Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/4fsGpH_h8wYJOx6l5_grPI0_eE0.roa
File:                     4fsGpH_h8wYJOx6l5_grPI0_eE0.roa (raw, json)
Hash identifier:          l6CZks1I+PSrl7hZlmaeb2OkDkhqL0TCEi6qwQxV4Vo=
Subject key identifier:   E1:FB:06:A4:7F:E1:F3:06:09:3B:1E:A5:E7:F8:2B:3C:8D:3F:78:4D
Certificate issuer:       /CN=d181d0c40951a4f900e4d9dd9c20e4856350920e
Certificate serial:       018CCA2ADB1E779F927748204288974CFAEC
Authority key identifier: D1:81:D0:C4:09:51:A4:F9:00:E4:D9:DD:9C:20:E4:85:63:50:92:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/4fsGpH_h8wYJOx6l5_grPI0_eE0.roa
Signing time:             Tue 02 Jan 2024 12:34:15 +0000
ROA not before:           Tue 02 Jan 2024 12:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51487
IP address blocks:        185.160.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:db:1e:77:9f:92:77:48:20:42:88:97:4c:fa:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d181d0c40951a4f900e4d9dd9c20e4856350920e
        Validity
            Not Before: Jan  2 12:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1fb06a47fe1f306093b1ea5e7f82b3c8d3f784d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:33:e6:28:af:fb:48:93:d2:d9:31:32:7e:69:
                    fa:4b:1b:60:38:13:58:51:48:dc:ca:cd:d3:64:65:
                    cc:af:65:d1:b1:31:4e:63:1c:53:bc:79:c9:97:10:
                    21:3d:1e:e4:1f:92:56:67:aa:cf:67:dd:20:d3:ca:
                    0e:5b:71:bb:a4:89:a1:31:28:95:81:ae:25:e5:f9:
                    b3:50:bc:40:64:59:8a:5d:ff:8c:bf:34:c2:a7:f4:
                    82:b6:38:8b:91:1e:0f:d2:90:e4:09:86:84:67:d6:
                    bc:68:64:9d:dc:5b:2a:82:27:6d:01:2b:0c:0c:90:
                    a7:97:2b:47:e7:9a:f7:45:47:42:01:98:2a:02:48:
                    5a:d0:50:8c:76:52:ac:eb:ef:c4:dd:6a:20:ce:4a:
                    2f:d2:f1:72:fe:c9:bf:3f:b8:f7:e9:87:0f:8c:e4:
                    71:6d:a3:d4:4c:b2:8b:16:c8:2e:34:d5:dc:ff:49:
                    36:43:78:f1:14:16:42:dd:46:d0:81:9f:01:46:8d:
                    0a:8f:96:60:14:06:4d:07:c6:dc:db:4e:9d:4c:9c:
                    ad:58:8f:89:02:2c:65:f9:37:7d:9e:63:93:7d:88:
                    64:ca:18:5b:af:f5:39:15:6d:e5:34:bf:21:10:31:
                    f5:92:25:da:93:7a:2e:ad:c5:ff:b9:b3:c6:b0:e1:
                    97:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:FB:06:A4:7F:E1:F3:06:09:3B:1E:A5:E7:F8:2B:3C:8D:3F:78:4D
            X509v3 Authority Key Identifier:
                keyid:D1:81:D0:C4:09:51:A4:F9:00:E4:D9:DD:9C:20:E4:85:63:50:92:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/4fsGpH_h8wYJOx6l5_grPI0_eE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:5b:4b:b7:34:08:0a:f2:87:7f:44:3b:5f:90:c1:04:d7:db:
         b9:5e:af:de:81:95:dc:73:d5:2a:60:f2:68:f6:46:2a:46:da:
         62:52:7e:3c:c8:98:7b:9c:b4:cb:24:c6:79:af:aa:c7:5f:e3:
         18:2e:76:0c:06:3e:5d:64:06:37:21:54:da:9a:98:69:d9:c5:
         1c:03:bc:f8:97:39:5f:23:b0:1a:cb:11:55:6d:3c:53:8a:b9:
         05:8d:4b:74:ad:7a:c8:21:32:ab:c3:46:78:69:1c:fb:22:35:
         45:98:76:7c:7e:75:c0:8d:6b:e0:b6:a1:3f:69:42:67:b5:23:
         d5:c9:09:e3:8d:91:fb:d9:50:69:4f:4f:e0:2b:20:de:d8:cb:
         48:fc:92:5c:04:6c:98:b2:8d:95:da:f6:f7:25:99:2b:da:9f:
         0c:e0:2a:93:4f:a5:73:6b:ee:9e:7a:00:df:1a:0f:a3:9a:b3:
         96:7b:a1:29:80:8b:1b:b7:47:fa:79:dd:4a:b6:1d:ce:48:0e:
         61:a4:2c:b6:d4:2b:0c:47:30:4c:95:96:fe:1f:68:21:fb:f4:
         9e:49:f3:6e:c2:b9:63:75:1e:de:15:e9:dc:29:e3:dd:6c:70:
         ce:77:6b:0e:a0:b8:3e:e7:b3:8e:8c:d1:26:fd:d4:4e:b7:eb:
         53:17:d9:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKtsed5+Sd0ggQoiXTPrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxODFkMGM0MDk1MWE0ZjkwMGU0ZDlkZDljMjBlNDg1NjM1
MDkyMGUwHhcNMjQwMTAyMTIzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWZiMDZhNDdmZTFmMzA2MDkzYjFlYTVlN2Y4MmIzYzhkM2Y3ODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/jPmKK/7SJPS2TEyfmn6SxtgOBNY
UUjcys3TZGXMr2XRsTFOYxxTvHnJlxAhPR7kH5JWZ6rPZ90g08oOW3G7pImhMSiV
ga4l5fmzULxAZFmKXf+MvzTCp/SCtjiLkR4P0pDkCYaEZ9a8aGSd3FsqgidtASsM
DJCnlytH55r3RUdCAZgqAkha0FCMdlKs6+/E3Wogzkov0vFy/sm/P7j36YcPjORx
baPUTLKLFsguNNXc/0k2Q3jxFBZC3UbQgZ8BRo0Kj5ZgFAZNB8bc206dTJytWI+J
Aixl+Td9nmOTfYhkyhhbr/U5FW3lNL8hEDH1kiXak3ourcX/ubPGsOGX7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOH7BqR/4fMGCTsepef4KzyNP3hNMB8GA1UdIwQY
MBaAFNGB0MQJUaT5AOTZ3Zwg5IVjUJIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFlIUXhBbFJwUGtBNU5uZG5DRGtoV05Ra2c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hOWQ3OWUtYjI4Mi00M2MxLThiOGEt
Mzg4YjgxYzBjOTBjLzEvNGZzR3BIX2g4d1lKT3g2bDVfZ3JQSTBfZUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hOWQ3OWUtYjI4Mi00M2MxLThiOGEtMzg4YjgxYzBjOTBj
LzEvMFlIUXhBbFJwUGtBNU5uZG5DRGtoV05Ra2c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaCaMA0G
CSqGSIb3DQEBCwUAA4IBAQArW0u3NAgK8od/RDtfkMEE19u5Xq/egZXcc9UqYPJo
9kYqRtpiUn48yJh7nLTLJMZ5r6rHX+MYLnYMBj5dZAY3IVTamphp2cUcA7z4lzlf
I7AayxFVbTxTirkFjUt0rXrIITKrw0Z4aRz7IjVFmHZ8fnXAjWvgtqE/aUJntSPV
yQnjjZH72VBpT0/gKyDe2MtI/JJcBGyYso2V2vb3JZkr2p8M4CqTT6Vza+6eegDf
Gg+jmrOWe6EpgIsbt0f6ed1Kth3OSA5hpCy21CsMRzBMlZb+H2gh+/SeSfNuwrlj
dR7eFencKePdbHDOd2sOoLg+57OOjNEm/dROt+tTF9lq
-----END CERTIFICATE-----