Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/a604cf-1947-4b12-9a6b-3eb9134ec79d/1/kP4OsfazqCpxlGhGM7JcOoPVga4.roa
File:                     kP4OsfazqCpxlGhGM7JcOoPVga4.roa (raw, json)
Hash identifier:          9joO1mdXVHXu+GHhfK4hvWZlK9j2JWZwUuXDboRcGDY=
Subject key identifier:   90:FE:0E:B1:F6:B3:A8:2A:71:94:68:46:33:B2:5C:3A:83:D5:81:AE
Certificate issuer:       /CN=e390f2ee0a70bcaefe0195a3d8b377d34297a943
Certificate serial:       018CC94AB20E3149063E51B07EF9B267CA3C
Authority key identifier: E3:90:F2:EE:0A:70:BC:AE:FE:01:95:A3:D8:B3:77:D3:42:97:A9:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/45Dy7gpwvK7-AZWj2LN300KXqUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/a604cf-1947-4b12-9a6b-3eb9134ec79d/1/kP4OsfazqCpxlGhGM7JcOoPVga4.roa
Signing time:             Tue 02 Jan 2024 08:29:24 +0000
ROA not before:           Tue 02 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200086
IP address blocks:        185.37.155.0/24 maxlen: 24
                          2a04:71c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/a604cf-1947-4b12-9a6b-3eb9134ec79d/1/45Dy7gpwvK7-AZWj2LN300KXqUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/a604cf-1947-4b12-9a6b-3eb9134ec79d/1/45Dy7gpwvK7-AZWj2LN300KXqUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/45Dy7gpwvK7-AZWj2LN300KXqUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b2:0e:31:49:06:3e:51:b0:7e:f9:b2:67:ca:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e390f2ee0a70bcaefe0195a3d8b377d34297a943
        Validity
            Not Before: Jan  2 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90fe0eb1f6b3a82a7194684633b25c3a83d581ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:34:6a:a4:64:85:bf:70:cd:a7:71:9e:23:55:
                    f0:aa:54:b2:22:c6:67:1a:79:0f:ae:53:51:75:5c:
                    3b:ff:5b:50:28:70:05:73:02:b9:bc:19:7d:eb:ff:
                    0b:ed:7b:17:06:18:70:7b:96:13:49:33:35:cf:5b:
                    3f:a7:f3:4c:63:ff:88:04:96:a8:02:93:1e:92:cd:
                    d5:14:6c:15:72:90:6b:14:2c:11:bd:42:79:14:42:
                    a8:3e:89:e8:ba:b1:e2:9e:46:08:c7:84:75:4d:f0:
                    9b:6f:44:d4:77:a0:77:a6:80:d3:08:15:44:85:c6:
                    99:67:54:a4:2c:bd:8b:cd:59:8d:95:e0:91:bd:32:
                    7a:d8:15:da:0d:ec:cf:07:b5:20:d3:5a:3b:9b:f6:
                    7e:a2:21:99:4e:71:89:cc:09:09:f5:91:d6:7e:eb:
                    60:db:77:94:05:10:45:69:fc:71:51:61:1e:fa:d3:
                    f1:8c:98:97:13:14:68:76:dc:44:d7:c5:59:94:ec:
                    69:cf:7b:d1:43:74:16:0c:cd:4f:f6:a3:63:88:a9:
                    5d:5e:76:10:87:99:d1:d3:18:6a:36:e0:aa:c6:21:
                    3e:7b:b9:da:f0:94:57:7a:bb:2c:6b:28:0c:e4:5f:
                    ac:9f:88:a2:2a:f9:5a:60:d6:c0:b7:7f:01:2a:ce:
                    4a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FE:0E:B1:F6:B3:A8:2A:71:94:68:46:33:B2:5C:3A:83:D5:81:AE
            X509v3 Authority Key Identifier:
                keyid:E3:90:F2:EE:0A:70:BC:AE:FE:01:95:A3:D8:B3:77:D3:42:97:A9:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/45Dy7gpwvK7-AZWj2LN300KXqUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/a604cf-1947-4b12-9a6b-3eb9134ec79d/1/kP4OsfazqCpxlGhGM7JcOoPVga4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/a604cf-1947-4b12-9a6b-3eb9134ec79d/1/45Dy7gpwvK7-AZWj2LN300KXqUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.155.0/24
                IPv6:
                  2a04:71c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:54:8b:9d:d6:52:1e:5c:bb:a2:c1:4e:bf:da:14:41:90:a2:
         c9:ea:1a:51:85:52:81:cd:45:0a:e4:19:f5:6e:6d:ce:0d:60:
         0d:3e:c3:91:a6:c4:dc:c8:b9:25:84:ff:0b:c3:4a:32:92:f2:
         41:bb:42:46:bf:89:17:2a:99:d8:14:e5:13:d4:cf:61:46:f0:
         22:03:3e:e4:91:7b:2a:31:25:d0:f8:c7:d7:70:53:5a:16:c3:
         43:4d:b1:93:e9:ce:9a:e3:e2:69:f4:6d:09:9b:7d:db:ca:9c:
         2a:ea:21:84:3f:c2:12:7b:43:3f:8a:17:b6:7b:60:d9:c9:56:
         04:52:d2:6f:17:59:01:d7:6e:3d:29:8f:f0:c0:3c:91:6b:4e:
         fc:b6:91:3c:48:ed:ea:09:57:af:2a:dc:89:ce:bf:f5:8a:c0:
         4d:02:3e:e9:91:52:81:92:21:93:b5:70:2f:a0:32:69:42:88:
         a2:06:ec:4f:e8:9e:f1:d4:8e:c6:d8:61:3f:f8:bc:fb:37:9e:
         eb:f6:3f:d7:93:50:92:2b:bd:ab:e3:16:ae:67:c7:7f:7a:a9:
         df:82:59:a2:b0:34:82:d2:ba:59:86:ce:61:aa:06:e7:13:60:
         09:c6:4e:a4:b2:bc:02:55:e6:7c:d8:2b:ad:9a:65:e3:16:32:
         1b:02:a6:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJSrIOMUkGPlGwfvmyZ8o8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOTBmMmVlMGE3MGJjYWVmZTAxOTVhM2Q4YjM3N2QzNDI5
N2E5NDMwHhcNMjQwMTAyMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZlMGViMWY2YjNhODJhNzE5NDY4NDYzM2IyNWMzYTgzZDU4MWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTRqpGSFv3DNp3GeI1XwqlSyIsZn
GnkPrlNRdVw7/1tQKHAFcwK5vBl96/8L7XsXBhhwe5YTSTM1z1s/p/NMY/+IBJao
ApMeks3VFGwVcpBrFCwRvUJ5FEKoPonourHinkYIx4R1TfCbb0TUd6B3poDTCBVE
hcaZZ1SkLL2LzVmNleCRvTJ62BXaDezPB7Ug01o7m/Z+oiGZTnGJzAkJ9ZHWfutg
23eUBRBFafxxUWEe+tPxjJiXExRodtxE18VZlOxpz3vRQ3QWDM1P9qNjiKldXnYQ
h5nR0xhqNuCqxiE+e7na8JRXerssaygM5F+sn4iiKvlaYNbAt38BKs5KOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJD+DrH2s6gqcZRoRjOyXDqD1YGuMB8GA1UdIwQY
MBaAFOOQ8u4KcLyu/gGVo9izd9NCl6lDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDVEeTdncHd2SzctQVpXajJMTjMwMEtYcVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9hNjA0Y2YtMTk0Ny00YjEyLTlhNmIt
M2ViOTEzNGVjNzlkLzEva1A0T3NmYXpxQ3B4bEdoR003SmNPb1BWZ2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9hNjA0Y2YtMTk0Ny00YjEyLTlhNmItM2ViOTEzNGVjNzlk
LzEvNDVEeTdncHd2SzctQVpXajJMTjMwMEtYcVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSWbMA0E
AgACMAcDBQAqBHHAMA0GCSqGSIb3DQEBCwUAA4IBAQBMVIud1lIeXLuiwU6/2hRB
kKLJ6hpRhVKBzUUK5Bn1bm3ODWANPsORpsTcyLklhP8Lw0oykvJBu0JGv4kXKpnY
FOUT1M9hRvAiAz7kkXsqMSXQ+MfXcFNaFsNDTbGT6c6a4+Jp9G0Jm33bypwq6iGE
P8ISe0M/ihe2e2DZyVYEUtJvF1kB1249KY/wwDyRa078tpE8SO3qCVevKtyJzr/1
isBNAj7pkVKBkiGTtXAvoDJpQoiiBuxP6J7x1I7G2GE/+Lz7N57r9j/Xk1CSK72r
4xauZ8d/eqnfglmisDSC0rpZhs5hqgbnE2AJxk6ksrwCVeZ82CutmmXjFjIbAqY9
-----END CERTIFICATE-----