Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/ZWo62kIfkRwQ5Gr4F_ANsegocS4.roa
File:                     ZWo62kIfkRwQ5Gr4F_ANsegocS4.roa (raw, json)
Hash identifier:          oaBAWGIjIY9HStDtH+eRKk+VjT4KvVVnNJxRkmWT3S8=
Subject key identifier:   65:6A:3A:DA:42:1F:91:1C:10:E4:6A:F8:17:F0:0D:B1:E8:28:71:2E
Certificate issuer:       /CN=4645c9c58d5a4999b5dce9e070d32f488e331f52
Certificate serial:       01909E5737B057B2CBF438335C143FD3AB95
Authority key identifier: 46:45:C9:C5:8D:5A:49:99:B5:DC:E9:E0:70:D3:2F:48:8E:33:1F:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RkXJxY1aSZm13OngcNMvSI4zH1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/ZWo62kIfkRwQ5Gr4F_ANsegocS4.roa
Signing time:             Wed 10 Jul 2024 20:30:34 +0000
ROA not before:           Wed 10 Jul 2024 20:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215160
IP address blocks:        185.18.224.0/23 maxlen: 24
                          185.18.224.0/24 maxlen: 24
                          185.18.225.0/24 maxlen: 24
                          2a14:3540::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/RkXJxY1aSZm13OngcNMvSI4zH1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/RkXJxY1aSZm13OngcNMvSI4zH1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RkXJxY1aSZm13OngcNMvSI4zH1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9e:57:37:b0:57:b2:cb:f4:38:33:5c:14:3f:d3:ab:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4645c9c58d5a4999b5dce9e070d32f488e331f52
        Validity
            Not Before: Jul 10 20:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=656a3ada421f911c10e46af817f00db1e828712e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0b:d4:ba:a0:e1:83:31:2f:f0:84:6e:f7:b3:
                    59:2a:8f:dc:a2:0a:15:c8:b4:47:9f:eb:77:9d:8b:
                    4f:87:4d:fd:1d:77:a9:04:a2:a4:5d:5b:8d:03:54:
                    11:71:85:29:d6:da:e0:2e:a0:a9:c5:b6:54:20:e8:
                    17:d3:91:68:c1:06:29:77:cb:a8:37:52:ea:08:74:
                    89:43:1e:ce:70:24:df:4c:ed:1b:00:14:37:25:da:
                    14:2b:a0:85:67:80:6e:c6:09:7c:7b:16:db:75:6f:
                    1c:94:2b:d8:6b:cc:42:b8:39:e4:57:6e:12:f3:1e:
                    98:e8:7d:15:5b:6d:f6:38:b2:59:4f:11:d7:e4:1f:
                    75:e5:c7:4b:47:82:3f:6c:ef:bc:03:f0:49:2e:54:
                    d4:fb:84:0f:df:49:4b:01:cd:44:60:cb:a4:3c:fc:
                    3c:33:46:e5:bb:cf:ca:5f:90:07:18:42:3e:6a:c9:
                    0a:15:0a:95:00:c7:8f:7b:b1:33:f7:a9:6f:b6:c4:
                    d2:df:86:d5:c3:e0:af:ac:b9:0d:2b:ef:95:ed:b6:
                    a5:2b:4a:af:1b:6e:9b:d0:b8:0d:f3:59:b0:3d:db:
                    5b:cb:7c:82:a6:c2:9d:97:f2:46:32:fd:ce:c2:1d:
                    ba:91:d6:09:c3:53:3c:8b:f3:5f:38:3c:27:23:c5:
                    fe:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:6A:3A:DA:42:1F:91:1C:10:E4:6A:F8:17:F0:0D:B1:E8:28:71:2E
            X509v3 Authority Key Identifier:
                keyid:46:45:C9:C5:8D:5A:49:99:B5:DC:E9:E0:70:D3:2F:48:8E:33:1F:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RkXJxY1aSZm13OngcNMvSI4zH1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/ZWo62kIfkRwQ5Gr4F_ANsegocS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/RkXJxY1aSZm13OngcNMvSI4zH1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.224.0/23
                IPv6:
                  2a14:3540::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:75:ee:26:d4:31:4e:5f:28:de:0f:b5:3a:c5:15:54:41:8f:
         28:53:53:be:95:6b:6a:d2:54:d5:66:5b:b7:e3:5e:a5:6a:36:
         8c:52:4a:ca:09:e6:66:78:32:15:05:8f:74:58:66:13:9d:b9:
         2c:66:8d:c3:63:0f:87:a1:66:93:78:bb:9e:b7:5c:8f:87:35:
         0f:43:17:6a:8a:ef:1d:b1:ef:88:cb:2a:dc:09:d4:db:0c:f4:
         ee:22:cb:04:7b:35:c0:28:ce:ec:8d:c2:43:51:f7:4b:b8:ae:
         65:0d:e0:80:86:ad:fb:5a:f3:a8:d6:e0:05:e6:a7:a2:73:33:
         a5:e8:47:87:5a:6f:95:cb:8c:35:14:23:e8:4e:f0:eb:98:69:
         57:53:4c:0d:1f:36:c5:b5:40:09:b3:45:57:0c:3e:9b:52:f9:
         99:28:eb:70:f6:50:79:05:f2:9d:53:e3:df:96:55:42:e6:c2:
         d2:a0:e1:46:dc:a3:4b:fe:b2:34:51:91:72:14:7f:84:0e:63:
         5c:0b:d4:77:63:58:99:22:d6:a1:d4:7d:67:36:f9:fd:3b:d4:
         70:88:5d:37:86:c8:bd:d2:77:26:07:16:63:19:3e:60:31:02:
         c5:76:96:d7:1c:27:bd:43:c1:cb:54:60:55:75:c5:da:bd:0c:
         3a:12:1f:98
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZCeVzewV7LL9DgzXBQ/06uVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDVjOWM1OGQ1YTQ5OTliNWRjZTllMDcwZDMyZjQ4OGUz
MzFmNTIwHhcNMjQwNzEwMjAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTZhM2FkYTQyMWY5MTFjMTBlNDZhZjgxN2YwMGRiMWU4Mjg3MTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAvUuqDhgzEv8IRu97NZKo/cogoV
yLRHn+t3nYtPh039HXepBKKkXVuNA1QRcYUp1trgLqCpxbZUIOgX05FowQYpd8uo
N1LqCHSJQx7OcCTfTO0bABQ3JdoUK6CFZ4Buxgl8exbbdW8clCvYa8xCuDnkV24S
8x6Y6H0VW232OLJZTxHX5B915cdLR4I/bO+8A/BJLlTU+4QP30lLAc1EYMukPPw8
M0blu8/KX5AHGEI+askKFQqVAMePe7Ez96lvtsTS34bVw+CvrLkNK++V7balK0qv
G26b0LgN81mwPdtby3yCpsKdl/JGMv3Owh26kdYJw1M8i/NfODwnI8X+KwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGVqOtpCH5EcEORq+BfwDbHoKHEuMB8GA1UdIwQY
MBaAFEZFycWNWkmZtdzp4HDTL0iOMx9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtYSnhZMWFTWm0xM09uZ2NOTXZTSTR6SDFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82YzUzMzEtZGMxYi00ZjhjLTlkM2Qt
MjhiZjFkMzNhYTkwLzEvWldvNjJrSWZrUndRNUdyNEZfQU5zZWdvY1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82YzUzMzEtZGMxYi00ZjhjLTlkM2QtMjhiZjFkMzNhYTkw
LzEvUmtYSnhZMWFTWm0xM09uZ2NOTXZTSTR6SDFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuRLgMA0E
AgACMAcDBQAqFDVAMA0GCSqGSIb3DQEBCwUAA4IBAQBSde4m1DFOXyjeD7U6xRVU
QY8oU1O+lWtq0lTVZlu3416lajaMUkrKCeZmeDIVBY90WGYTnbksZo3DYw+HoWaT
eLuet1yPhzUPQxdqiu8dse+IyyrcCdTbDPTuIssEezXAKM7sjcJDUfdLuK5lDeCA
hq37WvOo1uAF5qeiczOl6EeHWm+Vy4w1FCPoTvDrmGlXU0wNHzbFtUAJs0VXDD6b
UvmZKOtw9lB5BfKdU+PfllVC5sLSoOFG3KNL/rI0UZFyFH+EDmNcC9R3Y1iZItah
1H1nNvn9O9RwiF03hsi90ncmBxZjGT5gMQLFdpbXHCe9Q8HLVGBVdcXavQw6Eh+Y
-----END CERTIFICATE-----