Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/19e6e2-c2a1-4ebc-ba5a-e7caf5e5bcba/1/l4wP8RomPQk861_iN78_jF0v0LQ.roa
File:                     l4wP8RomPQk861_iN78_jF0v0LQ.roa (raw, json)
Hash identifier:          Lf3zCLQXrIZIRPiLMaBEi6GzNFuHqtf2xtHsZodsyRg=
Subject key identifier:   97:8C:0F:F1:1A:26:3D:09:3C:EB:5F:E2:37:BF:3F:8C:5D:2F:D0:B4
Certificate issuer:       /CN=c691f345a503cb8c8a9de427e8812efff21b22b5
Certificate serial:       01900CFE5B8EFAE8ABFC2A5F459F905A200E
Authority key identifier: C6:91:F3:45:A5:03:CB:8C:8A:9D:E4:27:E8:81:2E:FF:F2:1B:22:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xpHzRaUDy4yKneQn6IEu__IbIrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/19e6e2-c2a1-4ebc-ba5a-e7caf5e5bcba/1/l4wP8RomPQk861_iN78_jF0v0LQ.roa
Signing time:             Wed 12 Jun 2024 15:08:34 +0000
ROA not before:           Wed 12 Jun 2024 15:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61354
IP address blocks:        185.9.40.0/22 maxlen: 22
                          185.254.192.0/22 maxlen: 22
                          193.107.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/19e6e2-c2a1-4ebc-ba5a-e7caf5e5bcba/1/xpHzRaUDy4yKneQn6IEu__IbIrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/19e6e2-c2a1-4ebc-ba5a-e7caf5e5bcba/1/xpHzRaUDy4yKneQn6IEu__IbIrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xpHzRaUDy4yKneQn6IEu__IbIrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:fe:5b:8e:fa:e8:ab:fc:2a:5f:45:9f:90:5a:20:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c691f345a503cb8c8a9de427e8812efff21b22b5
        Validity
            Not Before: Jun 12 15:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=978c0ff11a263d093ceb5fe237bf3f8c5d2fd0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6a:f6:5e:58:f4:a5:07:76:de:b7:4f:a1:55:
                    89:5d:34:fc:39:e2:3b:0e:d9:2e:ce:ee:83:17:0b:
                    d2:08:84:68:2d:13:a0:bc:a1:d8:04:0e:72:cf:7a:
                    16:7a:d7:0b:ff:b5:24:e2:f8:25:f9:aa:2a:52:79:
                    68:69:e3:e0:0d:12:c8:28:ff:80:37:1b:7c:55:a2:
                    fa:e8:df:8c:4e:0e:68:a2:f6:21:2e:56:66:f6:8b:
                    88:71:d0:ae:a4:c6:1a:1f:77:b9:13:12:2d:9b:e5:
                    dc:16:6b:51:e2:62:b2:60:6a:e2:cf:34:0d:df:46:
                    de:07:63:d4:49:c6:7a:78:c1:45:67:47:e4:63:c5:
                    d9:81:54:64:42:de:73:e0:60:ec:dd:11:13:62:ba:
                    0c:0e:7d:07:47:55:f7:c0:32:5a:0f:7a:79:c1:03:
                    a7:55:4e:9e:99:4f:c1:59:f6:e7:c0:d7:7e:21:8a:
                    01:ba:d0:74:a6:63:d6:18:83:34:cf:0f:d1:6b:0a:
                    e2:bd:13:0a:c7:12:28:9e:25:34:d5:d7:68:8e:82:
                    16:d7:18:21:e5:d9:07:74:0e:11:f5:03:80:a0:8c:
                    3d:a5:03:27:28:be:e6:09:3d:87:7b:dc:e6:f2:f3:
                    6f:6c:dd:74:6a:c0:66:e3:93:6a:54:42:9d:3a:09:
                    1e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:8C:0F:F1:1A:26:3D:09:3C:EB:5F:E2:37:BF:3F:8C:5D:2F:D0:B4
            X509v3 Authority Key Identifier:
                keyid:C6:91:F3:45:A5:03:CB:8C:8A:9D:E4:27:E8:81:2E:FF:F2:1B:22:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xpHzRaUDy4yKneQn6IEu__IbIrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/19e6e2-c2a1-4ebc-ba5a-e7caf5e5bcba/1/l4wP8RomPQk861_iN78_jF0v0LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/19e6e2-c2a1-4ebc-ba5a-e7caf5e5bcba/1/xpHzRaUDy4yKneQn6IEu__IbIrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.40.0/22
                  185.254.192.0/22
                  193.107.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:9d:1f:a5:b9:ea:39:5b:ca:a0:3b:ff:2e:31:e9:4d:f2:b1:
         27:67:70:60:5b:25:50:6d:a4:5e:22:e0:22:4a:bf:7b:92:f0:
         74:3b:c7:92:22:b3:59:8e:d5:03:09:3c:6e:61:6d:35:60:2d:
         c3:e1:69:48:61:46:f9:e7:2b:4a:3b:28:d8:d3:dc:b6:98:76:
         88:de:0e:d6:0d:e7:95:79:de:ed:3c:e2:51:11:33:2b:1c:91:
         d6:e0:b7:b7:a0:13:68:b6:21:02:b2:06:ee:0b:d2:a4:96:f7:
         f6:04:d6:1f:23:12:3e:ec:ff:ea:3d:bd:69:9b:02:5b:47:42:
         07:dd:8f:d2:ac:8e:93:22:43:c7:8a:2f:ab:0c:44:21:8b:fa:
         a1:dd:3d:2d:a8:16:77:68:63:cb:f3:c5:2d:88:ec:17:34:f6:
         b9:36:43:d7:3c:2e:ab:c7:16:fd:76:60:e9:96:02:24:9c:0e:
         e1:70:5e:8d:72:5f:2a:76:67:a8:68:0e:eb:70:1b:73:a8:a4:
         d9:05:dd:6d:a7:f4:42:73:c7:c3:3a:48:28:6f:98:32:01:cc:
         6b:f4:95:ce:e7:35:fe:01:d1:67:7f:9c:22:c2:8d:94:85:ce:
         f7:68:17:23:59:9b:10:14:eb:32:27:0d:d4:04:21:71:ee:a8:
         70:ee:84:b8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAM/luO+uir/CpfRZ+QWiAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OTFmMzQ1YTUwM2NiOGM4YTlkZTQyN2U4ODEyZWZmZjIx
YjIyYjUwHhcNMjQwNjEyMTUwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzhjMGZmMTFhMjYzZDA5M2NlYjVmZTIzN2JmM2Y4YzVkMmZkMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWr2Xlj0pQd23rdPoVWJXTT8OeI7
Dtkuzu6DFwvSCIRoLROgvKHYBA5yz3oWetcL/7Uk4vgl+aoqUnloaePgDRLIKP+A
Nxt8VaL66N+MTg5oovYhLlZm9ouIcdCupMYaH3e5ExItm+XcFmtR4mKyYGrizzQN
30beB2PUScZ6eMFFZ0fkY8XZgVRkQt5z4GDs3RETYroMDn0HR1X3wDJaD3p5wQOn
VU6emU/BWfbnwNd+IYoButB0pmPWGIM0zw/RawrivRMKxxIoniU01ddojoIW1xgh
5dkHdA4R9QOAoIw9pQMnKL7mCT2He9zm8vNvbN10asBm45NqVEKdOgke6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJeMD/EaJj0JPOtf4je/P4xdL9C0MB8GA1UdIwQY
MBaAFMaR80WlA8uMip3kJ+iBLv/yGyK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHBIelJhVUR5NHlLbmVRbjZJRXVfX0liSXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xOWU2ZTItYzJhMS00ZWJjLWJhNWEt
ZTdjYWY1ZTViY2JhLzEvbDR3UDhSb21QUWs4NjFfaU43OF9qRjB2MExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xOWU2ZTItYzJhMS00ZWJjLWJhNWEtZTdjYWY1ZTViY2Jh
LzEveHBIelJhVUR5NHlLbmVRbjZJRXVfX0liSXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuQkoAwQC
uf7AAwQAwWsVMA0GCSqGSIb3DQEBCwUAA4IBAQBBnR+lueo5W8qgO/8uMelN8rEn
Z3BgWyVQbaReIuAiSr97kvB0O8eSIrNZjtUDCTxuYW01YC3D4WlIYUb55ytKOyjY
09y2mHaI3g7WDeeVed7tPOJRETMrHJHW4Le3oBNotiECsgbuC9Kklvf2BNYfIxI+
7P/qPb1pmwJbR0IH3Y/SrI6TIkPHii+rDEQhi/qh3T0tqBZ3aGPL88UtiOwXNPa5
NkPXPC6rxxb9dmDplgIknA7hcF6Ncl8qdmeoaA7rcBtzqKTZBd1tp/RCc8fDOkgo
b5gyAcxr9JXO5zX+AdFnf5wiwo2Uhc73aBcjWZsQFOsyJw3UBCFx7qhw7oS4
-----END CERTIFICATE-----