Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/w9hQFO30SgC_zoE8OFshkEWATeA.roa
File:                     w9hQFO30SgC_zoE8OFshkEWATeA.roa (raw, json)
Hash identifier:          yIzcrPMZtZc73u6qMZhZ/zFpL/v/lTyIdruKxHZA4D8=
Subject key identifier:   C3:D8:50:14:ED:F4:4A:00:BF:CE:81:3C:38:5B:21:90:45:80:4D:E0
Certificate issuer:       /CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
Certificate serial:       018E4C61DAAB24FA010B59C58EBF81048F4F
Authority key identifier: A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/w9hQFO30SgC_zoE8OFshkEWATeA.roa
Signing time:             Sun 17 Mar 2024 12:27:45 +0000
ROA not before:           Sun 17 Mar 2024 12:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44275
IP address blocks:        185.169.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4c:61:da:ab:24:fa:01:0b:59:c5:8e:bf:81:04:8f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b666cb0e5496116eb7ae6714d9055309ba69ac
        Validity
            Not Before: Mar 17 12:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3d85014edf44a00bfce813c385b219045804de0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:36:63:22:df:e4:d7:10:4d:70:9e:e0:6f:82:
                    a1:9c:00:43:b6:ed:b2:3a:7d:ca:81:c8:2a:65:6b:
                    14:11:ac:41:74:89:6c:57:4a:eb:1e:e1:59:9f:a9:
                    5a:3a:2a:b7:49:3e:a1:73:4e:07:04:8d:f0:9b:9e:
                    a9:a3:40:09:91:cc:fa:43:f7:7e:b9:b8:5b:ff:84:
                    df:01:10:ba:34:2d:21:38:ed:49:7a:ca:e4:12:1b:
                    27:1e:b9:ec:14:66:49:6f:c2:fd:f2:7a:0e:6c:97:
                    88:17:4a:cd:cf:35:37:6f:22:a6:4a:7a:80:9e:da:
                    11:a3:a0:10:27:9a:e2:bb:e7:8f:ec:98:88:14:b3:
                    26:76:c5:47:b3:52:09:1f:93:ed:22:f8:19:01:80:
                    58:df:59:48:dd:59:f1:cd:1c:aa:94:b9:34:a7:40:
                    df:0a:c4:e7:35:16:b3:0e:34:e3:ac:61:c6:8a:12:
                    4e:f8:b4:f8:d4:29:33:a8:0b:4e:62:7b:d9:8c:41:
                    a1:29:48:32:a9:03:16:4d:bf:86:68:7e:67:62:d4:
                    51:a6:02:e4:63:68:b5:2b:be:97:0a:e2:64:82:02:
                    33:6d:3a:d4:da:ca:f2:b4:68:9c:be:de:09:27:8d:
                    7a:20:e0:71:23:ba:94:65:6a:df:0a:d0:d0:2e:ab:
                    4c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D8:50:14:ED:F4:4A:00:BF:CE:81:3C:38:5B:21:90:45:80:4D:E0
            X509v3 Authority Key Identifier:
                keyid:A4:B6:66:CB:0E:54:96:11:6E:B7:AE:67:14:D9:05:53:09:BA:69:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLZmyw5UlhFut65nFNkFUwm6aaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/w9hQFO30SgC_zoE8OFshkEWATeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f74280-cc6d-41c1-858a-b5368330baf2/1/pLZmyw5UlhFut65nFNkFUwm6aaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:b0:8d:b7:ae:95:d9:ca:b2:37:a0:08:40:9b:bf:e7:76:5b:
         57:07:d4:ab:64:4d:6b:ac:af:91:c1:a1:9b:8d:53:1e:6f:32:
         ae:b4:27:68:24:d4:e6:44:60:bd:a7:18:5d:34:ef:0f:43:ad:
         b0:6b:53:7f:de:e8:36:7a:d5:01:12:ee:5f:ac:f9:b1:5d:97:
         46:b0:a3:c2:1e:82:21:ca:6f:ad:0a:b2:96:5d:d8:7c:13:fb:
         fa:19:51:ff:24:82:88:77:cc:69:8a:3d:a6:8d:a0:f8:f6:e4:
         09:f6:f3:31:0b:d2:05:3b:31:ab:4f:41:88:1f:ec:cd:2c:23:
         ee:fd:81:6f:dd:0f:f2:71:fd:9e:d5:89:3a:08:28:9e:e5:2c:
         c8:cb:bf:b7:fe:0d:0d:c3:6c:42:17:db:31:c0:53:d8:4b:d0:
         8d:d9:fd:90:8b:51:31:a0:e1:26:52:b9:77:f8:5f:d6:84:c9:
         d7:e4:38:8f:99:50:f9:7d:41:95:83:7f:76:23:4b:f5:55:bf:
         72:14:b5:d6:e7:5b:2e:17:68:cc:e3:72:56:9b:19:ea:52:ba:
         13:af:62:b0:63:65:10:35:f2:69:19:b2:6f:ff:aa:af:08:02:
         fc:b7:25:09:0e:56:9c:a5:24:ce:e5:6c:17:79:1f:ff:57:ab:
         da:0c:7c:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5MYdqrJPoBC1nFjr+BBI9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjY2NmNiMGU1NDk2MTE2ZWI3YWU2NzE0ZDkwNTUzMDli
YTY5YWMwHhcNMjQwMzE3MTIyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q4NTAxNGVkZjQ0YTAwYmZjZTgxM2MzODViMjE5MDQ1ODA0ZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzZjIt/k1xBNcJ7gb4KhnABDtu2y
On3KgcgqZWsUEaxBdIlsV0rrHuFZn6laOiq3ST6hc04HBI3wm56po0AJkcz6Q/d+
ubhb/4TfARC6NC0hOO1JesrkEhsnHrnsFGZJb8L98noObJeIF0rNzzU3byKmSnqA
ntoRo6AQJ5riu+eP7JiIFLMmdsVHs1IJH5PtIvgZAYBY31lI3VnxzRyqlLk0p0Df
CsTnNRazDjTjrGHGihJO+LT41CkzqAtOYnvZjEGhKUgyqQMWTb+GaH5nYtRRpgLk
Y2i1K76XCuJkggIzbTrU2srytGicvt4JJ416IOBxI7qUZWrfCtDQLqtM5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPYUBTt9EoAv86BPDhbIZBFgE3gMB8GA1UdIwQY
MBaAFKS2ZssOVJYRbreuZxTZBVMJummsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEt
YjUzNjgzMzBiYWYyLzEvdzloUUZPMzBTZ0Nfem9FOE9Gc2hrRVdBVGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mNzQyODAtY2M2ZC00MWMxLTg1OGEtYjUzNjgzMzBiYWYy
LzEvcExabXl3NVVsaEZ1dDY1bkZOa0ZVd202YWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuam+MA0G
CSqGSIb3DQEBCwUAA4IBAQCHsI23rpXZyrI3oAhAm7/ndltXB9SrZE1rrK+RwaGb
jVMebzKutCdoJNTmRGC9pxhdNO8PQ62wa1N/3ug2etUBEu5frPmxXZdGsKPCHoIh
ym+tCrKWXdh8E/v6GVH/JIKId8xpij2mjaD49uQJ9vMxC9IFOzGrT0GIH+zNLCPu
/YFv3Q/ycf2e1Yk6CCie5SzIy7+3/g0Nw2xCF9sxwFPYS9CN2f2Qi1ExoOEmUrl3
+F/WhMnX5DiPmVD5fUGVg392I0v1Vb9yFLXW51suF2jM43JWmxnqUroTr2KwY2UQ
NfJpGbJv/6qvCAL8tyUJDlacpSTO5WwXeR//V6vaDHxE
-----END CERTIFICATE-----