Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/JOp1EOj_9iZs0ovoodX5OmYhu1w.roa
File:                     JOp1EOj_9iZs0ovoodX5OmYhu1w.roa (raw, json)
Hash identifier:          mjMSMN2JLHJ+eBVtDYKvcRO4aGZl/aZ3WUJVu65boYI=
Subject key identifier:   24:EA:75:10:E8:FF:F6:26:6C:D2:8B:E8:A1:D5:F9:3A:66:21:BB:5C
Certificate issuer:       /CN=dac71030fe081e02bab4823d0568ffb2a33265e1
Certificate serial:       018D87703981D043169D81381C093216278B
Authority key identifier: DA:C7:10:30:FE:08:1E:02:BA:B4:82:3D:05:68:FF:B2:A3:32:65:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2scQMP4IHgK6tII9BWj_sqMyZeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/JOp1EOj_9iZs0ovoodX5OmYhu1w.roa
Signing time:             Thu 08 Feb 2024 06:38:15 +0000
ROA not before:           Thu 08 Feb 2024 06:38:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205285
IP address blocks:        185.223.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/2scQMP4IHgK6tII9BWj_sqMyZeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/2scQMP4IHgK6tII9BWj_sqMyZeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2scQMP4IHgK6tII9BWj_sqMyZeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:70:39:81:d0:43:16:9d:81:38:1c:09:32:16:27:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac71030fe081e02bab4823d0568ffb2a33265e1
        Validity
            Not Before: Feb  8 06:38:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24ea7510e8fff6266cd28be8a1d5f93a6621bb5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bf:7e:ae:42:4d:d7:1f:49:52:5b:a0:5f:e4:
                    c1:8a:d3:fa:26:be:d8:56:04:e3:ec:a4:e4:89:0c:
                    6f:92:11:0b:01:ff:ac:31:79:16:88:1b:cf:62:b0:
                    e9:57:a7:16:c7:02:be:a6:fc:77:5c:69:8d:8b:93:
                    ac:86:95:82:02:44:50:f2:00:ac:11:1b:a0:3c:c8:
                    35:1f:bf:fc:65:19:61:bf:66:3b:0e:ad:23:b5:73:
                    4b:7e:2b:c2:aa:5f:5f:72:a7:c6:cf:96:65:5a:44:
                    ca:00:b0:4c:64:c5:19:46:ed:57:47:ea:aa:fa:04:
                    b3:80:ac:89:98:bc:a5:f6:85:ac:05:59:03:7a:5d:
                    32:45:68:76:6c:ba:cc:6a:7a:30:c2:17:0d:d5:79:
                    34:c2:cd:46:95:14:58:c8:8a:db:97:9e:13:df:a0:
                    2c:76:d0:80:04:f8:10:e6:85:e8:12:ed:a3:b4:12:
                    d2:d4:61:6b:39:7f:4b:0d:ed:2b:f8:f0:a1:8b:98:
                    3a:cd:eb:09:9f:f0:ee:ce:dd:58:4b:a6:bd:ca:3b:
                    6b:63:3c:0f:73:29:2f:0c:42:34:76:29:e9:21:bd:
                    65:fc:8c:d1:c8:69:ad:0f:f1:ad:7b:5c:0a:98:21:
                    e9:62:55:aa:7a:a2:81:ab:e0:ab:6c:86:ef:c1:64:
                    10:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EA:75:10:E8:FF:F6:26:6C:D2:8B:E8:A1:D5:F9:3A:66:21:BB:5C
            X509v3 Authority Key Identifier:
                keyid:DA:C7:10:30:FE:08:1E:02:BA:B4:82:3D:05:68:FF:B2:A3:32:65:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2scQMP4IHgK6tII9BWj_sqMyZeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/JOp1EOj_9iZs0ovoodX5OmYhu1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/25e6d8-4e72-4ac2-b6e5-c8201b91aec3/1/2scQMP4IHgK6tII9BWj_sqMyZeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:20:99:01:fa:cc:4c:52:90:79:ca:0f:69:86:36:a6:6b:7b:
         f6:ba:3c:e1:d5:85:8f:ec:53:49:cb:09:1a:eb:5d:c2:b3:3a:
         ab:77:17:b1:72:8d:7d:53:33:da:ba:ca:72:78:32:bb:85:77:
         cb:36:92:c6:10:a3:0f:ce:67:b1:ab:86:ab:ef:e1:a7:7e:a4:
         c6:d3:c3:a8:54:b1:0f:5f:5d:1a:7c:e3:fe:93:79:b2:05:2a:
         87:dd:7c:5f:d6:1d:c8:0f:bc:1f:5c:c8:6d:d3:d8:59:76:a1:
         24:c2:37:d7:84:5b:58:54:4b:dd:17:7e:b7:48:3a:60:6c:0d:
         e5:94:71:0a:e8:5b:cf:8f:6f:2a:df:a3:74:31:94:a5:f8:e8:
         e5:b9:b2:1d:d4:3c:bb:dc:54:7a:9b:ad:63:0f:85:fd:78:8a:
         fd:df:20:ed:f0:0e:ec:4f:ed:9f:05:38:ed:49:f6:ea:b2:d5:
         80:fe:00:55:e7:54:40:aa:2b:0b:98:9e:42:d0:59:6c:bd:c2:
         ed:da:3c:2d:bd:52:17:b6:82:89:29:93:56:31:60:f1:09:2e:
         9e:d4:68:18:86:22:6a:4a:48:88:b0:97:20:42:b2:75:06:69:
         ea:64:58:60:4d:1c:12:ca:30:79:4f:aa:48:07:01:f3:7c:36:
         0c:84:c7:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2HcDmB0EMWnYE4HAkyFieLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzcxMDMwZmUwODFlMDJiYWI0ODIzZDA1NjhmZmIyYTMz
MjY1ZTEwHhcNMjQwMjA4MDYzODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGVhNzUxMGU4ZmZmNjI2NmNkMjhiZThhMWQ1ZjkzYTY2MjFiYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub9+rkJN1x9JUlugX+TBitP6Jr7Y
VgTj7KTkiQxvkhELAf+sMXkWiBvPYrDpV6cWxwK+pvx3XGmNi5OshpWCAkRQ8gCs
ERugPMg1H7/8ZRlhv2Y7Dq0jtXNLfivCql9fcqfGz5ZlWkTKALBMZMUZRu1XR+qq
+gSzgKyJmLyl9oWsBVkDel0yRWh2bLrManowwhcN1Xk0ws1GlRRYyIrbl54T36As
dtCABPgQ5oXoEu2jtBLS1GFrOX9LDe0r+PChi5g6zesJn/Duzt1YS6a9yjtrYzwP
cykvDEI0dinpIb1l/IzRyGmtD/Gte1wKmCHpYlWqeqKBq+CrbIbvwWQQbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTqdRDo//YmbNKL6KHV+TpmIbtcMB8GA1UdIwQY
MBaAFNrHEDD+CB4CurSCPQVo/7KjMmXhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNjUU1QNElIZ0s2dElJOUJXal9zcU15WmVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNWU2ZDgtNGU3Mi00YWMyLWI2ZTUt
YzgyMDFiOTFhZWMzLzEvSk9wMUVPal85aVpzMG92b29kWDVPbVlodTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNWU2ZDgtNGU3Mi00YWMyLWI2ZTUtYzgyMDFiOTFhZWMz
LzEvMnNjUU1QNElIZ0s2dElJOUJXal9zcU15WmVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud8EMA0G
CSqGSIb3DQEBCwUAA4IBAQAwIJkB+sxMUpB5yg9phjama3v2ujzh1YWP7FNJywka
613Cszqrdxexco19UzPauspyeDK7hXfLNpLGEKMPzmexq4ar7+GnfqTG08OoVLEP
X10afOP+k3myBSqH3Xxf1h3ID7wfXMht09hZdqEkwjfXhFtYVEvdF363SDpgbA3l
lHEK6FvPj28q36N0MZSl+OjlubId1Dy73FR6m61jD4X9eIr93yDt8A7sT+2fBTjt
SfbqstWA/gBV51RAqisLmJ5C0FlsvcLt2jwtvVIXtoKJKZNWMWDxCS6e1GgYhiJq
SkiIsJcgQrJ1BmnqZFhgTRwSyjB5T6pIBwHzfDYMhMcw
-----END CERTIFICATE-----