Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/l4-dQ-fQTWSg5bNTLxQrwjWWcnY.roa
File:                     l4-dQ-fQTWSg5bNTLxQrwjWWcnY.roa (raw, json)
Hash identifier:          aUP326l5vfdFYZ1OXCQE+NRpYxboLpm5Hcz70gJI+dQ=
Subject key identifier:   97:8F:9D:43:E7:D0:4D:64:A0:E5:B3:53:2F:14:2B:C2:35:96:72:76
Certificate issuer:       /CN=ca5e3ec5a90623ccb97784d3cef24212a31cbaf1
Certificate serial:       018CC7955A5802A397F0C87C4472994BF65D
Authority key identifier: CA:5E:3E:C5:A9:06:23:CC:B9:77:84:D3:CE:F2:42:12:A3:1C:BA:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/l4-dQ-fQTWSg5bNTLxQrwjWWcnY.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        185.114.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5a:58:02:a3:97:f0:c8:7c:44:72:99:4b:f6:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca5e3ec5a90623ccb97784d3cef24212a31cbaf1
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=978f9d43e7d04d64a0e5b3532f142bc235967276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:af:4c:b0:df:44:a8:3c:ec:d2:d6:5d:6f:79:
                    b1:00:b8:0e:46:4e:7e:05:01:b2:ff:8e:f1:48:e8:
                    26:d6:8d:7b:88:a1:63:a7:4a:4c:de:23:d7:92:e5:
                    3b:7d:c1:79:f2:fb:ad:04:c2:e1:f5:99:f6:c5:52:
                    ea:9f:56:0c:52:fd:6d:0a:a4:b1:6c:0f:70:aa:ca:
                    22:b5:e3:a7:5e:96:c2:91:8d:f3:6c:e4:a0:21:0f:
                    73:e6:a2:bf:b1:af:8a:fc:77:4a:e1:45:ea:8a:ae:
                    15:8e:93:fd:36:1b:7e:59:c4:39:13:f9:44:bb:ed:
                    6d:7a:87:02:e9:73:83:f6:a2:0f:50:29:fd:76:07:
                    3d:5e:db:b6:4c:2b:87:07:47:07:a7:86:61:f7:ab:
                    b7:02:92:8f:7c:31:72:21:cb:b7:bb:d9:75:72:b6:
                    da:7a:3e:4b:c6:bb:7a:8a:4e:0b:2f:64:93:21:ec:
                    0c:57:35:0e:67:b9:3d:45:72:76:2b:a3:ab:97:85:
                    ec:4b:38:7a:61:43:19:72:7c:8d:2d:9f:50:33:ae:
                    2b:c3:a8:ee:8e:5e:ab:db:fb:b5:ec:f0:13:3f:1e:
                    93:6a:83:4c:c7:30:41:bd:7f:af:61:e2:f2:c3:7a:
                    05:2d:8d:57:8c:4f:5f:6c:9e:9d:8e:a0:b9:76:65:
                    4c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:8F:9D:43:E7:D0:4D:64:A0:E5:B3:53:2F:14:2B:C2:35:96:72:76
            X509v3 Authority Key Identifier:
                keyid:CA:5E:3E:C5:A9:06:23:CC:B9:77:84:D3:CE:F2:42:12:A3:1C:BA:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/l4-dQ-fQTWSg5bNTLxQrwjWWcnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:47:f0:3a:49:fb:41:72:03:fa:b0:b7:da:2b:07:77:9b:ea:
         38:66:f2:03:6b:81:76:76:31:49:05:f6:e4:14:d6:25:88:19:
         69:ed:df:0f:cd:43:41:c8:f1:bb:25:a2:99:35:ad:eb:f5:46:
         94:cb:25:17:38:92:39:88:50:3c:d7:a3:70:d0:62:0a:b5:6c:
         29:bc:2f:08:f4:08:05:ed:1f:7e:b2:37:96:e0:dc:4b:68:e7:
         e9:5a:75:ce:86:9b:32:30:d7:4a:0e:04:42:f1:03:36:46:2d:
         a8:70:5a:b7:33:3b:08:67:45:15:07:89:65:37:72:6b:b8:46:
         cc:4c:d7:39:27:18:65:03:dc:28:4e:77:41:50:46:70:3a:8d:
         67:f2:1b:c4:f7:b3:75:17:7d:a6:54:2c:b4:82:f4:ec:df:6e:
         1c:91:f1:5f:14:4e:bc:bb:b8:9c:b9:3d:57:4e:52:3c:8d:ab:
         4a:cc:35:09:d8:4f:d6:96:73:99:f2:a4:da:6a:f7:1f:25:7f:
         e2:23:48:df:f8:bd:bb:1d:f1:02:22:e4:8e:36:fe:ee:7b:bb:
         3c:0f:ac:34:2e:52:c7:0d:a6:47:26:37:59:2a:9e:fa:38:84:
         b3:ca:30:d7:b6:5c:e2:5f:08:e5:99:65:b7:5e:cc:bc:cb:1c:
         94:d3:fd:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVpYAqOX8Mh8RHKZS/ZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNWUzZWM1YTkwNjIzY2NiOTc3ODRkM2NlZjI0MjEyYTMx
Y2JhZjEwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzhmOWQ0M2U3ZDA0ZDY0YTBlNWIzNTMyZjE0MmJjMjM1OTY3Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApK9MsN9EqDzs0tZdb3mxALgORk5+
BQGy/47xSOgm1o17iKFjp0pM3iPXkuU7fcF58vutBMLh9Zn2xVLqn1YMUv1tCqSx
bA9wqsoiteOnXpbCkY3zbOSgIQ9z5qK/sa+K/HdK4UXqiq4VjpP9Nht+WcQ5E/lE
u+1teocC6XOD9qIPUCn9dgc9Xtu2TCuHB0cHp4Zh96u3ApKPfDFyIcu3u9l1crba
ej5Lxrt6ik4LL2STIewMVzUOZ7k9RXJ2K6Orl4XsSzh6YUMZcnyNLZ9QM64rw6ju
jl6r2/u17PATPx6TaoNMxzBBvX+vYeLyw3oFLY1XjE9fbJ6djqC5dmVMtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJePnUPn0E1koOWzUy8UK8I1lnJ2MB8GA1UdIwQY
MBaAFMpePsWpBiPMuXeE087yQhKjHLrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWw0LXhha0dJOHk1ZDRUVHp2SkNFcU1jdXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZjkyYmQtMzVkMC00NTcwLWI1ZDMt
NmYzMWY2ZjdmMTZiLzEvbDQtZFEtZlFUV1NnNWJOVEx4UXJ3aldXY25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZjkyYmQtMzVkMC00NTcwLWI1ZDMtNmYzMWY2ZjdmMTZi
LzEveWw0LXhha0dJOHk1ZDRUVHp2SkNFcU1jdXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXLYMA0G
CSqGSIb3DQEBCwUAA4IBAQCKR/A6SftBcgP6sLfaKwd3m+o4ZvIDa4F2djFJBfbk
FNYliBlp7d8PzUNByPG7JaKZNa3r9UaUyyUXOJI5iFA816Nw0GIKtWwpvC8I9AgF
7R9+sjeW4NxLaOfpWnXOhpsyMNdKDgRC8QM2Ri2ocFq3MzsIZ0UVB4llN3JruEbM
TNc5JxhlA9woTndBUEZwOo1n8hvE97N1F32mVCy0gvTs324ckfFfFE68u7icuT1X
TlI8jatKzDUJ2E/WlnOZ8qTaavcfJX/iI0jf+L27HfECIuSONv7ue7s8D6w0LlLH
DaZHJjdZKp76OISzyjDXtlziXwjlmWW3Xsy8yxyU0/1K
-----END CERTIFICATE-----