Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9445a9-3f7f-4f4a-80b8-5b910157271b/1/mAKm25Ksm_z8ew6z3xwE12PpnP8.roa
File:                     mAKm25Ksm_z8ew6z3xwE12PpnP8.roa (raw, json)
Hash identifier:          zCJaao9aGvB9C5+dyWqyXR8QH2iC+FEnhef1zrzHPXA=
Subject key identifier:   98:02:A6:DB:92:AC:9B:FC:FC:7B:0E:B3:DF:1C:04:D7:63:E9:9C:FF
Certificate issuer:       /CN=0d1e3fd5040bb9fb9126e5119e5ff7c074da5bbc
Certificate serial:       018CC870BBB74DA0E9EFD0BBB1D78BB10566
Authority key identifier: 0D:1E:3F:D5:04:0B:B9:FB:91:26:E5:11:9E:5F:F7:C0:74:DA:5B:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DR4_1QQLufuRJuURnl_3wHTaW7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9445a9-3f7f-4f4a-80b8-5b910157271b/1/mAKm25Ksm_z8ew6z3xwE12PpnP8.roa
Signing time:             Tue 02 Jan 2024 04:31:20 +0000
ROA not before:           Tue 02 Jan 2024 04:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203081
IP address blocks:        185.145.4.0/22 maxlen: 22
                          2a07:44c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9445a9-3f7f-4f4a-80b8-5b910157271b/1/DR4_1QQLufuRJuURnl_3wHTaW7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9445a9-3f7f-4f4a-80b8-5b910157271b/1/DR4_1QQLufuRJuURnl_3wHTaW7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DR4_1QQLufuRJuURnl_3wHTaW7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:bb:b7:4d:a0:e9:ef:d0:bb:b1:d7:8b:b1:05:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d1e3fd5040bb9fb9126e5119e5ff7c074da5bbc
        Validity
            Not Before: Jan  2 04:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9802a6db92ac9bfcfc7b0eb3df1c04d763e99cff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4d:2e:e6:14:a4:d4:e8:f9:b4:bd:58:e3:a3:
                    f0:09:0f:4a:b1:c4:4f:06:69:20:82:fa:36:14:73:
                    e1:60:ef:ba:d3:40:a5:a9:78:2b:8d:3e:8b:48:fd:
                    e4:43:cd:f0:40:1e:13:06:e2:c2:de:56:6f:5f:60:
                    a9:f5:45:3b:42:97:a1:24:0f:a3:61:92:d0:65:39:
                    49:d2:32:cd:25:73:09:fb:0f:19:b1:12:05:29:bd:
                    d0:65:fe:bc:3f:06:c1:93:40:d1:cb:57:35:ce:09:
                    3a:5d:dd:dd:4e:ff:84:86:b7:ad:a8:0b:3a:8c:ec:
                    ac:db:19:67:6b:b6:85:9d:8f:b3:e4:95:b2:cf:68:
                    0a:22:3a:f3:be:26:f3:5e:1a:cd:2e:d8:0a:5e:37:
                    13:01:70:19:b9:61:79:c4:73:43:72:53:46:0d:d1:
                    62:28:ef:70:06:d8:c9:cd:6f:bc:d5:d4:5f:78:5c:
                    06:95:c0:2a:38:9b:40:83:29:03:58:d6:98:8c:7e:
                    3b:8d:83:fa:ad:a2:a0:2a:b4:ff:62:76:aa:cb:6c:
                    78:81:6a:f7:e3:e8:3e:15:81:04:91:66:a8:ab:7d:
                    bd:11:c0:3e:8f:a2:58:70:f1:9f:43:47:87:1c:76:
                    1a:c7:95:fc:c2:a2:0d:15:ed:3d:b7:c2:02:00:81:
                    1d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:02:A6:DB:92:AC:9B:FC:FC:7B:0E:B3:DF:1C:04:D7:63:E9:9C:FF
            X509v3 Authority Key Identifier:
                keyid:0D:1E:3F:D5:04:0B:B9:FB:91:26:E5:11:9E:5F:F7:C0:74:DA:5B:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DR4_1QQLufuRJuURnl_3wHTaW7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9445a9-3f7f-4f4a-80b8-5b910157271b/1/mAKm25Ksm_z8ew6z3xwE12PpnP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9445a9-3f7f-4f4a-80b8-5b910157271b/1/DR4_1QQLufuRJuURnl_3wHTaW7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.4.0/22
                IPv6:
                  2a07:44c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:ec:9f:5c:dc:06:19:11:f9:16:ed:a9:30:73:05:40:22:98:
         f7:f9:5c:aa:73:e4:e5:0f:8a:ee:c7:d2:96:59:e8:1c:0b:c4:
         66:81:03:36:b5:cd:25:ff:8f:da:5a:f0:11:75:02:c7:57:90:
         8f:4b:fd:24:e9:6b:12:64:39:aa:01:9f:ea:ba:2e:62:1d:15:
         27:34:3b:8c:36:36:cf:94:5d:c4:6b:3a:0e:df:08:56:33:2d:
         02:86:2b:49:8b:86:3e:17:d4:df:e2:c3:c8:c9:53:0b:c9:21:
         51:34:dc:17:76:1c:d6:52:d9:8a:25:3d:08:6b:7e:27:f8:bc:
         2b:aa:5d:cf:00:ef:22:24:aa:e8:ff:c8:03:89:89:c7:7d:26:
         0b:36:50:a3:d6:5c:c5:71:5b:c9:ed:1d:0a:7a:3f:65:ee:a5:
         82:9f:c0:47:34:3c:1d:4a:50:9c:f1:3b:7c:db:0b:b7:17:3d:
         32:80:1a:92:64:7c:8d:c7:ec:5b:9a:1e:f5:c1:7d:98:4d:9f:
         03:6e:8d:78:b9:f5:09:a2:d8:8d:15:16:05:c6:c5:e1:a3:24:
         b4:38:ff:ff:f1:18:4e:83:e6:f1:9e:51:7e:fe:72:dc:91:c7:
         50:87:fb:a7:2c:b2:d4:e1:ff:c8:20:c4:8a:8b:c5:e8:39:4b:
         51:83:52:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcLu3TaDp79C7sdeLsQVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMWUzZmQ1MDQwYmI5ZmI5MTI2ZTUxMTllNWZmN2MwNzRk
YTViYmMwHhcNMjQwMTAyMDQzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODAyYTZkYjkyYWM5YmZjZmM3YjBlYjNkZjFjMDRkNzYzZTk5Y2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgE0u5hSk1Oj5tL1Y46PwCQ9KscRP
Bmkggvo2FHPhYO+600ClqXgrjT6LSP3kQ83wQB4TBuLC3lZvX2Cp9UU7QpehJA+j
YZLQZTlJ0jLNJXMJ+w8ZsRIFKb3QZf68PwbBk0DRy1c1zgk6Xd3dTv+EhretqAs6
jOys2xlna7aFnY+z5JWyz2gKIjrzvibzXhrNLtgKXjcTAXAZuWF5xHNDclNGDdFi
KO9wBtjJzW+81dRfeFwGlcAqOJtAgykDWNaYjH47jYP6raKgKrT/Ynaqy2x4gWr3
4+g+FYEEkWaoq329EcA+j6JYcPGfQ0eHHHYax5X8wqINFe09t8ICAIEdzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJgCptuSrJv8/HsOs98cBNdj6Zz/MB8GA1UdIwQY
MBaAFA0eP9UEC7n7kSblEZ5f98B02lu8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFI0XzFRUUx1ZnVSSnVVUm5sXzN3SFRhVzd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NDQ1YTktM2Y3Zi00ZjRhLTgwYjgt
NWI5MTAxNTcyNzFiLzEvbUFLbTI1S3NtX3o4ZXc2ejN4d0UxMlBwblA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NDQ1YTktM2Y3Zi00ZjRhLTgwYjgtNWI5MTAxNTcyNzFi
LzEvRFI0XzFRUUx1ZnVSSnVVUm5sXzN3SFRhVzd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZEEMA0E
AgACMAcDBQMqB0TAMA0GCSqGSIb3DQEBCwUAA4IBAQAv7J9c3AYZEfkW7akwcwVA
Ipj3+Vyqc+TlD4rux9KWWegcC8RmgQM2tc0l/4/aWvARdQLHV5CPS/0k6WsSZDmq
AZ/qui5iHRUnNDuMNjbPlF3EazoO3whWMy0ChitJi4Y+F9Tf4sPIyVMLySFRNNwX
dhzWUtmKJT0Ia34n+Lwrql3PAO8iJKro/8gDiYnHfSYLNlCj1lzFcVvJ7R0Kej9l
7qWCn8BHNDwdSlCc8Tt82wu3Fz0ygBqSZHyNx+xbmh71wX2YTZ8Dbo14ufUJotiN
FRYFxsXhoyS0OP//8RhOg+bxnlF+/nLckcdQh/unLLLU4f/IIMSKi8XoOUtRg1Ij
-----END CERTIFICATE-----