Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/d54138-1308-4b42-a170-5492e0e4ebc3/1/sFrO_KHeEp-PecdtEq-jtQArmF0.roa
File:                     sFrO_KHeEp-PecdtEq-jtQArmF0.roa (raw, json)
Hash identifier:          u7bQb5ILOLJ7NVsXLJ1XOxocIE51j2L9RL7aCLv0MwE=
Subject key identifier:   B0:5A:CE:FC:A1:DE:12:9F:8F:79:C7:6D:12:AF:A3:B5:00:2B:98:5D
Certificate issuer:       /CN=4674af1bbdc4ca483c669c4fe0bdd764b8ac1675
Certificate serial:       018CC794EB1F8A4399F5BD42E6B42159601E
Authority key identifier: 46:74:AF:1B:BD:C4:CA:48:3C:66:9C:4F:E0:BD:D7:64:B8:AC:16:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RnSvG73Eykg8ZpxP4L3XZLisFnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/d54138-1308-4b42-a170-5492e0e4ebc3/1/sFrO_KHeEp-PecdtEq-jtQArmF0.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3225
IP address blocks:        185.46.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/d54138-1308-4b42-a170-5492e0e4ebc3/1/RnSvG73Eykg8ZpxP4L3XZLisFnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/d54138-1308-4b42-a170-5492e0e4ebc3/1/RnSvG73Eykg8ZpxP4L3XZLisFnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RnSvG73Eykg8ZpxP4L3XZLisFnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:eb:1f:8a:43:99:f5:bd:42:e6:b4:21:59:60:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4674af1bbdc4ca483c669c4fe0bdd764b8ac1675
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b05acefca1de129f8f79c76d12afa3b5002b985d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:48:47:58:ea:d5:ea:37:56:d0:3e:a9:ef:2a:
                    ab:43:eb:8e:1b:64:dd:32:09:3d:e5:67:19:77:11:
                    df:22:1f:cf:bb:e4:4f:53:20:0c:94:af:6b:3a:9c:
                    51:df:2d:4d:89:58:dc:76:c3:16:49:c2:09:3d:55:
                    d9:14:be:20:e1:1b:27:f6:06:d9:23:bf:97:a3:da:
                    d9:82:91:54:92:2e:05:c4:92:b8:3b:c6:b8:2c:d7:
                    56:6a:35:a0:8d:9c:f6:e8:b1:76:a5:4b:e9:1b:c0:
                    e2:1b:8c:58:73:1a:93:d1:1b:c4:92:2b:28:c0:6b:
                    7a:60:f4:59:f1:17:74:79:c2:3e:1f:bf:b5:6a:b7:
                    ef:4f:fa:3d:d6:ae:20:67:0f:95:be:99:2e:61:52:
                    7a:1f:96:af:10:1f:ea:c0:89:74:cf:8a:77:6b:c7:
                    4c:20:a0:62:ce:c0:0c:8d:f5:a2:02:54:b4:16:ba:
                    4e:7d:49:9d:0c:3a:fd:22:47:8b:49:11:00:30:76:
                    6b:53:b8:88:e7:0e:87:a0:a1:68:1b:28:40:6c:88:
                    8c:62:4a:1d:51:38:0f:9a:16:a1:be:6e:09:e5:f5:
                    de:9d:91:22:49:f2:8b:32:9b:84:13:7e:8a:cb:4c:
                    12:14:c9:d4:97:6f:31:e2:06:c0:4e:8d:ba:33:b4:
                    83:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5A:CE:FC:A1:DE:12:9F:8F:79:C7:6D:12:AF:A3:B5:00:2B:98:5D
            X509v3 Authority Key Identifier:
                keyid:46:74:AF:1B:BD:C4:CA:48:3C:66:9C:4F:E0:BD:D7:64:B8:AC:16:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RnSvG73Eykg8ZpxP4L3XZLisFnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/d54138-1308-4b42-a170-5492e0e4ebc3/1/sFrO_KHeEp-PecdtEq-jtQArmF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/d54138-1308-4b42-a170-5492e0e4ebc3/1/RnSvG73Eykg8ZpxP4L3XZLisFnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:3e:6c:5f:dd:20:d3:69:3d:44:9d:5a:34:ce:0d:5f:cd:25:
         ff:ad:34:24:73:4f:b9:a9:d0:95:1c:4d:85:01:8f:89:a1:4d:
         82:b0:97:fc:6e:4b:2c:45:08:20:ea:ed:b0:70:c1:a9:f6:5c:
         f7:4d:2d:f6:19:c4:3b:28:23:41:31:00:46:0d:67:e0:18:7c:
         64:d2:01:0e:17:6f:37:51:84:61:09:88:63:94:a7:86:e9:fa:
         71:32:fc:ee:a5:03:30:34:e7:d3:5c:f4:20:0e:07:38:fe:f9:
         31:c4:82:59:de:14:b3:65:cf:97:08:63:43:ef:da:8c:3f:2a:
         9b:b4:f9:74:7b:6f:f9:c2:0d:1b:40:28:99:ef:22:c9:67:f8:
         76:44:c1:c7:b5:bd:78:91:c7:a8:d0:99:da:a6:f1:d3:a8:40:
         e2:04:ad:38:90:3d:9f:27:4a:d1:78:a2:66:3e:e2:dd:ee:c2:
         eb:14:cf:d6:12:98:ce:35:e8:b8:d7:11:f5:9a:a1:47:d8:af:
         1c:78:07:53:8f:53:56:05:d8:e0:51:79:7d:29:7f:70:91:36:
         47:7b:03:6f:b3:cc:98:2c:34:32:da:59:ee:ea:a8:00:e5:71:
         99:1b:19:9e:6b:91:9d:69:c1:f3:a1:6b:61:58:82:b4:19:87:
         c3:d1:fa:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOsfikOZ9b1C5rQhWWAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NzRhZjFiYmRjNGNhNDgzYzY2OWM0ZmUwYmRkNzY0Yjhh
YzE2NzUwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVhY2VmY2ExZGUxMjlmOGY3OWM3NmQxMmFmYTNiNTAwMmI5ODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0hHWOrV6jdW0D6p7yqrQ+uOG2Td
Mgk95WcZdxHfIh/Pu+RPUyAMlK9rOpxR3y1NiVjcdsMWScIJPVXZFL4g4Rsn9gbZ
I7+Xo9rZgpFUki4FxJK4O8a4LNdWajWgjZz26LF2pUvpG8DiG4xYcxqT0RvEkiso
wGt6YPRZ8Rd0ecI+H7+1arfvT/o91q4gZw+VvpkuYVJ6H5avEB/qwIl0z4p3a8dM
IKBizsAMjfWiAlS0FrpOfUmdDDr9IkeLSREAMHZrU7iI5w6HoKFoGyhAbIiMYkod
UTgPmhahvm4J5fXenZEiSfKLMpuEE36Ky0wSFMnUl28x4gbATo26M7SDtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBazvyh3hKfj3nHbRKvo7UAK5hdMB8GA1UdIwQY
MBaAFEZ0rxu9xMpIPGacT+C912S4rBZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm5Tdkc3M0V5a2c4WnB4UDRMM1haTGlzRm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kNTQxMzgtMTMwOC00YjQyLWExNzAt
NTQ5MmUwZTRlYmMzLzEvc0ZyT19LSGVFcC1QZWNkdEVxLWp0UUFybUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kNTQxMzgtMTMwOC00YjQyLWExNzAtNTQ5MmUwZTRlYmMz
LzEvUm5Tdkc3M0V5a2c4WnB4UDRMM1haTGlzRm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS6QMA0G
CSqGSIb3DQEBCwUAA4IBAQACPmxf3SDTaT1EnVo0zg1fzSX/rTQkc0+5qdCVHE2F
AY+JoU2CsJf8bkssRQgg6u2wcMGp9lz3TS32GcQ7KCNBMQBGDWfgGHxk0gEOF283
UYRhCYhjlKeG6fpxMvzupQMwNOfTXPQgDgc4/vkxxIJZ3hSzZc+XCGND79qMPyqb
tPl0e2/5wg0bQCiZ7yLJZ/h2RMHHtb14kceo0JnapvHTqEDiBK04kD2fJ0rReKJm
PuLd7sLrFM/WEpjONei41xH1mqFH2K8ceAdTj1NWBdjgUXl9KX9wkTZHewNvs8yY
LDQy2lnu6qgA5XGZGxmea5GdacHzoWthWIK0GYfD0fpt
-----END CERTIFICATE-----