Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/Sk_FyF6fJBfxDXY3ZqU5DnPwclY.roa
File:                     Sk_FyF6fJBfxDXY3ZqU5DnPwclY.roa (raw, json)
Hash identifier:          L0vWJKFHpp1BwbGYEO5M5HFtd5ODV80Ds88kSsxxIHI=
Subject key identifier:   4A:4F:C5:C8:5E:9F:24:17:F1:0D:76:37:66:A5:39:0E:73:F0:72:56
Certificate issuer:       /CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
Certificate serial:       018CC56E23A951B4E9D00BF3A19319F3DABB
Authority key identifier: E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/Sk_FyF6fJBfxDXY3ZqU5DnPwclY.roa
Signing time:             Mon 01 Jan 2024 14:29:38 +0000
ROA not before:           Mon 01 Jan 2024 14:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        185.143.148.0/22 maxlen: 22
                          91.142.112.0/20 maxlen: 20
                          2a00:17b0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:23:a9:51:b4:e9:d0:0b:f3:a1:93:19:f3:da:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
        Validity
            Not Before: Jan  1 14:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a4fc5c85e9f2417f10d763766a5390e73f07256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2b:d2:a0:f4:6c:1c:94:ea:a5:97:31:92:3d:
                    30:bd:21:24:f1:6f:7c:cc:cc:d7:ff:f6:46:aa:0d:
                    01:42:e2:0f:2b:40:a2:ae:cd:7c:7c:a1:41:b1:be:
                    c9:53:f1:66:58:9b:3d:3c:ec:51:7a:72:1c:51:86:
                    b0:71:fa:51:c4:93:9a:24:81:07:b2:a8:2a:f2:58:
                    18:bf:db:6b:db:2f:42:ec:1f:50:f4:d0:57:41:33:
                    d3:27:3b:78:e7:fd:dc:48:34:e0:43:7b:24:39:2b:
                    0f:d5:df:e1:be:32:6e:a5:59:ba:d8:99:ef:df:41:
                    51:65:09:42:83:a4:6a:4f:f1:58:91:bb:76:e5:dd:
                    5b:ba:2f:30:f1:53:d5:54:e6:6a:c9:3b:b6:85:82:
                    52:28:52:11:b5:73:6e:ae:fb:58:eb:9e:20:ed:70:
                    3e:4b:8e:76:68:43:94:7f:e7:f3:8d:97:54:b2:9f:
                    e9:75:f6:76:4b:8f:c1:8c:16:8d:b3:7c:61:c7:72:
                    22:6e:1d:c2:6a:9f:1e:a0:9e:55:c1:d9:51:97:39:
                    b7:bd:93:e8:df:4d:55:f2:0b:52:6c:1c:84:31:50:
                    f0:40:c0:ed:45:00:33:cf:02:cc:19:8c:46:1e:bc:
                    1a:89:8b:de:a5:62:07:aa:d7:4e:4c:11:f6:25:0f:
                    29:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:4F:C5:C8:5E:9F:24:17:F1:0D:76:37:66:A5:39:0E:73:F0:72:56
            X509v3 Authority Key Identifier:
                keyid:E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/Sk_FyF6fJBfxDXY3ZqU5DnPwclY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.112.0/20
                  185.143.148.0/22
                IPv6:
                  2a00:17b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:66:37:95:4b:55:04:1e:93:bf:a6:4b:26:09:c4:bc:ce:65:
         7b:3d:5d:ea:61:91:20:45:24:8f:09:3c:74:28:fb:fb:59:8f:
         83:0a:87:3e:f3:e8:c3:0b:b2:17:85:7e:e4:3b:4b:77:08:1c:
         dc:ae:a0:c7:af:c6:58:21:1c:bc:43:e4:bb:e7:d7:21:57:c1:
         8f:fe:84:be:10:b9:c3:38:d6:02:6b:4e:83:fe:81:03:95:9f:
         3f:d0:0a:db:23:70:a8:7e:a8:b8:cc:54:e8:0f:ac:d5:1c:96:
         53:5d:27:72:ee:dc:73:43:c5:f6:73:44:ce:8e:50:65:62:f3:
         af:b1:81:e4:72:1c:fa:41:99:02:7f:00:75:2b:77:0d:d2:46:
         61:f4:d6:a1:ef:62:a8:b5:3f:14:63:d2:d2:9d:3e:ed:97:06:
         3e:9d:18:2e:2c:b8:c6:52:78:67:0d:e3:d5:e8:e1:07:64:4c:
         75:a6:22:8a:4e:ae:9b:21:f6:e9:8a:ae:34:f8:6c:cf:28:e7:
         c2:9e:09:ec:66:c4:a1:d7:7a:f1:59:26:78:24:5e:c3:3f:72:
         b8:3f:f2:8c:17:b8:86:6f:66:79:6c:75:85:dc:4b:9d:ba:0c:
         c6:29:72:b1:16:c1:88:e3:c5:c7:42:ef:b1:66:5a:9e:38:2b:
         7c:71:17:ee
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbiOpUbTp0AvzoZMZ89q7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTMyZThhNmFjNmY2ZWMzNzg2MGVlN2MwN2ViOGRmOTMx
NDc3NzkwHhcNMjQwMTAxMTQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTRmYzVjODVlOWYyNDE3ZjEwZDc2Mzc2NmE1MzkwZTczZjA3MjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCvSoPRsHJTqpZcxkj0wvSEk8W98
zMzX//ZGqg0BQuIPK0Cirs18fKFBsb7JU/FmWJs9POxRenIcUYawcfpRxJOaJIEH
sqgq8lgYv9tr2y9C7B9Q9NBXQTPTJzt45/3cSDTgQ3skOSsP1d/hvjJupVm62Jnv
30FRZQlCg6RqT/FYkbt25d1bui8w8VPVVOZqyTu2hYJSKFIRtXNurvtY654g7XA+
S452aEOUf+fzjZdUsp/pdfZ2S4/BjBaNs3xhx3Iibh3Cap8eoJ5VwdlRlzm3vZPo
301V8gtSbByEMVDwQMDtRQAzzwLMGYxGHrwaiYvepWIHqtdOTBH2JQ8pxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEpPxchenyQX8Q12N2alOQ5z8HJWMB8GA1UdIwQY
MBaAFOijLopqxvbsN4YO58B+uN+TFHd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktNdWltckc5dXczaGc3bndINjQzNU1VZDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jNGJmZDQtYTBhMS00MzM0LTg2MGEt
NGZhNTM3ZGJlMmU5LzEvU2tfRnlGNmZKQmZ4RFhZM1pxVTVEblB3Y2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jNGJmZDQtYTBhMS00MzM0LTg2MGEtNGZhNTM3ZGJlMmU5
LzEvNktNdWltckc5dXczaGc3bndINjQzNU1VZDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEW45wAwQC
uY+UMA0EAgACMAcDBQAqABewMA0GCSqGSIb3DQEBCwUAA4IBAQAkZjeVS1UEHpO/
pksmCcS8zmV7PV3qYZEgRSSPCTx0KPv7WY+DCoc+8+jDC7IXhX7kO0t3CBzcrqDH
r8ZYIRy8Q+S759chV8GP/oS+ELnDONYCa06D/oEDlZ8/0ArbI3Cofqi4zFToD6zV
HJZTXSdy7txzQ8X2c0TOjlBlYvOvsYHkchz6QZkCfwB1K3cN0kZh9Nah72KotT8U
Y9LSnT7tlwY+nRguLLjGUnhnDePV6OEHZEx1piKKTq6bIfbpiq40+GzPKOfCngns
ZsSh13rxWSZ4JF7DP3K4P/KMF7iGb2Z5bHWF3EudugzGKXKxFsGI48XHQu+xZlqe
OCt8cRfu
-----END CERTIFICATE-----