Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/h1HXoXeXgh4-C1qt-68wYZac9Yw.roa
File:                     h1HXoXeXgh4-C1qt-68wYZac9Yw.roa (raw, json)
Hash identifier:          Afh/pQ9Nh5SMiDBzfCRxpgodnqjYLz6W3d+MAuVtEH0=
Subject key identifier:   87:51:D7:A1:77:97:82:1E:3E:0B:5A:AD:FB:AF:30:61:96:9C:F5:8C
Certificate issuer:       /CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
Certificate serial:       018E3C3B54C203EB85399931AE4D6CBE09A1
Authority key identifier: E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/h1HXoXeXgh4-C1qt-68wYZac9Yw.roa
Signing time:             Thu 14 Mar 2024 09:11:44 +0000
ROA not before:           Thu 14 Mar 2024 09:11:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.138.144.0/22 maxlen: 24
                          2a07:ec0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:3b:54:c2:03:eb:85:39:99:31:ae:4d:6c:be:09:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
        Validity
            Not Before: Mar 14 09:11:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8751d7a17797821e3e0b5aadfbaf3061969cf58c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9f:61:ae:e6:56:5a:38:a9:27:bb:62:ca:4b:
                    7a:4d:48:e4:e7:06:62:1f:1d:cb:95:f3:d0:2a:98:
                    1c:03:df:8d:6e:9b:09:68:b8:41:3b:c9:5b:9b:3b:
                    91:a1:f8:cf:93:1e:fa:c7:f9:7c:70:46:d0:9f:2d:
                    cd:d3:5c:2b:38:35:e6:5e:b3:8a:aa:81:83:c2:66:
                    bc:0f:e3:5b:91:ed:cf:71:69:65:8e:dc:d3:37:9d:
                    3c:9b:e1:4b:74:97:7c:4f:0d:04:0b:23:79:5a:95:
                    44:a5:b2:f3:4c:d0:9a:37:ee:b9:52:6a:02:3f:c4:
                    f0:01:35:a9:c6:dd:c4:da:e6:de:04:05:7a:7a:d0:
                    27:fd:d9:94:f7:32:e4:d1:d9:46:89:4a:09:90:7c:
                    32:f4:e1:ae:30:5b:46:87:0c:34:79:a2:b9:f2:46:
                    24:cf:e0:20:4f:fe:51:7f:bb:50:0c:9a:f3:ef:65:
                    46:b5:ab:88:de:3f:39:8e:1e:fc:d1:52:83:3d:ce:
                    56:f8:e2:c3:7c:f3:97:ad:b6:67:06:f1:75:16:58:
                    bb:10:17:37:8c:cf:2c:5b:8a:eb:20:ce:de:10:0d:
                    89:e5:fa:0c:97:c5:95:0a:69:08:16:17:8f:4b:04:
                    3a:9c:34:65:40:f6:81:f3:a7:83:ca:d1:bd:c8:bb:
                    9e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:51:D7:A1:77:97:82:1E:3E:0B:5A:AD:FB:AF:30:61:96:9C:F5:8C
            X509v3 Authority Key Identifier:
                keyid:E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/h1HXoXeXgh4-C1qt-68wYZac9Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.144.0/22
                IPv6:
                  2a07:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:bf:2c:c9:c7:60:95:11:3c:c3:d2:b6:3f:cc:37:1a:7f:5b:
         72:f9:5f:af:4c:7e:f7:52:9c:b9:24:b9:c9:a9:2c:19:ff:d0:
         96:a8:f5:ed:0f:d8:6f:82:87:79:51:93:6b:f4:e9:04:1b:97:
         c0:bc:b0:fa:65:51:30:f5:ce:10:43:67:9e:65:d7:85:28:3d:
         d9:6a:b0:c2:44:17:cc:40:0c:a4:52:0a:bf:77:48:ca:46:6e:
         1f:94:2b:8d:34:e1:da:0d:3c:4b:1d:4e:f6:ec:40:9d:ba:d2:
         be:5b:c7:22:41:aa:3b:56:cc:dd:d9:af:dd:e5:14:1c:02:28:
         24:9a:69:8e:b6:1b:8d:36:76:68:95:0a:76:0b:22:5c:dc:8d:
         54:78:e5:26:15:ec:18:47:f6:3c:62:3f:69:89:5f:5a:f3:2c:
         6e:63:4e:17:4a:77:cb:89:f2:f4:71:28:d7:a1:a4:9e:41:01:
         e8:29:da:1a:d5:a7:74:7b:70:0a:e3:23:6d:43:a5:41:20:6c:
         d9:8a:2c:50:f5:bd:13:08:4e:a3:68:74:b3:2c:a2:38:0f:1f:
         cd:78:9a:af:18:7b:ad:1e:cc:4e:88:c8:39:d5:53:dd:28:74:
         45:55:fe:cb:5c:a6:38:9b:c7:fb:7e:76:12:0f:70:c5:4d:c4:
         5b:d8:88:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY48O1TCA+uFOZkxrk1svgmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMmQ3ZWFlMjFkOGJhZWU5ZGU2OTQwZDhjZTZiMjlkOTJh
OTAzMWUwHhcNMjQwMzE0MDkxMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzUxZDdhMTc3OTc4MjFlM2UwYjVhYWRmYmFmMzA2MTk2OWNmNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj59hruZWWjipJ7tiykt6TUjk5wZi
Hx3LlfPQKpgcA9+NbpsJaLhBO8lbmzuRofjPkx76x/l8cEbQny3N01wrODXmXrOK
qoGDwma8D+Nbke3PcWlljtzTN508m+FLdJd8Tw0ECyN5WpVEpbLzTNCaN+65UmoC
P8TwATWpxt3E2ubeBAV6etAn/dmU9zLk0dlGiUoJkHwy9OGuMFtGhww0eaK58kYk
z+AgT/5Rf7tQDJrz72VGtauI3j85jh780VKDPc5W+OLDfPOXrbZnBvF1Fli7EBc3
jM8sW4rrIM7eEA2J5foMl8WVCmkIFhePSwQ6nDRlQPaB86eDytG9yLuedwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIdR16F3l4IePgtarfuvMGGWnPWMMB8GA1UdIwQY
MBaAFOItfq4h2LruneaUDYzmsp2SqQMeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQt
Mzg3NTM2ZDAzYTcxLzEvaDFIWG9YZVhnaDQtQzFxdC02OHdZWmFjOVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQtMzg3NTM2ZDAzYTcx
LzEvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYqQMA0E
AgACMAcDBQMqBw7AMA0GCSqGSIb3DQEBCwUAA4IBAQBNvyzJx2CVETzD0rY/zDca
f1ty+V+vTH73Upy5JLnJqSwZ/9CWqPXtD9hvgod5UZNr9OkEG5fAvLD6ZVEw9c4Q
Q2eeZdeFKD3ZarDCRBfMQAykUgq/d0jKRm4flCuNNOHaDTxLHU727ECdutK+W8ci
Qao7Vszd2a/d5RQcAigkmmmOthuNNnZolQp2CyJc3I1UeOUmFewYR/Y8Yj9piV9a
8yxuY04XSnfLifL0cSjXoaSeQQHoKdoa1ad0e3AK4yNtQ6VBIGzZiixQ9b0TCE6j
aHSzLKI4Dx/NeJqvGHutHsxOiMg51VPdKHRFVf7LXKY4m8f7fnYSD3DFTcRb2Ihy
-----END CERTIFICATE-----