8714-e7dee9a7cad5/1/4i1V55osIwjerc4Ci4M2UPpCaec.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.149.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/c75317-d5fd-4a24-8714-e7dee9a7cad5/1/jT5ZS7JunAjm_Ec2yqXTwgCFTeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/c75317-d5fd-4a24-8714-e7dee9a7cad5/1/jT5ZS7JunAjm_Ec2yqXTwgCFTeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jT5ZS7JunAjm_Ec2yqXTwgCFTeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4b:38:43:3a:15:4f:a9:36:8c:74:11:84:42:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3e594bb26e9c08e6fc4736caa5d3c200854dea
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e22d55e79a2c2308deadce028b833650fa4269e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9d:54:78:39:e9:23:e5:66:cd:67:da:2c:b4:
                    9c:34:b8:d9:a1:68:3d:23:3a:70:65:45:d9:44:50:
                    aa:8c:1a:ed:00:44:c6:cd:2a:62:52:84:cd:30:e5:
                    d0:59:07:5b:34:9b:65:34:41:31:ed:b8:c3:c5:5b:
                    38:c8:e2:8c:a6:50:26:76:7e:46:5e:29:73:fc:a4:
                    0f:5a:61:b1:9b:73:5a:d0:59:7f:3b:b5:85:57:51:
                    b0:e9:82:54:8a:10:51:92:b9:e3:2b:ba:f3:55:65:
                    b4:7e:e9:6d:d1:45:18:3f:76:38:08:6c:fb:f4:c4:
                    0d:ec:7c:ff:cd:8c:6b:5a:12:5b:cc:cb:19:a0:7b:
                    3e:cc:93:cd:b5:c8:9a:52:99:7b:22:da:6e:4a:58:
                    a5:0c:fc:11:32:52:b8:fb:36:fe:89:62:3a:01:e6:
                    d9:21:10:af:31:8d:81:a2:15:26:01:74:0e:4c:e5:
                    08:84:dd:75:5f:51:ff:39:84:92:ac:cb:7a:37:45:
                    5a:dc:a8:a3:36:e8:44:3d:a1:41:4c:92:13:9c:05:
                    cf:79:3c:e8:ff:bd:af:e1:3b:6d:90:85:aa:13:9d:
                    46:33:26:ee:94:83:b4:28:c1:7a:68:ca:db:ce:88:
                    25:0a:e1:f5:a2:24:97:b0:b9:bb:68:c2:09:9c:d2:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2D:55:E7:9A:2C:23:08:DE:AD:CE:02:8B:83:36:50:FA:42:69:E7
            X509v3 Authority Key Identifier:
                keyid:8D:3E:59:4B:B2:6E:9C:08:E6:FC:47:36:CA:A5:D3:C2:00:85:4D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jT5ZS7JunAjm_Ec2yqXTwgCFTeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c75317-d5fd-4a24-8714-e7dee9a7cad5/1/4i1V55osIwjerc4Ci4M2UPpCaec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c75317-d5fd-4a24-8714-e7dee9a7cad5/1/jT5ZS7JunAjm_Ec2yqXTwgCFTeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:23:03:0f:c9:9f:cd:b3:ea:54:fe:b2:26:8e:fe:30:94:dc:
         1f:20:af:8d:b8:d7:e0:68:71:c0:61:fb:b8:05:13:f2:a5:44:
         03:aa:bd:c3:09:23:7b:fb:4b:23:f0:17:c1:36:64:d7:ee:00:
         80:d4:54:1c:69:f0:ea:21:3b:f1:90:14:75:09:cc:b6:50:b6:
         7e:24:b0:3b:83:2b:e4:39:3d:18:a5:4c:6a:18:66:25:83:41:
         de:92:a5:69:ae:47:57:60:1a:9f:af:e1:5d:06:dc:fd:9c:29:
         ad:ab:4e:de:7f:ed:c4:1a:1c:c7:49:59:73:79:66:a1:20:9f:
         63:2f:9c:d3:b4:cd:68:88:d1:6e:12:c5:52:3a:4d:cc:e1:8b:
         83:71:a4:f2:7b:51:53:23:fc:07:4f:6b:2e:a8:26:d5:42:bd:
         82:06:7e:87:40:72:07:53:72:4b:b0:81:36:7b:b9:cf:0e:5b:
         42:96:27:18:1b:6c:a9:08:d7:a7:b5:fa:ce:9e:4e:35:d7:e2:
         0a:7e:0f:4e:7c:62:6a:75:d8:0d:93:32:b9:67:b2:47:98:d3:
         db:54:69:b3:b4:e5:98:71:5c:9b:b6:ff:7d:be:60:61:39:3a:
         a9:57:0b:f8:73:d9:a8:dd:1d:1d:28:74:63:99:99:4f:28:ad:
         66:cc:de:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUs4QzoVT6k2jHQRhELDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2U1OTRiYjI2ZTljMDhlNmZjNDczNmNhYTVkM2MyMDA4
NTRkZWEwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJkNTVlNzlhMmMyMzA4ZGVhZGNlMDI4YjgzMzY1MGZhNDI2OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw51UeDnpI+VmzWfaLLScNLjZoWg9
IzpwZUXZRFCqjBrtAETGzSpiUoTNMOXQWQdbNJtlNEEx7bjDxVs4yOKMplAmdn5G
Xilz/KQPWmGxm3Na0Fl/O7WFV1Gw6YJUihBRkrnjK7rzVWW0fult0UUYP3Y4CGz7
9MQN7Hz/zYxrWhJbzMsZoHs+zJPNtciaUpl7ItpuSlilDPwRMlK4+zb+iWI6AebZ
IRCvMY2BohUmAXQOTOUIhN11X1H/OYSSrMt6N0Va3KijNuhEPaFBTJITnAXPeTzo
/72v4TttkIWqE51GMybulIO0KMF6aMrbzoglCuH1oiSXsLm7aMIJnNL4awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOItVeeaLCMI3q3OAouDNlD6QmnnMB8GA1UdIwQY
MBaAFI0+WUuybpwI5vxHNsql08IAhU3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalQ1WlM3SnVuQWptX0VjMnlxWFR3Z0NGVGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9jNzUzMTctZDVmZC00YTI0LTg3MTQt
ZTdkZWU5YTdjYWQ1LzEvNGkxVjU1b3NJd2plcmM0Q2k0TTJVUHBDYWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9jNzUzMTctZDVmZC00YTI0LTg3MTQtZTdkZWU5YTdjYWQ1
LzEvalQ1WlM3SnVuQWptX0VjMnlxWFR3Z0NGVGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZU2MA0G
CSqGSIb3DQEBCwUAA4IBAQASIwMPyZ/Ns+pU/rImjv4wlNwfIK+NuNfgaHHAYfu4
BRPypUQDqr3DCSN7+0sj8BfBNmTX7gCA1FQcafDqITvxkBR1Ccy2ULZ+JLA7gyvk
OT0YpUxqGGYlg0HekqVprkdXYBqfr+FdBtz9nCmtq07ef+3EGhzHSVlzeWahIJ9j
L5zTtM1oiNFuEsVSOk3M4YuDcaTye1FTI/wHT2suqCbVQr2CBn6HQHIHU3JLsIE2
e7nPDltClicYG2ypCNentfrOnk411+IKfg9OfGJqddgNkzK5Z7JHmNPbVGmztOWY
cVybtv99vmBhOTqpVwv4c9mo3R0dKHRjmZlPKK1mzN7Y
-----END CERTIFICATE-----