Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/4WL3iDNHSh-yBr7VybLOCKHER2g.roa
File:                     4WL3iDNHSh-yBr7VybLOCKHER2g.roa (raw, json)
Hash identifier:          aUIcNQ50drdtfo1K26QP9tjWp9DL6fo3oDL00UtQMMY=
Subject key identifier:   E1:62:F7:88:33:47:4A:1F:B2:06:BE:D5:C9:B2:CE:08:A1:C4:47:68
Certificate issuer:       /CN=5f1a427072b31d44784c375dfae42278e71fa836
Certificate serial:       018CCA2926B228F8B5F0305B9EE9AF49C589
Authority key identifier: 5F:1A:42:70:72:B3:1D:44:78:4C:37:5D:FA:E4:22:78:E7:1F:A8:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XxpCcHKzHUR4TDdd-uQieOcfqDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/4WL3iDNHSh-yBr7VybLOCKHER2g.roa
Signing time:             Tue 02 Jan 2024 12:32:23 +0000
ROA not before:           Tue 02 Jan 2024 12:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272988
IP address blocks:        185.236.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/XxpCcHKzHUR4TDdd-uQieOcfqDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/XxpCcHKzHUR4TDdd-uQieOcfqDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XxpCcHKzHUR4TDdd-uQieOcfqDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:26:b2:28:f8:b5:f0:30:5b:9e:e9:af:49:c5:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1a427072b31d44784c375dfae42278e71fa836
        Validity
            Not Before: Jan  2 12:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e162f78833474a1fb206bed5c9b2ce08a1c44768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9c:1c:a6:41:c1:27:ec:96:75:00:a8:a6:33:
                    57:2b:d3:72:9c:81:b7:4a:80:ae:ca:7c:47:b2:c2:
                    bd:7e:8f:4c:4d:42:a4:b7:d9:78:de:fa:8c:f6:db:
                    98:d7:2a:23:3c:ff:cb:d4:2a:f5:22:13:e8:f7:0f:
                    2a:d6:8c:d0:83:a0:9a:07:09:ab:31:d4:0b:bd:56:
                    eb:45:b8:4e:a0:c6:2e:ea:67:d1:54:5e:23:c6:65:
                    2f:70:2d:56:a0:88:74:59:cc:32:13:3a:2f:cb:a6:
                    24:1a:85:3e:ef:a6:4d:7b:4c:14:e0:cc:9d:17:97:
                    72:7e:9c:9b:05:35:1c:6e:a3:1c:48:61:1f:94:81:
                    96:58:fb:8a:a3:04:2f:b5:da:88:b6:ed:9f:8f:20:
                    24:88:82:36:66:78:6a:7d:fa:09:e1:1e:8a:12:69:
                    fc:50:4e:ec:78:be:98:9d:b4:a5:bf:b4:e8:72:c1:
                    73:c3:b4:8e:bb:31:b2:6a:b0:a5:d0:87:2c:49:c3:
                    96:2f:8a:3c:eb:a5:3d:45:71:ec:ad:a6:56:ff:59:
                    9d:14:a5:be:72:d6:aa:b5:c6:2a:f1:55:ed:95:77:
                    d8:cb:17:a3:40:6e:88:62:1c:4d:03:8a:7e:96:b4:
                    cf:c5:14:f6:86:da:be:d9:63:45:78:0f:e9:7d:e4:
                    7d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:62:F7:88:33:47:4A:1F:B2:06:BE:D5:C9:B2:CE:08:A1:C4:47:68
            X509v3 Authority Key Identifier:
                keyid:5F:1A:42:70:72:B3:1D:44:78:4C:37:5D:FA:E4:22:78:E7:1F:A8:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XxpCcHKzHUR4TDdd-uQieOcfqDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/4WL3iDNHSh-yBr7VybLOCKHER2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/XxpCcHKzHUR4TDdd-uQieOcfqDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:0e:35:46:63:ad:49:35:be:a0:91:d1:14:56:c0:41:c9:69:
         ea:98:3b:b1:1c:7e:09:67:97:10:1b:21:b8:98:3c:a0:83:ec:
         a6:d0:da:ce:16:6b:c4:bc:e6:8d:10:7a:85:30:37:91:28:c3:
         6a:5e:66:25:ea:20:1f:3e:d1:df:b3:99:2b:5b:43:f9:32:47:
         6f:13:6f:70:ee:0a:5e:fe:56:8f:7c:82:b8:0e:a0:f8:50:58:
         c4:d3:9c:b3:e5:f5:c6:4c:30:b9:c4:83:5d:8c:56:c4:d7:cd:
         e5:f2:ef:52:3d:85:98:c8:46:f2:4c:50:6a:e2:b2:b0:60:9b:
         4e:3d:66:54:8b:c9:b5:d5:a9:38:56:05:fe:7f:1e:1e:d3:83:
         7e:8a:ae:d7:c2:63:d4:e6:e1:6c:37:18:1e:13:3f:ff:72:9d:
         c1:d4:ab:33:ac:e2:b3:18:2d:90:1b:47:f9:e8:37:a4:70:a9:
         df:45:a8:65:fb:d2:6e:ac:6d:c9:9c:34:a8:27:1f:c9:21:9a:
         21:cb:a9:0c:a4:ef:51:54:0d:9c:bb:62:aa:d0:cd:2b:a5:63:
         dd:a8:3f:79:84:e3:dc:13:9d:0a:ee:20:aa:98:29:30:4d:9d:
         07:fc:2f:11:7a:90:3f:f6:e8:3a:cb:e9:b8:1d:1c:6c:05:df:
         01:7e:6c:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKSayKPi18DBbnumvScWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWE0MjcwNzJiMzFkNDQ3ODRjMzc1ZGZhZTQyMjc4ZTcx
ZmE4MzYwHhcNMjQwMTAyMTIzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTYyZjc4ODMzNDc0YTFmYjIwNmJlZDVjOWIyY2UwOGExYzQ0NzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pwcpkHBJ+yWdQCopjNXK9NynIG3
SoCuynxHssK9fo9MTUKkt9l43vqM9tuY1yojPP/L1Cr1IhPo9w8q1ozQg6CaBwmr
MdQLvVbrRbhOoMYu6mfRVF4jxmUvcC1WoIh0WcwyEzovy6YkGoU+76ZNe0wU4Myd
F5dyfpybBTUcbqMcSGEflIGWWPuKowQvtdqItu2fjyAkiII2ZnhqffoJ4R6KEmn8
UE7seL6YnbSlv7TocsFzw7SOuzGyarCl0IcsScOWL4o866U9RXHsraZW/1mdFKW+
ctaqtcYq8VXtlXfYyxejQG6IYhxNA4p+lrTPxRT2htq+2WNFeA/pfeR9owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFi94gzR0ofsga+1cmyzgihxEdoMB8GA1UdIwQY
MBaAFF8aQnBysx1EeEw3XfrkInjnH6g2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHhwQ2NIS3pIVVI0VERkZC11UWllT2NmcURZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8wNzdmNjQtYjg0My00NjlmLTg1NDct
ZGQyMGJiMjA4YmJhLzEvNFdMM2lETkhTaC15QnI3VnliTE9DS0hFUjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8wNzdmNjQtYjg0My00NjlmLTg1NDctZGQyMGJiMjA4YmJh
LzEvWHhwQ2NIS3pIVVI0VERkZC11UWllT2NmcURZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuey2MA0G
CSqGSIb3DQEBCwUAA4IBAQAYDjVGY61JNb6gkdEUVsBByWnqmDuxHH4JZ5cQGyG4
mDygg+ym0NrOFmvEvOaNEHqFMDeRKMNqXmYl6iAfPtHfs5krW0P5MkdvE29w7gpe
/laPfIK4DqD4UFjE05yz5fXGTDC5xINdjFbE183l8u9SPYWYyEbyTFBq4rKwYJtO
PWZUi8m11ak4VgX+fx4e04N+iq7XwmPU5uFsNxgeEz//cp3B1KszrOKzGC2QG0f5
6DekcKnfRahl+9JurG3JnDSoJx/JIZohy6kMpO9RVA2cu2Kq0M0rpWPdqD95hOPc
E50K7iCqmCkwTZ0H/C8RepA/9ug6y+m4HRxsBd8Bfmx3
-----END CERTIFICATE-----