Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/4ix-Y7vqENOQM9IHsoAHqhCtEjE.roa
File:                     4ix-Y7vqENOQM9IHsoAHqhCtEjE.roa (raw, json)
Hash identifier:          CoEG+vgy2Lo5rjo98SpyqlxDau85/UxpP3hZ5l55wT8=
Subject key identifier:   E2:2C:7E:63:BB:EA:10:D3:90:33:D2:07:B2:80:07:AA:10:AD:12:31
Certificate issuer:       /CN=5281b841f12769489d5fd343b72ba44f90c96f32
Certificate serial:       018CC56EE21DB7269C054BFC8589CFA7AB78
Authority key identifier: 52:81:B8:41:F1:27:69:48:9D:5F:D3:43:B7:2B:A4:4F:90:C9:6F:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UoG4QfEnaUidX9NDtyukT5DJbzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/4ix-Y7vqENOQM9IHsoAHqhCtEjE.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44141
IP address blocks:        91.198.44.0/24 maxlen: 24
                          46.31.40.0/21 maxlen: 21
                          185.13.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/UoG4QfEnaUidX9NDtyukT5DJbzI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/UoG4QfEnaUidX9NDtyukT5DJbzI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UoG4QfEnaUidX9NDtyukT5DJbzI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e2:1d:b7:26:9c:05:4b:fc:85:89:cf:a7:ab:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5281b841f12769489d5fd343b72ba44f90c96f32
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e22c7e63bbea10d39033d207b28007aa10ad1231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c6:4d:28:4b:9a:e2:4c:13:66:42:b6:5f:a6:
                    99:16:47:18:18:9a:cf:b9:45:88:da:62:ca:84:d1:
                    18:4c:67:74:e9:02:b9:73:99:f2:a6:80:11:15:eb:
                    5f:e2:3b:c4:3c:b9:ec:7d:23:70:37:cc:4e:9c:02:
                    cf:4c:8b:a7:1c:40:a7:1a:e2:19:44:9e:23:60:6f:
                    bf:6e:64:66:df:9c:44:16:fe:38:ee:54:7a:cc:84:
                    64:0f:86:df:c8:5c:e0:35:5d:0f:13:7f:87:64:25:
                    59:79:5c:21:ee:12:ea:52:41:e7:8d:e6:6d:8e:f7:
                    65:69:e8:2f:bd:4e:29:db:9a:4f:ba:f7:c1:a3:be:
                    ff:bf:51:e9:2c:6e:8b:b8:2b:a6:ee:9a:e5:59:99:
                    36:fe:df:31:ae:78:f6:bd:ce:c3:1f:2a:79:ed:9d:
                    1c:b6:a1:c7:88:f9:fd:c8:0d:ce:b7:61:da:bc:a2:
                    1c:82:c2:26:4b:6b:ef:e1:30:f9:40:22:1d:79:0c:
                    d4:a2:31:38:83:47:e4:40:73:0f:49:ee:0c:7c:b4:
                    dd:8f:fb:86:47:65:6d:2c:2d:75:a0:0a:eb:63:6c:
                    13:0e:98:ab:41:30:aa:67:48:6e:9c:d2:db:1c:8b:
                    05:67:98:dc:3d:01:28:e3:31:19:78:3d:b9:8b:4f:
                    f9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2C:7E:63:BB:EA:10:D3:90:33:D2:07:B2:80:07:AA:10:AD:12:31
            X509v3 Authority Key Identifier:
                keyid:52:81:B8:41:F1:27:69:48:9D:5F:D3:43:B7:2B:A4:4F:90:C9:6F:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UoG4QfEnaUidX9NDtyukT5DJbzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/4ix-Y7vqENOQM9IHsoAHqhCtEjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/14225b-bf95-45c9-8d7b-fc25d455af85/1/UoG4QfEnaUidX9NDtyukT5DJbzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.40.0/21
                  91.198.44.0/24
                  185.13.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:64:4c:8b:00:f8:42:c6:16:6c:2d:c4:e6:26:58:f2:07:d5:
         63:f3:5f:64:fd:36:2e:f8:0f:08:3f:70:e4:84:c1:56:e3:f5:
         ce:b9:5b:65:2e:ae:aa:3d:6c:3c:80:fe:12:54:6b:81:e5:bd:
         51:73:d6:3c:39:b0:14:75:d8:b5:71:73:0b:0c:ae:03:c7:98:
         e6:55:bf:b0:56:30:b8:f5:25:70:01:4a:04:b8:b6:30:ef:64:
         c9:65:68:09:87:83:c1:55:0f:6e:c2:66:3c:8a:6e:d1:d7:91:
         e5:c9:4a:b8:38:bf:b1:14:1e:50:f7:6e:ea:cc:69:51:69:29:
         d8:03:39:00:fb:cf:b4:59:a1:6c:e6:e4:ab:76:39:a1:38:49:
         cb:79:a5:14:a0:ba:94:5b:82:5a:79:5e:be:3c:77:2b:44:e1:
         14:3b:5c:1a:93:7a:0e:19:4e:cd:a2:42:89:75:93:f2:4e:9c:
         96:b4:fc:66:9e:5e:8a:6c:1c:e8:72:90:cb:b4:7c:9d:b3:ae:
         c5:8f:b6:8c:24:10:ed:9b:48:23:8c:de:51:0f:c3:14:e0:8e:
         bd:ae:c3:e0:d3:e7:6b:5b:a8:10:d1:3d:c1:25:30:bc:c1:dd:
         a3:b9:c6:c4:1f:34:51:9f:57:e2:91:cd:a3:98:55:fe:b6:9c:
         87:83:db:62
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbuIdtyacBUv8hYnPp6t4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyODFiODQxZjEyNzY5NDg5ZDVmZDM0M2I3MmJhNDRmOTBj
OTZmMzIwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJjN2U2M2JiZWExMGQzOTAzM2QyMDdiMjgwMDdhYTEwYWQxMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsZNKEua4kwTZkK2X6aZFkcYGJrP
uUWI2mLKhNEYTGd06QK5c5nypoARFetf4jvEPLnsfSNwN8xOnALPTIunHECnGuIZ
RJ4jYG+/bmRm35xEFv447lR6zIRkD4bfyFzgNV0PE3+HZCVZeVwh7hLqUkHnjeZt
jvdlaegvvU4p25pPuvfBo77/v1HpLG6LuCum7prlWZk2/t8xrnj2vc7DHyp57Z0c
tqHHiPn9yA3Ot2HavKIcgsImS2vv4TD5QCIdeQzUojE4g0fkQHMPSe4MfLTdj/uG
R2VtLC11oArrY2wTDpirQTCqZ0hunNLbHIsFZ5jcPQEo4zEZeD25i0/5eQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOIsfmO76hDTkDPSB7KAB6oQrRIxMB8GA1UdIwQY
MBaAFFKBuEHxJ2lInV/TQ7crpE+QyW8yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW9HNFFmRW5hVWlkWDlORHR5dWtUNURKYnpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xNDIyNWItYmY5NS00NWM5LThkN2It
ZmMyNWQ0NTVhZjg1LzEvNGl4LVk3dnFFTk9RTTlJSHNvQUhxaEN0RWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xNDIyNWItYmY5NS00NWM5LThkN2ItZmMyNWQ0NTVhZjg1
LzEvVW9HNFFmRW5hVWlkWDlORHR5dWtUNURKYnpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLh8oAwQA
W8YsAwQCuQ1AMA0GCSqGSIb3DQEBCwUAA4IBAQCYZEyLAPhCxhZsLcTmJljyB9Vj
819k/TYu+A8IP3DkhMFW4/XOuVtlLq6qPWw8gP4SVGuB5b1Rc9Y8ObAUddi1cXML
DK4Dx5jmVb+wVjC49SVwAUoEuLYw72TJZWgJh4PBVQ9uwmY8im7R15HlyUq4OL+x
FB5Q927qzGlRaSnYAzkA+8+0WaFs5uSrdjmhOEnLeaUUoLqUW4JaeV6+PHcrROEU
O1wak3oOGU7NokKJdZPyTpyWtPxmnl6KbBzocpDLtHyds67Fj7aMJBDtm0gjjN5R
D8MU4I69rsPg0+drW6gQ0T3BJTC8wd2jucbEHzRRn1fikc2jmFX+tpyHg9ti
-----END CERTIFICATE-----