Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3328da-aa4e-445b-9da9-d053745c2acc/1/4W92b3JBqZ3lQmAaoO5U5rBZ3Ic.roa
File:                     4W92b3JBqZ3lQmAaoO5U5rBZ3Ic.roa (raw, json)
Hash identifier:          WWWvlCtYnrFwCeyE9GjN/13mnnjgXSsQRU/GlTGuCU0=
Subject key identifier:   E1:6F:76:6F:72:41:A9:9D:E5:42:60:1A:A0:EE:54:E6:B0:59:DC:87
Certificate issuer:       /CN=4f895ff0e99a77c017e8a383292cb5c6f8261120
Certificate serial:       018CC5DCB2304DFE1F934C624595423F652B
Authority key identifier: 4F:89:5F:F0:E9:9A:77:C0:17:E8:A3:83:29:2C:B5:C6:F8:26:11:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4lf8Omad8AX6KODKSy1xvgmESA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3328da-aa4e-445b-9da9-d053745c2acc/1/4W92b3JBqZ3lQmAaoO5U5rBZ3Ic.roa
Signing time:             Mon 01 Jan 2024 16:30:24 +0000
ROA not before:           Mon 01 Jan 2024 16:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205766
IP address blocks:        185.26.156.0/24 maxlen: 24
                          2a00:d0c0:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3328da-aa4e-445b-9da9-d053745c2acc/1/T4lf8Omad8AX6KODKSy1xvgmESA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3328da-aa4e-445b-9da9-d053745c2acc/1/T4lf8Omad8AX6KODKSy1xvgmESA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4lf8Omad8AX6KODKSy1xvgmESA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b2:30:4d:fe:1f:93:4c:62:45:95:42:3f:65:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f895ff0e99a77c017e8a383292cb5c6f8261120
        Validity
            Not Before: Jan  1 16:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e16f766f7241a99de542601aa0ee54e6b059dc87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:51:31:26:fc:4c:e6:fb:e0:b1:0c:25:bc:d8:
                    0e:4b:f5:19:fe:c2:9f:37:26:9a:ec:96:9c:26:50:
                    c0:54:31:f6:46:12:fa:45:a2:0f:ad:2b:41:af:8f:
                    4d:39:c7:a1:e2:0e:73:fa:a7:70:a6:b1:c6:90:89:
                    ea:f4:ce:f3:b1:35:3d:5a:56:9b:22:71:43:df:b9:
                    43:0d:9f:e3:6a:fd:5a:95:53:36:ff:d2:99:91:ba:
                    da:68:1a:64:75:8a:57:c3:9d:82:09:1b:48:02:9f:
                    76:66:b9:4c:17:8e:f1:f1:6c:9d:a3:fd:62:50:0d:
                    84:a2:98:d7:51:72:d4:77:16:3e:7e:c7:65:5e:66:
                    41:6a:43:d9:ad:45:bc:f3:5c:7b:3f:85:cf:2d:0b:
                    a3:b2:b1:d4:d1:45:9c:55:c2:18:a9:32:93:5b:73:
                    96:59:32:bd:b6:1c:4b:56:fc:40:39:72:ca:cc:37:
                    80:dd:f4:e7:92:ad:49:79:33:e8:f7:0a:f6:7a:1b:
                    ff:8b:4d:72:ce:59:d4:06:95:b6:7f:68:3f:32:c2:
                    68:90:3e:15:37:ed:1c:51:67:e4:9d:38:12:0e:4b:
                    9a:7a:76:23:81:0d:dd:07:f4:21:37:a1:15:e3:85:
                    49:26:34:f9:99:7f:e1:ae:73:af:b4:1d:5c:45:dd:
                    bf:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6F:76:6F:72:41:A9:9D:E5:42:60:1A:A0:EE:54:E6:B0:59:DC:87
            X509v3 Authority Key Identifier:
                keyid:4F:89:5F:F0:E9:9A:77:C0:17:E8:A3:83:29:2C:B5:C6:F8:26:11:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4lf8Omad8AX6KODKSy1xvgmESA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3328da-aa4e-445b-9da9-d053745c2acc/1/4W92b3JBqZ3lQmAaoO5U5rBZ3Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3328da-aa4e-445b-9da9-d053745c2acc/1/T4lf8Omad8AX6KODKSy1xvgmESA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.156.0/24
                IPv6:
                  2a00:d0c0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:a0:cd:78:44:47:6b:ab:73:73:cf:7f:f3:7e:57:0a:0e:3f:
         51:13:49:27:a2:92:1f:05:e1:84:e3:c8:9d:c4:8a:1e:3b:5b:
         4a:ed:14:52:cf:36:ef:bf:69:a3:51:d9:f3:58:57:ed:ba:16:
         6e:c6:6b:39:ba:e8:6e:ce:1f:da:06:39:a9:03:67:85:97:24:
         17:cf:2a:7f:67:c9:eb:d7:04:6b:99:cc:bb:44:2a:c8:8e:4c:
         19:d8:e3:bd:a5:99:9e:39:d8:a4:f3:34:93:a2:ac:ab:fb:0d:
         aa:75:6b:de:7f:d5:17:fe:52:bd:7d:ba:28:9d:ed:0c:60:a9:
         9b:bc:55:e3:06:79:eb:c9:76:cb:7a:6c:75:a8:70:25:d7:d5:
         6e:b7:b4:a4:3f:0a:f1:8b:44:97:a2:47:0a:50:99:72:01:a0:
         94:56:4b:9d:3c:cd:ee:7d:aa:0e:f0:72:3b:bd:01:31:de:44:
         da:1a:f6:fc:78:03:2e:7f:6c:b9:e8:4d:df:a2:42:a2:64:3f:
         a3:3c:9a:d3:01:3b:07:3d:82:a3:a4:bc:34:84:c3:02:39:03:
         1a:17:70:97:cc:4c:e9:47:76:11:7b:c2:04:7b:53:1e:d0:9b:
         eb:4c:7a:35:bc:6f:4c:57:ca:16:c8:3a:31:d8:86:d5:70:ee:
         eb:7d:60:63
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3LIwTf4fk0xiRZVCP2UrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmODk1ZmYwZTk5YTc3YzAxN2U4YTM4MzI5MmNiNWM2Zjgy
NjExMjAwHhcNMjQwMTAxMTYzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZmNzY2ZjcyNDFhOTlkZTU0MjYwMWFhMGVlNTRlNmIwNTlkYzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1ExJvxM5vvgsQwlvNgOS/UZ/sKf
Nyaa7JacJlDAVDH2RhL6RaIPrStBr49NOceh4g5z+qdwprHGkInq9M7zsTU9Wlab
InFD37lDDZ/jav1alVM2/9KZkbraaBpkdYpXw52CCRtIAp92ZrlMF47x8Wydo/1i
UA2EopjXUXLUdxY+fsdlXmZBakPZrUW881x7P4XPLQujsrHU0UWcVcIYqTKTW3OW
WTK9thxLVvxAOXLKzDeA3fTnkq1JeTPo9wr2ehv/i01yzlnUBpW2f2g/MsJokD4V
N+0cUWfknTgSDkuaenYjgQ3dB/QhN6EV44VJJjT5mX/hrnOvtB1cRd2/PwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOFvdm9yQamd5UJgGqDuVOawWdyHMB8GA1UdIwQY
MBaAFE+JX/DpmnfAF+ijgykstcb4JhEgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRsZjhPbWFkOEFYNktPREtTeTF4dmdtRVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zMzI4ZGEtYWE0ZS00NDViLTlkYTkt
ZDA1Mzc0NWMyYWNjLzEvNFc5MmIzSkJxWjNsUW1BYW9PNVU1ckJaM0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zMzI4ZGEtYWE0ZS00NDViLTlkYTktZDA1Mzc0NWMyYWNj
LzEvVDRsZjhPbWFkOEFYNktPREtTeTF4dmdtRVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuRqcMA8E
AgACMAkDBwAqANDAAgAwDQYJKoZIhvcNAQELBQADggEBAA+gzXhER2urc3PPf/N+
VwoOP1ETSSeikh8F4YTjyJ3Eih47W0rtFFLPNu+/aaNR2fNYV+26Fm7Gazm66G7O
H9oGOakDZ4WXJBfPKn9nyevXBGuZzLtEKsiOTBnY472lmZ452KTzNJOirKv7Dap1
a95/1Rf+Ur19uiid7QxgqZu8VeMGeevJdst6bHWocCXX1W63tKQ/CvGLRJeiRwpQ
mXIBoJRWS508ze59qg7wcju9ATHeRNoa9vx4Ay5/bLnoTd+iQqJkP6M8mtMBOwc9
gqOkvDSEwwI5AxoXcJfMTOlHdhF7wgR7Ux7Qm+tMejW8b0xXyhbIOjHYhtVw7ut9
YGM=
-----END CERTIFICATE-----