Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a31ddb-1fd2-461c-bfeb-82ee2d2b4289/1/S2uzCh8mKDRwWrvbxuHOD3l01tQ.roa
File:                     S2uzCh8mKDRwWrvbxuHOD3l01tQ.roa (raw, json)
Hash identifier:          T9kjgm/fDOdndaGutAOtzET1sfqAi/AlHOAiuYln0Kg=
Subject key identifier:   4B:6B:B3:0A:1F:26:28:34:70:5A:BB:DB:C6:E1:CE:0F:79:74:D6:D4
Certificate issuer:       /CN=e277538dec2efcd2f11cc637197d1d9a6fdae9d9
Certificate serial:       018CC56E0CCCCACD928163952D3205132B51
Authority key identifier: E2:77:53:8D:EC:2E:FC:D2:F1:1C:C6:37:19:7D:1D:9A:6F:DA:E9:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ndTjewu_NLxHMY3GX0dmm_a6dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a31ddb-1fd2-461c-bfeb-82ee2d2b4289/1/S2uzCh8mKDRwWrvbxuHOD3l01tQ.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34941
IP address blocks:        85.118.200.0/21 maxlen: 21
                          185.112.136.0/22 maxlen: 22
                          2a06:6180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a31ddb-1fd2-461c-bfeb-82ee2d2b4289/1/4ndTjewu_NLxHMY3GX0dmm_a6dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a31ddb-1fd2-461c-bfeb-82ee2d2b4289/1/4ndTjewu_NLxHMY3GX0dmm_a6dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ndTjewu_NLxHMY3GX0dmm_a6dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:cc:ca:cd:92:81:63:95:2d:32:05:13:2b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e277538dec2efcd2f11cc637197d1d9a6fdae9d9
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b6bb30a1f262834705abbdbc6e1ce0f7974d6d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0f:ba:83:8e:3b:65:ff:c5:37:c6:4b:45:6d:
                    44:13:45:7c:d9:75:3b:96:43:ff:1a:ee:b6:52:6b:
                    25:a0:a5:c8:83:c5:57:8e:ae:dd:21:59:98:34:4f:
                    a3:b8:74:e8:6d:b3:73:18:ae:75:03:1e:30:01:81:
                    2e:37:8d:b8:c2:cd:84:bf:14:aa:c5:05:cf:55:f4:
                    90:db:0f:e8:05:1a:b6:62:49:eb:f4:f5:22:e7:2b:
                    23:1a:7d:ce:bb:c4:2b:d4:35:51:c8:c4:cc:07:9a:
                    e7:85:e5:4c:22:9b:a1:61:fd:e4:cd:21:7e:27:e6:
                    b6:04:e4:a0:4b:ae:32:bc:61:bb:01:b5:41:d9:25:
                    e9:29:8c:17:cf:2d:8f:5c:31:c8:5c:f3:14:14:bd:
                    2f:f4:01:a7:3d:cb:3a:62:a7:69:a7:e8:9b:99:2c:
                    04:11:ce:fb:1c:82:16:23:a3:86:79:f1:2e:3a:1a:
                    6a:15:52:b3:eb:e7:74:52:77:62:e9:7b:24:43:2b:
                    6b:21:05:bc:69:91:e9:97:f9:1b:76:dc:f4:bf:6a:
                    65:86:30:40:69:0e:35:98:19:4c:1c:04:c5:59:0b:
                    a2:2f:60:bb:fc:ec:10:72:37:24:15:cf:4b:d5:a2:
                    c5:c5:5a:74:40:45:63:ca:37:05:41:0b:79:c5:e6:
                    87:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:6B:B3:0A:1F:26:28:34:70:5A:BB:DB:C6:E1:CE:0F:79:74:D6:D4
            X509v3 Authority Key Identifier:
                keyid:E2:77:53:8D:EC:2E:FC:D2:F1:1C:C6:37:19:7D:1D:9A:6F:DA:E9:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ndTjewu_NLxHMY3GX0dmm_a6dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a31ddb-1fd2-461c-bfeb-82ee2d2b4289/1/S2uzCh8mKDRwWrvbxuHOD3l01tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a31ddb-1fd2-461c-bfeb-82ee2d2b4289/1/4ndTjewu_NLxHMY3GX0dmm_a6dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.200.0/21
                  185.112.136.0/22
                IPv6:
                  2a06:6180::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:f4:56:27:16:47:ad:58:41:d6:e7:70:0c:df:d2:7d:9f:82:
         a0:00:d9:52:56:60:ae:b2:0e:a9:76:15:97:b0:72:c0:4b:1b:
         5b:9e:e2:bf:96:01:9b:66:81:77:df:2b:ba:27:52:9d:85:dd:
         6c:49:5d:f8:9d:c3:6c:05:0b:d3:ff:3e:74:cc:9e:15:20:3e:
         27:3d:45:b4:39:e0:53:00:9c:49:2e:96:b4:84:e3:34:cb:89:
         b6:64:f1:74:0d:89:d2:5d:5a:1b:e9:26:b7:f9:6f:66:54:f3:
         62:66:9a:01:2a:ed:f1:b8:7e:14:20:e8:31:a9:ab:b5:c1:6c:
         ae:c1:8f:23:31:31:4e:e4:5c:66:a5:97:79:61:7a:a8:4d:b6:
         37:b9:72:c4:0c:7b:a3:ef:d9:29:98:f0:c2:c1:c5:18:17:31:
         7f:04:a4:73:6f:5f:be:5a:64:ec:a9:35:19:f8:a1:d7:1d:5f:
         74:17:72:47:94:01:92:d1:f2:42:0e:cb:ee:3a:75:22:3e:b3:
         68:08:42:0b:5c:40:a7:95:08:f9:71:56:23:36:a0:9a:ef:16:
         3e:2a:7b:2d:b7:fe:3f:54:fe:1f:65:be:8d:4e:61:40:63:60:
         05:98:21:a3:7a:36:04:50:08:35:09:27:45:93:0b:ce:96:28:
         d3:ab:e3:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbgzMys2SgWOVLTIFEytRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNzc1MzhkZWMyZWZjZDJmMTFjYzYzNzE5N2QxZDlhNmZk
YWU5ZDkwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjZiYjMwYTFmMjYyODM0NzA1YWJiZGJjNmUxY2UwZjc5NzRkNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiA+6g447Zf/FN8ZLRW1EE0V82XU7
lkP/Gu62UmsloKXIg8VXjq7dIVmYNE+juHTobbNzGK51Ax4wAYEuN424ws2EvxSq
xQXPVfSQ2w/oBRq2Yknr9PUi5ysjGn3Ou8Qr1DVRyMTMB5rnheVMIpuhYf3kzSF+
J+a2BOSgS64yvGG7AbVB2SXpKYwXzy2PXDHIXPMUFL0v9AGnPcs6Yqdpp+ibmSwE
Ec77HIIWI6OGefEuOhpqFVKz6+d0Undi6XskQytrIQW8aZHpl/kbdtz0v2plhjBA
aQ41mBlMHATFWQuiL2C7/OwQcjckFc9L1aLFxVp0QEVjyjcFQQt5xeaH1QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEtrswofJig0cFq728bhzg95dNbUMB8GA1UdIwQY
MBaAFOJ3U43sLvzS8RzGNxl9HZpv2unZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG5kVGpld3VfTkx4SE1ZM0dYMGRtbV9hNmRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hMzFkZGItMWZkMi00NjFjLWJmZWIt
ODJlZTJkMmI0Mjg5LzEvUzJ1ekNoOG1LRFJ3V3J2Ynh1SE9EM2wwMXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hMzFkZGItMWZkMi00NjFjLWJmZWItODJlZTJkMmI0Mjg5
LzEvNG5kVGpld3VfTkx4SE1ZM0dYMGRtbV9hNmRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVXbIAwQC
uXCIMA0EAgACMAcDBQMqBmGAMA0GCSqGSIb3DQEBCwUAA4IBAQAh9FYnFketWEHW
53AM39J9n4KgANlSVmCusg6pdhWXsHLASxtbnuK/lgGbZoF33yu6J1Kdhd1sSV34
ncNsBQvT/z50zJ4VID4nPUW0OeBTAJxJLpa0hOM0y4m2ZPF0DYnSXVob6Sa3+W9m
VPNiZpoBKu3xuH4UIOgxqau1wWyuwY8jMTFO5FxmpZd5YXqoTbY3uXLEDHuj79kp
mPDCwcUYFzF/BKRzb1++WmTsqTUZ+KHXHV90F3JHlAGS0fJCDsvuOnUiPrNoCEIL
XECnlQj5cVYjNqCa7xY+Knstt/4/VP4fZb6NTmFAY2AFmCGjejYEUAg1CSdFkwvO
lijTq+M0
-----END CERTIFICATE-----