Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/iVPI3SRDczoM6AFsw-weB5JswVc.roa
File:                     iVPI3SRDczoM6AFsw-weB5JswVc.roa (raw, json)
Hash identifier:          4A8eW5M7UYUjCBBnM49epjYoakI5/4GmXJpzRbwoAtQ=
Subject key identifier:   89:53:C8:DD:24:43:73:3A:0C:E8:01:6C:C3:EC:1E:07:92:6C:C1:57
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       018CC6B799E60ACAE982E9AB2449F07F8CC0
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/iVPI3SRDczoM6AFsw-weB5JswVc.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210135
IP address blocks:        185.221.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:99:e6:0a:ca:e9:82:e9:ab:24:49:f0:7f:8c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8953c8dd2443733a0ce8016cc3ec1e07926cc157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:49:dc:d9:e9:bd:1b:7f:2e:ec:42:f7:27:43:
                    09:78:88:00:fc:c1:a3:21:9c:b6:42:3c:33:f9:ad:
                    e2:f4:c9:6d:8e:a0:c4:0f:ef:98:f7:d3:7e:b1:3e:
                    ce:0d:b4:cb:ee:19:c9:40:b3:78:cc:cf:14:57:3c:
                    07:5c:c0:98:dc:7f:3e:44:02:bd:df:c8:d9:c9:78:
                    c1:9e:ea:3e:6a:04:71:e0:6f:48:35:63:c5:a5:35:
                    dd:55:3c:9b:04:cb:83:21:25:83:15:73:a1:3a:e8:
                    16:a4:8a:69:9e:4c:07:a9:32:d0:c1:9a:f3:30:4d:
                    e9:b8:db:6a:28:bb:fc:8b:9c:e4:d3:cc:7d:44:87:
                    64:62:24:55:64:fb:96:dc:e7:79:16:73:ce:40:03:
                    63:0e:a3:d4:57:8c:2b:03:89:e9:f7:be:c3:ec:c0:
                    56:42:b7:2a:43:c5:47:98:0d:ec:97:b5:b1:8c:b7:
                    d6:0d:d2:fa:bc:a4:93:b6:61:d8:e7:8e:db:ab:04:
                    34:2c:66:63:1f:7f:fd:f3:3d:d4:bc:f8:5a:74:42:
                    fa:c0:11:7d:60:bc:c0:f6:3b:bc:41:81:01:ef:de:
                    aa:5c:87:30:a9:af:1f:d3:35:24:1b:0b:71:f5:50:
                    d6:01:e6:7f:61:61:80:a9:72:1f:d5:c1:93:d4:b2:
                    db:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:53:C8:DD:24:43:73:3A:0C:E8:01:6C:C3:EC:1E:07:92:6C:C1:57
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/iVPI3SRDczoM6AFsw-weB5JswVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:8a:b9:af:05:48:cd:fb:28:c6:50:db:ac:d0:25:c6:d1:af:
         57:90:ad:0a:41:61:1c:83:cc:67:f7:58:7a:e2:e3:51:20:7e:
         ef:07:d8:a9:bf:47:6e:83:6d:83:e2:f7:82:50:96:21:8f:3d:
         03:44:52:6d:86:ff:f8:c7:e0:65:19:0c:3e:de:9e:9f:24:9b:
         5b:6c:13:ff:7f:07:5f:69:84:9a:46:c7:13:03:e4:db:fa:2a:
         fc:f5:2d:57:03:1e:63:ec:21:a1:95:26:bc:2e:5f:2d:17:39:
         3a:d7:d6:22:96:c5:27:53:70:29:d0:1c:b4:2f:47:b5:81:3d:
         ae:3e:48:55:4d:00:52:f4:bc:d7:0f:34:f1:5e:65:81:6a:76:
         45:fe:05:22:e3:49:1a:f8:79:c7:b8:59:df:f3:6e:f8:8d:22:
         04:28:26:68:94:6e:22:68:6d:ca:9f:9b:aa:84:1b:6b:c7:87:
         bc:a8:01:cc:b7:a6:b0:06:33:26:8b:78:9c:19:18:16:9a:11:
         66:6b:5e:1e:d3:9f:a6:61:e7:9c:7d:57:ae:c7:6a:99:c2:08:
         ee:03:4d:89:94:ed:85:de:41:d8:01:71:31:1a:db:9b:60:ac:
         fb:6a:c4:fd:61:40:10:0e:34:58:6b:59:50:c6:4a:aa:e0:16:
         44:15:a1:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5nmCsrpgumrJEnwf4zAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTUzYzhkZDI0NDM3MzNhMGNlODAxNmNjM2VjMWUwNzkyNmNjMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0nc2em9G38u7EL3J0MJeIgA/MGj
IZy2Qjwz+a3i9MltjqDED++Y99N+sT7ODbTL7hnJQLN4zM8UVzwHXMCY3H8+RAK9
38jZyXjBnuo+agRx4G9INWPFpTXdVTybBMuDISWDFXOhOugWpIppnkwHqTLQwZrz
ME3puNtqKLv8i5zk08x9RIdkYiRVZPuW3Od5FnPOQANjDqPUV4wrA4np977D7MBW
QrcqQ8VHmA3sl7WxjLfWDdL6vKSTtmHY547bqwQ0LGZjH3/98z3UvPhadEL6wBF9
YLzA9ju8QYEB796qXIcwqa8f0zUkGwtx9VDWAeZ/YWGAqXIf1cGT1LLbkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlTyN0kQ3M6DOgBbMPsHgeSbMFXMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvaVZQSTNTUkRjem9NNkFGc3ctd2VCNUpzd1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0sMA0G
CSqGSIb3DQEBCwUAA4IBAQA8irmvBUjN+yjGUNus0CXG0a9XkK0KQWEcg8xn91h6
4uNRIH7vB9ipv0dug22D4veCUJYhjz0DRFJthv/4x+BlGQw+3p6fJJtbbBP/fwdf
aYSaRscTA+Tb+ir89S1XAx5j7CGhlSa8Ll8tFzk619YilsUnU3Ap0By0L0e1gT2u
PkhVTQBS9LzXDzTxXmWBanZF/gUi40ka+HnHuFnf8274jSIEKCZolG4iaG3Kn5uq
hBtrx4e8qAHMt6awBjMmi3icGRgWmhFma14e05+mYeecfVeux2qZwgjuA02JlO2F
3kHYAXExGtubYKz7asT9YUAQDjRYa1lQxkqq4BZEFaHM
-----END CERTIFICATE-----