Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/4juoXk6O8O5PwtBizl_d7pW1jW4.roa
File:                     4juoXk6O8O5PwtBizl_d7pW1jW4.roa (raw, json)
Hash identifier:          qHD3cqlCCQpl1/LxoyeT8YGOjJUytifeXw7xxnWH0+8=
Subject key identifier:   E2:3B:A8:5E:4E:8E:F0:EE:4F:C2:D0:62:CE:5F:DD:EE:95:B5:8D:6E
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018CC3B73E18CAF460C15297CB1D2293A436
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/4juoXk6O8O5PwtBizl_d7pW1jW4.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57786
IP address blocks:        185.129.93.0/24 maxlen: 24
                          185.129.94.0/24 maxlen: 24
                          185.129.92.0/24 maxlen: 24
                          185.129.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3e:18:ca:f4:60:c1:52:97:cb:1d:22:93:a4:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e23ba85e4e8ef0ee4fc2d062ce5fddee95b58d6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5b:e9:09:f2:42:fb:b3:b5:bc:96:b4:4b:6e:
                    3b:7e:bd:a6:ed:b3:25:6c:94:ff:7d:69:54:7e:d7:
                    70:46:79:e7:43:6f:ec:2d:c3:16:96:77:cf:7f:3a:
                    1a:99:9d:a5:3a:5d:89:89:27:76:9b:70:d6:8e:50:
                    f9:1e:3d:95:92:09:39:9c:30:00:7c:62:20:92:24:
                    94:87:c5:12:f6:4c:4f:cc:25:5e:76:75:8c:f4:af:
                    fe:98:1d:f0:ac:39:f7:3b:61:56:5e:7f:a6:67:e9:
                    c6:b4:df:fa:0d:5c:59:0d:3c:43:0b:ce:bc:b4:31:
                    94:58:11:0b:78:a4:fc:f8:12:ab:d5:12:ee:de:af:
                    97:9e:9d:cd:b3:bd:b5:ca:cf:9e:a9:53:b1:f8:0e:
                    33:86:de:5b:cb:74:84:1c:ef:9f:e4:17:38:f7:30:
                    9e:d9:56:89:91:03:08:14:ae:5a:9e:7d:1c:f4:c0:
                    13:f2:f0:c0:46:79:f2:c3:41:53:7a:98:61:7c:0e:
                    6b:13:a2:81:b8:69:74:07:bb:63:81:e7:f4:25:12:
                    7b:8a:11:46:c8:05:f4:ab:9d:84:73:bf:89:8a:c4:
                    db:e2:8c:22:fe:d4:3e:1b:8c:2e:2c:6d:89:8c:75:
                    a6:4b:fa:20:2b:f3:bb:fa:7d:fe:8b:44:32:f6:7d:
                    45:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3B:A8:5E:4E:8E:F0:EE:4F:C2:D0:62:CE:5F:DD:EE:95:B5:8D:6E
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/4juoXk6O8O5PwtBizl_d7pW1jW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:19:1e:8a:d3:9a:86:f3:06:f7:eb:dc:9e:45:fa:d0:92:f7:
         cf:e8:8e:a7:82:ab:70:88:a3:16:3b:7f:cd:8e:01:92:0c:92:
         4b:ad:77:a8:55:bd:6e:99:fe:5f:fa:ca:ae:5b:5c:d8:51:10:
         84:48:06:44:6c:db:81:cd:f4:2b:96:4e:9a:e0:c5:ce:5f:30:
         83:e8:52:5a:93:64:b0:87:a4:ea:7c:5c:39:d7:62:21:38:b6:
         61:e1:c7:09:21:cb:29:84:2f:f6:70:6c:6a:4d:17:79:4a:cd:
         21:0a:dd:fb:6a:a5:e9:d9:e4:5e:43:3f:68:24:40:f6:68:b8:
         f2:78:07:b8:93:4f:c9:68:f3:6f:70:2c:3e:ac:18:f2:ac:46:
         0c:5f:7a:5d:51:30:b6:64:ff:11:e4:e1:c6:8c:ab:55:61:2a:
         43:2b:e0:a5:50:c9:03:9f:e8:72:10:38:6b:89:cc:57:a0:01:
         06:52:53:73:1d:05:d6:fa:6e:74:ac:1a:5f:b9:90:87:74:dd:
         21:39:b4:cb:28:6f:f1:e7:c2:40:b7:d4:5c:97:df:5f:a5:1d:
         0e:44:e7:93:c8:78:68:75:39:b0:ea:af:7a:35:46:97:a6:4d:
         42:61:47:80:fd:49:ec:9c:92:f1:15:ff:ce:56:93:5d:0b:42:
         00:4d:8d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz4YyvRgwVKXyx0ik6Q2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjNiYTg1ZTRlOGVmMGVlNGZjMmQwNjJjZTVmZGRlZTk1YjU4ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1vpCfJC+7O1vJa0S247fr2m7bMl
bJT/fWlUftdwRnnnQ2/sLcMWlnfPfzoamZ2lOl2JiSd2m3DWjlD5Hj2Vkgk5nDAA
fGIgkiSUh8US9kxPzCVednWM9K/+mB3wrDn3O2FWXn+mZ+nGtN/6DVxZDTxDC868
tDGUWBELeKT8+BKr1RLu3q+Xnp3Ns721ys+eqVOx+A4zht5by3SEHO+f5Bc49zCe
2VaJkQMIFK5ann0c9MAT8vDARnnyw0FTephhfA5rE6KBuGl0B7tjgef0JRJ7ihFG
yAX0q52Ec7+JisTb4owi/tQ+G4wuLG2JjHWmS/ogK/O7+n3+i0Qy9n1FZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOI7qF5OjvDuT8LQYs5f3e6VtY1uMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvNGp1b1hrNk84TzVQd3RCaXpsX2Q3cFcxalc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYFcMA0G
CSqGSIb3DQEBCwUAA4IBAQCFGR6K05qG8wb369yeRfrQkvfP6I6ngqtwiKMWO3/N
jgGSDJJLrXeoVb1umf5f+squW1zYURCESAZEbNuBzfQrlk6a4MXOXzCD6FJak2Sw
h6TqfFw512IhOLZh4ccJIcsphC/2cGxqTRd5Ss0hCt37aqXp2eReQz9oJED2aLjy
eAe4k0/JaPNvcCw+rBjyrEYMX3pdUTC2ZP8R5OHGjKtVYSpDK+ClUMkDn+hyEDhr
icxXoAEGUlNzHQXW+m50rBpfuZCHdN0hObTLKG/x58JAt9Rcl99fpR0OROeTyHho
dTmw6q96NUaXpk1CYUeA/UnsnJLxFf/OVpNdC0IATY1y
-----END CERTIFICATE-----