Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/45b9e3-5fa6-4534-91af-f4c7a7925975/1/9434QPnRdKRvmgjSc6Dxqnf6cfU.roa
File:                     9434QPnRdKRvmgjSc6Dxqnf6cfU.roa (raw, json)
Hash identifier:          kklWMbapGXqqLmwyibsIL/ACLcnAIY+r5utMDECnPqI=
Subject key identifier:   F7:8D:F8:40:F9:D1:74:A4:6F:9A:08:D2:73:A0:F1:AA:77:FA:71:F5
Certificate issuer:       /CN=ef133598bb10542114681ea86a35df169831cf03
Certificate serial:       018CC500AA0D06F0E6CFEA0771DB800C8D0A
Authority key identifier: EF:13:35:98:BB:10:54:21:14:68:1E:A8:6A:35:DF:16:98:31:CF:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xM1mLsQVCEUaB6oajXfFpgxzwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/45b9e3-5fa6-4534-91af-f4c7a7925975/1/9434QPnRdKRvmgjSc6Dxqnf6cfU.roa
Signing time:             Mon 01 Jan 2024 12:30:04 +0000
ROA not before:           Mon 01 Jan 2024 12:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206250
IP address blocks:        185.42.84.0/22 maxlen: 22
                          2a01:62a0::/32 maxlen: 32
                          2a01:62a0:b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/45b9e3-5fa6-4534-91af-f4c7a7925975/1/7xM1mLsQVCEUaB6oajXfFpgxzwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/45b9e3-5fa6-4534-91af-f4c7a7925975/1/7xM1mLsQVCEUaB6oajXfFpgxzwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xM1mLsQVCEUaB6oajXfFpgxzwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:aa:0d:06:f0:e6:cf:ea:07:71:db:80:0c:8d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef133598bb10542114681ea86a35df169831cf03
        Validity
            Not Before: Jan  1 12:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f78df840f9d174a46f9a08d273a0f1aa77fa71f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b2:09:6b:a7:2c:2b:73:7a:bb:29:e3:1f:f9:
                    d5:8d:93:63:49:28:22:71:d7:96:10:d7:4a:0a:12:
                    78:c8:74:54:ac:e7:c2:09:91:3b:9e:25:2b:99:53:
                    e2:9b:ae:43:07:3f:d5:74:5c:69:15:07:e6:0e:49:
                    25:10:2a:a7:73:e5:0d:65:32:5f:88:43:c6:4f:b1:
                    04:94:e4:25:3a:ce:0d:66:19:97:4b:1b:73:c7:31:
                    8f:a3:4a:39:d7:76:0b:3c:dd:e2:43:48:fb:da:a9:
                    0d:bb:cf:90:0c:ec:94:9b:ce:57:b7:77:ea:07:30:
                    e0:40:c9:31:3f:32:78:f7:9a:06:9c:3c:00:c2:5d:
                    be:9a:b2:af:29:3b:e7:91:18:a4:7a:ad:2f:50:7c:
                    5b:72:ef:e0:2e:6d:34:7c:7e:5c:ef:a1:ae:34:ec:
                    a1:cd:85:93:a2:b4:24:3c:b6:af:c1:1e:11:70:23:
                    a3:72:cc:d4:5f:0e:fa:1f:df:e5:45:f8:fd:46:eb:
                    20:3f:6c:48:d2:69:d9:63:87:4c:53:92:c0:56:38:
                    32:f6:99:ba:61:8a:e4:b5:9e:73:38:1c:2e:69:4f:
                    92:30:eb:fc:56:cd:07:b1:46:e8:43:fb:f7:4d:41:
                    6d:d6:6e:17:c9:96:27:56:73:3e:86:23:5d:90:2e:
                    87:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:8D:F8:40:F9:D1:74:A4:6F:9A:08:D2:73:A0:F1:AA:77:FA:71:F5
            X509v3 Authority Key Identifier:
                keyid:EF:13:35:98:BB:10:54:21:14:68:1E:A8:6A:35:DF:16:98:31:CF:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xM1mLsQVCEUaB6oajXfFpgxzwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/45b9e3-5fa6-4534-91af-f4c7a7925975/1/9434QPnRdKRvmgjSc6Dxqnf6cfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/45b9e3-5fa6-4534-91af-f4c7a7925975/1/7xM1mLsQVCEUaB6oajXfFpgxzwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.84.0/22
                IPv6:
                  2a01:62a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:ff:07:ef:99:9b:38:29:ad:21:fd:59:a1:3c:1c:ba:96:c5:
         75:f6:c9:e6:63:2a:2f:21:b5:00:6d:07:9d:fc:bd:a6:72:8d:
         57:e1:4e:b8:c8:7c:db:00:f7:a4:64:20:0a:59:67:43:0f:1c:
         b2:15:cb:2d:63:00:0c:30:b3:9f:09:dc:41:4d:f0:3a:7c:0e:
         3b:96:9a:81:79:32:53:32:5f:0f:ab:a5:a5:97:80:5e:9e:2e:
         6d:db:65:0b:5e:7c:ca:f9:b2:4e:4e:48:6a:42:40:6e:bb:d1:
         32:f9:40:19:ad:36:27:2d:96:a1:90:c3:68:0d:17:76:e6:0f:
         04:c5:31:35:1a:bc:04:31:d7:66:e5:49:1f:e8:60:bc:9e:ff:
         61:48:3b:e2:c2:a1:d7:58:0e:ea:f2:ba:e4:4e:b9:c5:ae:f6:
         ac:8f:8e:ea:69:f4:7a:a3:50:ed:85:a7:6b:df:73:ae:dc:54:
         bc:29:6b:e9:16:18:33:b7:49:7e:b1:82:fc:e5:41:d0:4f:95:
         5e:0d:8b:98:48:ea:8c:df:73:ee:b7:73:77:a9:7c:bf:ff:6d:
         9f:a9:ac:0a:6a:69:4e:de:99:d3:ee:56:23:e5:a7:ab:68:b2:
         38:07:87:32:09:d0:88:e6:d9:f7:d2:0a:a7:db:98:b5:78:9c:
         d7:af:a5:67
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAKoNBvDmz+oHcduADI0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMTMzNTk4YmIxMDU0MjExNDY4MWVhODZhMzVkZjE2OTgz
MWNmMDMwHhcNMjQwMTAxMTIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzhkZjg0MGY5ZDE3NGE0NmY5YTA4ZDI3M2EwZjFhYTc3ZmE3MWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrIJa6csK3N6uynjH/nVjZNjSSgi
cdeWENdKChJ4yHRUrOfCCZE7niUrmVPim65DBz/VdFxpFQfmDkklECqnc+UNZTJf
iEPGT7EElOQlOs4NZhmXSxtzxzGPo0o513YLPN3iQ0j72qkNu8+QDOyUm85Xt3fq
BzDgQMkxPzJ495oGnDwAwl2+mrKvKTvnkRikeq0vUHxbcu/gLm00fH5c76GuNOyh
zYWTorQkPLavwR4RcCOjcszUXw76H9/lRfj9RusgP2xI0mnZY4dMU5LAVjgy9pm6
YYrktZ5zOBwuaU+SMOv8Vs0HsUboQ/v3TUFt1m4XyZYnVnM+hiNdkC6HUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPeN+ED50XSkb5oI0nOg8ap3+nH1MB8GA1UdIwQY
MBaAFO8TNZi7EFQhFGgeqGo13xaYMc8DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3hNMW1Mc1FWQ0VVYUI2b2FqWGZGcGd4endNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80NWI5ZTMtNWZhNi00NTM0LTkxYWYt
ZjRjN2E3OTI1OTc1LzEvOTQzNFFQblJkS1J2bWdqU2M2RHhxbmY2Y2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80NWI5ZTMtNWZhNi00NTM0LTkxYWYtZjRjN2E3OTI1OTc1
LzEvN3hNMW1Mc1FWQ0VVYUI2b2FqWGZGcGd4endNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSpUMA0E
AgACMAcDBQAqAWKgMA0GCSqGSIb3DQEBCwUAA4IBAQBD/wfvmZs4Ka0h/VmhPBy6
lsV19snmYyovIbUAbQed/L2mco1X4U64yHzbAPekZCAKWWdDDxyyFcstYwAMMLOf
CdxBTfA6fA47lpqBeTJTMl8Pq6Wll4Beni5t22ULXnzK+bJOTkhqQkBuu9Ey+UAZ
rTYnLZahkMNoDRd25g8ExTE1GrwEMddm5Ukf6GC8nv9hSDviwqHXWA7q8rrkTrnF
rvasj47qafR6o1Dthadr33Ou3FS8KWvpFhgzt0l+sYL85UHQT5VeDYuYSOqM33Pu
t3N3qXy//22fqawKamlO3pnT7lYj5aeraLI4B4cyCdCI5tn30gqn25i1eJzXr6Vn
-----END CERTIFICATE-----