Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/4-ZnZFoANKd0VJjxHWVepT-hRqc.roa
File:                     4-ZnZFoANKd0VJjxHWVepT-hRqc.roa (raw, json)
Hash identifier:          AW/KbrghNw3EvPQUTwLSZ4x5vt6FIrFRqA/6vlR4zXk=
Subject key identifier:   E3:E6:67:64:5A:00:34:A7:74:54:98:F1:1D:65:5E:A5:3F:A1:46:A7
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBD4C8FEF1247F83A87127A2AAC1C6
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/4-ZnZFoANKd0VJjxHWVepT-hRqc.roa
Signing time:             Tue 02 Jan 2024 10:32:59 +0000
ROA not before:           Tue 02 Jan 2024 10:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203583
IP address blocks:        195.228.29.0/24 maxlen: 24
                          84.1.158.0/24 maxlen: 24
                          195.228.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:d4:c8:fe:f1:24:7f:83:a8:71:27:a2:aa:c1:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3e667645a0034a7745498f11d655ea53fa146a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ab:db:2a:3d:67:02:84:d8:03:c6:38:28:b2:
                    db:a2:35:f5:fe:80:4a:ec:1d:f2:c6:04:84:09:54:
                    10:4c:04:7b:1e:66:d7:fb:b5:a6:ab:cc:4a:30:7f:
                    b6:40:72:9e:26:7e:ea:08:73:7e:49:d2:b1:83:19:
                    bb:9b:22:ad:c7:4f:fd:0e:f3:21:2e:50:0f:c6:b9:
                    78:ba:0d:02:01:ae:77:cb:ee:98:d3:36:9b:97:2d:
                    fd:f8:65:80:11:97:0f:2d:a9:dc:9e:9a:de:0e:9b:
                    89:cc:e5:44:e6:45:e1:a1:a6:84:27:18:3c:82:4b:
                    b4:02:86:87:28:a6:45:ee:00:b5:dd:06:12:40:ca:
                    ec:63:df:05:c5:ef:b6:9e:b1:ed:74:93:dc:a3:5f:
                    a1:43:48:22:cc:48:64:0d:d5:4c:2b:65:38:7a:90:
                    da:52:a2:62:87:54:9d:23:5c:3b:4e:61:57:9a:88:
                    13:9b:a0:6d:d9:66:f8:db:e2:c0:3e:30:01:df:db:
                    c6:c9:3f:e2:3a:70:96:86:ee:e5:7f:25:6d:e0:f3:
                    aa:c7:d0:ef:6b:89:e0:fa:08:6d:d2:78:12:b8:4d:
                    9a:ce:e0:28:28:9f:cc:0a:e1:8a:4e:b4:00:02:a2:
                    68:5a:9d:35:2d:4b:c9:16:49:e9:16:02:de:dd:52:
                    bd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E6:67:64:5A:00:34:A7:74:54:98:F1:1D:65:5E:A5:3F:A1:46:A7
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/4-ZnZFoANKd0VJjxHWVepT-hRqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.1.158.0/24
                  195.228.29.0/24
                  195.228.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:97:ea:ab:26:fd:7f:fa:69:2a:c3:21:74:87:cd:5e:11:f9:
         a4:84:36:8e:9f:99:95:f5:12:53:dc:65:90:b5:1c:73:ca:86:
         28:35:73:28:5d:45:86:47:8c:c2:d1:82:8d:e5:61:e7:d4:9b:
         83:5e:28:41:63:e1:c8:25:6e:00:f4:e7:7e:a4:c1:71:61:2c:
         37:5a:0d:a5:cd:15:47:b2:f0:c7:11:f7:ad:cf:5c:6b:08:62:
         8c:e9:b9:c4:62:4d:1d:c1:63:0f:46:9e:a4:7d:bc:92:fc:a9:
         29:8e:88:0a:ba:0b:3b:2f:d3:c6:53:89:c5:a0:fd:f9:8e:8c:
         76:b2:5c:46:30:4e:0c:9f:91:c9:8d:d2:49:34:10:0c:2a:90:
         fe:45:70:c4:37:7e:be:00:68:14:8f:17:ff:d4:b9:e9:dd:b9:
         c8:33:3c:78:e2:2f:db:06:40:40:e7:9f:b3:97:59:42:a3:8e:
         ad:ae:7a:94:08:1d:22:fa:32:ed:6d:38:75:15:d9:2f:21:07:
         ba:86:56:5e:b6:34:69:fa:fe:09:da:d0:a0:2e:65:db:ca:87:
         99:ce:1a:1f:52:bd:b2:8b:36:ad:eb:3f:4f:47:ea:39:f2:0d:
         88:1f:33:ea:ae:56:a0:5a:bc:e6:7a:fe:ed:18:59:a5:a5:bd:
         9f:c8:be:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJu9TI/vEkf4OocSeiqsHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2U2Njc2NDVhMDAzNGE3NzQ1NDk4ZjExZDY1NWVhNTNmYTE0NmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqvbKj1nAoTYA8Y4KLLbojX1/oBK
7B3yxgSECVQQTAR7HmbX+7Wmq8xKMH+2QHKeJn7qCHN+SdKxgxm7myKtx0/9DvMh
LlAPxrl4ug0CAa53y+6Y0zably39+GWAEZcPLancnpreDpuJzOVE5kXhoaaEJxg8
gku0AoaHKKZF7gC13QYSQMrsY98Fxe+2nrHtdJPco1+hQ0gizEhkDdVMK2U4epDa
UqJih1SdI1w7TmFXmogTm6Bt2Wb42+LAPjAB39vGyT/iOnCWhu7lfyVt4POqx9Dv
a4ng+ght0ngSuE2azuAoKJ/MCuGKTrQAAqJoWp01LUvJFknpFgLe3VK9TQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOPmZ2RaADSndFSY8R1lXqU/oUanMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvNC1ablpGb0FOS2QwVkpqeEhXVmVwVC1oUnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVAGeAwQA
w+QdAwQAw+S0MA0GCSqGSIb3DQEBCwUAA4IBAQBMl+qrJv1/+mkqwyF0h81eEfmk
hDaOn5mV9RJT3GWQtRxzyoYoNXMoXUWGR4zC0YKN5WHn1JuDXihBY+HIJW4A9Od+
pMFxYSw3Wg2lzRVHsvDHEfetz1xrCGKM6bnEYk0dwWMPRp6kfbyS/KkpjogKugs7
L9PGU4nFoP35jox2slxGME4Mn5HJjdJJNBAMKpD+RXDEN36+AGgUjxf/1Lnp3bnI
Mzx44i/bBkBA55+zl1lCo46trnqUCB0i+jLtbTh1FdkvIQe6hlZetjRp+v4J2tCg
LmXbyoeZzhofUr2yizat6z9PR+o58g2IHzPqrlagWrzmev7tGFmlpb2fyL5w
-----END CERTIFICATE-----