Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/EGVu-mbXBqUf60_nuaxm1gnX_S4.roa
File:                     EGVu-mbXBqUf60_nuaxm1gnX_S4.roa (raw, json)
Hash identifier:          mzFRixQOCAXy131KudzurUtyd4oH0u9R9Fm/6j7PB2E=
Subject key identifier:   10:65:6E:FA:66:D7:06:A5:1F:EB:4F:E7:B9:AC:66:D6:09:D7:FD:2E
Certificate issuer:       /CN=4127b0c0fe7c08935e258713fcf90fe958ee03ee
Certificate serial:       018CC5DBE86083319B91FE27F3E498EBE21F
Authority key identifier: 41:27:B0:C0:FE:7C:08:93:5E:25:87:13:FC:F9:0F:E9:58:EE:03:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/EGVu-mbXBqUf60_nuaxm1gnX_S4.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.120.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e8:60:83:31:9b:91:fe:27:f3:e4:98:eb:e2:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4127b0c0fe7c08935e258713fcf90fe958ee03ee
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10656efa66d706a51feb4fe7b9ac66d609d7fd2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:df:b3:48:51:6b:4b:a4:36:f5:09:70:f7:92:
                    e9:1b:02:8d:a9:4d:1b:26:d1:b1:4d:78:14:07:66:
                    76:c7:4a:b5:35:ec:5a:d2:76:e7:cd:78:31:d0:a0:
                    fc:b8:69:86:9a:55:6f:a1:25:bc:b9:0f:b4:19:e6:
                    d3:ab:d5:a5:65:65:ec:cf:7d:05:80:02:da:28:86:
                    e1:25:2a:d3:9c:59:72:67:0b:59:25:12:d8:7d:05:
                    dc:5d:ca:18:1b:e3:15:84:8e:8f:9f:9d:93:91:fd:
                    43:f7:bd:7d:20:7f:19:cb:2f:d9:d0:18:2e:06:82:
                    f9:ff:c8:2b:b6:c2:22:d9:44:99:06:e8:2a:17:cb:
                    7e:84:5b:30:b5:c6:a7:85:21:9d:3b:03:b7:94:13:
                    9e:10:7e:de:a2:a8:37:0c:e7:67:76:ce:1d:ac:5a:
                    08:4e:ef:ba:3b:3d:bb:18:4c:bf:69:05:b6:b8:e9:
                    18:1c:2f:81:77:e3:50:11:78:48:a8:49:c6:d1:dc:
                    03:0a:d1:af:5c:ca:b4:eb:67:a1:73:2e:f7:49:5c:
                    cf:a8:a4:52:35:a8:7a:b7:6f:a9:4e:49:8e:87:71:
                    e2:47:a7:82:c9:b3:fa:3c:64:1c:c6:80:34:19:b1:
                    e3:32:d9:b4:4c:4b:87:49:8b:2c:62:27:16:e3:53:
                    f1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:65:6E:FA:66:D7:06:A5:1F:EB:4F:E7:B9:AC:66:D6:09:D7:FD:2E
            X509v3 Authority Key Identifier:
                keyid:41:27:B0:C0:FE:7C:08:93:5E:25:87:13:FC:F9:0F:E9:58:EE:03:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/EGVu-mbXBqUf60_nuaxm1gnX_S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:5b:c1:27:7c:74:c8:a9:5d:a1:eb:59:54:b1:95:68:36:f1:
         f4:6e:76:28:87:99:3c:02:4d:dc:7b:19:c4:c9:a8:62:ec:e5:
         de:dd:5d:1e:6b:da:ab:ac:45:b8:14:e3:2c:a6:15:b6:2a:88:
         21:26:00:cc:31:65:06:6e:cf:d4:05:8e:9f:b0:7e:5d:03:93:
         0c:5d:9d:61:cc:2b:46:e0:82:10:7f:79:1d:9e:99:c8:e9:43:
         cb:2b:57:d8:02:9f:37:8d:88:b4:b2:36:d6:d2:f7:59:6f:63:
         ef:8a:b2:30:5b:6a:d5:b7:0b:b0:d5:ff:96:79:59:25:2a:3d:
         fc:3c:47:dc:7e:10:4d:72:36:8d:0f:9c:8d:fa:11:4e:75:4e:
         37:5d:b5:89:99:71:8f:98:da:2c:7f:a3:79:9c:51:7a:e6:e0:
         2b:ba:7a:b8:ff:46:39:cc:3c:6b:99:5e:00:66:5a:05:40:49:
         43:fb:c8:fc:71:f1:e9:3f:32:5d:35:bd:95:27:9b:67:d1:7e:
         9c:1f:95:53:41:4b:6d:71:fe:ce:15:92:e7:fb:e0:62:09:e9:
         15:c3:2e:90:6b:cd:a9:0e:89:0d:77:3b:ef:f0:de:a3:97:af:
         5d:c8:69:5a:19:60:8b:25:95:e3:f6:5f:75:f4:06:1a:6b:f4:
         24:b0:04:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+hggzGbkf4n8+SY6+IfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjdiMGMwZmU3YzA4OTM1ZTI1ODcxM2ZjZjkwZmU5NThl
ZTAzZWUwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDY1NmVmYTY2ZDcwNmE1MWZlYjRmZTdiOWFjNjZkNjA5ZDdmZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0N+zSFFrS6Q29Qlw95LpGwKNqU0b
JtGxTXgUB2Z2x0q1Nexa0nbnzXgx0KD8uGmGmlVvoSW8uQ+0GebTq9WlZWXsz30F
gALaKIbhJSrTnFlyZwtZJRLYfQXcXcoYG+MVhI6Pn52Tkf1D9719IH8Zyy/Z0Bgu
BoL5/8grtsIi2USZBugqF8t+hFswtcanhSGdOwO3lBOeEH7eoqg3DOdnds4drFoI
Tu+6Oz27GEy/aQW2uOkYHC+Bd+NQEXhIqEnG0dwDCtGvXMq062ehcy73SVzPqKRS
Nah6t2+pTkmOh3HiR6eCybP6PGQcxoA0GbHjMtm0TEuHSYssYicW41PxIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBlbvpm1walH+tP57msZtYJ1/0uMB8GA1UdIwQY
MBaAFEEnsMD+fAiTXiWHE/z5D+lY7gPuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNld3dQNThDSk5lSlljVF9Qa1A2Vmp1QS00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iZTI5MDMtMzUzOC00NmZmLWFhZTQt
YmQxZDQ4ZDUxMmNlLzEvRUdWdS1tYlhCcVVmNjBfbnVheG0xZ25YX1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iZTI5MDMtMzUzOC00NmZmLWFhZTQtYmQxZDQ4ZDUxMmNl
LzEvUVNld3dQNThDSk5lSlljVF9Qa1A2Vmp1QS00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXiMMA0G
CSqGSIb3DQEBCwUAA4IBAQByW8EnfHTIqV2h61lUsZVoNvH0bnYoh5k8Ak3cexnE
yahi7OXe3V0ea9qrrEW4FOMsphW2KoghJgDMMWUGbs/UBY6fsH5dA5MMXZ1hzCtG
4IIQf3kdnpnI6UPLK1fYAp83jYi0sjbW0vdZb2PvirIwW2rVtwuw1f+WeVklKj38
PEfcfhBNcjaND5yN+hFOdU43XbWJmXGPmNosf6N5nFF65uArunq4/0Y5zDxrmV4A
ZloFQElD+8j8cfHpPzJdNb2VJ5tn0X6cH5VTQUttcf7OFZLn++BiCekVwy6Qa82p
DokNdzvv8N6jl69dyGlaGWCLJZXj9l919AYaa/QksARW
-----END CERTIFICATE-----