Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/08537c-026c-476b-8056-4e000943149f/1/DkG35POjglD74yLxs5Kysj6-hU0.roa
File:                     DkG35POjglD74yLxs5Kysj6-hU0.roa (raw, json)
Hash identifier:          x7nGM9mKgkuHFNcF7lOIpSTpEqysduZPhhrvn7NidXk=
Subject key identifier:   0E:41:B7:E4:F3:A3:82:50:FB:E3:22:F1:B3:92:B2:B2:3E:BE:85:4D
Certificate issuer:       /CN=431f1480651f1b338be26341e2db3a0aa3b344eb
Certificate serial:       018EE137B007AF6DCE44F6EFD4B419636BA8
Authority key identifier: 43:1F:14:80:65:1F:1B:33:8B:E2:63:41:E2:DB:3A:0A:A3:B3:44:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qx8UgGUfGzOL4mNB4ts6CqOzROs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/08537c-026c-476b-8056-4e000943149f/1/DkG35POjglD74yLxs5Kysj6-hU0.roa
Signing time:             Mon 15 Apr 2024 10:05:06 +0000
ROA not before:           Mon 15 Apr 2024 10:05:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201635
IP address blocks:        91.198.88.0/24 maxlen: 24
                          185.28.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/08537c-026c-476b-8056-4e000943149f/1/Qx8UgGUfGzOL4mNB4ts6CqOzROs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/08537c-026c-476b-8056-4e000943149f/1/Qx8UgGUfGzOL4mNB4ts6CqOzROs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qx8UgGUfGzOL4mNB4ts6CqOzROs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:37:b0:07:af:6d:ce:44:f6:ef:d4:b4:19:63:6b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=431f1480651f1b338be26341e2db3a0aa3b344eb
        Validity
            Not Before: Apr 15 10:05:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e41b7e4f3a38250fbe322f1b392b2b23ebe854d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:cb:09:fe:54:cd:c5:b9:57:39:19:55:79:e7:
                    66:eb:36:27:d9:a6:d2:9e:d7:c8:6d:e3:6b:bf:d0:
                    c9:d8:5a:c3:e3:e6:00:c6:d4:42:58:9c:72:6b:97:
                    00:6d:66:b7:7f:0f:a7:eb:0b:0f:83:71:eb:82:fd:
                    a5:28:eb:27:58:a0:c6:41:b8:df:d7:22:87:37:cb:
                    da:32:26:c2:ad:9e:ad:45:5c:e2:ee:04:e4:ef:62:
                    32:a1:12:0c:e9:e8:63:74:43:b8:0c:40:0b:1d:a2:
                    0f:c7:22:b9:6c:d4:69:93:6d:52:9f:f0:62:09:91:
                    2b:3b:63:cd:f5:c0:c9:0a:80:b8:7b:67:11:e3:fe:
                    5c:53:c2:ec:99:2c:38:3a:de:6a:25:8b:4a:93:d9:
                    2e:13:6b:91:dc:4e:30:ce:dc:f0:82:d2:a3:cd:b4:
                    42:2f:74:e3:20:e6:ae:14:6a:91:db:35:13:de:3a:
                    4d:31:63:ea:ce:86:42:ad:21:10:32:c8:60:1d:d7:
                    c9:11:f7:33:a2:63:96:52:69:a2:45:91:38:f3:01:
                    e5:3d:2b:a2:b5:47:de:19:f5:a8:c4:10:c1:db:de:
                    d2:47:35:7a:51:cd:85:c9:20:ed:36:b4:0b:02:9d:
                    76:4d:30:bc:b3:89:53:76:5b:e8:e0:51:7b:f7:53:
                    0d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:41:B7:E4:F3:A3:82:50:FB:E3:22:F1:B3:92:B2:B2:3E:BE:85:4D
            X509v3 Authority Key Identifier:
                keyid:43:1F:14:80:65:1F:1B:33:8B:E2:63:41:E2:DB:3A:0A:A3:B3:44:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qx8UgGUfGzOL4mNB4ts6CqOzROs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/08537c-026c-476b-8056-4e000943149f/1/DkG35POjglD74yLxs5Kysj6-hU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/08537c-026c-476b-8056-4e000943149f/1/Qx8UgGUfGzOL4mNB4ts6CqOzROs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.88.0/24
                  185.28.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:21:db:ec:fc:06:bf:6f:78:f7:35:58:8b:c6:7d:b6:a7:30:
         41:2d:f4:6e:b0:18:c6:e3:fd:fc:a3:83:bb:6c:43:69:e0:45:
         ab:7e:cd:00:38:5f:0b:15:83:60:54:86:66:89:6f:5d:51:7e:
         ed:86:2f:6d:c7:b7:6b:64:f9:4d:25:05:5d:ae:53:4d:dd:1f:
         1b:e2:0d:d3:71:e7:a8:46:63:01:f5:be:6e:66:71:fb:bf:38:
         8d:0e:cd:25:cb:bc:a6:54:63:20:6f:96:76:b9:89:bd:e5:1e:
         58:96:a1:08:ad:24:90:a1:cf:07:b2:f6:bb:6b:3f:0b:c2:c6:
         54:d0:ab:75:86:27:49:8f:c9:0d:aa:a0:65:3c:b1:6e:0b:5e:
         b6:e4:81:12:90:ab:76:da:37:7d:ca:bf:39:33:ef:6a:88:81:
         bf:34:1a:07:63:b6:70:fa:e6:13:c6:d8:48:e5:e9:db:8c:07:
         d5:43:7c:ab:05:82:8b:00:2e:22:2d:d1:82:7f:7e:dd:7d:cf:
         36:cb:b5:8a:d2:bc:31:f4:87:64:a0:39:cc:67:f2:6a:2d:21:
         10:e8:1c:09:60:90:48:f6:28:e6:9b:86:21:1a:44:9a:f8:af:
         fc:7e:6f:56:47:7b:ca:cb:ca:2f:09:07:a7:5e:1e:0f:fe:08:
         3a:40:96:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7hN7AHr23ORPbv1LQZY2uoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMWYxNDgwNjUxZjFiMzM4YmUyNjM0MWUyZGIzYTBhYTNi
MzQ0ZWIwHhcNMjQwNDE1MTAwNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQxYjdlNGYzYTM4MjUwZmJlMzIyZjFiMzkyYjJiMjNlYmU4NTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8sJ/lTNxblXORlVeedm6zYn2abS
ntfIbeNrv9DJ2FrD4+YAxtRCWJxya5cAbWa3fw+n6wsPg3Hrgv2lKOsnWKDGQbjf
1yKHN8vaMibCrZ6tRVzi7gTk72IyoRIM6ehjdEO4DEALHaIPxyK5bNRpk21Sn/Bi
CZErO2PN9cDJCoC4e2cR4/5cU8LsmSw4Ot5qJYtKk9kuE2uR3E4wztzwgtKjzbRC
L3TjIOauFGqR2zUT3jpNMWPqzoZCrSEQMshgHdfJEfczomOWUmmiRZE48wHlPSui
tUfeGfWoxBDB297SRzV6Uc2FySDtNrQLAp12TTC8s4lTdlvo4FF791MNTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5Bt+Tzo4JQ++Mi8bOSsrI+voVNMB8GA1UdIwQY
MBaAFEMfFIBlHxszi+JjQeLbOgqjs0TrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXg4VWdHVWZHek9MNG1OQjR0czZDcU96Uk9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8wODUzN2MtMDI2Yy00NzZiLTgwNTYt
NGUwMDA5NDMxNDlmLzEvRGtHMzVQT2pnbEQ3NHlMeHM1S3lzajYtaFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8wODUzN2MtMDI2Yy00NzZiLTgwNTYtNGUwMDA5NDMxNDlm
LzEvUXg4VWdHVWZHek9MNG1OQjR0czZDcU96Uk9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8ZYAwQC
uRwoMA0GCSqGSIb3DQEBCwUAA4IBAQArIdvs/Aa/b3j3NViLxn22pzBBLfRusBjG
4/38o4O7bENp4EWrfs0AOF8LFYNgVIZmiW9dUX7thi9tx7drZPlNJQVdrlNN3R8b
4g3TceeoRmMB9b5uZnH7vziNDs0ly7ymVGMgb5Z2uYm95R5YlqEIrSSQoc8Hsva7
az8LwsZU0Kt1hidJj8kNqqBlPLFuC1625IESkKt22jd9yr85M+9qiIG/NBoHY7Zw
+uYTxthI5enbjAfVQ3yrBYKLAC4iLdGCf37dfc82y7WK0rwx9IdkoDnMZ/JqLSEQ
6BwJYJBI9ijmm4YhGkSa+K/8fm9WR3vKy8ovCQenXh4P/gg6QJaE
-----END CERTIFICATE-----