Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/9438b7-39a2-4c95-af1a-cdb1fdc9d57d/1/RAv4IEmFmVdUUDDrSbsC020Rdhs.roa
File:                     RAv4IEmFmVdUUDDrSbsC020Rdhs.roa (raw, json)
Hash identifier:          bz13xSiSnMUN0XGmUxUD8cuyR0bYX8moRJpBIsypesA=
Subject key identifier:   44:0B:F8:20:49:85:99:57:54:50:30:EB:49:BB:02:D3:6D:11:76:1B
Certificate issuer:       /CN=efe01974743a3b3a28f7a64e2d871bf1e5e5f6e5
Certificate serial:       018D25F4B9A91255EAEB9BFFA46BC2A7AAFE
Authority key identifier: EF:E0:19:74:74:3A:3B:3A:28:F7:A6:4E:2D:87:1B:F1:E5:E5:F6:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7-AZdHQ6Ozoo96ZOLYcb8eXl9uU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/9438b7-39a2-4c95-af1a-cdb1fdc9d57d/1/RAv4IEmFmVdUUDDrSbsC020Rdhs.roa
Signing time:             Sat 20 Jan 2024 08:20:11 +0000
ROA not before:           Sat 20 Jan 2024 08:20:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13190
IP address blocks:        185.117.164.0/22 maxlen: 22
                          2001:678:bbc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/9438b7-39a2-4c95-af1a-cdb1fdc9d57d/1/7-AZdHQ6Ozoo96ZOLYcb8eXl9uU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/9438b7-39a2-4c95-af1a-cdb1fdc9d57d/1/7-AZdHQ6Ozoo96ZOLYcb8eXl9uU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7-AZdHQ6Ozoo96ZOLYcb8eXl9uU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:25:f4:b9:a9:12:55:ea:eb:9b:ff:a4:6b:c2:a7:aa:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efe01974743a3b3a28f7a64e2d871bf1e5e5f6e5
        Validity
            Not Before: Jan 20 08:20:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=440bf82049859957545030eb49bb02d36d11761b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:65:3d:a1:f8:6b:5f:c1:4b:2e:37:cd:ec:36:
                    ef:c1:75:ec:c6:1c:97:59:bd:57:ac:c0:02:5f:36:
                    95:74:ac:31:1d:b0:68:56:da:66:e9:5e:9a:66:cd:
                    2c:32:c2:33:35:67:20:8f:7b:09:cc:d3:e6:21:01:
                    55:51:e8:15:a7:e9:d1:38:d8:94:1b:eb:ad:01:e4:
                    12:2b:56:c2:42:cb:26:46:34:b3:37:9c:90:03:91:
                    6c:ea:7b:50:77:74:a2:33:43:cc:aa:20:d0:8d:ad:
                    7c:0e:ae:eb:12:f6:e4:4d:d6:21:f3:9e:06:75:20:
                    b5:b1:6f:44:cb:77:17:74:bb:82:54:e4:56:4c:3a:
                    94:64:6e:9a:5c:c1:74:26:f1:be:a0:10:58:e9:2f:
                    65:ac:18:24:55:3b:89:b3:5d:12:a0:ac:e9:1f:15:
                    50:a5:75:e9:c4:39:ed:0b:8e:09:0e:2c:30:49:33:
                    ab:bb:85:2f:44:6a:6f:cf:6f:8d:1b:7e:9a:3b:d0:
                    d5:fc:8a:4a:64:53:cc:0a:11:10:4c:af:b9:f3:02:
                    f4:3d:5c:fb:cf:89:f8:9e:e7:4f:08:24:3e:57:18:
                    b5:f1:83:bf:e3:8b:32:9b:0e:8b:cf:37:a2:14:68:
                    91:52:dd:dc:65:a7:d8:07:63:1c:14:41:83:4b:39:
                    e9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0B:F8:20:49:85:99:57:54:50:30:EB:49:BB:02:D3:6D:11:76:1B
            X509v3 Authority Key Identifier:
                keyid:EF:E0:19:74:74:3A:3B:3A:28:F7:A6:4E:2D:87:1B:F1:E5:E5:F6:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7-AZdHQ6Ozoo96ZOLYcb8eXl9uU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9438b7-39a2-4c95-af1a-cdb1fdc9d57d/1/RAv4IEmFmVdUUDDrSbsC020Rdhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9438b7-39a2-4c95-af1a-cdb1fdc9d57d/1/7-AZdHQ6Ozoo96ZOLYcb8eXl9uU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.164.0/22
                IPv6:
                  2001:678:bbc::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:6a:55:5a:47:cb:94:30:86:48:e8:9c:74:07:4e:ea:f3:50:
         25:ec:bc:4e:77:16:48:ee:12:21:6f:87:db:95:f6:f8:e4:7a:
         cb:ae:06:a5:76:c8:38:0f:a6:01:58:9b:7f:85:6e:48:a3:f2:
         80:01:68:3c:fc:aa:a0:58:c8:36:aa:b5:bf:6c:0b:eb:9f:8f:
         ba:03:91:dd:db:e8:a1:31:04:5f:f8:b5:06:4b:70:8b:6f:ec:
         01:f1:86:d2:8d:97:f6:aa:d2:a1:09:ce:7f:a6:2f:b9:17:83:
         4d:0a:8e:ed:41:e9:43:68:2b:b7:a1:16:bd:b0:0b:d3:f9:a8:
         68:be:78:e1:af:e5:cc:4e:a0:3d:ac:79:46:a9:82:2b:25:98:
         06:4d:6f:5a:3d:9e:79:2f:a7:0c:88:96:7d:ec:c5:a5:fa:37:
         a1:fc:36:28:69:89:d9:fb:41:fe:a2:6c:b9:5e:4e:30:9a:cf:
         87:fb:62:e6:b4:9f:46:79:02:c1:d9:4f:b6:8b:82:51:da:3a:
         8b:d5:5e:d7:01:3b:4e:fa:46:46:da:db:93:54:46:ed:10:5c:
         27:a0:1d:e3:97:98:ea:2b:a9:c1:a0:68:d2:a1:49:43:f0:eb:
         44:e6:74:4b:34:7b:ed:54:b1:ff:d0:3e:7a:7b:b7:bf:38:ce:
         99:a0:f9:6e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY0l9LmpElXq65v/pGvCp6r+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZTAxOTc0NzQzYTNiM2EyOGY3YTY0ZTJkODcxYmYxZTVl
NWY2ZTUwHhcNMjQwMTIwMDgyMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBiZjgyMDQ5ODU5OTU3NTQ1MDMwZWI0OWJiMDJkMzZkMTE3NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2U9ofhrX8FLLjfN7DbvwXXsxhyX
Wb1XrMACXzaVdKwxHbBoVtpm6V6aZs0sMsIzNWcgj3sJzNPmIQFVUegVp+nRONiU
G+utAeQSK1bCQssmRjSzN5yQA5Fs6ntQd3SiM0PMqiDQja18Dq7rEvbkTdYh854G
dSC1sW9Ey3cXdLuCVORWTDqUZG6aXMF0JvG+oBBY6S9lrBgkVTuJs10SoKzpHxVQ
pXXpxDntC44JDiwwSTOru4UvRGpvz2+NG36aO9DV/IpKZFPMChEQTK+58wL0PVz7
z4n4nudPCCQ+Vxi18YO/44symw6LzzeiFGiRUt3cZafYB2McFEGDSznpBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEQL+CBJhZlXVFAw60m7AtNtEXYbMB8GA1UdIwQY
MBaAFO/gGXR0Ojs6KPemTi2HG/Hl5fblMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNy1BWmRIUTZPem9vOTZaT0xZY2I4ZVhsOXVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC85NDM4YjctMzlhMi00Yzk1LWFmMWEt
Y2RiMWZkYzlkNTdkLzEvUkF2NElFbUZtVmRVVUREclNic0MwMjBSZGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC85NDM4YjctMzlhMi00Yzk1LWFmMWEtY2RiMWZkYzlkNTdk
LzEvNy1BWmRIUTZPem9vOTZaT0xZY2I4ZVhsOXVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuXWkMA8E
AgACMAkDBwAgAQZ4C7wwDQYJKoZIhvcNAQELBQADggEBAFJqVVpHy5QwhkjonHQH
TurzUCXsvE53FkjuEiFvh9uV9vjkesuuBqV2yDgPpgFYm3+Fbkij8oABaDz8qqBY
yDaqtb9sC+ufj7oDkd3b6KExBF/4tQZLcItv7AHxhtKNl/aq0qEJzn+mL7kXg00K
ju1B6UNoK7ehFr2wC9P5qGi+eOGv5cxOoD2seUapgislmAZNb1o9nnkvpwyIln3s
xaX6N6H8Nihpidn7Qf6ibLleTjCaz4f7Yua0n0Z5AsHZT7aLglHaOovVXtcBO076
Rkba25NURu0QXCegHeOXmOorqcGgaNKhSUPw60TmdEs0e+1Usf/QPnp7t784zpmg
+W4=
-----END CERTIFICATE-----