Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/4AcFd2IA1bETHekaamH0GzXgrtI.roa
File:                     4AcFd2IA1bETHekaamH0GzXgrtI.roa (raw, json)
Hash identifier:          KPJOOmqAP+W73c9QXGkPER7PiDYUykiwr/IHnBpp4/8=
Subject key identifier:   E0:07:05:77:62:00:D5:B1:13:1D:E9:1A:6A:61:F4:1B:35:E0:AE:D2
Certificate issuer:       /CN=64a7156b8aa89f76e4d38af2c109fbc14917b086
Certificate serial:       018CC500941BBACF2CC90307DA880978F86B
Authority key identifier: 64:A7:15:6B:8A:A8:9F:76:E4:D3:8A:F2:C1:09:FB:C1:49:17:B0:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/4AcFd2IA1bETHekaamH0GzXgrtI.roa
Signing time:             Mon 01 Jan 2024 12:29:58 +0000
ROA not before:           Mon 01 Jan 2024 12:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34062
IP address blocks:        185.99.17.0/24 maxlen: 24
                          185.99.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:94:1b:ba:cf:2c:c9:03:07:da:88:09:78:f8:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a7156b8aa89f76e4d38af2c109fbc14917b086
        Validity
            Not Before: Jan  1 12:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e00705776200d5b1131de91a6a61f41b35e0aed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ce:88:49:d2:14:e7:6d:61:9b:10:e1:d3:05:
                    d6:fc:30:a3:f5:57:77:1a:69:58:ae:8b:10:84:32:
                    fb:32:a5:a4:b9:85:5f:5f:8c:4b:8e:bd:77:8a:3b:
                    bd:3b:af:10:56:ca:4d:02:2d:8b:f3:b6:3b:e1:1b:
                    63:af:f8:3a:b8:60:53:ac:1d:d4:82:c7:0c:af:c2:
                    60:74:a0:d5:e8:23:78:45:ef:1d:57:cc:d6:71:56:
                    9e:c6:80:a3:c1:73:ee:92:5b:ef:4b:45:d6:a3:59:
                    b2:c6:34:46:dd:d1:fb:80:23:ca:68:3f:75:7d:4e:
                    03:50:79:8b:95:92:44:ac:f5:73:5c:a7:c0:52:88:
                    66:b7:16:d9:da:38:36:73:ca:1d:a9:f0:35:86:be:
                    90:74:73:1e:55:4d:96:e0:56:69:7b:e9:9a:e0:4e:
                    9c:a2:a6:54:c9:83:c8:53:c7:3f:ed:37:31:c0:fc:
                    e8:10:64:b4:f1:fd:32:53:76:16:74:70:0e:ab:03:
                    61:41:dd:2f:54:83:e3:df:21:4c:82:0c:8a:91:f9:
                    d0:d7:9f:17:01:83:51:8a:91:cf:50:90:5d:dd:46:
                    8e:01:7d:88:f8:c2:d0:9a:08:bb:91:b2:be:a3:4c:
                    81:d3:f3:03:b4:64:94:fa:f5:8a:38:f6:25:c9:9c:
                    b4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:07:05:77:62:00:D5:B1:13:1D:E9:1A:6A:61:F4:1B:35:E0:AE:D2
            X509v3 Authority Key Identifier:
                keyid:64:A7:15:6B:8A:A8:9F:76:E4:D3:8A:F2:C1:09:FB:C1:49:17:B0:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/4AcFd2IA1bETHekaamH0GzXgrtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:e9:b7:14:22:63:ec:b1:a3:13:4d:a6:24:75:66:f0:c5:39:
         d3:28:dc:2a:3d:2e:94:e8:bb:44:24:19:87:97:8a:04:81:ce:
         84:e4:61:fd:88:5d:c0:fb:41:3b:6c:d5:8b:a0:79:95:6a:05:
         fd:a8:bd:b4:cb:22:d4:78:56:a0:ff:eb:44:08:12:89:7d:41:
         15:17:d8:7b:08:59:18:99:68:29:85:3f:f7:23:69:b0:8f:2d:
         28:b2:fd:10:5b:d9:78:64:47:ed:81:ca:e3:89:d1:10:0f:ba:
         f6:80:e4:3c:95:04:1a:8e:fb:95:61:6a:08:d6:6f:4d:c6:f4:
         fa:ad:56:e4:d4:01:79:b0:40:9c:e3:39:23:ad:7e:cf:af:e7:
         73:6c:0e:b7:0c:4a:84:a3:98:93:3a:35:55:3f:37:15:73:85:
         1f:12:d8:af:d6:e3:55:92:63:a1:df:28:5c:ee:15:55:d3:c8:
         4c:87:d8:cf:0a:f2:5d:18:cf:56:a9:41:4a:13:8f:d9:50:a2:
         ae:be:00:bd:d9:e7:ca:90:e5:bd:85:fe:a8:c8:80:70:73:44:
         9b:02:71:85:9c:21:ca:b5:3c:34:57:8e:18:62:41:17:e6:15:
         a1:57:5a:11:3b:1c:90:34:88:f4:6e:28:5a:fb:b6:71:4e:91:
         56:47:e8:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJQbus8syQMH2ogJePhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTcxNTZiOGFhODlmNzZlNGQzOGFmMmMxMDlmYmMxNDkx
N2IwODYwHhcNMjQwMTAxMTIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDA3MDU3NzYyMDBkNWIxMTMxZGU5MWE2YTYxZjQxYjM1ZTBhZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjs6ISdIU521hmxDh0wXW/DCj9Vd3
GmlYrosQhDL7MqWkuYVfX4xLjr13iju9O68QVspNAi2L87Y74Rtjr/g6uGBTrB3U
gscMr8JgdKDV6CN4Re8dV8zWcVaexoCjwXPuklvvS0XWo1myxjRG3dH7gCPKaD91
fU4DUHmLlZJErPVzXKfAUohmtxbZ2jg2c8odqfA1hr6QdHMeVU2W4FZpe+ma4E6c
oqZUyYPIU8c/7TcxwPzoEGS08f0yU3YWdHAOqwNhQd0vVIPj3yFMggyKkfnQ158X
AYNRipHPUJBd3UaOAX2I+MLQmgi7kbK+o0yB0/MDtGSU+vWKOPYlyZy0JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAHBXdiANWxEx3pGmph9Bs14K7SMB8GA1UdIwQY
MBaAFGSnFWuKqJ925NOK8sEJ+8FJF7CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktjVmE0cW9uM2JrMDRyeXdRbjd3VWtYc0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zZGY2MmQtNWQ1Ny00ZDdlLTk0NDQt
NTM1MWYxYmRlNzJmLzEvNEFjRmQySUExYkVUSGVrYWFtSDBHelhncnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zZGY2MmQtNWQ1Ny00ZDdlLTk0NDQtNTM1MWYxYmRlNzJm
LzEvWktjVmE0cW9uM2JrMDRyeXdRbjd3VWtYc0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWMQMA0G
CSqGSIb3DQEBCwUAA4IBAQBH6bcUImPssaMTTaYkdWbwxTnTKNwqPS6U6LtEJBmH
l4oEgc6E5GH9iF3A+0E7bNWLoHmVagX9qL20yyLUeFag/+tECBKJfUEVF9h7CFkY
mWgphT/3I2mwjy0osv0QW9l4ZEftgcrjidEQD7r2gOQ8lQQajvuVYWoI1m9NxvT6
rVbk1AF5sECc4zkjrX7Pr+dzbA63DEqEo5iTOjVVPzcVc4UfEtiv1uNVkmOh3yhc
7hVV08hMh9jPCvJdGM9WqUFKE4/ZUKKuvgC92efKkOW9hf6oyIBwc0SbAnGFnCHK
tTw0V44YYkEX5hWhV1oROxyQNIj0biha+7ZxTpFWR+ig
-----END CERTIFICATE-----