Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c02820-fb66-4792-9d8d-cc885857faf2/1/u4NmOINlngn_Ln4e5JT-zZBl4A4.roa
File:                     u4NmOINlngn_Ln4e5JT-zZBl4A4.roa (raw, json)
Hash identifier:          NYNo8BMFnoMBChXiSlGXwgx9GqOnlmE+4PFgVqtwHGQ=
Subject key identifier:   BB:83:66:38:83:65:9E:09:FF:2E:7E:1E:E4:94:FE:CD:90:65:E0:0E
Certificate issuer:       /CN=9be60d4ae70f6f559984c76b521ce377cc1ee721
Certificate serial:       018D5B5BCDB60B4DFD185CA99A05010C6458
Authority key identifier: 9B:E6:0D:4A:E7:0F:6F:55:99:84:C7:6B:52:1C:E3:77:CC:1E:E7:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-YNSucPb1WZhMdrUhzjd8we5yE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c02820-fb66-4792-9d8d-cc885857faf2/1/u4NmOINlngn_Ln4e5JT-zZBl4A4.roa
Signing time:             Tue 30 Jan 2024 17:12:39 +0000
ROA not before:           Tue 30 Jan 2024 17:12:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204409
IP address blocks:        185.249.112.0/22 maxlen: 24
                          2a0c:340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c02820-fb66-4792-9d8d-cc885857faf2/1/m-YNSucPb1WZhMdrUhzjd8we5yE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c02820-fb66-4792-9d8d-cc885857faf2/1/m-YNSucPb1WZhMdrUhzjd8we5yE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-YNSucPb1WZhMdrUhzjd8we5yE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:5b:cd:b6:0b:4d:fd:18:5c:a9:9a:05:01:0c:64:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9be60d4ae70f6f559984c76b521ce377cc1ee721
        Validity
            Not Before: Jan 30 17:12:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb83663883659e09ff2e7e1ee494fecd9065e00e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b3:27:7d:ca:25:41:ca:4c:38:13:15:b8:4b:
                    74:f6:53:47:62:97:66:ea:a5:fe:37:3c:ee:0e:7a:
                    28:68:29:44:ee:42:59:33:ec:e9:32:dc:f7:a5:ca:
                    a0:13:3c:07:8a:92:01:6d:d6:50:1c:ae:eb:9a:c3:
                    2c:4a:e3:43:c6:fd:77:0e:b2:77:6f:df:ff:54:56:
                    65:6b:80:7e:97:cf:c7:00:5e:2b:3c:7b:b0:9c:13:
                    b8:d1:50:a6:70:e9:56:7f:2c:b9:2c:02:97:f3:58:
                    17:46:c9:c0:13:e4:4e:52:b6:b3:eb:ea:37:08:f6:
                    79:81:2a:0f:00:46:20:d0:13:e5:40:9b:6b:5e:e7:
                    a4:62:c3:5a:ab:0a:dd:0c:b7:9b:da:ad:8d:d7:0c:
                    5c:b0:10:2f:61:16:31:6f:cd:fb:76:f2:dd:00:5a:
                    63:fa:09:7b:71:9f:2b:8b:75:35:09:8e:ab:d7:13:
                    41:a8:f1:4c:9e:65:4f:0e:31:cd:6b:20:06:38:20:
                    e8:99:b6:68:6a:f4:ea:cc:b7:10:8d:6e:4d:1d:ce:
                    58:fb:10:23:69:a6:fb:89:5d:80:a7:56:58:fe:5d:
                    95:89:f7:45:f7:a2:e2:d7:e8:8b:13:5f:84:69:0b:
                    a2:59:24:1b:bc:81:cd:a4:41:6d:b5:b5:2d:fa:b3:
                    43:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:83:66:38:83:65:9E:09:FF:2E:7E:1E:E4:94:FE:CD:90:65:E0:0E
            X509v3 Authority Key Identifier:
                keyid:9B:E6:0D:4A:E7:0F:6F:55:99:84:C7:6B:52:1C:E3:77:CC:1E:E7:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-YNSucPb1WZhMdrUhzjd8we5yE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c02820-fb66-4792-9d8d-cc885857faf2/1/u4NmOINlngn_Ln4e5JT-zZBl4A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c02820-fb66-4792-9d8d-cc885857faf2/1/m-YNSucPb1WZhMdrUhzjd8we5yE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.112.0/22
                IPv6:
                  2a0c:340::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:c2:0a:5c:29:b9:07:f1:de:e8:31:bc:cb:85:f7:fb:0b:17:
         7b:bf:69:48:cb:4b:2c:5f:8f:d4:43:9f:49:ba:35:f6:49:3e:
         00:43:f2:ad:e8:f9:56:d3:25:41:06:59:d6:01:cc:4f:d7:68:
         23:32:2e:fd:a7:65:a5:1e:6b:c8:6b:58:10:be:5a:5c:d3:49:
         b8:4a:81:df:8a:45:8c:12:e2:f9:23:b7:55:ec:c1:27:6d:a0:
         b8:f5:54:c8:b3:cd:ef:f3:67:92:28:80:d5:1b:80:63:a6:5f:
         1e:11:78:62:76:31:2d:7d:de:f8:36:f6:23:dd:40:5b:11:81:
         1b:59:ba:44:fb:bc:9e:92:58:99:cd:bd:9c:5a:a9:a4:56:b4:
         f5:81:9c:65:f0:48:21:a2:4d:b4:aa:16:82:f7:1d:75:54:39:
         8c:50:ab:e6:9e:59:79:ce:1e:81:c3:ff:ab:a9:59:bd:0e:f3:
         35:7c:78:3b:07:81:89:0f:cb:10:f9:71:11:52:2a:2b:44:cb:
         c0:35:a2:62:e1:b9:05:12:72:b5:df:6c:94:8b:b0:ef:5b:80:
         b9:95:db:f5:73:85:2a:57:31:b6:84:f0:b3:22:0d:79:18:68:
         d3:ab:69:09:cc:76:61:99:4a:ce:40:55:67:e4:d8:b8:58:d7:
         62:cb:86:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1bW822C039GFypmgUBDGRYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZTYwZDRhZTcwZjZmNTU5OTg0Yzc2YjUyMWNlMzc3Y2Mx
ZWU3MjEwHhcNMjQwMTMwMTcxMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjgzNjYzODgzNjU5ZTA5ZmYyZTdlMWVlNDk0ZmVjZDkwNjVlMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbMnfcolQcpMOBMVuEt09lNHYpdm
6qX+NzzuDnooaClE7kJZM+zpMtz3pcqgEzwHipIBbdZQHK7rmsMsSuNDxv13DrJ3
b9//VFZla4B+l8/HAF4rPHuwnBO40VCmcOlWfyy5LAKX81gXRsnAE+ROUraz6+o3
CPZ5gSoPAEYg0BPlQJtrXuekYsNaqwrdDLeb2q2N1wxcsBAvYRYxb837dvLdAFpj
+gl7cZ8ri3U1CY6r1xNBqPFMnmVPDjHNayAGOCDombZoavTqzLcQjW5NHc5Y+xAj
aab7iV2Ap1ZY/l2VifdF96Li1+iLE1+EaQuiWSQbvIHNpEFttbUt+rNDYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLuDZjiDZZ4J/y5+HuSU/s2QZeAOMB8GA1UdIwQY
MBaAFJvmDUrnD29VmYTHa1Ic43fMHuchMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1ZTlN1Y1BiMVdaaE1kclVoempkOHdlNXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jMDI4MjAtZmI2Ni00NzkyLTlkOGQt
Y2M4ODU4NTdmYWYyLzEvdTRObU9JTmxuZ25fTG40ZTVKVC16WkJsNEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jMDI4MjAtZmI2Ni00NzkyLTlkOGQtY2M4ODU4NTdmYWYy
LzEvbS1ZTlN1Y1BiMVdaaE1kclVoempkOHdlNXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuflwMA0E
AgACMAcDBQAqDANAMA0GCSqGSIb3DQEBCwUAA4IBAQB2wgpcKbkH8d7oMbzLhff7
Cxd7v2lIy0ssX4/UQ59JujX2ST4AQ/Kt6PlW0yVBBlnWAcxP12gjMi79p2WlHmvI
a1gQvlpc00m4SoHfikWMEuL5I7dV7MEnbaC49VTIs83v82eSKIDVG4Bjpl8eEXhi
djEtfd74NvYj3UBbEYEbWbpE+7yekliZzb2cWqmkVrT1gZxl8Eghok20qhaC9x11
VDmMUKvmnll5zh6Bw/+rqVm9DvM1fHg7B4GJD8sQ+XERUiorRMvANaJi4bkFEnK1
32yUi7DvW4C5ldv1c4UqVzG2hPCzIg15GGjTq2kJzHZhmUrOQFVn5Ni4WNdiy4ZY
-----END CERTIFICATE-----