Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/af71d0-df80-483e-b059-50fbf7e95042/1/4bHLmapE_9WBjyiDLhZeGtkgGvo.roa
File:                     4bHLmapE_9WBjyiDLhZeGtkgGvo.roa (raw, json)
Hash identifier:          eLh7Mo/+m8RUNAM3C8Flv3NDGXyKgx9Af49sXfZgorQ=
Subject key identifier:   E1:B1:CB:99:AA:44:FF:D5:81:8F:28:83:2E:16:5E:1A:D9:20:1A:FA
Certificate issuer:       /CN=8bdd074bdebf45154a26bebfdce5538291534b0a
Certificate serial:       018CC4937AC82A2A67FF1AF0E4BAD98CFDF6
Authority key identifier: 8B:DD:07:4B:DE:BF:45:15:4A:26:BE:BF:DC:E5:53:82:91:53:4B:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i90HS96_RRVKJr6_3OVTgpFTSwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/af71d0-df80-483e-b059-50fbf7e95042/1/4bHLmapE_9WBjyiDLhZeGtkgGvo.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198037
IP address blocks:        80.85.242.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/af71d0-df80-483e-b059-50fbf7e95042/1/i90HS96_RRVKJr6_3OVTgpFTSwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/af71d0-df80-483e-b059-50fbf7e95042/1/i90HS96_RRVKJr6_3OVTgpFTSwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i90HS96_RRVKJr6_3OVTgpFTSwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7a:c8:2a:2a:67:ff:1a:f0:e4:ba:d9:8c:fd:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdd074bdebf45154a26bebfdce5538291534b0a
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b1cb99aa44ffd5818f28832e165e1ad9201afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:78:85:a3:d3:a9:dc:16:ac:50:e4:6a:71:f9:
                    87:49:26:12:7b:48:80:3c:43:17:a3:e8:cb:1a:dc:
                    e8:f2:54:34:85:a5:8f:2e:13:76:2b:65:06:b9:a7:
                    d3:47:db:67:1d:06:2d:95:8c:77:ee:ff:d0:66:ff:
                    bb:07:28:b0:4a:7d:c1:c7:38:4f:6c:28:a9:e3:85:
                    50:b8:7c:df:f2:19:37:ab:06:76:38:58:ab:bd:f4:
                    eb:8e:01:09:33:b6:54:fa:59:0d:6d:b1:85:d4:03:
                    85:ab:c5:ad:d3:c8:77:dc:3d:55:33:61:f0:98:3d:
                    c5:79:8d:f3:40:51:0d:15:fc:fe:6d:41:5c:34:88:
                    4c:a8:d3:1c:3b:e9:8e:4e:c7:d7:e1:44:da:4e:bd:
                    1c:7b:b9:70:52:48:a9:ed:ad:4b:ed:40:25:c5:ad:
                    eb:26:09:c5:fb:59:bc:c1:ba:56:50:c9:60:31:c2:
                    b3:73:4b:9e:fe:b2:02:6d:23:be:c4:89:39:83:f6:
                    e2:50:04:0f:cc:6f:c5:3c:14:5e:a6:9a:d7:a9:50:
                    77:7c:34:8e:eb:91:ba:4c:38:c3:39:2a:39:89:db:
                    34:1e:2a:cf:c9:03:48:59:1f:d7:71:a1:7c:1a:80:
                    3d:57:4a:1d:ca:20:0c:30:ee:c4:bd:b0:1c:4a:ed:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B1:CB:99:AA:44:FF:D5:81:8F:28:83:2E:16:5E:1A:D9:20:1A:FA
            X509v3 Authority Key Identifier:
                keyid:8B:DD:07:4B:DE:BF:45:15:4A:26:BE:BF:DC:E5:53:82:91:53:4B:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i90HS96_RRVKJr6_3OVTgpFTSwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/af71d0-df80-483e-b059-50fbf7e95042/1/4bHLmapE_9WBjyiDLhZeGtkgGvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/af71d0-df80-483e-b059-50fbf7e95042/1/i90HS96_RRVKJr6_3OVTgpFTSwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:d7:3b:fc:0b:8e:a7:38:db:60:1b:03:78:12:2e:9d:87:b8:
         ac:29:5a:6e:6b:0f:84:1c:6d:01:86:1f:e4:b3:29:19:31:dc:
         79:b2:15:f5:7c:f9:d2:44:19:7d:17:d4:bb:ae:c1:75:d9:f6:
         af:91:91:0a:92:d5:eb:6a:96:cf:a8:58:ef:01:55:8e:5b:28:
         ba:86:ed:f7:35:8b:33:a5:d8:f0:75:53:48:f0:3b:06:97:c0:
         04:bf:57:19:e0:e6:66:e1:14:b6:d1:b9:16:20:03:83:f8:b9:
         cf:5c:a5:b4:00:1a:92:ec:f3:8a:1a:b8:f3:91:c6:99:e7:3c:
         bf:4d:76:f3:3a:49:a9:0a:e7:f9:6a:0b:13:54:6f:6d:5b:81:
         4b:c3:4b:9e:9f:28:c9:10:8b:c2:ee:b9:f3:88:e9:53:cc:b1:
         81:96:45:45:a1:7b:be:00:86:55:4d:90:a6:ed:54:bc:fb:e3:
         9a:16:7e:34:de:54:62:76:b3:7d:fc:73:14:26:30:04:35:66:
         dc:43:13:61:1d:06:4c:44:eb:65:1b:f5:02:3c:21:09:33:64:
         39:1b:aa:59:c9:7d:cd:e6:da:22:6d:19:a3:e8:6a:4c:f6:25:
         16:71:d9:40:89:17:e6:6b:dc:27:85:bf:e0:cd:f9:22:e5:f7:
         21:cd:ae:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3rIKipn/xrw5LrZjP32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGQwNzRiZGViZjQ1MTU0YTI2YmViZmRjZTU1MzgyOTE1
MzRiMGEwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWIxY2I5OWFhNDRmZmQ1ODE4ZjI4ODMyZTE2NWUxYWQ5MjAxYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6XiFo9Op3BasUORqcfmHSSYSe0iA
PEMXo+jLGtzo8lQ0haWPLhN2K2UGuafTR9tnHQYtlYx37v/QZv+7ByiwSn3BxzhP
bCip44VQuHzf8hk3qwZ2OFirvfTrjgEJM7ZU+lkNbbGF1AOFq8Wt08h33D1VM2Hw
mD3FeY3zQFENFfz+bUFcNIhMqNMcO+mOTsfX4UTaTr0ce7lwUkip7a1L7UAlxa3r
JgnF+1m8wbpWUMlgMcKzc0ue/rICbSO+xIk5g/biUAQPzG/FPBRepprXqVB3fDSO
65G6TDjDOSo5ids0HirPyQNIWR/XcaF8GoA9V0odyiAMMO7EvbAcSu3PHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGxy5mqRP/VgY8ogy4WXhrZIBr6MB8GA1UdIwQY
MBaAFIvdB0vev0UVSia+v9zlU4KRU0sKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTkwSFM5Nl9SUlZLSnI2XzNPVlRncEZUU3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hZjcxZDAtZGY4MC00ODNlLWIwNTkt
NTBmYmY3ZTk1MDQyLzEvNGJITG1hcEVfOVdCanlpRExoWmVHdGtnR3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hZjcxZDAtZGY4MC00ODNlLWIwNTktNTBmYmY3ZTk1MDQy
LzEvaTkwSFM5Nl9SUlZLSnI2XzNPVlRncEZUU3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFXyMA0G
CSqGSIb3DQEBCwUAA4IBAQBI1zv8C46nONtgGwN4Ei6dh7isKVpuaw+EHG0Bhh/k
sykZMdx5shX1fPnSRBl9F9S7rsF12favkZEKktXrapbPqFjvAVWOWyi6hu33NYsz
pdjwdVNI8DsGl8AEv1cZ4OZm4RS20bkWIAOD+LnPXKW0ABqS7POKGrjzkcaZ5zy/
TXbzOkmpCuf5agsTVG9tW4FLw0uenyjJEIvC7rnziOlTzLGBlkVFoXu+AIZVTZCm
7VS8++OaFn403lRidrN9/HMUJjAENWbcQxNhHQZMROtlG/UCPCEJM2Q5G6pZyX3N
5toibRmj6GpM9iUWcdlAiRfma9wnhb/gzfki5fchza7Z
-----END CERTIFICATE-----