Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/d1dfd6-ccdf-4621-b454-6e3fa62cd2df/1/4zL6JlYoo4rCfVs4JBKrEaSGJEc.roa
File:                     4zL6JlYoo4rCfVs4JBKrEaSGJEc.roa (raw, json)
Hash identifier:          Mm1IJ8d++5wuUGPKSfOBHH47Dsspj+C3pRWGNjUrrD8=
Subject key identifier:   E3:32:FA:26:56:28:A3:8A:C2:7D:5B:38:24:12:AB:11:A4:86:24:47
Certificate issuer:       /CN=a2f516bf42214086db39847f9f563b4cf4a0ff43
Certificate serial:       018CC8713B4E0F36387E83EFAD14B102263E
Authority key identifier: A2:F5:16:BF:42:21:40:86:DB:39:84:7F:9F:56:3B:4C:F4:A0:FF:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ovUWv0IhQIbbOYR_n1Y7TPSg_0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/d1dfd6-ccdf-4621-b454-6e3fa62cd2df/1/4zL6JlYoo4rCfVs4JBKrEaSGJEc.roa
Signing time:             Tue 02 Jan 2024 04:31:53 +0000
ROA not before:           Tue 02 Jan 2024 04:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5610
IP address blocks:        195.5.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/d1dfd6-ccdf-4621-b454-6e3fa62cd2df/1/ovUWv0IhQIbbOYR_n1Y7TPSg_0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/d1dfd6-ccdf-4621-b454-6e3fa62cd2df/1/ovUWv0IhQIbbOYR_n1Y7TPSg_0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ovUWv0IhQIbbOYR_n1Y7TPSg_0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3b:4e:0f:36:38:7e:83:ef:ad:14:b1:02:26:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2f516bf42214086db39847f9f563b4cf4a0ff43
        Validity
            Not Before: Jan  2 04:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e332fa265628a38ac27d5b382412ab11a4862447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c2:58:9a:c4:42:25:90:90:ca:a8:05:6b:53:
                    b1:d3:19:15:4b:ea:aa:1f:de:e2:35:20:1c:1a:e5:
                    10:74:e4:6a:eb:c2:5b:a7:ec:83:8f:80:d7:68:e0:
                    73:be:4c:33:b8:25:f0:b5:d8:a6:f9:3c:c2:8e:f8:
                    55:dc:eb:93:b5:c5:f7:4a:5c:14:bd:8a:e3:2d:6a:
                    90:47:d8:e1:ed:7a:31:12:26:65:8a:7b:ef:df:ec:
                    1b:3b:a4:1a:fc:d2:65:97:fe:33:1e:61:54:e6:58:
                    36:cc:f1:d3:c1:d5:7c:47:d6:95:79:69:c9:0d:a1:
                    73:20:66:91:32:9a:62:8d:9f:2d:fa:f6:ef:0d:c6:
                    49:42:cc:ad:2b:cc:d8:70:34:82:20:2f:5c:5d:0a:
                    e0:63:2f:55:c2:b4:a6:1b:67:6e:6d:06:11:8c:ed:
                    b4:7b:a9:b8:c6:c8:f8:1f:53:75:ee:6e:e6:84:14:
                    1b:bc:b9:11:f4:29:4a:7e:d8:cb:d4:c1:2f:14:f0:
                    73:b0:04:0a:1e:60:f3:7a:1f:36:42:4e:86:4d:8d:
                    d8:84:f4:c3:8f:30:4c:3b:ea:2f:a3:c2:6e:2a:9e:
                    0d:e2:24:d9:26:01:48:a8:92:9c:83:ab:1d:9e:9a:
                    6c:8d:c1:fb:29:22:b0:05:c9:12:5b:97:2a:e7:4f:
                    ee:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:32:FA:26:56:28:A3:8A:C2:7D:5B:38:24:12:AB:11:A4:86:24:47
            X509v3 Authority Key Identifier:
                keyid:A2:F5:16:BF:42:21:40:86:DB:39:84:7F:9F:56:3B:4C:F4:A0:FF:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ovUWv0IhQIbbOYR_n1Y7TPSg_0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/d1dfd6-ccdf-4621-b454-6e3fa62cd2df/1/4zL6JlYoo4rCfVs4JBKrEaSGJEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/d1dfd6-ccdf-4621-b454-6e3fa62cd2df/1/ovUWv0IhQIbbOYR_n1Y7TPSg_0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:44:80:07:e0:f2:e4:a0:47:9e:0f:e8:16:d6:7e:46:89:5c:
         76:7d:75:6c:5e:97:89:6a:30:12:f2:36:2a:84:51:2b:98:5a:
         aa:a7:ea:c6:23:06:fa:fe:c1:8b:01:6b:31:fd:9f:f3:5c:bb:
         ef:9d:c8:24:c7:0c:80:da:d4:cf:a4:30:0a:3f:9d:05:fb:64:
         d8:27:7b:c7:3a:86:c7:8f:0a:81:8a:57:6f:83:8c:50:5f:20:
         ed:5a:57:0f:16:86:b7:5a:71:83:64:9c:99:0e:4c:a1:9c:1e:
         1a:ea:d7:ea:aa:8f:e3:78:28:75:c1:1f:01:46:6c:74:7d:ca:
         a2:03:f1:26:7a:9c:23:66:bb:28:cc:61:c8:3f:1a:3d:5d:a4:
         e4:7a:56:28:f1:8e:ac:0e:b8:13:aa:ee:0a:c3:e7:b8:7c:74:
         93:dd:36:f8:15:65:55:7b:8b:a3:3c:91:e0:5b:ae:f1:e7:2a:
         2c:5d:21:11:4f:90:68:63:d1:99:6c:2d:15:22:02:0f:f3:6d:
         0f:99:58:88:af:ec:ac:1b:c2:06:df:99:93:0f:dd:e4:d4:22:
         37:76:89:f3:0f:5c:b8:a1:ed:f9:e2:90:49:30:71:bf:b0:f3:
         f3:6b:9b:1c:4c:92:e9:1d:17:b9:33:fe:d9:c3:01:33:af:5b:
         26:b3:30:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTtODzY4foPvrRSxAiY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZjUxNmJmNDIyMTQwODZkYjM5ODQ3ZjlmNTYzYjRjZjRh
MGZmNDMwHhcNMjQwMTAyMDQzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzMyZmEyNjU2MjhhMzhhYzI3ZDViMzgyNDEyYWIxMWE0ODYyNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcJYmsRCJZCQyqgFa1Ox0xkVS+qq
H97iNSAcGuUQdORq68Jbp+yDj4DXaOBzvkwzuCXwtdim+TzCjvhV3OuTtcX3SlwU
vYrjLWqQR9jh7XoxEiZlinvv3+wbO6Qa/NJll/4zHmFU5lg2zPHTwdV8R9aVeWnJ
DaFzIGaRMppijZ8t+vbvDcZJQsytK8zYcDSCIC9cXQrgYy9VwrSmG2dubQYRjO20
e6m4xsj4H1N17m7mhBQbvLkR9ClKftjL1MEvFPBzsAQKHmDzeh82Qk6GTY3YhPTD
jzBMO+ovo8JuKp4N4iTZJgFIqJKcg6sdnppsjcH7KSKwBckSW5cq50/uJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMy+iZWKKOKwn1bOCQSqxGkhiRHMB8GA1UdIwQY
MBaAFKL1Fr9CIUCG2zmEf59WO0z0oP9DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ZVV3YwSWhRSWJiT1lSX24xWTdUUFNnXzBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kMWRmZDYtY2NkZi00NjIxLWI0NTQt
NmUzZmE2MmNkMmRmLzEvNHpMNkpsWW9vNHJDZlZzNEpCS3JFYVNHSkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9kMWRmZDYtY2NkZi00NjIxLWI0NTQtNmUzZmE2MmNkMmRm
LzEvb3ZVV3YwSWhRSWJiT1lSX24xWTdUUFNnXzBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwW6MA0G
CSqGSIb3DQEBCwUAA4IBAQDeRIAH4PLkoEeeD+gW1n5GiVx2fXVsXpeJajAS8jYq
hFErmFqqp+rGIwb6/sGLAWsx/Z/zXLvvncgkxwyA2tTPpDAKP50F+2TYJ3vHOobH
jwqBildvg4xQXyDtWlcPFoa3WnGDZJyZDkyhnB4a6tfqqo/jeCh1wR8BRmx0fcqi
A/EmepwjZrsozGHIPxo9XaTkelYo8Y6sDrgTqu4Kw+e4fHST3Tb4FWVVe4ujPJHg
W67x5yosXSERT5BoY9GZbC0VIgIP820PmViIr+ysG8IG35mTD93k1CI3donzD1y4
oe354pBJMHG/sPPza5scTJLpHRe5M/7ZwwEzr1smszCC
-----END CERTIFICATE-----