Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/lOWhuT2wspOqsmJ_3czX6YnzIs0.roa
File:                     lOWhuT2wspOqsmJ_3czX6YnzIs0.roa (raw, json)
Hash identifier:          wjDvnQpmU3pgt2OwVbvOIPlgADN0CFCx0ieS1pnOiBU=
Subject key identifier:   94:E5:A1:B9:3D:B0:B2:93:AA:B2:62:7F:DD:CC:D7:E9:89:F3:22:CD
Certificate issuer:       /CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
Certificate serial:       018E3C3B5517AE2F7C56951E247C20C4A511
Authority key identifier: E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/lOWhuT2wspOqsmJ_3czX6YnzIs0.roa
Signing time:             Thu 14 Mar 2024 09:11:45 +0000
ROA not before:           Thu 14 Mar 2024 09:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.138.144.0/22 maxlen: 24
                          2a07:ec0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:3b:55:17:ae:2f:7c:56:95:1e:24:7c:20:c4:a5:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
        Validity
            Not Before: Mar 14 09:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94e5a1b93db0b293aab2627fddccd7e989f322cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fd:f7:5d:12:0a:5e:ae:bb:6e:47:f2:2f:a5:
                    5c:e2:9d:b8:81:0c:21:08:8b:91:67:70:a2:26:67:
                    b0:04:85:ec:c1:4c:f3:7b:24:14:5c:7f:40:0c:7b:
                    ef:29:fc:8e:1f:b4:cc:98:70:d2:87:4f:11:5b:36:
                    a3:18:eb:1b:e8:6f:d1:e0:b0:15:b6:d8:58:6a:16:
                    91:cb:92:6a:3c:0a:44:44:ff:72:a9:55:c8:c2:a4:
                    67:f4:0c:51:4d:fc:b5:f1:ea:a5:4d:42:3f:81:31:
                    e6:bd:71:04:d9:d7:7a:d3:2e:70:0d:6c:29:67:70:
                    90:f9:90:04:9a:a3:c0:80:80:e5:ec:cf:c0:2e:5d:
                    f9:b3:b0:c9:bd:1c:93:46:48:e2:fb:86:b2:a2:69:
                    7c:b7:f0:fa:27:ae:4a:b6:1b:f5:dd:54:77:2a:7a:
                    7d:97:84:41:24:03:8e:ae:ba:97:70:1c:96:4e:1b:
                    6f:44:80:3d:bf:ae:3b:d5:18:2d:a3:33:07:58:0c:
                    b5:63:9c:2f:f2:00:66:09:92:20:06:e0:e6:6d:08:
                    83:fd:e3:80:a6:8c:d5:ba:1d:cc:b5:ae:51:2b:eb:
                    65:f0:78:0c:b4:89:83:39:d3:74:e0:ea:5c:88:85:
                    11:16:fc:80:84:c1:30:b0:e2:ef:33:8b:de:84:02:
                    08:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E5:A1:B9:3D:B0:B2:93:AA:B2:62:7F:DD:CC:D7:E9:89:F3:22:CD
            X509v3 Authority Key Identifier:
                keyid:E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/lOWhuT2wspOqsmJ_3czX6YnzIs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.144.0/22
                IPv6:
                  2a07:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:b7:3f:d4:94:30:46:6e:c4:af:1e:a7:ed:5d:04:3b:1e:46:
         e7:c7:47:b7:d3:05:53:3f:28:f8:c5:4b:f0:eb:2a:19:30:a9:
         3b:78:c6:da:a8:bb:e4:bb:80:b0:4e:27:d4:cd:f1:17:ff:93:
         76:a0:b8:31:e6:8a:29:ef:5a:4b:13:54:b4:2d:ba:32:86:d7:
         1c:22:74:b2:3c:e7:eb:fb:36:7f:87:42:08:75:ed:f9:5a:f4:
         45:bb:e5:a5:72:9f:89:97:5c:82:c4:c4:17:eb:92:2d:b3:c7:
         b5:05:d1:1f:ea:ec:b2:ae:2e:b7:d8:b5:73:3b:01:7f:21:56:
         e6:49:fd:0e:0b:2f:54:e1:79:92:cb:9f:51:88:88:b3:e5:8c:
         21:73:11:b8:46:60:7f:cc:a2:ce:e1:cc:fe:1b:e5:ad:59:a0:
         5a:a4:53:d7:12:ea:89:4d:71:18:5c:ca:76:a6:7b:e7:f9:ef:
         a7:1b:85:12:bc:45:21:58:5a:8d:1b:a5:29:9f:52:ec:0f:0a:
         ec:ff:b2:02:b9:d1:18:13:36:09:d1:90:27:0b:25:9d:4d:43:
         47:b3:59:1a:be:68:79:9a:7a:56:e1:89:b6:be:ac:cb:a1:e1:
         fc:1b:8b:fe:f2:d6:ea:32:05:ed:15:5c:24:88:2c:50:5b:f7:
         44:65:7b:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY48O1UXri98VpUeJHwgxKURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMmQ3ZWFlMjFkOGJhZWU5ZGU2OTQwZDhjZTZiMjlkOTJh
OTAzMWUwHhcNMjQwMzE0MDkxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGU1YTFiOTNkYjBiMjkzYWFiMjYyN2ZkZGNjZDdlOTg5ZjMyMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP33XRIKXq67bkfyL6Vc4p24gQwh
CIuRZ3CiJmewBIXswUzzeyQUXH9ADHvvKfyOH7TMmHDSh08RWzajGOsb6G/R4LAV
tthYahaRy5JqPApERP9yqVXIwqRn9AxRTfy18eqlTUI/gTHmvXEE2dd60y5wDWwp
Z3CQ+ZAEmqPAgIDl7M/ALl35s7DJvRyTRkji+4ayoml8t/D6J65Kthv13VR3Knp9
l4RBJAOOrrqXcByWThtvRIA9v6471RgtozMHWAy1Y5wv8gBmCZIgBuDmbQiD/eOA
pozVuh3Mta5RK+tl8HgMtImDOdN04OpciIURFvyAhMEwsOLvM4vehAIIwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJTlobk9sLKTqrJif93M1+mJ8yLNMB8GA1UdIwQY
MBaAFOItfq4h2LruneaUDYzmsp2SqQMeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQt
Mzg3NTM2ZDAzYTcxLzEvbE9XaHVUMndzcE9xc21KXzNjelg2WW56SXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQtMzg3NTM2ZDAzYTcx
LzEvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYqQMA0E
AgACMAcDBQMqBw7AMA0GCSqGSIb3DQEBCwUAA4IBAQB+tz/UlDBGbsSvHqftXQQ7
Hkbnx0e30wVTPyj4xUvw6yoZMKk7eMbaqLvku4CwTifUzfEX/5N2oLgx5oop71pL
E1S0LboyhtccInSyPOfr+zZ/h0IIde35WvRFu+Wlcp+Jl1yCxMQX65Its8e1BdEf
6uyyri632LVzOwF/IVbmSf0OCy9U4XmSy59RiIiz5YwhcxG4RmB/zKLO4cz+G+Wt
WaBapFPXEuqJTXEYXMp2pnvn+e+nG4USvEUhWFqNG6Upn1LsDwrs/7ICudEYEzYJ
0ZAnCyWdTUNHs1kavmh5mnpW4Ym2vqzLoeH8G4v+8tbqMgXtFVwkiCxQW/dEZXv9
-----END CERTIFICATE-----