Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f9dd1c-317b-41c1-8fcb-7d9eabee15ac/1/4McoBRYRAxA-sszpdy5KLxc-YnI.roa
File:                     4McoBRYRAxA-sszpdy5KLxc-YnI.roa (raw, json)
Hash identifier:          E1+30CAfZ1SFC059THB6+UgDRrJIfXOfJ4lVBHa6RCg=
Subject key identifier:   E0:C7:28:05:16:11:03:10:3E:B2:CC:E9:77:2E:4A:2F:17:3E:62:72
Certificate issuer:       /CN=5316590a0eaf48df2b1ae23b9d559e9cac25997e
Certificate serial:       018CC725B8A2D710290F37EA62E6C8BF181B
Authority key identifier: 53:16:59:0A:0E:AF:48:DF:2B:1A:E2:3B:9D:55:9E:9C:AC:25:99:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxZZCg6vSN8rGuI7nVWenKwlmX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f9dd1c-317b-41c1-8fcb-7d9eabee15ac/1/4McoBRYRAxA-sszpdy5KLxc-YnI.roa
Signing time:             Mon 01 Jan 2024 22:29:47 +0000
ROA not before:           Mon 01 Jan 2024 22:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.168.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f9dd1c-317b-41c1-8fcb-7d9eabee15ac/1/UxZZCg6vSN8rGuI7nVWenKwlmX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f9dd1c-317b-41c1-8fcb-7d9eabee15ac/1/UxZZCg6vSN8rGuI7nVWenKwlmX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxZZCg6vSN8rGuI7nVWenKwlmX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b8:a2:d7:10:29:0f:37:ea:62:e6:c8:bf:18:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5316590a0eaf48df2b1ae23b9d559e9cac25997e
        Validity
            Not Before: Jan  1 22:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0c72805161103103eb2cce9772e4a2f173e6272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:64:22:b4:fb:0c:16:f1:c5:9b:f5:a6:05:e4:
                    99:63:35:f2:be:11:b7:1c:fe:06:58:32:b8:95:0a:
                    fc:e7:19:d1:eb:49:ac:45:9b:14:eb:89:a7:af:5b:
                    5c:bf:96:97:b6:39:b9:58:23:c2:f4:2a:5c:07:53:
                    a8:26:33:a6:e7:a9:de:6d:a4:72:f8:bb:c8:5c:1e:
                    88:a8:92:09:c0:74:97:21:62:1c:b2:0c:e5:a4:45:
                    89:d8:51:8b:15:0c:4d:b1:d0:fc:38:d5:ed:e2:ff:
                    10:4b:d5:7d:b1:70:d6:fa:3f:71:4a:b8:f9:16:fd:
                    3d:11:32:0d:dc:27:3b:01:89:4a:d9:ab:df:07:ed:
                    ba:ea:43:8b:f8:88:cc:c4:c6:2c:be:2c:4d:03:51:
                    d1:92:ca:d3:2e:8f:86:3a:bc:2c:f0:94:8c:95:d4:
                    b1:9e:d9:d5:9f:85:06:b0:a0:a8:c7:5d:76:65:da:
                    f3:67:7e:ff:81:8f:d4:f3:6d:5f:da:4f:13:48:f4:
                    00:65:32:a7:de:fb:68:73:32:82:17:b9:69:e2:ed:
                    1f:26:38:f5:32:95:98:e7:75:5c:4d:88:97:42:d7:
                    e1:9e:fd:97:ff:0d:6a:28:5b:ac:7a:70:48:9f:97:
                    85:56:0b:45:96:26:36:85:25:33:ee:5d:c3:c5:4a:
                    1e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C7:28:05:16:11:03:10:3E:B2:CC:E9:77:2E:4A:2F:17:3E:62:72
            X509v3 Authority Key Identifier:
                keyid:53:16:59:0A:0E:AF:48:DF:2B:1A:E2:3B:9D:55:9E:9C:AC:25:99:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxZZCg6vSN8rGuI7nVWenKwlmX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f9dd1c-317b-41c1-8fcb-7d9eabee15ac/1/4McoBRYRAxA-sszpdy5KLxc-YnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f9dd1c-317b-41c1-8fcb-7d9eabee15ac/1/UxZZCg6vSN8rGuI7nVWenKwlmX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:80:a1:0e:15:ce:09:db:92:88:3c:f0:23:4a:6c:a4:dc:ee:
         41:8d:6b:c4:48:5e:e6:e0:4f:a7:4b:74:44:93:1f:df:df:bc:
         f1:c1:a1:00:5d:f3:0d:1d:60:15:bc:4d:4a:0e:1e:8d:58:7b:
         80:20:6a:8b:33:6e:54:e4:04:6a:f1:7d:4c:6f:d0:77:38:36:
         54:5b:74:3b:ee:ba:6a:21:5f:81:11:36:db:2a:10:48:27:a0:
         4c:7b:b5:d1:d1:50:21:d2:93:65:60:9a:d9:38:c8:e7:58:ad:
         ec:8c:71:7a:49:c0:b3:9c:2d:2b:0e:20:3e:c3:ae:f6:f3:f6:
         1b:ee:e7:4a:06:0e:b3:bc:cc:72:21:01:19:10:df:8e:ce:74:
         78:54:62:a2:37:03:ae:85:96:81:cf:fb:90:da:2c:b4:bd:c6:
         0c:56:33:89:5a:1f:cb:06:54:c3:89:52:56:4f:26:56:ac:ae:
         e3:26:6b:60:58:22:c2:9f:1c:0d:7a:5b:e6:d6:b0:18:16:91:
         91:cc:cb:c7:3c:1e:5f:fb:80:16:5c:d0:13:7e:f7:4f:87:97:
         d9:e5:13:da:3d:45:ea:4b:68:3d:ae:5e:f5:9c:b8:42:e8:ac:
         be:15:4c:8d:06:c4:0a:ca:9c:cd:b0:6a:08:a2:91:9b:ae:f7:
         05:3f:e7:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbii1xApDzfqYubIvxgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTY1OTBhMGVhZjQ4ZGYyYjFhZTIzYjlkNTU5ZTljYWMy
NTk5N2UwHhcNMjQwMTAxMjIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGM3MjgwNTE2MTEwMzEwM2ViMmNjZTk3NzJlNGEyZjE3M2U2MjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimQitPsMFvHFm/WmBeSZYzXyvhG3
HP4GWDK4lQr85xnR60msRZsU64mnr1tcv5aXtjm5WCPC9CpcB1OoJjOm56nebaRy
+LvIXB6IqJIJwHSXIWIcsgzlpEWJ2FGLFQxNsdD8ONXt4v8QS9V9sXDW+j9xSrj5
Fv09ETIN3Cc7AYlK2avfB+266kOL+IjMxMYsvixNA1HRksrTLo+GOrws8JSMldSx
ntnVn4UGsKCox112ZdrzZ37/gY/U821f2k8TSPQAZTKn3vtoczKCF7lp4u0fJjj1
MpWY53VcTYiXQtfhnv2X/w1qKFusenBIn5eFVgtFliY2hSUz7l3DxUoeVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODHKAUWEQMQPrLM6XcuSi8XPmJyMB8GA1UdIwQY
MBaAFFMWWQoOr0jfKxriO51VnpysJZl+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhaWkNnNnZTTjhyR3VJN25WV2VuS3dsbVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mOWRkMWMtMzE3Yi00MWMxLThmY2It
N2Q5ZWFiZWUxNWFjLzEvNE1jb0JSWVJBeEEtc3N6cGR5NUtMeGMtWW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mOWRkMWMtMzE3Yi00MWMxLThmY2ItN2Q5ZWFiZWUxNWFj
LzEvVXhaWkNnNnZTTjhyR3VJN25WV2VuS3dsbVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuajYMA0G
CSqGSIb3DQEBCwUAA4IBAQCegKEOFc4J25KIPPAjSmyk3O5BjWvESF7m4E+nS3RE
kx/f37zxwaEAXfMNHWAVvE1KDh6NWHuAIGqLM25U5ARq8X1Mb9B3ODZUW3Q77rpq
IV+BETbbKhBIJ6BMe7XR0VAh0pNlYJrZOMjnWK3sjHF6ScCznC0rDiA+w6728/Yb
7udKBg6zvMxyIQEZEN+OznR4VGKiNwOuhZaBz/uQ2iy0vcYMVjOJWh/LBlTDiVJW
TyZWrK7jJmtgWCLCnxwNelvm1rAYFpGRzMvHPB5f+4AWXNATfvdPh5fZ5RPaPUXq
S2g9rl71nLhC6Ky+FUyNBsQKypzNsGoIopGbrvcFP+eh
-----END CERTIFICATE-----