Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/d8e64d-9d6c-4149-a69a-79d52dc66926/1/4jI0i8_6pYiX9xBXrR6uF1vCmHs.roa
File:                     4jI0i8_6pYiX9xBXrR6uF1vCmHs.roa (raw, json)
Hash identifier:          kUElw7USc9zEAZwm/liTAAyQSkb9uOAiOA6699dr8Y0=
Subject key identifier:   E2:32:34:8B:CF:FA:A5:88:97:F7:10:57:AD:1E:AE:17:5B:C2:98:7B
Certificate issuer:       /CN=f5d412953ac06a7c52cb26796f8806b1bb859617
Certificate serial:       018CC56E25FD0F191BBE07A7D7B37BF7AF82
Authority key identifier: F5:D4:12:95:3A:C0:6A:7C:52:CB:26:79:6F:88:06:B1:BB:85:96:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dQSlTrAanxSyyZ5b4gGsbuFlhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/d8e64d-9d6c-4149-a69a-79d52dc66926/1/4jI0i8_6pYiX9xBXrR6uF1vCmHs.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203443
IP address blocks:        185.134.48.0/22 maxlen: 22
                          2a07:6800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/d8e64d-9d6c-4149-a69a-79d52dc66926/1/9dQSlTrAanxSyyZ5b4gGsbuFlhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/d8e64d-9d6c-4149-a69a-79d52dc66926/1/9dQSlTrAanxSyyZ5b4gGsbuFlhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dQSlTrAanxSyyZ5b4gGsbuFlhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:25:fd:0f:19:1b:be:07:a7:d7:b3:7b:f7:af:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d412953ac06a7c52cb26796f8806b1bb859617
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e232348bcffaa58897f71057ad1eae175bc2987b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e6:a8:cb:4b:f5:81:75:fa:5b:6e:2e:ea:87:
                    5d:07:e3:f4:f3:f3:83:78:d3:d6:b0:eb:cb:c0:5b:
                    ac:60:74:8d:b3:bf:9b:2f:ee:33:59:76:d6:7c:c7:
                    53:7a:c7:ac:e7:1a:3c:28:bf:92:25:65:7a:65:6b:
                    52:58:ed:0d:f9:f7:6b:e4:20:e7:a4:2d:10:be:d1:
                    f0:25:7f:60:9d:b3:fa:e8:64:62:51:90:4c:d4:72:
                    b7:0e:d4:2e:57:9c:e8:05:0c:b6:ee:cc:27:fd:95:
                    9d:83:b7:db:13:fd:6f:a0:f7:5a:1e:f0:69:54:fd:
                    6b:2e:ca:85:fb:94:2a:f2:3d:c8:7a:f2:49:8e:a2:
                    3c:13:44:69:6d:e6:ba:4b:72:f6:82:10:07:2d:94:
                    6a:e1:20:bc:11:76:3d:92:ad:76:95:f3:86:bd:d1:
                    81:9e:62:c2:cd:89:dc:06:4d:4a:15:3c:a3:1c:d8:
                    09:80:a4:af:5b:03:9c:1a:3e:0d:cc:19:ba:16:6e:
                    cb:5d:d7:29:39:14:98:0f:64:8e:ac:8b:8b:c5:85:
                    23:eb:9c:54:6b:04:11:dd:32:03:4c:b1:f0:f7:e2:
                    2a:2a:6f:43:bd:a3:2f:b8:4f:7b:16:63:58:ec:89:
                    e9:09:b6:21:79:8e:82:ed:b0:1d:20:fb:df:2e:3d:
                    e5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:32:34:8B:CF:FA:A5:88:97:F7:10:57:AD:1E:AE:17:5B:C2:98:7B
            X509v3 Authority Key Identifier:
                keyid:F5:D4:12:95:3A:C0:6A:7C:52:CB:26:79:6F:88:06:B1:BB:85:96:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dQSlTrAanxSyyZ5b4gGsbuFlhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/d8e64d-9d6c-4149-a69a-79d52dc66926/1/4jI0i8_6pYiX9xBXrR6uF1vCmHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/d8e64d-9d6c-4149-a69a-79d52dc66926/1/9dQSlTrAanxSyyZ5b4gGsbuFlhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.48.0/22
                IPv6:
                  2a07:6800::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:56:29:5e:d1:61:d9:8f:39:a4:5b:71:9f:bb:a0:77:bf:f9:
         1e:ed:b9:85:79:c4:f4:99:1c:4d:8a:1f:45:37:f0:02:20:82:
         96:30:d3:84:80:12:1a:fa:9a:f3:61:78:df:51:23:fa:02:f7:
         88:65:9f:b5:60:ea:f3:39:d3:db:28:72:18:ba:81:1f:11:ef:
         b1:62:82:91:46:b9:32:cc:1d:89:ed:ef:d9:64:51:c9:07:ec:
         8e:12:19:8f:8d:e0:86:9c:ce:b0:c3:28:13:7f:31:72:74:5f:
         fd:f5:ea:86:2f:46:24:84:d4:ec:00:6e:d8:c9:a9:56:d7:47:
         d3:99:76:3c:82:50:7d:ac:57:b2:f3:96:e8:f0:cd:44:ea:b9:
         27:4b:d3:16:c0:0c:ae:82:c4:84:89:63:5d:04:2e:1e:de:ba:
         cb:1b:5a:a4:0f:4f:a4:15:f9:c2:a8:93:85:6a:4e:47:0f:44:
         0f:b8:a7:0d:84:56:4a:ff:19:e0:8c:e0:f1:14:d3:ca:39:18:
         0e:42:9c:e3:84:7c:54:53:aa:70:b2:f3:d5:14:33:f8:d8:27:
         8c:fb:d3:15:47:91:9f:51:7f:86:71:71:e9:b8:09:16:64:2c:
         3b:7b:c1:3b:5c:d4:9d:24:f5:f2:fb:c5:20:31:f8:da:2c:b0:
         2a:cf:38:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbiX9Dxkbvgen17N796+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDQxMjk1M2FjMDZhN2M1MmNiMjY3OTZmODgwNmIxYmI4
NTk2MTcwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjMyMzQ4YmNmZmFhNTg4OTdmNzEwNTdhZDFlYWUxNzViYzI5ODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+aoy0v1gXX6W24u6oddB+P08/OD
eNPWsOvLwFusYHSNs7+bL+4zWXbWfMdTeses5xo8KL+SJWV6ZWtSWO0N+fdr5CDn
pC0QvtHwJX9gnbP66GRiUZBM1HK3DtQuV5zoBQy27swn/ZWdg7fbE/1voPdaHvBp
VP1rLsqF+5Qq8j3IevJJjqI8E0Rpbea6S3L2ghAHLZRq4SC8EXY9kq12lfOGvdGB
nmLCzYncBk1KFTyjHNgJgKSvWwOcGj4NzBm6Fm7LXdcpORSYD2SOrIuLxYUj65xU
awQR3TIDTLHw9+IqKm9DvaMvuE97FmNY7InpCbYheY6C7bAdIPvfLj3l1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOIyNIvP+qWIl/cQV60erhdbwph7MB8GA1UdIwQY
MBaAFPXUEpU6wGp8UssmeW+IBrG7hZYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRRU2xUckFhbnhTeXlaNWI0Z0dzYnVGbGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kOGU2NGQtOWQ2Yy00MTQ5LWE2OWEt
NzlkNTJkYzY2OTI2LzEvNGpJMGk4XzZwWWlYOXhCWHJSNnVGMXZDbUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kOGU2NGQtOWQ2Yy00MTQ5LWE2OWEtNzlkNTJkYzY2OTI2
LzEvOWRRU2xUckFhbnhTeXlaNWI0Z0dzYnVGbGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYYwMA0E
AgACMAcDBQMqB2gAMA0GCSqGSIb3DQEBCwUAA4IBAQB4Vile0WHZjzmkW3Gfu6B3
v/ke7bmFecT0mRxNih9FN/ACIIKWMNOEgBIa+przYXjfUSP6AveIZZ+1YOrzOdPb
KHIYuoEfEe+xYoKRRrkyzB2J7e/ZZFHJB+yOEhmPjeCGnM6wwygTfzFydF/99eqG
L0YkhNTsAG7YyalW10fTmXY8glB9rFey85bo8M1E6rknS9MWwAyugsSEiWNdBC4e
3rrLG1qkD0+kFfnCqJOFak5HD0QPuKcNhFZK/xngjODxFNPKORgOQpzjhHxUU6pw
svPVFDP42CeM+9MVR5GfUX+GcXHpuAkWZCw7e8E7XNSdJPXy+8UgMfjaLLAqzzjo
-----END CERTIFICATE-----