Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/l4MOq12dViClhD4ewB3hgZm_wKQ.roa
File:                     l4MOq12dViClhD4ewB3hgZm_wKQ.roa (raw, json)
Hash identifier:          in/aztYu0YfNLRjqdOSYcEiPBVJtFvubq2eisk2FfnE=
Subject key identifier:   97:83:0E:AB:5D:9D:56:20:A5:84:3E:1E:C0:1D:E1:81:99:BF:C0:A4
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       018CC56ED9A3E7624A90F027C8F788C4CD31
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/l4MOq12dViClhD4ewB3hgZm_wKQ.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60981
IP address blocks:        213.146.186.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 22:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d9:a3:e7:62:4a:90:f0:27:c8:f7:88:c4:cd:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97830eab5d9d5620a5843e1ec01de18199bfc0a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:0a:c8:e3:85:9f:20:d0:b2:39:18:32:fd:73:
                    53:18:4a:91:b8:7a:91:d6:81:9f:03:52:4e:9d:3e:
                    53:1c:22:27:58:3d:88:8e:c4:7f:36:ad:76:0e:e1:
                    fd:ef:df:76:5a:49:77:19:42:82:3d:0f:e0:9a:70:
                    eb:27:c2:db:17:cb:10:6b:bb:ae:d1:5b:37:8c:7f:
                    51:7f:34:c5:83:5e:86:42:9c:0b:2a:20:8f:e7:ae:
                    3d:35:99:87:23:a3:46:a2:4a:45:28:2a:2f:bd:3e:
                    1c:a7:06:84:8e:f8:64:81:57:2a:2d:67:cb:cb:34:
                    73:e6:40:9b:df:54:6b:d5:81:f6:70:4f:d6:03:4f:
                    36:68:d8:c6:fd:6a:99:d7:e5:33:d6:f5:28:70:49:
                    bd:59:2f:ad:ef:ee:75:d7:e6:42:15:1b:88:3c:bf:
                    03:67:80:b5:5a:a3:cc:e0:ee:5d:56:5b:49:74:ec:
                    c3:0e:ff:7e:0d:c3:e4:48:49:25:ab:9c:a2:e8:3d:
                    5f:9d:b1:6c:ea:bf:c6:0b:95:93:e1:19:20:26:e2:
                    b8:1b:d1:17:b2:53:18:f5:1e:44:40:aa:27:2a:c6:
                    38:f7:17:e3:ba:71:6e:80:ba:0c:bf:3a:ec:5b:e7:
                    d7:05:2c:78:f4:9c:56:5a:fe:2a:9b:e9:59:af:92:
                    3e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:83:0E:AB:5D:9D:56:20:A5:84:3E:1E:C0:1D:E1:81:99:BF:C0:A4
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/l4MOq12dViClhD4ewB3hgZm_wKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.146.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:92:e4:0a:50:15:cd:75:1b:7c:ed:00:93:ce:90:64:ed:b5:
         f0:da:8c:3d:6b:4a:5e:57:26:e3:31:ff:49:88:87:ce:22:65:
         02:f1:0d:71:df:01:00:7f:c8:e0:6c:2c:fa:00:b0:6d:b5:82:
         e8:1e:5b:7c:f2:3e:34:62:59:f2:e1:1d:84:d2:16:15:a6:0e:
         e0:0b:ae:a8:e3:d2:6a:5c:2e:cb:89:e7:42:67:1c:fc:04:43:
         f2:4f:98:35:11:a1:c4:08:86:0e:39:ad:5f:1c:e9:a7:ec:68:
         7e:83:22:bc:ce:b6:d7:10:79:b4:50:17:a7:75:ad:d7:c7:85:
         88:96:49:18:e4:f1:78:4a:91:6c:5d:23:1e:d0:dd:38:28:2a:
         17:35:88:9f:0b:1e:7b:cf:fd:3b:f6:8e:ac:aa:84:d5:12:8c:
         5e:3b:18:7d:e8:5c:0e:65:c3:7c:33:8a:a0:e8:9d:c4:42:95:
         17:d8:aa:0c:ae:5c:56:af:f3:a8:0a:6c:23:60:90:98:eb:7f:
         1d:e0:42:60:68:19:74:70:1e:86:fc:d3:b9:00:8b:17:77:f5:
         19:d4:f9:fb:4b:3c:56:bc:3f:48:56:9a:a7:57:05:0c:74:ba:
         bc:aa:c0:e8:89:f0:ad:cb:47:0b:98:bf:7e:02:7a:02:1c:d9:
         cc:bd:4a:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtmj52JKkPAnyPeIxM0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzgzMGVhYjVkOWQ1NjIwYTU4NDNlMWVjMDFkZTE4MTk5YmZjMGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwrI44WfINCyORgy/XNTGEqRuHqR
1oGfA1JOnT5THCInWD2IjsR/Nq12DuH97992Wkl3GUKCPQ/gmnDrJ8LbF8sQa7uu
0Vs3jH9RfzTFg16GQpwLKiCP5649NZmHI6NGokpFKCovvT4cpwaEjvhkgVcqLWfL
yzRz5kCb31Rr1YH2cE/WA082aNjG/WqZ1+Uz1vUocEm9WS+t7+511+ZCFRuIPL8D
Z4C1WqPM4O5dVltJdOzDDv9+DcPkSEklq5yi6D1fnbFs6r/GC5WT4RkgJuK4G9EX
slMY9R5EQKonKsY49xfjunFugLoMvzrsW+fXBSx49JxWWv4qm+lZr5I+8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeDDqtdnVYgpYQ+HsAd4YGZv8CkMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvbDRNT3ExMmRWaUNsaEQ0ZXdCM2hnWm1fd0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1ZK6MA0G
CSqGSIb3DQEBCwUAA4IBAQAgkuQKUBXNdRt87QCTzpBk7bXw2ow9a0peVybjMf9J
iIfOImUC8Q1x3wEAf8jgbCz6ALBttYLoHlt88j40Ylny4R2E0hYVpg7gC66o49Jq
XC7LiedCZxz8BEPyT5g1EaHECIYOOa1fHOmn7Gh+gyK8zrbXEHm0UBenda3Xx4WI
lkkY5PF4SpFsXSMe0N04KCoXNYifCx57z/079o6sqoTVEoxeOxh96FwOZcN8M4qg
6J3EQpUX2KoMrlxWr/OoCmwjYJCY638d4EJgaBl0cB6G/NO5AIsXd/UZ1Pn7SzxW
vD9IVpqnVwUMdLq8qsDoifCty0cLmL9+AnoCHNnMvUpM
-----END CERTIFICATE-----