Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/4qBD8BCWoM3qZiqdrjR2yla4Bog.roa
File:                     4qBD8BCWoM3qZiqdrjR2yla4Bog.roa (raw, json)
Hash identifier:          NHI2UXRzgnpfHSiJzK5/HjIaV/sFV36KERfsNOmhjEc=
Subject key identifier:   E2:A0:43:F0:10:96:A0:CD:EA:66:2A:9D:AE:34:76:CA:56:B8:06:88
Certificate issuer:       /CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
Certificate serial:       018CC79560916ADEBE51920902560CF3C303
Authority key identifier: AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/4qBD8BCWoM3qZiqdrjR2yla4Bog.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206478
IP address blocks:        185.174.32.0/22 maxlen: 22
                          195.225.200.0/22 maxlen: 22
                          2a10:4140::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:60:91:6a:de:be:51:92:09:02:56:0c:f3:c3:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2a043f01096a0cdea662a9dae3476ca56b80688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:0a:a9:09:64:de:e5:a8:9e:34:60:a1:09:
                    2c:08:e8:d7:b8:8f:81:17:f6:87:ec:95:bc:44:4d:
                    1e:13:3e:69:85:de:44:ec:18:a4:7c:ba:44:c7:e3:
                    73:53:80:64:36:ad:27:f4:78:32:6a:c1:4b:5b:a2:
                    c2:87:c1:e6:7e:53:2b:0e:9c:06:96:1b:76:8e:79:
                    4b:59:1b:00:3d:7c:b1:6f:b0:ad:1d:08:ef:55:26:
                    e6:ea:b4:9d:6c:54:88:b5:59:63:01:9e:27:40:1b:
                    b7:31:fa:39:1e:18:8c:0d:0e:cb:d6:3d:f6:7a:3c:
                    12:02:58:f8:f9:08:4e:d0:3f:1a:8b:d3:2f:1d:fb:
                    a8:f4:19:08:79:ae:b3:f6:f0:67:7b:82:e0:0e:62:
                    63:ac:71:24:e9:72:1a:e1:28:1e:f7:51:cf:73:2a:
                    85:24:7c:1e:31:6b:7a:6f:9e:04:11:9d:39:c8:68:
                    7d:d3:3d:6b:c3:d9:1c:b0:f9:29:b6:c2:62:d5:99:
                    8f:4f:cf:43:d7:4a:92:a1:31:21:40:92:f1:32:4f:
                    c1:63:10:4f:0e:9d:19:09:a0:e8:42:e0:db:06:06:
                    50:6a:d1:0b:c9:ab:bb:fa:39:f6:67:3d:52:69:62:
                    ca:24:8d:3b:94:1d:ce:00:00:c9:1f:49:1d:68:7f:
                    9d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A0:43:F0:10:96:A0:CD:EA:66:2A:9D:AE:34:76:CA:56:B8:06:88
            X509v3 Authority Key Identifier:
                keyid:AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/4qBD8BCWoM3qZiqdrjR2yla4Bog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.32.0/22
                  195.225.200.0/22
                IPv6:
                  2a10:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:8c:c5:c8:96:98:4f:3a:90:28:d6:09:29:6a:87:74:5d:49:
         dd:ca:36:14:b7:a2:9f:ad:fc:2a:82:71:06:7c:f4:33:ec:94:
         2d:ab:f8:bf:3d:4e:24:35:0f:81:74:94:66:32:57:b8:2e:f1:
         54:13:5a:12:a8:dc:54:47:68:a7:ce:63:37:9c:e6:88:d8:53:
         23:24:7d:e3:03:af:fa:67:aa:3d:81:5b:75:ee:61:77:9c:97:
         80:82:66:89:a7:ce:a7:57:71:85:bb:9b:11:07:90:c5:ac:22:
         fb:08:f0:e9:de:b2:d8:b7:2e:76:b1:5a:f7:e7:04:66:9f:3f:
         31:f9:24:69:81:cb:09:c4:b0:4e:d6:05:15:cc:98:ac:80:0d:
         da:1b:f9:c5:16:4f:26:56:bf:93:35:cc:c3:e1:27:5b:6a:28:
         b2:f2:ac:36:74:a0:64:74:cc:cb:9a:3c:cf:34:f0:3e:4b:81:
         df:17:4a:af:83:6f:16:84:8b:46:7e:c2:8e:2c:5e:95:1b:a7:
         00:23:ce:d1:57:b2:9c:1d:90:b0:9a:1d:9a:a9:81:5a:87:bf:
         dc:6c:7f:13:4c:df:84:31:80:c2:dc:82:6e:d5:50:85:27:21:
         12:80:09:c3:23:61:b4:08:44:09:41:13:8c:fb:59:3e:d0:57:
         0c:cb:c9:7b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlWCRat6+UZIJAlYM88MDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzU3NWNhZmEwMGJjNDFkNTdjNDk0YWMxZjVkYmNmZWU3
ODMzMmUwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmEwNDNmMDEwOTZhMGNkZWE2NjJhOWRhZTM0NzZjYTU2YjgwNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl30KqQlk3uWonjRgoQksCOjXuI+B
F/aH7JW8RE0eEz5phd5E7BikfLpEx+NzU4BkNq0n9HgyasFLW6LCh8HmflMrDpwG
lht2jnlLWRsAPXyxb7CtHQjvVSbm6rSdbFSItVljAZ4nQBu3Mfo5HhiMDQ7L1j32
ejwSAlj4+QhO0D8ai9MvHfuo9BkIea6z9vBne4LgDmJjrHEk6XIa4Sge91HPcyqF
JHweMWt6b54EEZ05yGh90z1rw9kcsPkptsJi1ZmPT89D10qSoTEhQJLxMk/BYxBP
Dp0ZCaDoQuDbBgZQatELyau7+jn2Zz1SaWLKJI07lB3OAADJH0kdaH+dEQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOKgQ/AQlqDN6mYqna40dspWuAaIMB8GA1UdIwQY
MBaAFKrFdcr6ALxB1XxJSsH128/ueDMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYt
OGY5MTNlMjY5NmU1LzEvNHFCRDhCQ1dvTTNxWmlxZHJqUjJ5bGE0Qm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYtOGY5MTNlMjY5NmU1
LzEvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCua4gAwQC
w+HIMA0EAgACMAcDBQMqEEFAMA0GCSqGSIb3DQEBCwUAA4IBAQBMjMXIlphPOpAo
1gkpaod0XUndyjYUt6KfrfwqgnEGfPQz7JQtq/i/PU4kNQ+BdJRmMle4LvFUE1oS
qNxUR2inzmM3nOaI2FMjJH3jA6/6Z6o9gVt17mF3nJeAgmaJp86nV3GFu5sRB5DF
rCL7CPDp3rLYty52sVr35wRmnz8x+SRpgcsJxLBO1gUVzJisgA3aG/nFFk8mVr+T
NczD4Sdbaiiy8qw2dKBkdMzLmjzPNPA+S4HfF0qvg28WhItGfsKOLF6VG6cAI87R
V7KcHZCwmh2aqYFah7/cbH8TTN+EMYDC3IJu1VCFJyESgAnDI2G0CEQJQROM+1k+
0FcMy8l7
-----END CERTIFICATE-----