Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/bf51ff-5c36-45b2-91c5-4d685aca8279/1/C0NEhLx_IMPHjotVaarPos2gNpg.roa
File:                     C0NEhLx_IMPHjotVaarPos2gNpg.roa (raw, json)
Hash identifier:          +0l6vj2/bE3HSrdCR65l+abD+Wek5aXbNrd9iCMdmS4=
Subject key identifier:   0B:43:44:84:BC:7F:20:C3:C7:8E:8B:55:69:AA:CF:A2:CD:A0:36:98
Certificate issuer:       /CN=62d03888a405e61b87d1706f933b366a86fb4295
Certificate serial:       018CEE09FB92FA24B45A43660A5B48A45F52
Authority key identifier: 62:D0:38:88:A4:05:E6:1B:87:D1:70:6F:93:3B:36:6A:86:FB:42:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtA4iKQF5huH0XBvkzs2aob7QpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/bf51ff-5c36-45b2-91c5-4d685aca8279/1/C0NEhLx_IMPHjotVaarPos2gNpg.roa
Signing time:             Tue 09 Jan 2024 11:44:40 +0000
ROA not before:           Tue 09 Jan 2024 11:44:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207138
IP address blocks:        185.164.219.0/24 maxlen: 24
                          185.164.216.0/24 maxlen: 24
                          185.164.217.0/24 maxlen: 24
                          185.164.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/bf51ff-5c36-45b2-91c5-4d685aca8279/1/YtA4iKQF5huH0XBvkzs2aob7QpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/bf51ff-5c36-45b2-91c5-4d685aca8279/1/YtA4iKQF5huH0XBvkzs2aob7QpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtA4iKQF5huH0XBvkzs2aob7QpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:09:fb:92:fa:24:b4:5a:43:66:0a:5b:48:a4:5f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d03888a405e61b87d1706f933b366a86fb4295
        Validity
            Not Before: Jan  9 11:44:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b434484bc7f20c3c78e8b5569aacfa2cda03698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:90:fa:c3:01:b2:94:bc:1a:4f:0f:85:1c:73:
                    4a:ec:6f:3b:d8:c9:c4:67:05:ea:eb:42:99:e5:1e:
                    b3:f3:35:ca:85:d1:89:7a:59:07:ac:18:23:16:06:
                    ea:ab:79:8e:8e:ff:4e:fc:41:19:0d:db:4a:fa:c9:
                    b5:36:44:23:b6:15:5a:48:d1:9a:3c:f7:bb:32:41:
                    1b:09:c3:be:80:85:b0:89:70:a5:e4:41:b5:13:b8:
                    72:38:e4:04:4a:9f:8d:7f:69:9d:ff:f3:ef:e4:bd:
                    f7:23:c1:1c:f3:09:ec:4c:6f:9a:1e:3b:15:a4:38:
                    51:2a:d7:5c:f9:cc:8e:b8:b6:3b:32:c2:93:00:be:
                    73:11:d9:f1:90:f3:19:c6:96:f6:c8:08:9b:0f:e4:
                    9c:e2:d4:5b:b3:33:96:29:58:61:c6:b7:35:9d:7b:
                    ec:32:26:16:57:cc:1f:63:bd:6b:51:00:21:30:df:
                    1e:e7:67:fb:5b:84:72:b9:a7:82:45:c1:b9:c5:b0:
                    e5:b4:5e:4c:df:b8:be:c1:f8:04:9d:39:79:89:7f:
                    5f:57:b2:8f:eb:47:92:26:dc:09:2f:d3:0f:fa:08:
                    b1:cc:49:f8:6f:a1:d6:32:e1:4e:11:84:a2:cc:fd:
                    dd:92:c2:34:f8:b6:a4:37:31:41:fb:ce:e4:41:b9:
                    36:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:43:44:84:BC:7F:20:C3:C7:8E:8B:55:69:AA:CF:A2:CD:A0:36:98
            X509v3 Authority Key Identifier:
                keyid:62:D0:38:88:A4:05:E6:1B:87:D1:70:6F:93:3B:36:6A:86:FB:42:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtA4iKQF5huH0XBvkzs2aob7QpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bf51ff-5c36-45b2-91c5-4d685aca8279/1/C0NEhLx_IMPHjotVaarPos2gNpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bf51ff-5c36-45b2-91c5-4d685aca8279/1/YtA4iKQF5huH0XBvkzs2aob7QpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:98:5d:c5:1f:49:ef:85:58:85:ce:d7:ce:7b:5c:3c:0e:9b:
         29:83:a8:38:8f:c6:bd:67:23:8b:7f:e9:a3:60:1b:1f:6b:02:
         92:31:e8:fe:03:fd:4f:17:06:42:b8:a9:28:3d:21:e2:5d:80:
         4d:f9:52:21:d1:a2:a6:cd:46:91:51:1c:61:db:c2:db:9a:de:
         17:c4:9d:50:0c:61:d2:ee:e3:27:69:7b:0d:cc:9d:9b:27:87:
         7d:b5:c8:da:ec:92:31:27:2f:3d:d0:5a:6a:1d:8c:54:4a:e1:
         16:6e:12:60:5c:c6:57:81:f9:d2:94:1f:66:b0:37:7e:c5:54:
         a0:06:3f:32:ce:6e:d5:d9:a3:03:b8:98:dc:d2:da:e6:fc:cb:
         7a:d5:fb:5f:3a:5a:b2:f1:4a:63:7f:cd:c2:17:02:c2:74:8e:
         dc:06:a9:d3:05:bf:6d:57:fa:35:80:35:a4:f5:91:b8:3c:34:
         9b:f2:fa:20:8a:e1:6b:ca:ce:11:a1:75:20:e9:66:6a:05:96:
         f5:26:38:43:8e:8f:a0:17:59:91:25:f6:bc:84:fe:8c:9c:e0:
         e2:db:b4:e6:2b:18:c6:66:23:41:1e:0b:26:f0:fb:91:9f:49:
         b9:81:3b:6b:5d:21:e7:90:23:5f:52:46:5f:d4:2d:06:ff:c3:
         aa:4c:a7:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuCfuS+iS0WkNmCltIpF9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDAzODg4YTQwNWU2MWI4N2QxNzA2ZjkzM2IzNjZhODZm
YjQyOTUwHhcNMjQwMTA5MTE0NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjQzNDQ4NGJjN2YyMGMzYzc4ZThiNTU2OWFhY2ZhMmNkYTAzNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5D6wwGylLwaTw+FHHNK7G872MnE
ZwXq60KZ5R6z8zXKhdGJelkHrBgjFgbqq3mOjv9O/EEZDdtK+sm1NkQjthVaSNGa
PPe7MkEbCcO+gIWwiXCl5EG1E7hyOOQESp+Nf2md//Pv5L33I8Ec8wnsTG+aHjsV
pDhRKtdc+cyOuLY7MsKTAL5zEdnxkPMZxpb2yAibD+Sc4tRbszOWKVhhxrc1nXvs
MiYWV8wfY71rUQAhMN8e52f7W4RyuaeCRcG5xbDltF5M37i+wfgEnTl5iX9fV7KP
60eSJtwJL9MP+gixzEn4b6HWMuFOEYSizP3dksI0+LakNzFB+87kQbk2PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtDRIS8fyDDx46LVWmqz6LNoDaYMB8GA1UdIwQY
MBaAFGLQOIikBeYbh9Fwb5M7NmqG+0KVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRBNGlLUUY1aHVIMFhCdmt6czJhb2I3UXBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iZjUxZmYtNWMzNi00NWIyLTkxYzUt
NGQ2ODVhY2E4Mjc5LzEvQzBORWhMeF9JTVBIam90VmFhclBvczJnTnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iZjUxZmYtNWMzNi00NWIyLTkxYzUtNGQ2ODVhY2E4Mjc5
LzEvWXRBNGlLUUY1aHVIMFhCdmt6czJhb2I3UXBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaTYMA0G
CSqGSIb3DQEBCwUAA4IBAQB0mF3FH0nvhViFztfOe1w8Dpspg6g4j8a9ZyOLf+mj
YBsfawKSMej+A/1PFwZCuKkoPSHiXYBN+VIh0aKmzUaRURxh28Lbmt4XxJ1QDGHS
7uMnaXsNzJ2bJ4d9tcja7JIxJy890FpqHYxUSuEWbhJgXMZXgfnSlB9msDd+xVSg
Bj8yzm7V2aMDuJjc0trm/Mt61ftfOlqy8Upjf83CFwLCdI7cBqnTBb9tV/o1gDWk
9ZG4PDSb8vogiuFrys4RoXUg6WZqBZb1JjhDjo+gF1mRJfa8hP6MnODi27TmKxjG
ZiNBHgsm8PuRn0m5gTtrXSHnkCNfUkZf1C0G/8OqTKfX
-----END CERTIFICATE-----