Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cb53fc-7096-4594-91b1-d92785a61219/1/F4ErRxrvapvTYjpetMhUHvAhh1k.roa
File:                     F4ErRxrvapvTYjpetMhUHvAhh1k.roa (raw, json)
Hash identifier:          tmIVIapfLiVcsDn31gcOTrsPYdK6raoMZ8Dzyl+h48A=
Subject key identifier:   17:81:2B:47:1A:EF:6A:9B:D3:62:3A:5E:B4:C8:54:1E:F0:21:87:59
Certificate issuer:       /CN=3812c97dbd32195b6afa91140b5520b5e0c2c5be
Certificate serial:       018CC7953E289A7381C21CB31FA03D10C924
Authority key identifier: 38:12:C9:7D:BD:32:19:5B:6A:FA:91:14:0B:55:20:B5:E0:C2:C5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OBLJfb0yGVtq-pEUC1UgteDCxb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cb53fc-7096-4594-91b1-d92785a61219/1/F4ErRxrvapvTYjpetMhUHvAhh1k.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44322
IP address blocks:        185.83.240.0/22 maxlen: 24
                          2a05:a000::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cb53fc-7096-4594-91b1-d92785a61219/1/OBLJfb0yGVtq-pEUC1UgteDCxb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cb53fc-7096-4594-91b1-d92785a61219/1/OBLJfb0yGVtq-pEUC1UgteDCxb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OBLJfb0yGVtq-pEUC1UgteDCxb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3e:28:9a:73:81:c2:1c:b3:1f:a0:3d:10:c9:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3812c97dbd32195b6afa91140b5520b5e0c2c5be
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17812b471aef6a9bd3623a5eb4c8541ef0218759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e6:99:b3:7e:4b:0a:94:c3:07:f8:cf:9a:8b:
                    57:1f:f4:87:a1:86:9e:8c:9d:54:0c:97:96:80:70:
                    b9:13:42:2c:6f:bd:97:37:3f:a4:19:21:d1:35:0c:
                    df:92:ab:57:a0:2b:09:41:6d:86:23:c1:6a:8f:1f:
                    64:99:28:42:26:8b:ab:8c:d5:e3:96:75:c7:41:08:
                    16:88:46:52:c7:47:85:44:6d:18:23:3d:fd:fc:b8:
                    a5:6d:66:4f:57:be:aa:71:17:a4:e0:85:27:25:18:
                    0b:fb:68:96:96:5f:5d:95:62:11:e8:e7:33:b3:57:
                    29:42:52:07:1e:7a:ac:67:28:f1:03:a8:52:97:a4:
                    65:5a:32:60:2a:32:41:ea:39:18:4f:d8:76:40:52:
                    d3:ea:4e:96:1d:15:93:36:8d:a0:3c:c2:d7:86:6b:
                    e3:e0:7f:d8:36:e1:b7:04:4f:17:6f:69:dc:b6:23:
                    56:f2:1f:ea:04:13:fa:0b:3a:c4:6c:71:51:d7:54:
                    4f:51:39:c0:7e:30:63:59:74:c7:21:ee:b9:ff:7f:
                    3f:c0:cb:bf:02:e5:fc:01:9c:ea:81:66:8f:1e:58:
                    6e:f2:87:5e:15:cc:93:2c:bc:ce:ce:0a:d0:12:e5:
                    48:4b:4c:ee:11:fa:23:9d:8d:6e:a1:89:11:5e:c5:
                    32:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:81:2B:47:1A:EF:6A:9B:D3:62:3A:5E:B4:C8:54:1E:F0:21:87:59
            X509v3 Authority Key Identifier:
                keyid:38:12:C9:7D:BD:32:19:5B:6A:FA:91:14:0B:55:20:B5:E0:C2:C5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OBLJfb0yGVtq-pEUC1UgteDCxb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cb53fc-7096-4594-91b1-d92785a61219/1/F4ErRxrvapvTYjpetMhUHvAhh1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cb53fc-7096-4594-91b1-d92785a61219/1/OBLJfb0yGVtq-pEUC1UgteDCxb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.240.0/22
                IPv6:
                  2a05:a000::/29

    Signature Algorithm: sha256WithRSAEncryption
         a8:83:8e:11:ba:49:0a:8e:98:aa:6f:4b:39:32:fc:c0:3a:49:
         83:24:97:b6:90:71:e4:98:d5:2d:f9:50:4a:4f:23:58:85:02:
         6a:38:74:ab:c5:ad:f4:53:df:44:9a:b8:b0:2c:76:a8:20:1b:
         9b:19:a6:7e:f0:19:73:bd:a8:fa:4b:2c:95:fe:44:66:36:a2:
         1d:15:6f:cd:55:d3:ad:77:47:df:d9:ae:87:d6:34:d1:de:89:
         aa:f1:e5:08:15:8c:ef:65:ca:93:56:3a:17:58:e9:11:af:02:
         56:2a:c4:9c:12:63:3f:73:e5:66:d5:45:91:63:b5:98:5a:f4:
         eb:6b:af:bc:c4:c0:27:6c:71:a1:18:d2:1b:79:aa:91:4b:46:
         cd:92:8b:4f:80:a9:6e:eb:ca:80:c6:fa:22:5d:cc:29:1e:68:
         1a:94:ea:a5:bf:2c:14:e6:d4:2a:25:e7:2c:5e:aa:c9:53:c7:
         3b:6c:d1:25:2b:4f:e0:e9:f3:e8:df:1a:df:41:c2:13:7d:6b:
         3b:ca:20:1b:9b:e6:8f:68:a3:50:ac:54:2e:87:86:ea:09:3d:
         08:73:cc:e0:9d:06:48:bb:e1:6a:88:5e:29:72:e8:c7:8f:a2:
         9a:62:a7:3a:17:a7:d7:66:57:be:d7:8f:b6:4f:7e:51:13:d9:
         e0:40:e6:56
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlT4omnOBwhyzH6A9EMkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MTJjOTdkYmQzMjE5NWI2YWZhOTExNDBiNTUyMGI1ZTBj
MmM1YmUwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzgxMmI0NzFhZWY2YTliZDM2MjNhNWViNGM4NTQxZWYwMjE4NzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguaZs35LCpTDB/jPmotXH/SHoYae
jJ1UDJeWgHC5E0Isb72XNz+kGSHRNQzfkqtXoCsJQW2GI8Fqjx9kmShCJourjNXj
lnXHQQgWiEZSx0eFRG0YIz39/LilbWZPV76qcRek4IUnJRgL+2iWll9dlWIR6Ocz
s1cpQlIHHnqsZyjxA6hSl6RlWjJgKjJB6jkYT9h2QFLT6k6WHRWTNo2gPMLXhmvj
4H/YNuG3BE8Xb2nctiNW8h/qBBP6CzrEbHFR11RPUTnAfjBjWXTHIe65/38/wMu/
AuX8AZzqgWaPHlhu8odeFcyTLLzOzgrQEuVIS0zuEfojnY1uoYkRXsUy9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBeBK0ca72qb02I6XrTIVB7wIYdZMB8GA1UdIwQY
MBaAFDgSyX29MhlbavqRFAtVILXgwsW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0JMSmZiMHlHVnRxLXBFVUMxVWd0ZURDeGI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jYjUzZmMtNzA5Ni00NTk0LTkxYjEt
ZDkyNzg1YTYxMjE5LzEvRjRFclJ4cnZhcHZUWWpwZXRNaFVIdkFoaDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jYjUzZmMtNzA5Ni00NTk0LTkxYjEtZDkyNzg1YTYxMjE5
LzEvT0JMSmZiMHlHVnRxLXBFVUMxVWd0ZURDeGI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVPwMA0E
AgACMAcDBQMqBaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCog44RukkKjpiqb0s5MvzA
OkmDJJe2kHHkmNUt+VBKTyNYhQJqOHSrxa30U99EmriwLHaoIBubGaZ+8Blzvaj6
SyyV/kRmNqIdFW/NVdOtd0ff2a6H1jTR3omq8eUIFYzvZcqTVjoXWOkRrwJWKsSc
EmM/c+Vm1UWRY7WYWvTra6+8xMAnbHGhGNIbeaqRS0bNkotPgKlu68qAxvoiXcwp
HmgalOqlvywU5tQqJecsXqrJU8c7bNElK0/g6fPo3xrfQcITfWs7yiAbm+aPaKNQ
rFQuh4bqCT0Ic8zgnQZIu+FqiF4pcujHj6KaYqc6F6fXZle+14+2T35RE9ngQOZW
-----END CERTIFICATE-----