Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/O4VlfybNPve5MgldzHU-xAYXsIk.roa
File:                     O4VlfybNPve5MgldzHU-xAYXsIk.roa (raw, json)
Hash identifier:          OYySj57WGjUCBw/SV8CheRD0TSM60JPFox+F4RWH3Z0=
Subject key identifier:   3B:85:65:7F:26:CD:3E:F7:B9:32:09:5D:CC:75:3E:C4:06:17:B0:89
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DACC8797CF071A743762EAE431B97F
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/O4VlfybNPve5MgldzHU-xAYXsIk.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202599
IP address blocks:        185.159.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cc:87:97:cf:07:1a:74:37:62:ea:e4:31:b9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b85657f26cd3ef7b932095dcc753ec40617b089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e1:41:16:a9:c2:51:18:ed:9c:85:8c:05:19:
                    96:d5:73:9b:cb:05:7e:bb:4c:f7:62:58:44:d8:7a:
                    0f:b3:9f:7b:3a:b2:f1:6d:a5:b1:7e:d9:91:e1:9b:
                    5b:4d:fd:b3:ea:26:f9:a8:df:f2:67:37:ed:bc:9f:
                    19:33:3a:e6:10:42:9d:e9:bc:3b:c4:1a:5c:ee:d2:
                    27:82:0b:84:b4:de:d2:f2:c0:60:f7:df:cb:fa:68:
                    c7:e4:0b:70:f5:d2:59:55:54:aa:c9:94:4a:f2:e0:
                    e0:4b:ea:11:50:c2:33:04:bc:95:b1:7b:69:9d:06:
                    75:1f:86:c6:33:87:76:9a:6d:ce:51:14:06:d3:8d:
                    c6:0d:bb:d5:9e:8f:25:ea:ec:3f:2b:0a:7d:3c:29:
                    bc:b2:96:80:db:02:24:89:3e:73:70:de:e6:a5:a3:
                    76:71:5b:b2:95:32:0e:20:2d:e5:b5:2d:41:08:bb:
                    6c:e8:82:90:5f:6a:f9:01:e3:5f:b4:fe:0f:ab:46:
                    ed:19:44:b2:08:58:af:0e:a6:d9:0b:3e:be:c4:c7:
                    44:ed:b2:19:cf:06:f0:5d:5f:05:e4:75:ae:45:4d:
                    f3:99:7a:92:da:42:73:71:a6:ac:0b:ec:a5:f5:a5:
                    43:84:86:cf:58:ad:0c:84:ca:27:df:3f:e2:98:fa:
                    04:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:85:65:7F:26:CD:3E:F7:B9:32:09:5D:CC:75:3E:C4:06:17:B0:89
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/O4VlfybNPve5MgldzHU-xAYXsIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:f8:13:7e:62:c2:0d:13:7c:e0:45:d0:f2:b0:e8:d3:c3:a0:
         60:4b:81:53:55:cc:33:7d:96:73:37:80:bb:59:8a:66:fb:68:
         79:30:5f:43:78:fe:1a:f9:bb:08:29:e3:6a:5a:bc:4f:26:a1:
         25:a1:77:4c:2a:19:06:6a:7f:c2:c3:fc:d6:16:e3:38:bd:61:
         09:1c:aa:6d:14:83:19:bb:9c:c3:8b:9c:84:93:fc:05:09:52:
         fd:1b:60:d8:d8:b6:9f:d1:8f:b7:17:65:da:0a:55:3b:16:07:
         22:75:c0:0b:94:45:21:a1:d2:ca:39:55:5c:3f:39:81:e1:01:
         82:cf:e7:4a:54:9c:c6:4d:a2:97:bc:70:8c:15:d4:05:84:6b:
         f2:6e:74:13:a9:22:09:34:28:96:34:31:33:80:6e:e3:01:0c:
         39:c6:59:07:ca:81:4c:bd:5c:ff:e0:4a:58:8d:88:93:c0:83:
         13:b7:86:c1:bb:16:e5:d8:87:15:2b:56:bb:3c:af:b4:2c:fa:
         f7:1e:0f:69:cc:72:69:21:f0:ea:57:dd:db:5f:f9:bd:27:d2:
         c3:0a:2f:b9:d3:af:11:07:50:63:d8:85:fc:27:63:b8:0b:35:
         be:51:8f:20:82:e1:b4:84:49:2a:f2:90:58:27:4f:87:b9:31:
         da:cf:91:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2syHl88HGnQ3YurkMbl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg1NjU3ZjI2Y2QzZWY3YjkzMjA5NWRjYzc1M2VjNDA2MTdiMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneFBFqnCURjtnIWMBRmW1XObywV+
u0z3YlhE2HoPs597OrLxbaWxftmR4ZtbTf2z6ib5qN/yZzftvJ8ZMzrmEEKd6bw7
xBpc7tIngguEtN7S8sBg99/L+mjH5Atw9dJZVVSqyZRK8uDgS+oRUMIzBLyVsXtp
nQZ1H4bGM4d2mm3OURQG043GDbvVno8l6uw/Kwp9PCm8spaA2wIkiT5zcN7mpaN2
cVuylTIOIC3ltS1BCLts6IKQX2r5AeNftP4Pq0btGUSyCFivDqbZCz6+xMdE7bIZ
zwbwXV8F5HWuRU3zmXqS2kJzcaasC+yl9aVDhIbPWK0MhMon3z/imPoEkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuFZX8mzT73uTIJXcx1PsQGF7CJMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvTzRWbGZ5Yk5QdmU1TWdsZHpIVS14QVlYc0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ/UMA0G
CSqGSIb3DQEBCwUAA4IBAQBx+BN+YsINE3zgRdDysOjTw6BgS4FTVcwzfZZzN4C7
WYpm+2h5MF9DeP4a+bsIKeNqWrxPJqEloXdMKhkGan/Cw/zWFuM4vWEJHKptFIMZ
u5zDi5yEk/wFCVL9G2DY2Laf0Y+3F2XaClU7FgcidcALlEUhodLKOVVcPzmB4QGC
z+dKVJzGTaKXvHCMFdQFhGvybnQTqSIJNCiWNDEzgG7jAQw5xlkHyoFMvVz/4EpY
jYiTwIMTt4bBuxbl2IcVK1a7PK+0LPr3Hg9pzHJpIfDqV93bX/m9J9LDCi+5068R
B1Bj2IX8J2O4CzW+UY8gguG0hEkq8pBYJ0+HuTHaz5GB
-----END CERTIFICATE-----